KEMBAR78
:bug: trip surrounding quotes that may have been added by extractCommand by gcanlin · Pull Request #4736 · ossf/scorecard · GitHub
Skip to content

🐛 trip surrounding quotes that may have been added by extractCommand #4736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 10, 2025
Merged

🐛 trip surrounding quotes that may have been added by extractCommand #4736

merged 2 commits into from
Sep 10, 2025

Conversation

gcanlin
Copy link
Contributor

@gcanlin gcanlin commented Aug 1, 2025
edited
Loading

What kind of change does this PR introduce?

bug fix
(Is it a bug fix, feature, docs update, something else?)

What is the current behavior?

What is the new behavior (if this is a feature change)?**

  • URLs surrounded by single quotes ('https://example.com') are properly detected

  • URLs surrounded by double quotes ("https://example.com") are properly detected

  • URLs without quotes continue to work as before

  • Proper pinning validation now works for all quote styles

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #4733

Special notes for your reviewer

Does this PR introduce a user-facing change?

No.

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

:bug: trip surrounding quotes that may have been added by extractCommand

@gcanlin gcanlin requested a review from a team as a code owner August 1, 2025 06:53
@gcanlin gcanlin requested review from justaugustus and spencerschrock and removed request for a team August 1, 2025 06:53
@gcanlin gcanlin temporarily deployed to integration-test August 1, 2025 20:27 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Aug 1, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.87%. Comparing base (353ed60) to head (36bd789).
⚠️ Report is 232 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4736      +/-   ##
==========================================
+ Coverage   66.80%   67.87%   +1.06%     
==========================================
  Files         230      249      +19     
  Lines       16602    19075    +2473     
==========================================
+ Hits        11091    12947    +1856     
- Misses       4808     5268     +460     
- Partials      703      860     +157
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

spencerschrock
spencerschrock reviewed Aug 1, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change looks reasonable for the linked issue, I just need to check something out my comment week when I have more time.

@github-actions
Copy link

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added the Stale label Aug 13, 2025
@github-actions github-actions bot closed this Sep 3, 2025
@spencerschrock
Copy link
Member

Back from vacation, going through my backlog from before and reopenning stale PRs

@spencerschrock spencerschrock reopened this Sep 3, 2025
@github-actions github-actions bot removed the Stale label Sep 4, 2025
@spencerschrock spencerschrock enabled auto-merge (squash) September 10, 2025 21:12
@spencerschrock spencerschrock merged commit 705137c into ossf:main Sep 10, 2025
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees

No one assigned

Labels

None yet

Projects

OpenSSF Scorecard
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BUG: Pinned-Dependency for downloadThenRun finding when GitHub Raw Commit Hash Used

2 participants

@gcanlin @spencerschrock