Skip to content

fix(ci): disable trivy-scan-image #3461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 24, 2021
Merged

fix(ci): disable trivy-scan-image #3461

merged 2 commits into from
May 24, 2021

Conversation

jsjoeio
Copy link
Contributor

@jsjoeio jsjoeio commented May 24, 2021
edited
Loading

This PR temporarily disables trivy-scan-image due to an upstream issue. See: github/codeql-action#528

There was a vulnerability found when CI ran. This is fixed as well:

  • browserslist

Checklist

  • updated CHANGELOG.md

Fixes #3459

@jsjoeio jsjoeio self-assigned this May 24, 2021
@jsjoeio jsjoeio added the ci Issues related to ci label May 24, 2021
@jsjoeio jsjoeio added this to the 3.11.0 milestone May 24, 2021
@codecov
Copy link

codecov bot commented May 24, 2021
edited
Loading

Codecov Report

Merging #3461 (35f57e5) into main (99542e6) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #3461   +/-   ##
=======================================
  Coverage   59.21%   59.21%           
=======================================
  Files          35       35           
  Lines        1709     1709           
  Branches      379      379           
=======================================
  Hits         1012     1012           
  Misses        559      559           
  Partials      138      138

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 99542e6...35f57e5. Read the comment docs.

@jsjoeio jsjoeio force-pushed the jsjoeio/fix-3459 branch from d4f853c to ff93932 Compare May 24, 2021 21:02
@jsjoeio jsjoeio changed the title wip: fix codeql-action/upload -sarif fix(ci): disable trivy-scan-image May 24, 2021
@jsjoeio jsjoeio marked this pull request as ready for review May 24, 2021 21:04
@jsjoeio jsjoeio requested a review from a team as a code owner May 24, 2021 21:04
@jsjoeio jsjoeio enabled auto-merge May 24, 2021 21:21
jawnsy
jawnsy reviewed May 24, 2021
View reviewed changes
package.json
@@ -80,6 +80,7 @@
"doctoc/**/trim": "^1.0.0",
"postcss": "^8.2.1",
"parcel-bundler/cssnano": "^5.0.2",
"browserslist": "^4.16.5",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's best to keep unrelated changes in separate PRs, otherwise the commit message is misleading

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I generally agree. But CI was failing for this PR. For fixing vulnerability updates, should we merge even if CI is failing and then submit a follow-up PR?

@jsjoeio jsjoeio merged commit c6d5da1 into main May 24, 2021
@jsjoeio jsjoeio deleted the jsjoeio/fix-3459 branch May 24, 2021 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jawnsy jawnsy jawnsy approved these changes

Assignees

@jsjoeio jsjoeio

Labels
ci Issues related to ci
Projects
None yet
Milestone
3.11.0
Development

Successfully merging this pull request may close these issues.

github/codeql-action/upload-sarif - JavaScript heap out of memory
2 participants
@jsjoeio @jawnsy