Giter VIP home page Giter VIP logo

cake.addin.analyzer's People

Contributors

admiringworm avatar allcontributors[bot] avatar dependabot-preview[bot] avatar dependabot[bot] avatar renovate-bot avatar renovate[bot] avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

adaskothebeast renovate-bot

cake.addin.analyzer's Issues

Workflows are referencing vulnerable actions

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

  1. The workflow pre-release-notes.yml is referencing action gittools/actions/gitversion/setup using references v0.9.4. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.
  2. The workflow pre-release-notes.yml is referencing action gittools/actions/gitversion/execute using references v0.9.4. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.
  3. The workflow release-notes.yml is referencing action gittools/actions/gitversion/setup using references v0.9.4. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.
  4. The workflow release-notes.yml is referencing action gittools/actions/gitversion/execute using references v0.9.4. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

Remove target framework netcoreapp2.1 in the test project

The .NET Core 2.1 target reference is out of date, and won't be receiving any updates in the future.
As such it should be removed from the frameworks we test against in the test project.

Since only the test project references this framework, it is not considered a breaking change, and only build related.

Replace Wyam documentation with Statiq

Wyam documentation was recently added, but the long term goal will be to replace the documentation generated by Wyam with Statiq.

This is probably something I would need help with to achieve

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

  • WARN: Error updating PR

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

cake
build.cake
  • Cake.Recipe 2.2.1
  • NuGet.CommandLine 5.6.0
  • dotnet-t4 2.2.1
github-actions
.github/workflows/build.yml
  • actions/checkout v2.4.0
  • actions/cache v2
.github/workflows/codeql-analysis.yml
  • actions/checkout v2
  • actions/cache v2
  • github/codeql-action v1
  • github/codeql-action v1
  • github/codeql-action v1
  • ubuntu 18.04
.github/workflows/pre-release-notes.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • gittools/actions v0.9.11
  • gittools/actions v0.9.11
  • ad-m/github-push-action v0.6.0
  • ubuntu 18.04
.github/workflows/publishdocs.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • ubuntu 18.04
.github/workflows/release-notes.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • gittools/actions v0.9.11
  • gittools/actions v0.9.11
  • ad-m/github-push-action v0.6.0
  • ubuntu 18.04
nuget
.config/dotnet-tools.json
  • cake.tool 0.38.5
demo/Cake.TestAddin/Cake.TestAddin.csproj
  • Cake.Core 0.38.5
  • Cake.Addin.Analyzer 0.1.3
src/Cake.Addin.Analyzer.CodeFixes/Cake.Addin.Analyzer.CodeFixes.csproj
  • Roslynator.CodeAnalysis.Analyzers 1.0.0
  • Roslynator.Analyzers 3.1.0
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.CodeAnalysis.CSharp.Workspaces 3.9.0
src/Cake.Addin.Analyzer.Package/Cake.Addin.Analyzer.Package.csproj
  • Microsoft.SourceLink.GitHub 1.0.0
src/Cake.Addin.Analyzer.Rules/Cake.Addin.Analyzer.Rules.csproj
  • Roslynator.CodeAnalysis.Analyzers 1.0.0
  • Roslynator.Analyzers 3.1.0
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.CodeAnalysis.CSharp 3.9.0
  • Microsoft.CodeAnalysis.Analyzers 3.3.3
src/Cake.Addin.Analyzer.Tests/Cake.Addin.Analyzer.Tests.csproj
  • NUnit3TestAdapter 3.17.0
  • NUnit 3.13.2
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.NETFramework.ReferenceAssemblies 1.0.2
  • Microsoft.CodeAnalysis.VisualBasic.CodeRefactoring.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.VisualBasic.CodeFix.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.VisualBasic.Analyzer.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.CodeRefactoring.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.CodeFix.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.Analyzer.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis 3.11.0
  • Microsoft.TestPlatform.ObjectModel 16.9.4
  • Microsoft.NET.Test.Sdk 16.9.4
  • FluentAssertions 5.10.3
  • coverlet.msbuild 3.1.2
  • Appveyor.TestLogger 2.0.0
src/Cake.Addin.Analyzer.Vsix/Cake.Addin.Analyzer.Vsix.csproj
  • Microsoft.VSSDK.BuildTools 16.10.10
  • Check this box to trigger a request for Renovate to run again on this repository

Raises issues for partial alias classes

Describe the bug
I have split my addins across multiple partial classes. One of the partial classes contains the CakeAliasCategory attribute. The analyzer reports violation for all other partial classes.

To Reproduce

  1. Add analyzer to https://github.com/cake-contrib/Cake.Issues

Expected behavior
Attributes on a partial class is valid for the whole class.
Analyzer should takes this into account.

Don't suggest attributes for internal/private methods

As discussed on this issue the analyzer shouldn't suggest adding an attribute on internal/private methods.

To Reproduce
Steps to reproduce the behavior:

  1. Build the Cake.Gitter project (without the attributes that were added in this commit)
  2. See the attribute being suggested

Expected behavior
The attribute shouldn't be recommended to be added.

