Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependency Pinning & Auditing #3448

Open
danielbate opened this issue Dec 5, 2024 · 2 comments · May be fixed by #3449
Open

Dependency Pinning & Auditing #3448

danielbate opened this issue Dec 5, 2024 · 2 comments · May be fixed by #3449
Assignees
Labels
chore Issue is a chore

Comments

@danielbate
Copy link
Member

danielbate commented Dec 5, 2024

  • Implement dependency pinning to defend against malicious software updates.
  • Implement pnpm audit on a release
@danielbate danielbate added the chore Issue is a chore label Dec 5, 2024
@danielbate danielbate self-assigned this Dec 5, 2024
@danielbate danielbate changed the title Security Housekeeping Malicious dependency scanning and defence Dec 5, 2024
@danielbate danielbate linked a pull request Dec 5, 2024 that will close this issue
4 tasks
@maschad
Copy link
Member

maschad commented Dec 5, 2024

I believe Dependabot already performs this function for us

@danielbate
Copy link
Member Author

Okay I'll remove audit 👍🏻

@danielbate danielbate changed the title Malicious dependency scanning and defence Dependency Pinning Dec 6, 2024
@danielbate danielbate changed the title Dependency Pinning Dependency Pinning & Audit Dec 10, 2024
@danielbate danielbate changed the title Dependency Pinning & Audit Dependency Pinning & Auditing Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Issue is a chore
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants