Skip to content

Commit 6323368

Browse files
mtrezzamtrezza
authored
docs: fix typo in CONTRIBUTING
1 parent 65c2d2c commit 6323368

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

CONTRIBUTING.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -456,15 +456,15 @@ If the commit reverts a previous commit, use the prefix `revert:`, followed by t
456456
457457
#### Local Testing
458458
459-
Fixes for securify vulnerabilities are developed in private forks with a closed audience, inaccessible to the public. A current GitHub limitation does not allow to run CI tests on pull requests in private forks. Whether a pull requests fully passes all CI tests can only be determined by publishing the fix as a pull request and running the CI. This means the fix and implicitly information about the vulnerabilty are made accessible to the public. This increases the risk that a vulnerability fix is published, but then cannot be merged immediately due to a CI issue. To mitigate that risk, before publishing a vulnerability fix, the following tests needs to be run locally and pass:
459+
Fixes for securify vulnerabilities are developed in private forks with a closed audience, inaccessible to the public. A current GitHub limitation does not allow to run CI tests on pull requests in private forks. Whether a pull requests fully passes all CI tests can only be determined by publishing the fix as a public pull request and running the CI. This means the fix and implicitly information about the vulnerabilty are made accessible to the public. This increases the risk that a vulnerability fix is published, but then cannot be merged immediately due to a CI issue. To mitigate that risk, before publishing a vulnerability fix, the following tests needs to be run locally and pass:
460460
461461
- `npm run test` (MongoDB)
462462
- `npm run test` (Postgres)
463463
- `npm run madge:circular` (circular dependencies)
464464
- `npm run lint` (Lint)
465465
- `npm run definitions` (Parse Server options definitions)
466466
467-
### Merging
467+
#### Merging
468468
469469
A current GitHub limitation does not allow to customize the commit message when merging pull requests of a private fork that was created to fix a security vulnerabilty. Our release automation framework demands a specific commit message syntax which therefore cannot be met. This prohibits to follow the process that GitHub suggest, which is to merge a pull request from a private fork directly to a public branch. Instead, after [local testing](#local-testing), a public pull request needs to be created with the code fix copied over from the private pull request.
470470

0 commit comments

Comments
 (0)