Closed phylum-bot closed 11 months ago
Holding out for a potential quick fix from UUID: https://github.com/uuid-rs/uuid/issues/720#issuecomment-1818822653
The analysis contains 1 package(s) Phylum has not yet processed, preventing a complete risk analysis. Phylum is processing these packages currently and should complete soon. Please wait for up to 30 minutes, then re-run the analysis.
Interesting that the Phylum check is still considered a pass even though the new uuid package hasn't been analyzed yet...
Interesting that the Phylum check is still considered a pass even though the new uuid package hasn't been analyzed yet...
This is the documented behavior:
A comment will be written to the PR if an issue is identified that fails the defined policy. There will be no comment if no dependencies were added or modified for a given PR. If one or more dependencies are still processing (no results available), then the comment will make that clear and the CI job will only fail if dependencies that have completed analysis results do not meet the active policy.
The Phylum GitHub Action works the same way. That behavior was part of the design and intended to keep from blocking CI due to Phylum processing delays. The tradeoff is that users of Phylum in CI/PRs need to maintain some level of discipline in all but the most urgent cases to wait on merging until the analysis results are available.
Bump dependencies for all SemVer-compatible updates.