Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider removing Audit CI check #336

Open
lukekarrys opened this issue Jul 17, 2023 · 1 comment
Open

Consider removing Audit CI check #336

lukekarrys opened this issue Jul 17, 2023 · 1 comment

Comments

@lukekarrys
Copy link
Contributor

  • Dependabot opens PRs for actionable updates to audits
  • The audit check runs weekly which would only produce additional audit failures that are not actionable

Open questions:

  • Should Audit be removed from PR checks as well?
    • Pros of having it: any new dependencies added in a PR will be checked for audits
    • Cons: since the weekly check is removed, a new PR could contain false positives even if they dont add any new dependencies. This would add noise to CI when reviewing PRs.
@wraithgar
Copy link
Member

This CI check is no longer needed, not even in PRs. At the risk of putting the burden back on a human instead of an automated check, new dependency PRs should hopefully not be made if the install flags an audit warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wraithgar @lukekarrys