Conversation
CI / CD; unit tests
cleanup; fix build scripts / docs package size updating; add proposed API changes for new features (tag / themes and OTLP, new API design)
Working builds (fix type errs), fix performance issues, fully working unit tests (~80% coverage)
docs and actions fixes to push to gh pages
ci / cd fixes
better coloring, better docs, maybe ci / cd fixes
ci / cd linting running fixes, doc updates
theme loading properly fixed in all envs; ci / cd fixes; doc fixes; working site builds
fix: ci / cd fixes, builds first for lib then docs, add trivy instead…
style: apply prettier / linting
fix: web demo fix for missing pkg (will be released later); docs buil…
ci: inline test coverage, fix stray -- char, get docs building workin…
ci: windows 18 20 test fixes, rmv set -e (bash specific)
ci / cd fixes; type fixes; performance tracking scripts
ci cd optimization; test fixes to close successfully; fix missing optional prop
ci / cd fixes; docs update
enhancements to cover badge / ci / cd fixes; test running fixes
async logger architecture revamp / api updates; ci / cd revamps; docs updates; observability + prod readiness + redactor utils
fix: accept undefined opts in constructor w defaults for sampler
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [esbuild](https://github.com/evanw/esbuild) and [brace-expansion](https://github.com/juliangruber/brace-expansion). Updates `esbuild` from 0.21.5 to 0.25.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md) - [Commits](evanw/esbuild@v0.21.5...v0.25.0) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
docs: broken link fix
…yarn-8a36ab92d9 build(deps): bump the npm_and_yarn group across 1 directory with 2 updates
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Reviewer's GuideThis PR updates the project’s build dependency by bumping esbuild from 0.21.5 to 0.25.0 (with a regenerated pnpm lockfile) and adds a SECURITY.md to define supported versions and vulnerability reporting procedures. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
github-actions
Bot
changed the title
github-actions
Bot
added
documentation
|
🏷️ Auto-labeling complete Applied: |
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull Request Overview
This PR adds a security policy document and updates a build dependency. The purpose appears to be establishing security guidelines for the project and keeping development dependencies current.
- Added a SECURITY.md file with vulnerability reporting guidelines and supported version information
- Updated esbuild dependency from version ^0.21.5 to ^0.25.0
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| SECURITY.md | Adds new security policy template with placeholder content for vulnerability reporting |
| package.json | Updates esbuild development dependency to newer version |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
|
||
| ## Supported Versions | ||
|
|
||
| Use this section to tell people about which versions of your project are |
There was a problem hiding this comment.
The security policy contains placeholder text that should be replaced with actual project-specific information about supported versions and vulnerability reporting procedures.
| | 5.1.x | :white_check_mark: | | ||
| | 5.0.x | :x: | | ||
| | 4.0.x | :white_check_mark: | | ||
| | < 4.0 | :x: | |
There was a problem hiding this comment.
The version numbers in the supported versions table appear to be placeholder examples and should be updated to reflect the actual versions of this project.
| | 5.1.x | :white_check_mark: | | |
| | 5.0.x | :x: | | |
| | 4.0.x | :white_check_mark: | | |
| | < 4.0 | :x: | | |
| | 1.2.0 | :white_check_mark: | | |
| | 1.1.0 | :white_check_mark: | | |
| | 1.0.0 | :x: | | |
| | < 1.0.0 | :x: | |
| Use this section to tell people how to report a vulnerability. | ||
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. |
There was a problem hiding this comment.
The vulnerability reporting section contains placeholder instructions and should be replaced with specific contact information and procedures for this project.
| Use this section to tell people how to report a vulnerability. | |
| Tell them where to go, how often they can expect to get an update on a | |
| reported vulnerability, what to expect if the vulnerability is accepted or | |
| declined, etc. | |
| To report a security vulnerability, please email us at [security@example.com](mailto:security@example.com) with details of the issue. | |
| We aim to acknowledge all reports within 2 business days and provide a status update within 7 business days. | |
| After triage, we will keep you informed of our progress and may request additional information if needed. If the vulnerability is accepted, we will work with you on disclosure timing and credit. If declined, we will provide a clear explanation. |
|
✨ Auto-formatted code with Prettier I've automatically formatted the code to match the project's style guidelines. The changes have been pushed to this PR. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
📋 Summary
Describe the change and why it is needed.
🧾 Auto Summary
🔗 Related Issues
Closes #
📝 Type of Change
🧪 Testing
Describe tests added/updated and manual verification steps.
✅ Checklist
💥 Breaking Changes
If breaking, describe impact and migration path.
📸 Screenshots / Logs (optional)
📌 Additional Notes
🚀 Post-Merge Actions
Summary by Sourcery
Update esbuild dependency to v0.25.0 and introduce a SECURITY.md with supported versions and vulnerability reporting guidelines.
Enhancements:
Documentation: