You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are currently forcing code signing in PRs by forcing CSC_FOR_PULL_REQUEST: true in the publish.yml workflow. This raises the warning
There are serious security concerns with CSC_FOR_PULL_REQUEST=true (see the CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)
Additionally I disabled Yarn's hardened mode with YARN_ENABLE_HARDENED_MODE: 0 which warns
➤ YN0000: Yarn detected that the current workflow is executed from a public pull request. For safety the hardened mode has been enabled.
➤ YN0000: It will prevent malicious lockfile manipulations, in exchange for a slower install time. You can opt-out if necessary; check our documentation for more details.
We should evaluate what's the actual risk here.
The text was updated successfully, but these errors were encountered:
We are currently forcing code signing in PRs by forcing
CSC_FOR_PULL_REQUEST: truein thepublish.ymlworkflow. This raises the warningAdditionally I disabled Yarn's hardened mode with
YARN_ENABLE_HARDENED_MODE: 0which warnsWe should evaluate what's the actual risk here.
The text was updated successfully, but these errors were encountered: