Open
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@93cb6ef...1af3b93) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Prior to this patch, it was impossible to get help for the current app:
nimble_csv$ mix help app:nimble_csv
Application nimble_csv does not exist or is not loaded
It also helps with projects with depenendencies when they haven't been
compiled yet:
req$ mix deps.get && mix help app:finch # mix deps.compile haven't been run yet
Application finch does not exist or is not loaded
Now it works:
nimble_csv$ mix help app:nimble_csv
Compiling 1 file (.ex)
Generated nimble_csv app
# NimbleCSV
NimbleCSV is a small and fast parsing and dumping library.
# NimbleCSV.RFC4180
A CSV parser that uses comma as separator and double-quotes as escape according
to RFC4180.
# NimbleCSV.Spreadsheet
A parser with spreadsheet friendly settings.
We allow duplication for headings with different parents in rule MD024.
This file was originally created on 2020-06-26, therefore the copyright belong to Plataformatec at the time.
Rule MD026 "Trailing punctuation in heading" is enforced, we simply remove `!` from the list of forbidden characters. Source: https://github.com/DavidAnson/markdownlint/blob/main/doc/md026.md
- Put together name and runs-on to avoid getting outdated on update - Fix name for Windows job with correct version - Sort Erlang/OTP versions descendingly so they align with order under Linux
This means changing a struct definition only cases recompilation when structs are created, no longer on matches and updates. Closes #15098.
The dialyzer warning was: lib/kernel.ex:4836:7: Guard test _in_body?@1::'false' =:= 'true' can never succeed
The return type changed in a0ef7f0
this is helpful when reproducing flaky test failures
Add `persist-credentials: false` to all `actions/checkout` usages to prevent Git credentials from being persisted in the repository after checkout completes. See: https://docs.zizmor.sh/audits/#artipacked
Use environment variables instead of direct template expansion in shell run blocks to prevent potential code injection. See: https://docs.zizmor.sh/audits/#template-injection
Delay automatic dependency updates to allow time for discovery of regressions or supply-chain compromises in newly released versions. See: https://docs.zizmor.sh/audits/#dependabot-cooldown
The GITHUB_PATH and GITHUB_ENV writes are safe as they use only workflow-controlled values, not attacker-controlled input. See: https://docs.zizmor.sh/audits/#github-env
Run CodeQL static analysis on GitHub Actions workflows to detect potential security vulnerabilities in CI/CD configuration. Scheduled weekly and on pushes/PRs to main branch.
Run zizmor static analysis on GitHub Actions workflows to detect potential security vulnerabilities in CI/CD configuration. See: https://docs.zizmor.sh/
The checkout in create_draft_release needs credentials to push the branch-latest tag to origin.
Introduces a new guide explaining SBoMs: what they are, why they matter (vulnerability analysis, regulatory requirements, license compliance), and how to generate them for Elixir projects using mix_sbom. Also covers CI integration via GitHub Action and mentions ORT for deeper file-level license scanning.
`:exclude`/`:include` can be: - an atom - a list of atoms and keyword elements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added use cases for the language at an high level to increase adaption of the programming language . will update more use high level use cases