Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps(snyk): update snyk snapshot #5774

Merged
merged 1 commit into from
Aug 6, 2018
Merged

deps(snyk): update snyk snapshot #5774

merged 1 commit into from
Aug 6, 2018

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Aug 3, 2018

Why this PR?

new react vulnerabilities by snyk

@paulirish
Copy link
Member

@aviadatsnyk is everything working as intended? we've gotten 3 PRs in the last 48 hours.

and two of those have the description of "a weekly update of the vulnerabilities snapshot for lighthouse". and obviously not happening at a weekly cadence. (This isn't a big problem, but we don't ship new releases frequent enough that its worth getting this updates more often than weekly. :)

but the "new react vulnerabilities by snyk" text on this one surprised me a bit. and i'm sure it's unrelated but I only get a 500 when accessing https://github.com/snyk-bot

Anyway. just looking for a 👍 from you.

@aviadatsnyk
Copy link
Contributor

Hey @paulirish I'll try to explain -

We have an automated weekly PR mechanism, that seems to be working - it was responsible for the first PR this week (a small range change for jquery - #5762).

The next 2 PRs (#5773 for vue and this one) were ran manually, since we saw these as important enough not to wait for a full week.

What made things confusing is the fact these were split in 2 due to an error on our side, as well as having #5773 use the normal commit message ("weekly") and branch name. I hoped that by using a more specific description for this PR I'd make things clearer, hinting we're not working with a 2-day week.. I guess I only made things more confusing, sorry!

Regarding https://github.com/snyk-bot - this is a special snyk user that is opening many prs and forking lots of repos. Due to that fact, it's hard for GH to display it's "user profile" and usually takes so long that it just 500s..

We'll try to be clearer (and cleaner) in the future.

Thank you!

@paulirish
Copy link
Member

all that sounds good and reasonable. :)
I just wanted to doublecheck things with a human.

Thanks!

@paulirish paulirish merged commit e1885ad into GoogleChrome:master Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants