Comments (6)
pvdlg
commented on May 23, 2024
1
As mentioned in several comments in #68 running nsp is more appropriate in the test phase than in the release phase. If a dependency update is creating a security risk, the test should fails and semantic-release release shouldn't even be called. In addition the alert can be reported directly in the PR (as the build would fail due to the failed tests), before it get merged.
As anyone any objection regarding closing this issue?
from semantic-release.
accraze
commented on May 23, 2024
Hi, I'm interested in giving this a shot...
from semantic-release.
boennemann
commented on May 23, 2024
Hey @accraze,
sorry this slipped through my notifications. Do you need any guidance? I'm happy to help you to get this going :)
Best,
Stephan
from semantic-release.
accraze
commented on May 23, 2024
no worries @boennemann! can you make a repo for it?
from semantic-release.
boennemann
commented on May 23, 2024
Here you go: https://github.com/semantic-release/condition-nsp
Thank you!
from semantic-release.
pvdlg
commented on May 23, 2024
Closing per previous comment. Please re-open if the previous comment is no accurate.
from semantic-release.
Related Issues (20)
- use github action deploy package into npm with semantic-release get error when project in github organization repository
- Somehow tag format is not being respected, and branch name is appended to it HOT 1
- Previous git notes are being overwritten rather than merged HOT 2
- Semantic release latest version required Node JS 18.17.0 but documentation still says 18.0.0. HOT 7
- Docs: Wrong redirect by clicking [Getting-started] HOT 3
- How to support different variants of the same project
- Getting Error [ERR_REQUIRE_ESM]: require() of ES Module HOT 2
- Question: Is it possible to generate an "Unreleased" section in the changelog?
- The automated release is failing HOT 1
- Allow Configuration of when tags are applied HOT 1
- Fail command does not run if plugin fails in publish HOT 3
- Add an github action to manually synchronize all ADLS Environment
- Executing release using a configuration on different folder HOT 3
- moving release.config.js to .config folder not reading configuration correctly. version 23.0.0 HOT 1
- ASIAN TECHNOLOGY AGENCY
- Semantic-release does not re-run on runs that failed post-prepare due to tag being there HOT 4
- moving release.config.js to .config folder not reading configuration correctly. version 23.0.0 HOT 1
- Any ability to trigger using self defined types
- 403 Forbidden Error When Publishing via GitHub Actions
- p.stdin.end is not a function. (In 'p.stdin.end()', 'p.stdin.end' is Infinity) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from semantic-release.