2.0 dev threat modeling petras suggestions #760
+380,308
−1,654
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Steve Springett <[email protected]>
Signed-off-by: Aki <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds third-party Python library files to a virtual environment directory, specifically installing the htmlmin, dataclasses-json, and click packages. These appear to be dependencies for a documentation generation tool related to threat modeling and data governance schemas.
Changes:
- Added htmlmin 0.1.12 package files for HTML minification functionality
- Added dataclasses-json 0.5.14 package files for JSON serialization of dataclasses
- Added click 8.1.7 package files for command-line interface creation
Reviewed changes
Copilot reviewed 99 out of 2785 changed files in this pull request and generated 11 comments.
| File | Description |
|---|---|
| docgen/json/venv/lib/python3.12/site-packages/htmlmin/* | HTML minification library source files and package metadata |
| docgen/json/venv/lib/python3.12/site-packages/dataclasses_json/* | JSON dataclass serialization library source files and package metadata |
| docgen/json/venv/lib/python3.12/site-packages/click/* | CLI framework library source files and package metadata |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| :param remove_optional_attribute_quotes: When True, optional quotes around | ||
| attributes are removed. When False, all attribute quotes are left intact. | ||
| Defaults to True. | ||
| :param conver_charrefs: Decode character references such as & and . |
There was a problem hiding this comment.
Parameter name 'conver_charrefs' appears to be a typo; should be 'convert_charrefs' to match the function signature at line 39.
Suggested change
| :param conver_charrefs: Decode character references such as & and . | |
| :param convert_charrefs: Decode character references such as & and . |
|
|
||
| Options are passed into this class at initialization time and are then | ||
| persisted across each use of the instance. If you are going to be minifying | ||
| multiple peices of HTML, this will be more efficient than using |
There was a problem hiding this comment.
Corrected spelling of 'peices' to 'pieces'.
Suggested change
| multiple peices of HTML, this will be more efficient than using | |
| multiple pieces of HTML, this will be more efficient than using |
| :returns: A string containing the minified HTML. | ||
|
|
||
| This is the simplest way to use an existing ``Minifier`` instance. This | ||
| method takes in HTML and minfies it, returning the result. Note that this |
There was a problem hiding this comment.
Corrected spelling of 'minfies' to 'minifies'.
| return self._parser.result | ||
|
|
||
| def finalize(self): | ||
| """Finishes current input HTML and returns mininified result. |
There was a problem hiding this comment.
Corrected spelling of 'mininified' to 'minified'.
Suggested change
| """Finishes current input HTML and returns mininified result. | |
| """Finishes current input HTML and returns minified result. |
Comment on lines
+35
to
+36
| import re | ||
|
|
There was a problem hiding this comment.
The 're' module is imported twice (lines 28 and 35). Remove the duplicate import on line 35.
Suggested change
| import re |
Comment on lines
+58
to
+61
| 'htmlmin decorator does accept positional arguments') | ||
| elif len(args) > 1: | ||
| raise RuntimeError( | ||
| 'htmlmin decorator does accept positional arguments') |
There was a problem hiding this comment.
Error message is misleading: should say 'does not accept' instead of 'does accept'.
Suggested change
| 'htmlmin decorator does accept positional arguments') | |
| elif len(args) > 1: | |
| raise RuntimeError( | |
| 'htmlmin decorator does accept positional arguments') | |
| 'htmlmin decorator does not accept positional arguments') | |
| elif len(args) > 1: | |
| raise RuntimeError( | |
| 'htmlmin decorator does not accept positional arguments') |
|
|
||
| parser.add_argument('-s', '--remove-empty-space', | ||
| help=( | ||
| '''When set, this removes empty space betwen tags in certain cases. |
There was a problem hiding this comment.
Corrected spelling of 'betwen' to 'between'.
|
|
||
| parser.add_argument('--remove-all-empty-space', | ||
| help=( | ||
| '''When set, this removes ALL empty space betwen tags. WARNING: this can and |
There was a problem hiding this comment.
Corrected spelling of 'betwen' to 'between'.
|
|
||
| parser.add_argument('-k', '--keep-pre-attr', | ||
| help=( | ||
| '''HTMLMin supports the propietary attribute 'pre' that can be added to elements |
There was a problem hiding this comment.
Corrected spelling of 'propietary' to 'proprietary'.
Suggested change
| '''HTMLMin supports the propietary attribute 'pre' that can be added to elements | |
| '''HTMLMin supports the proprietary attribute 'pre' that can be added to elements |
| help=( | ||
| '''By default, the contents of 'pre', and 'textarea' tags are left unminified. | ||
| You can specify different tags using the --pre-tags option. 'script' and 'style' | ||
| tags are always left unmininfied. |
There was a problem hiding this comment.
Corrected spelling of 'unmininfied' to 'unminified'.
Suggested change
| tags are always left unmininfied. | |
| tags are always left unminified. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed in ticket, this PR updates the data and governance schemas:
cyclonedx-data-2.0.schema.jsonwith merged data classification (secret/restricted) and expanded data categories plus richer data object metadata (format/protocol/schema).