[StepSecurity] Apply security best practices #1606
Conversation
Signed-off-by: StepSecurity Bot <[email protected]>
|
Welcome, new contributor! It appears that this is your first Pull Request. To give credit where it's due, we ask that you add your information to the
Please make sure you've read our contributing guide. We look forward to reviewing your Pull Request shortly ✨ NOTE: This PR is autogenerated. |
|
github-actions
bot
added
sdba
Zeitsperre
force-pushed
the
stepsecurity_remediation_1705596976
branch
from
9e1372d to
74f63e9
Compare
…finishing touches
|
@aulemahal I made a few small adjustments to the xclim code base. Can you quickly just verify that I haven't angered any |
There was a problem hiding this comment.
I think this introduces a bit too many disabling comments. Each time a new dev will work on that code, the same (non-)issues would be raised by the pre-commit hooks, adding (IMO) too much noise and confusion.
I found this option here : https://pylint.readthedocs.io/en/latest/user_guide/configuration/all-options.html#signature-mutators Do you think adding map_groups and guvectorize to that list could solve the issues ?
|
@aulemahal I couldn't get |
| @@ -521,7 +522,7 @@ missing-member-max-choices = 1 | |||
| mixin-class-rgx = ".*[Mm]ixin" | |||
|
|
|||
| # List of decorators that change the signature of a decorated function. | |||
| # signature-mutators = | |||
| signature-mutators = ["xclim.sdba.base.map_groups"] | |||
There was a problem hiding this comment.
wouldn't adding "numba.guvectorize" solve the issues in xclim/indices/fire/_ffdi.py and xclim/sdba/nbutils.py ?
There was a problem hiding this comment.
For the record, that doesn't work. Maybe one day this will be resolved.
Summary
This pull request is created by StepSecurity at the request of @Zeitsperre. Please merge the Pull Request to incorporate the requested changes. Please tag @Zeitsperre on your message if you have any questions related to the PR.
Security Fixes
Pinned Dependencies
GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.
Keeping your actions up to date with Dependabot
With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).
Maintain Code Quality with Pre-Commit
Pre-commit is a framework for managing and maintaining multi-language pre-commit hooks. Hooks can be any scripts, code, or binaries that run at any stage of the git workflow. Pre-commit hooks are useful for enforcing code quality, code formatting, and detecting security vulnerabilities.
Feedback
For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot [email protected]