copilot-clone icon indicating copy to clipboard operation
copilot-clone copied to clipboard

Published 20 hours ago verified publisher icon hieunc229

Npm package updates caught via Dependabot

Open clin1234 opened this issue 1 year ago • 3 comments
trafficstars

clin1234 avatar Apr 20 '24 01:04 clin1234

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot] avatar Apr 20 '24 01:04 github-advanced-security[bot]

Appreciate for the contribution @clin1234.

This PR doesn't have a description, and I'm not familiar with codeql or npm_audit. Can you explain what it does, why we need it and how do we use it? Thank you

hieunc229 avatar Apr 26 '24 04:04 hieunc229

Sorry for the delay; the npm_audit.yml is for Github's Depdendabot to generate pull requests for outdated packages that are vulnerable. Also contains npm package dependencies updates that I caught in my fork.

clin1234 avatar Apr 29 '24 19:04 clin1234