Commit Graph

6 Commits

Author SHA1 Message Date
Harrison Chase
3c1c7ba672
update branch name in gha (#274) 2022-12-06 22:28:50 -08:00
Steven Hoelscher
98fb19b535
chore: use poetry as dependency manager (#242)
* Adopts [Poetry](https://python-poetry.org/) as a dependency manager
* Introduces dependency version requirements
* Deprecates Python 3.7 support

**TODO**
- [x] Update developer guide
- [x] Add back `playwright`, `manifest-ml`, and `jupyter` to dependency
group

**Not Doing => Fast Follow**
- Investigate single source for version, perhaps relying on GitHub tags
and [tackling this
issue](https://github.com/hwchase17/langchain/issues/26)
2022-12-03 16:42:59 -08:00
Predrag Gruevski
1a95252f00
Use pull_request not pull_request_target in GitHub Actions. (#139)
`pull_request` runs on the merge commit between the opened PR and the
target branch where the PR is to be merged — `master` in this case. This
is desirable because that way the new changes get linted and tested.

The existing `pull_request_target` specifier causes lint and test to run
_on the target branch itself_ (i.e. `master` in this case). That way the
new code in the PR doesn't get linted and tested at all. This can also
lead to security vulnerabilities, as described in the GitHub docs:

![image](https://user-images.githubusercontent.com/2348618/201735153-c5dd0c03-2490-45e9-b7f9-f0d47eb0109f.png)

Screenshot from here:
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
Link from the screenshot:
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2022-11-14 11:34:08 -08:00
Harrison Chase
6cff2837bb
Harrison/fix lint (#80) 2022-11-07 15:22:37 -08:00
Harrison Chase
9679bdc34c
run workflows on forks (#78)
per
https://stackoverflow.com/questions/58221321/is-github-actions-available-on-forked-repositories
2022-11-07 05:53:17 -08:00
Harrison Chase
18aeb72012 initial commit 2022-10-24 14:51:15 -07:00