test eric feedback in pr

[randomicecube]

No description provided.

[coveralls]

Pull Request Test Coverage Report for Build #13

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 5 unchanged lines in 2 files lost coverage.
• Overall coverage decreased (-0.01%) to 87.512%

---

Files with Coverage Reduction	New Missed Lines	%
src/main/java/spoon/support/visitor/replace/ReplacementVisitor.java	2	98.89%
src/main/java/spoon/reflect/meta/impl/ModelRoleHandlers.java	3	92.92%

Totals
Change from base Build #8:	-0.01%
Covered Lines:	30113
Relevant Lines:	34410

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build #26

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 98 unchanged lines in 5 files lost coverage.
• Overall coverage decreased (-0.2%) to 87.289%

---

Files with Coverage Reduction	New Missed Lines	%
src/main/java/spoon/pattern/internal/node/ConstantNode.java	1	72.22%
src/main/java/spoon/pattern/internal/node/ElementNode.java	1	81.33%
src/main/java/spoon/metamodel/MetamodelProperty.java	6	86.67%
src/main/java/spoon/support/visitor/replace/ReplacementVisitor.java	23	96.94%
src/main/java/spoon/reflect/meta/impl/ModelRoleHandlers.java	67	84.2%

Totals
Change from base Build #8:	-0.2%
Covered Lines:	30036
Relevant Lines:	34410

---

💛 - Coveralls

[github-actions]

Software Supply Chain Report of randomicecube/spoon - HEAD

This report is a gradual report: that is, only the highest severity smell type with issues found within this project is reported.
Gradual reports are enabled by default. You can disable this feature, and get a full report, by using the --no-gradual-report flag.

All available checks were performed.

---

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

• ⚠️⚠️⚠️ : high severity

• ⚠️⚠️: medium severity

• ⚠️: low severity

Total packages in the supply chain: 286

❗ Packages with no source code URL (⚠️⚠️⚠️): 2

⛔ Packages with repo URL that is 404 (⚠️⚠️⚠️): 1

🔧 Packages with inaccessible GitHub tag (⚠️⚠️): 42

🌵 Packages that are forks (⚠️⚠️): 1

🔒 Packages without code signature (⚠️⚠️): 286

Other info:

• Source code repo is not hosted on GitHub: 56

  This could be due to the package being hosted on a different platform or the package not having a source code repo.

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

Source code links that could not be found(3)

index	package_name	github_url	github_exists	command
1	org.sonatype.plexus:plexus-sec-dispatcher@1.3	No_repo_info_found		resolve-plugins
2	org.sonatype.plexus:plexus-cipher@1.4	No_repo_info_found		resolve-plugins
3	org.iq80.snappy:snappy@0.4	https://github.com/dain/snapy	False	resolve-plugins

Call to Action:

👻What do I do now?

For packages without source code & accessible release tags:

    Pull Request to the maintainer of dependency, requesting correct repository metadata and proper tagging. 

For deprecated packages:

    1. Confirm the maintainer’s deprecation intention 
    2. Check for not deprecated versions

For packages without provenance:

    Open an issue in the dependency’s repository to request the inclusion of provenance and build attestation in the CI/CD pipeline. 

For packages that are forks

    Inspect the package and its GitHub repository to verify the fork is not malicious. 

For packages without code signature:

    Open an issue in the dependency’s repository to request the inclusion of code signature in the CI/CD pipeline. 

For packages with invalid code signature:

    It's recommended to verify the code signature and contact the maintainer to fix the issue. 

---

Report created by dirty-waters.

Report created on 2025-02-27 19:26:54

• Tool version: a0c2d15e
• Project Name: randomicecube/spoon
• Project Version: HEAD