Screenshots
N/A

Desktop (please complete the following information):

  • OS: Windows 10
  • Version: 0.1.1

Additional context
N/A

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • chore(deps): update dependency microsoft.codeanalysis.analyzers to v3.3.4
  • chore(deps): update dependency microsoft.netframework.referenceassemblies to v1.0.3
  • chore(deps): update dependency nunit to v3.13.3
  • chore(deps): update actions/checkout action to v2.7.0
  • chore(deps): update dependency coverlet.msbuild to v3.2.0
  • chore(deps): update dependency dotnet-t4 to v2.3.1
  • chore(deps): update dependency nuget.commandline to v5.11.5
  • chore(deps): update dependency roslynator.analyzers to v3.3.0
  • chore(deps): update dependency roslynator.codeanalysis.analyzers to v1.1.1
  • chore(deps): update gittools/actions action to v0.10.2
  • chore(deps): update vstest monorepo to v16.11.0 (Microsoft.NET.Test.Sdk, Microsoft.TestPlatform.ObjectModel)
  • chore(deps): update actions/cache action to v3
  • chore(deps): update actions/checkout action to v3
  • chore(deps): update cake monorepo to v3 (major) (Cake.Core, cake.tool)
  • chore(deps): update dependency cake.recipe to v3
  • chore(deps): update dependency coverlet.msbuild to v6
  • chore(deps): update dependency fluentassertions to v6
  • chore(deps): update dependency microsoft.codeanalysis to v4
  • chore(deps): update dependency microsoft.codeanalysis.csharp to v4
  • chore(deps): update dependency microsoft.codeanalysis.csharp.workspaces to v4
  • chore(deps): update dependency microsoft.vssdk.buildtools to v17
  • chore(deps): update dependency nuget.commandline to v6
  • chore(deps): update dependency nunit3testadapter to v4
  • chore(deps): update dependency roslynator.analyzers to v4
  • chore(deps): update dependency roslynator.codeanalysis.analyzers to v4
  • chore(deps): update dependency ubuntu to v22
  • chore(deps): update github/codeql-action action to v2
  • chore(deps): update vstest monorepo to v17 (major) (Microsoft.NET.Test.Sdk, Microsoft.TestPlatform.ObjectModel)
  • ๐Ÿ” Create all rate-limited PRs at once ๐Ÿ”

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

cake
build.cake
  • Cake.Recipe 2.2.1
  • NuGet.CommandLine 5.6.0
  • dotnet-t4 2.2.1
github-actions
.github/workflows/build.yml
  • actions/checkout v2.4.0
  • actions/cache v2
.github/workflows/codeql-analysis.yml
  • actions/checkout v2
  • actions/cache v2
  • github/codeql-action v1
  • github/codeql-action v1
  • github/codeql-action v1
  • ubuntu 18.04
.github/workflows/pre-release-notes.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • gittools/actions v0.9.11
  • gittools/actions v0.9.11
  • ad-m/github-push-action v0.6.0
  • ubuntu 18.04
.github/workflows/publishdocs.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • ubuntu 18.04
.github/workflows/release-notes.yml
  • actions/checkout v2.4.0
  • actions/cache v2
  • gittools/actions v0.9.11
  • gittools/actions v0.9.11
  • ad-m/github-push-action v0.6.0
  • ubuntu 18.04
nuget
.config/dotnet-tools.json
  • cake.tool 0.38.5
demo/Cake.TestAddin/Cake.TestAddin.csproj
  • Cake.Core 0.38.5
  • Cake.Addin.Analyzer 0.1.3
src/Cake.Addin.Analyzer.CodeFixes/Cake.Addin.Analyzer.CodeFixes.csproj
  • Roslynator.CodeAnalysis.Analyzers 1.0.0
  • Roslynator.Analyzers 3.1.0
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.CodeAnalysis.CSharp.Workspaces 3.9.0
src/Cake.Addin.Analyzer.Package/Cake.Addin.Analyzer.Package.csproj
  • Microsoft.SourceLink.GitHub 1.0.0
src/Cake.Addin.Analyzer.Rules/Cake.Addin.Analyzer.Rules.csproj
  • Roslynator.CodeAnalysis.Analyzers 1.0.0
  • Roslynator.Analyzers 3.1.0
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.CodeAnalysis.CSharp 3.9.0
  • Microsoft.CodeAnalysis.Analyzers 3.3.3
src/Cake.Addin.Analyzer.Tests/Cake.Addin.Analyzer.Tests.csproj
  • NUnit3TestAdapter 3.17.0
  • NUnit 3.13.2
  • Microsoft.SourceLink.GitHub 1.0.0
  • Microsoft.NETFramework.ReferenceAssemblies 1.0.2
  • Microsoft.CodeAnalysis.VisualBasic.CodeRefactoring.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.VisualBasic.CodeFix.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.VisualBasic.Analyzer.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.CodeRefactoring.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.CodeFix.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis.CSharp.Analyzer.Testing.NUnit 1.0.1-beta1.21117.2
  • Microsoft.CodeAnalysis 3.11.0
  • Microsoft.TestPlatform.ObjectModel 16.9.4
  • Microsoft.NET.Test.Sdk 16.9.4
  • FluentAssertions 5.10.3
  • coverlet.msbuild 3.1.2
  • Appveyor.TestLogger 2.0.0
src/Cake.Addin.Analyzer.Vsix/Cake.Addin.Analyzer.Vsix.csproj
  • Microsoft.VSSDK.BuildTools 16.10.10
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.