semgrep-rules icon indicating copy to clipboard operation
semgrep-rules copied to clipboard
verified publisher icon semgrep

New Published Rules - uniswap.npm-package-in-action-not-pinned-to-commit-sha

Open semgrep-dev-pr-bot[bot] opened this issue 2 years ago • 3 comments

Wahoo! New published rules with uniswap.npm-package-in-action-not-pinned-to-commit-sha from @[email protected].

See semgrep.dev/s/RelOq for more details.

Thanks for your contribution! ❤️

semgrep-dev-pr-bot[bot] avatar Jan 10 '24 18:01 semgrep-dev-pr-bot[bot]

Special thanks to @kurt-r2c

mr-uniswap avatar Jan 10 '24 18:01 mr-uniswap

It looks like the rule was deleted again by the testcode.

Currently the CI thinks the testcode is an invalid Semgrep rule. Typically for rules targetting yaml code, we use the extension .test.yaml for the testcode. Example here: https://github.com/semgrep/semgrep-rules/tree/develop/yaml/argo/security

0xDC0DE avatar Jan 12 '24 07:01 0xDC0DE

Opened a bug for this publish issue - it looks like we don't create PRs for YAML-targeted stuff correctly.

kurt-r2c avatar Jan 22 '24 19:01 kurt-r2c