Git Product home page Git Product logo

delta.units's Introduction

GitHub Stats Lang Stats

delta.units's People

Contributors

dependabot-preview[bot] avatar dependabot[bot] avatar jtone123 avatar odalet avatar odalet-addup avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

jtone123 kubrabasdemir

delta.units's Issues

Workflows are referencing vulnerable actions

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

  1. The workflow build.yml is referencing action gittools/actions/gitversion/setup using references v0.9.5. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.
  2. The workflow build.yml is referencing action gittools/actions/gitversion/execute using references v0.9.5. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

Unit Tests failing because of DefaultUnitTranslationProvider.Current

Globalization unit tests may fail, probably because of parallelization of tests (eg here: https://github.com/odalet/Delta.Units/runs/1405569681?check_suite_focus=true)

The only way to define the 'Translation Provider' is to use the global static property DefaultUnitTranslationProvider.Current. Unit Tests in https://github.com/odalet/Delta.Units/blob/master/src/UnitTests/UnitTests.Delta.Units.Globalization/CustomTranslationsTests.cs set it and revert it in a finally block, but this is not safe.

Modernize...

  • VS 2019
  • GitHub Actions
  • Remove AssemblyInfo.cs -> Directory.Build.props
  • GitVersion
  • Sonarcloud
  • SourceLink + snupkg (See #4)
  • Get rid of develop branch

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.