godofredoc
godofredoc
> @godofredoc Ping on this. > > (Should I just be approving these, or is there an audit process for them?) As long as the tests are passing they are...
@dependabot update
> shall we merge this one in case it get forgotten? We need to land another change to engine first.
gclient does not support checking for pinned dependencies but I can try to contact the owners and see if there is interest on implementing that functionality. Alternatively we can autogenerate...
> > gclient does not support checking for pinned dependencies but I can try to contact the owners and see if there is interest on implementing that functionality. > >...
@azeemshaikh38 you are correct generating the flattened file is a work around and it won't be generic. I've been thinking on other potential solutions and I believe I found one...
I finished implementing the python script part. Here is the PR: https://github.com/flutter/engine/pull/32135 I'll send the validation of pinned dependencies to scorecard the next week.
The parser step in the actions workflow will generate a file called "deps_flatten.txt" and from scorecards side I was planning to just scan for deps_flatten.txt files and then run all...
> > The parser step in the actions workflow will generate a file called "deps_flatten.txt" and from scorecards side I was planning to just scan for deps_flatten.txt files and then...
I believe only code reviews will be needed, I'm planning to send the PR.