Closed sheerlox closed 10 months ago
@intcreator could you please try to install the Renovate app to the repository? I think you might have the necessary rights.
I'll prepare a PR for all the other points, which should get our score up to about 9.
also regarding the security policy, we'd need an email address and PGP key accessible to the (main) maintainers. I'm unsure how to go about this, please let me know if you have any ideas!
:tada: This issue has been resolved in version 3.1.5 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
We are currently scoring
5.3/10
:Find below the checks we need to improve on and the associated remediation steps.
Poor scoring checks
How to improve check scores
[x] Fuzzing
import-from-esm
package, see commit 9abddb5 (note: it usesava
but there's also ajest
plugin).[x] SAST
[x] Security-Policy
SECURITY.md
(example).[x] Token Permissions
[x] Pinned-Dependencies
[x] Code Review
main
).[x] Vulnerabilities