terraform-provider-mongodbatlas icon indicating copy to clipboard operation
terraform-provider-mongodbatlas copied to clipboard

Published 20 hours ago verified publisher icon mongodb

chore: Includes GH actions dependency review in PR checks

Open AgustinBettati opened this issue 5 months ago • 2 comments

Description

We have this action in our CFN repository but was missing here.

Type of change:

  • [ ] Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
  • [ ] New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR.
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR.
  • [ ] This change requires a documentation update
  • [ ] Documentation fix/enhancement

Required Checklist:

  • [x] I have signed the MongoDB CLA
  • [x] I have read the contribution guidelines
  • [x] I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • [x] I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
  • [x] I have added any necessary documentation (if appropriate)
  • [x] I have run make fmt and formatted my code
  • [x] If changes include deprecations or removals, I defined an isolated PR with a relevant title as it will be used in the auto-generated changelog.
  • [x] If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

AgustinBettati avatar Jan 31 '24 10:01 AgustinBettati

Will wait to merge as we saw a false positive raised in CFN repository PR, raised an issue to the dependency-review-action to get more clarity: https://github.com/actions/dependency-review-action/issues/676.

AgustinBettati avatar Jan 31 '24 11:01 AgustinBettati

This PR has gone 7 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 7 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!

github-actions[bot] avatar Feb 06 '24 00:02 github-actions[bot]

Closing this PR for now, https://github.com/actions/dependency-review-action/issues/676 confirmed that this action is not able to infer the proper ordering of pinned GitHub Actions versions so this will likely bring up false positives.

AgustinBettati avatar Mar 22 '24 10:03 AgustinBettati