Clean up workflow files from Zizmor output #407
Conversation
|
Great job! No new security vulnerabilities introduced in this pull request |
| run: echo "{\"flagValues\":$_FEATURE_FLAGS}" > "flags.json" | ||
|
|
||
| - name: Download extension artifact | ||
| uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4 |
There was a problem hiding this comment.
This is a pretty large version jump - why was this not handled via Renovate automation?
There was a problem hiding this comment.
I'm not entirely sure on that one. I would speculate due to how the author changed the versioning to only major version, but I would think that'd be detected as well.. We'll have to watch it
There was a problem hiding this comment.
One non-blocking question about the large version bump for dawidd6/action-download-artifact - otherwise seems good and BIT passes.
After merge we'll want to keep an eye on the PR commenting steps as clients repository dispatch events come in to make sure they still work, but I don't imagine there will be any issues, given these changes.
2 participants
🎟️ Tracking
https://bitwarden.atlassian.net/browse/VULN-285
📔 Objective
Perform cleanup of existing workflows to be in compliance with Zizmor and bwwl.
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes