agu-ossi / 2020-agu-oss Goto Github PK

The workflow tests.yml is referencing action s-weigand/setup-conda using references v1. However this reference is missing the commit a30654e576ab9e21a25825bf7a5d5f2a9b95b202 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

Hi Rene, Lindsey, Leah, and Bane,

This is Xin, a participant of AGU2020-oss. I registered for the session but didn't receive the zoom link (not in SPAM either). I'm looking at the Github page and find no link to the live session. Will you please send me the link? My email is [email protected]. Thank you very much!

Best,
Xin

The workflow docs.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

Hi 👋 !!! just keeping track of what might be nice to do if you are all open to it

• add autopep8 to the envt file to support notebook linting
• requests?

more to come...

master is ubiquitously used for the primary branch of a repo. This repo uses main.

I suspect this could be a point of confusion for folks looking at the repo that are new to git.

It may be more trouble than it is worth resolving, but I figured I'd open the issue so we're all aware if a question about this arises.

The workflow docs.yml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.