Skip to content

Copilot/vscode mpyw9tay kkh6#542

Open
parvezmosharafbd wants to merge 7 commits into
fathah:mainfrom
parvezmosharafbd:copilot/vscode-mpyw9tay-kkh6
Open

Copilot/vscode mpyw9tay kkh6#542
parvezmosharafbd wants to merge 7 commits into
fathah:mainfrom
parvezmosharafbd:copilot/vscode-mpyw9tay-kkh6

Conversation

@parvezmosharafbd

@parvezmosharafbd parvezmosharafbd commented Jun 4, 2026

Copy link
Copy Markdown

No description provided.

parvezmosharafbd and others added 7 commits June 4, 2026 01:18
@parvezmosharafbd
Add GitHub Actions workflow for NodeJS with Webpack
baa4beb
@parvezmosharafbd
Add SLSA generic generator workflow
82497a9 
This workflow generates SLSA provenance files for projects, satisfying level 3 requirements. It includes steps for building artifacts and generating provenance subjects.
@parvezmosharafbd
Create datadog-synthetics.yml
cded684
@parvezmosharafbd
Create SECURITY.md for security policy and reporting
9968623 
Add a security policy document outlining supported versions and vulnerability reporting.
@dependabot
Bump ip-address in the npm_and_yarn group across 1 directory
06679b7 
Bumps the npm_and_yarn group with 1 update in the / directory: [ip-address](https://github.com/beaugunderson/ip-address).


Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@parvezmosharafbd
Merge pull request #1 from parvezmosharafbd/dependabot/npm_and_yarn/n…
1b56e67 
…pm_and_yarn-32e07c5719

Bump ip-address from 10.1.0 to 10.2.0 in the npm_and_yarn group across 1 directory
@parvezmosharafbd
Checkpoint from VS Code for cloud agent session
7fee219
@pmos69

pmos69 commented Jun 14, 2026

Copy link
Copy Markdown
Collaborator

Thanks for the contribution, but I don't think this PR is mergeable in its current form.

It doesn't include an app or test fix, and it adds several unrelated/generated files: Datadog synthetic tests, SLSA provenance, a webpack workflow, VS Code settings, a stock SECURITY.md, plus package/lockfile changes. It also currently conflicts with main in package-lock.json.

A couple of those changes are risky as-is:

  • the webpack workflow runs npx webpack, but this project builds with electron-vite and does not have a webpack config
  • the SLSA workflow signs dummy artifact1 / artifact2 outputs, which would produce misleading provenance
  • the package changes introduce dependency drift unrelated to the workflow files

I'd suggest closing this PR. If there is a specific CI improvement intended here, please open a smaller PR against current main with only that workflow, wired to the actual Hermes build/test commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parvezmosharafbd @pmos69