gradle/wrapper-validation-action
1
0
Fork 0
mirror of https://github.com/gradle/wrapper-validation-action synced 2024-11-23 17:22:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #11 from friederbluemle/update-project

Browse source 
Fix typo
This commit is contained in:
Jonathan Leitschuh 2020-01-22 21:25:19 -05:00 committed by GitHub
commit e7f83badee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -98,6 +98,5 @@ Thumbs.db
__tests__/runner/*
lib/**/*
.idea
.idea/
*.iml

4
README.md
View file

@ -15,7 +15,7 @@ Searching across GitHub you can find many pull requests (PRs) with helpful title
Many of these PRs are contributed by individuals outside of the organization maintaining the project.
Many maintainers are incredibly grateful for these kinds of contributions as it takes an item off of their backlog.
We assume that most maintainers do not consider the security implications of accepting the Gradle Wrapper binary from an external contributors.
We assume that most maintainers do not consider the security implications of accepting the Gradle Wrapper binary from external contributors.
There is a certain amount of blind trust open source maintainers have.
Further compounding the issue is that maintainers are most often greeted in these PRs with a diff to the `gradle-wrapper.jar` that looks like this.
@ -42,7 +42,7 @@ The goal is to prevent homoglyph attacks which may be very difficult to spot in
## Usage
Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
Simply add this action to your workflow **after** having checked out your source tree and **before** running any Gradle build:
```yaml
uses: gradle/wrapper-validation-action@v1