-
-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: define scorecard workflow #5764
Conversation
|
✅ Deploy Preview for mermaid-js ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #5764 +/- ##
==========================================
- Coverage 5.21% 5.21% -0.01%
==========================================
Files 322 323 +1
Lines 46083 46094 +11
Branches 561 536 -25
==========================================
Hits 2402 2402
- Misses 43681 43692 +11
Flags with carried forward coverage won't be shown. Click here to find out more. |
2836774
to
2546a7e
Compare
The latest updates on your projects. Learn more about Argos notifications ↗︎
|
@sidharthv96 , |
📑 Summary
Create a ascorecard workflow. It also provide the associated badge to provide public information about the conformity with OpenSSF best practices concerning security.
This PR also fixes the "Pinned dependencies" issues with github-actions.
This was done with the help of https://app.stepsecurity.io/secureworkflow
📏 Design Decisions
Describe the way your implementation works or what design decisions you made if applicable.
📋 Tasks
Make sure you
MERMAID_RELEASE_VERSION
is used for all new features.pnpm changeset
and following the prompts. Changesets that add features should beminor
and those that fix bugs should bepatch
. Please prefix changeset messages withfeat:
,fix:
, orchore:
.