maxachis
commented
1 month ago @josh-chamberlain I just merged the associated PR into dev. Because it's technically in dev of v2, I'm not sure whether to consider this issue completed or not.
Open maxachis opened 1 month ago
maxachis
commented
1 month ago @josh-chamberlain I just merged the associated PR into dev. Because it's technically in dev of v2, I'm not sure whether to consider this issue completed or not.
josh-chamberlain
commented
1 month ago @maxachis yeah, good point. how about we mark things complete when we update main from dev periodically? that issue will look like
maxachis
commented
1 month ago @josh-chamberlain To add a little more granularity, I've additionally added an in_dev label to indicate issues that have been merged into the dev environment but not yet into the main of v2. This will make it easier to sift through issues that are not merged into dev (so someone can work on them) and that are in dev (so we can reference these issues when making a big merge into main).
josh-chamberlain
commented
1 month ago @maxachis this is OK by me! typically I would prefer to use projects to reflect status, but I get why this would be more convenient.
If this is too confusing, I'm fine to revert what I said previously and just close the issue when it's merged into dev. Now that we're a couple weeks in, that feels more accurate to reality. I think either way we'll need to keep track of the issues, so...nbd.
In addition to regular testing, we should include regular static code analysis to ensure we don't have any security vulnerabilities that we're missing.
There could be a few options, but one would be Bandit, which describes itself as "a tool designed to find common security issues in Python code."