Skip to content

merge progress from open.inf.is repo fork #1267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 45 commits into from
May 23, 2024
Merged

merge progress from open.inf.is repo fork #1267

merged 45 commits into from
May 23, 2024

Conversation

DerekNonGeneric
Copy link
Member

i wanted to bring these changes back here and add something like the below image to the main page

image

like the footer from jekyllrb.com

image

@sweep-ai Sweep AI
Copy link
Contributor

sweep-ai bot commented May 20, 2024

Sweep: PR Review

Sweep is currently reviewing your pr...

@socket-security Socket Security
Copy link

socket-security bot commented May 20, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] environment Transitive: filesystem, shell +12 3.14 MB ai
npm/[email protected] Transitive: environment, filesystem, shell, unsafe +52 6.76 MB ludovicofischer
npm/[email protected] environment, filesystem, shell 0 8.03 kB dsherret
npm/[email protected] unsafe Transitive: environment, filesystem +47 7.83 MB mattdsteele
npm/[email protected] Transitive: environment, filesystem +14 1.96 MB unsoundscapes
npm/[email protected] None 0 7.17 kB contra
npm/[email protected] Transitive: environment, eval, filesystem +41 3.84 MB nmccready
npm/[email protected] Transitive: environment, filesystem, shell, unsafe +99 2.2 MB phated
npm/[email protected] Transitive: environment +58 1.76 MB wooorm
npm/[email protected] None +5 114 kB wooorm
npm/[email protected] None 0 16.5 kB stormwarning
npm/[email protected] environment Transitive: eval, filesystem, unsafe +84 6.45 MB ybiquitous

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

socket-security bot commented May 20, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Protestware/Troll package npm/[email protected]
  • Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node -e "try{require('./_postinstall')}catch(e){}" || exit 0
Install scripts npm/[email protected]
  • Install script: postinstall
  • Source: node ./install.js
Install scripts npm/@biomejs/[email protected]
  • Install script: postinstall
  • Source: node scripts/postinstall.js

View full report↗︎

Next steps

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@DerekNonGeneric
Copy link
Member Author

DerekNonGeneric commented May 20, 2024
edited
Loading

as many of you know, we have plenty of work to go around and not really enough people available to do it and this is the kind of work that excites me personally, so let's dig in (we'll see how far we get tonight)

let's first address the notice above, which is bout socket detecting protestware, which should be long over-due for fixes

i think for a while we did not address this since it did not affect us, but i want this fixed already and i know that we can do so

i am going to do this by looking for the package in question in our package-lock.yaml:

openinf.github.io/pnpm-lock.yaml

Line 1348 in 57aec26

[email protected]:

okay, this seems like it goes all the way back to a dependency of the published version of @openinf/util-text

if we can simply use the repo in its current state (or a branch like next) rather than published version, we seem like we will be out of the woods here — i am going to work on something like that next if anyone wants to peep that, y'all can check:

🔗 https://github.com/OpenINF/openinf-util-text#readme

deepsource-autofix bot and others added 26 commits May 20, 2024 19:36
@deepsource-autofix @OpenINFbot @DerekNonGeneric
ci: update .deepsource.toml #15
ef0ada7 
This pull request updates `.deepsource.toml`.

PR-URL: https://github.com/OpenINF/open.inf.is/pull/15
Reviewed-by: OpenINF-bot <[email protected]>
Reviewed-by: Derek Lewis <[email protected]>

---------

Signed-off-by: OpenINF-bot <[email protected]>
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
Co-authored-by: OpenINF-bot <[email protected]>
@DerekNonGeneric @OpenINFbot
🏗🔧:update post-start.fish for regular pnpm #16
8b60fbd 
PR URL: https://github.com/OpenINF/open.inf.is/pull/16/
Signed-off-by: Derek Lewis <[email protected]>
Signed-off-by: OpenINF-bot <[email protected]>
Co-authored-by: OpenINF-bot <[email protected]>
@DerekNonGeneric
📦✨:migrate to pnpm 9 #17
ef396f7 
Refs: https://github.com/OpenINF/open.inf.is/pull/16
PR URL: https://github.com/OpenINF/open.inf.is/pull/17
Reviewed-by: OpenINF-bot <[email protected]>
@DerekNonGeneric
🏗✨:re-implement tasks using yaml format #18
8dd5678 
PR URL: https://github.com/OpenINF/open.inf.is/pull/18
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
📦🚮:rm @iktakahiro/markdown-it-katex #19
6418e59 
This dependency is flagged by synk and unmaintained.

