Skip to content

Commit 1067769

Browse files
committed
chore: widen git-shield allowlist for remaining website false positives
Markdown-wrapped/bare tonymenu.app mentions, the landing page's CDN/font includes, Starlight's stock diataxis.fr links, and the @astrojs/starlight import specifier were still tripping the PII scanner. Also glob-ignore the website's binary image assets, whose raw bytes occasionally get misread as a person's name.
1 parent 5fe5073 commit 1067769

2 files changed

Lines changed: 15 additions & 1 deletion

File tree

.pii-allowlist

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,16 @@ registry[.]npmjs[.]org
174174
^2026-02-01T
175175

176176
# ── TonyMenu marketing site (website/) public domains and doc links ──
177-
^https?://([a-z0-9-]+\.)*tonymenu\.app(/.*)?$
177+
# Unanchored: also matches wrapped in markdown bold/backticks, or bare
178+
# hostname with no scheme (e.g. shown as plain text in the landing page).
179+
https?://([a-z0-9-]+\.)*tonymenu\.app(/[^\s*`]*)?
180+
([a-z0-9-]+\.)*tonymenu\.app(/[a-z0-9_-]*)?
178181
^https?://([a-z0-9-]+\.)*astro\.build(/.*)?$
179182
^https?://astro\.badg\.es(/.*)?$
183+
# Third-party CDN/font includes used by the landing page.
184+
^https?://fonts\.googleapis\.com(/.*)?$
185+
^https?://fonts\.gstatic\.com(/.*)?$
186+
^https?://cdnjs\.cloudflare\.com(/.*)?$
187+
# Starlight starter template boilerplate (create-astro default content).
188+
^https?://(www\.)?diataxis\.fr(/.*)?$
189+
^@astrojs/starlight(/.*)?$

git-shield.toml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,9 @@ ignore_globs = [
99
# (opencollective.com, github.com/sponsors/*) that the PII scanner
1010
# mistakes for sensitive data. Not secrets, regenerated on every bump.
1111
"website/package-lock.json",
12+
# Binary image/marketing assets: raw bytes occasionally misread as a
13+
# person's name by the PII scanner. No text content to leak.
14+
"website/public/assets/*.jpg",
15+
"website/src/assets/*.webp",
1216
]
1317
allowlist_paths = [".pii-allowlist"]

0 commit comments

Comments
 (0)