Fix grammatical issues in Bug Report.yml, and Update dependencies #4788
Conversation
Co-authored-by: mend-bolt-for-github[bot] <42819689+mend-bolt-for-github[bot]@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
skanda890
changed the title
|
I'll need to have an engineer check Mend Bolt out before merging this PR. |
|
URL for Mend Bolt:https://www.mend.io/free-developer-tools/bolt |
|
We already have internal infrastructure that handles the same type of reporting that Mend Bolt appears to be doing, and it is required that we leverage it. I would prefer not to add a 3rd party action (mild risk) that does the same (no apparent gain). |
…ement.Configuration.UnitTests.csproj to reduce vulnerabilities (#2) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTWINDOWSCOMPATIBILITY-5708425 - https://snyk.io/vuln/SNYK-DOTNET-SYSTEMSECURITYCRYPTOGRAPHYPKCS-5708426 - https://snyk.io/vuln/SNYK-DOTNET-SYSTEMDATASQLCLIENT-6149433 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
|
But after using Mend Bolt for some time with other apps like Mend Bolt, I feel like Mend Bolt is better and is the best out of all. |
skanda890
changed the title
|
@skanda890 I can appreciate the familiarity with other tools and the things they provide. Rather than adding another layer of complexity which comes with potential performance limitations (5 calls / day with Mind Bolt) and the potential for other complex interactions, I'd ask what Mind Bolt is doing that we're not doing with our internal tooling to see if we can cover differences that way. Given the response from our engineering team, I would not merge this PR and add Mind Bolt. |
|
What service do you use? If I get this I can compare the features between them. |
|
It's an internal set of tools. They are designed to ensure we're complying with all of our company policies. The bigger question I'd ask is what value does the tool you proposed provide? Let's assume the software vulnerability detection is handled by the tooling we use today. |
|
Okay, leave that, what about the other things? |
…duce vulnerabilities (#3) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DOTNET-SYSTEMDATASQLCLIENT-6149433 - https://snyk.io/vuln/SNYK-DOTNET-SYSTEMFORMATSASN1-7443633 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
skanda890
changed the title
skanda890
changed the title
skanda890
changed the title
microsoft-github-policy-service
bot
added
the
Needs-Author-Feedback
microsoft-github-policy-service
bot
added
the
Needs-Author-Feedback
microsoft-github-policy-service
bot
removed
the
Needs-Author-Feedback
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
@yao-msft, I have made some changes. Kindly review them. |
microsoft-github-policy-service
bot
added
the
Needs-Author-Feedback
To: @Trenly 🌟 Ode to My PR Mishap 🌟 Oh, tangled branches of my git tree, Let each branch stand alone, proud and distinct, @Trenly, grant me this chance— In this digital realm, where bits converge, |
microsoft-github-policy-service
bot
removed
the
Needs-Author-Feedback
|
This is the first PR poetry I've ever heard of! |
microsoft-github-policy-service
bot
removed
the
Needs-Attention
|
Do you guys have any tips on where to contribute or any open repositories where I can contribute? |
|
It really depends on what your "goal" is. It could be better to go a bit deeper into code on a smaller number of projects rather than to scatter across a larger number of projects. Every project is going to have its own community and set of standards. There are lots of different ways to contribute as well. Sometimes just doing work on documentation adds massive value, other times it might be fixing bugs or adding features. It just depends on why you're wanting to contribute. |
My goal is just to contribute to an open repository. |
Summary of the PR
Update dependencies and more.
Microsoft Reviewers: Open in CodeFlow