PR URL: https://github.com/OpenINF/open.inf.is/pull/19
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
📦🚮:rm zx #20
16de030 
PR URL: https://github.com/OpenINF/open.inf.is/pull/20
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
135442a 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric
📦✨:refresh package.json metadata #23
1e5956a 
PR URL: https://github.com/OpenINF/open.inf.is/pull/23
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗✨:really migrate to @biomejs #21
fc1f5b5 
PR URL: https://github.com/OpenINF/open.inf.is/pull/21
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
build(deps-dev): bump all
3ae3d91 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
build(deps-dev): bump % [email protected] #25
5752407 
PR URL: https://github.com/OpenINF/open.inf.is/pull/25
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
2c63d13 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
chore(deps): bump all
a969583 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
841b9ae 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric
🏗🔧:roll back to ruby 3.3.0 #30
be632c0 
Refs: https://github.com/OpenINF/open.inf.is/pull/28
PR URL: https://github.com/OpenINF/open.inf.is/pull/30
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗✨:create main build task - build portal #31
66d295d 
PR URL: https://github.com/OpenINF/open.inf.is/pull/31
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric @restyled-commits
📖 🔧:doc production build task #32
edbb684 
PR URL: https://github.com/OpenINF/open.inf.is/pull/32
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
Co-authored-by: Restyled.io <[email protected]>
@DerekNonGeneric
📖 🔧:fix site footer content #33
e0912b2 
Refs: https://github.com/OpenINF/open.inf.is/pull/32
Refs: https://dev.to/tlakomy/creating-a-safe-external-html-link-whats-the-deal-with-nofollow-noopener-norefferer--5a4i
PR URL: https://github.com/OpenINF/open.inf.is/pull/33
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
chore(deps): bump all
8ebbc40 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
574a307 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric @OpenINFbot
chore(deps): bump all #38
0af964d 
PR URL: https://github.com/OpenINF/open.inf.is/pull/38
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Derek Lewis <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Derek Lewis <[email protected]>
Co-authored-by: OpenINF-bot <[email protected]>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
19f518e 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric
🏗✨:fully integrate dprint & prettier #37
68e7b4a 
PR URL: https://github.com/OpenINF/open.inf.is/pull/37
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗🔧:fix misc deepsource js errors #41
b14b229 
PR URL: https://github.com/OpenINF/open.inf.is/pull/41
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric @OpenINFbot
chore(deps): bump all #42
9af7360 
PR URL: https://github.com/OpenINF/open.inf.is/pull/42
Reviewed-by: OpenINF-bot <[email protected]>
Reviewed-by: Derek Lewis <[email protected]>

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Derek Lewis <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Derek Lewis <[email protected]>
Co-authored-by: OpenINF-bot <[email protected]>
@DerekNonGeneric
🏗🔧:add deepsource exclude pattern for pnpm #44
24ff152 
PR URL: https://github.com/OpenINF/open.inf.is/pull/44
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
DerekNonGeneric and others added 19 commits May 20, 2024 19:36
@DerekNonGeneric
📄🔧:fix goals section of README.md #22
40a06ef 
PR URL: https://github.com/OpenINF/open.inf.is/pull/22
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗✨:add robust css/scss check tasks #46
b291cb2 
PR URL: https://github.com/OpenINF/open.inf.is/pull/46
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
chore(deps): bump all
f6902e1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric
🏗✨:add liquid-html parser support & format html+liquid #50
47d8170 
PR URL: https://github.com/OpenINF/open.inf.is/pull/50
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
232c5d4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric
🏗✨:upgrade ruby-build on post-create #52
e3ea749 
Fixes: https://github.com/OpenINF/open.inf.is/issues/49
PR URL: https://github.com/OpenINF/open.inf.is/pull/52
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗🔧:make portal buildable #54
1e8b7aa 
PR URL: https://github.com/OpenINF/open.inf.is/pull/54
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🎨✨:refresh community forums icons #57
3c7c300 
PR URL: https://github.com/OpenINF/open.inf.is/pull/57
Reviewed-by: OpenINF-bot <[email protected]>
Acked-by: Grimes <[email protected]>
Cc: Jorge Bucaran <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@deepsource-autofix @DerekNonGeneric
style: format code with Prettier and RuboCop #58
eb7cadf 
PR URL: https://github.com/OpenINF/open.inf.is/pull/58
Co-authored-by: deepsource-autofix[bot] <62050782+deepsource-autofix[bot]@users.noreply.github.com>
@DerekNonGeneric
🎨🚮:rm _includes/assets/img/svg/community-icons directory
514dfbb 
Refs: https://github.com/OpenINF/open.inf.is/pull/57

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
🏗✨:fully integrate rubocop (almost) #60
371a91e 
PR URL: https://github.com/OpenINF/open.inf.is/pull/60
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric @OpenINFbot
📖 ♻️:refactor into pages for everything else #59
b974701 
PR URL: https://github.com/OpenINF/open.inf.is/pull/59
Reviewed-by: OpenINF-bot <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
Co-authored-by: OpenINF-bot <[email protected]>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
873eaf6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
4550571 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate @DerekNonGeneric
chore(deps): lock file maintenance
7d34022 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@DerekNonGeneric @OpenINFbot
🏗✨:add scssify task #56
63219f4 
succinctly, much left still desired (critical scss, clean, image optim,
etc.), but adds dual-use scssify task representing a strong start to
asset optimization pipeline(s)

> open-ended amphibian tasks for our agents, pls
> — @OpenINFbot

Refs: https://twitter.com/DerekNonGeneric/status/1784893846171615561

PR URL: https://github.com/OpenINF/open.inf.is/pull/56
Reviewed-by: OpenINF-bot <[email protected]>
Thanks: Grimes <[email protected]>
Cc: Jorge Bucaran <[email protected]>

---------

Signed-off-by: Derek Lewis <[email protected]>
Co-Authored-By: OpenINF-bot <[email protected]>
@DerekNonGeneric
📄🔧:fix to use temp location hosted logogram
71c7045 
N.B.: our whole collection of brand assets
deserve full representation+treatment asap

Signed-off-by: Derek Lewis <[email protected]>
@DerekNonGeneric
💄🔧:enable no-file-name-consecutive-dashes rule #69
7b3ca52 
PR URL: https://github.com/OpenINF/open.inf.is/pull/69
Reviewed-by: OpenINF-bot <[email protected]>
Cc: Jorge Bucaran <[email protected]>
Cc: Princess Irulen <[email protected]>

--------

Signed-off-by: Derek Lewis <[email protected]>
@deepsource-autofix @DerekNonGeneric
style: format code with Prettier and RuboCop
de53b87 
This commit fixes the style issues introduced in c714225 according to the output
from Prettier and RuboCop.

Details: None
@DerekNonGeneric DerekNonGeneric mentioned this pull request May 22, 2024
Merged
9 tasks
@OpenINFbot OpenINFbot merged commit 3f90285 into OpenINF:live May 23, 2024
10 of 13 checks passed
@DerekNonGeneric
Copy link
Member Author

another good footer from https://emberjs.com

image

"Generously supported" sounds better!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OpenINFbot OpenINFbot OpenINFbot approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DerekNonGeneric @OpenINFbot