Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
renovate[bot] opened a pull request on oss-review-toolkit/ort
deps: update dependency com.autonomousapps:dependency-analysis-gradle-plugin to v2.3.0
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [com.autonomousapps:dependency-analysis-gradle-plugin](https://redi...
renovate[bot] created a branch on oss-review-toolkit/ort
renovate/dependencyanalysisplugin - A suite of tools to automate software compliance checks.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
I've checked, and `getVulnerabilityIdsForPackages()` returns a success-result with empty lists, not a failure-result, in the case of blank names or versions.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Good question, I have no idea. Maybe it depends on the approach (branches vs. sub-directories) chosen for major version bumps? The only purl for a Go package with a major version > 1 I could fin...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Could this lead to an "invalid request" response?
fviernau pushed 6 commits to yarn-simplifcations oss-review-toolkit/ort
- deps: update actions/setup-java digest to 8df1039 bc94e33
- deps: update actions/setup-node digest to 39370e3 17767fb
- deps: update actions/checkout digest to 11bd719 d2cfce1
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... fc2dd4b
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 0384e2f
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 33aeb8d
fviernau pushed 3 commits to yarn-simplifcations oss-review-toolkit/ort
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... 04b94d8
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 0dfe910
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 0744817
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
While I agree that these tests are special in the sense that they do not test our code, but perform sanity checks on the test suite data, I'm not sure if it makes things better to use require condi...
sschuberth closed a pull request on oss-review-toolkit/ort
deps: update actions/checkout digest to 11bd719
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `eef6144` -> `...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
> can we then drop all the details testing and just assert that "https://github.com/advisories/GHSA-38q7-2rwv-hhrw" is amongst the returned keys? We could, but I simply wanted to align with the ...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
For simplicity, I'd prefer to drop them. Nothing should go wrong without these checks in place.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Because I would have needed to add a third one that allows to construct a `VulnerabilitiesForPackageRequest` from only a `Package` with a `purl`, but felt that this was too much overhead, so went t...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Maybe put this in an `onSuccess {}` instead?
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Commit message: The part "from other child classes of `Npm`, once they get refactored to not inherit from `Npm` anymore" reads a bit funny because if they don't inherit anymore, they're also no chi...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Commit message: - "unsucessful" -> "unsuccessful" - "shouldn't" -> "doesn't"
renovate[bot] pushed 25 commits to renovate/actions-checkout-digest oss-review-toolkit/ort
- refactor(model): Move `RootLicenseMatcherTest` to the correct package Signed-off-by: Sebastian Schuberth <sebastian@... 1151e95
- refactor(model)!: Rename a class to `PathLicenseMatcher` The name `RootLicenseMatcher` was confusing as not necessar... 131c130
- docs(model): Improve `LicenseFilePatterns` docs Add class docs and slightly reword property docs, also reducing sent... 786aba4
- refactor(model): Make `LicenseFilePatterns` properties sets This better reflects that duplicates make no sense. Sig... 6c7a4b1
- refactor(model)!: Rename a `LicenseFilePatterns` property `rootLicenseFilenames` sounded too much as if it would tak... d1fa585
- chore(model)!: Remove old plugin config aliases The old names were deprecated more than a year ago, so it should be ... e4e8396
- deps: update ksp to v2.0.21-1.0.26 d169fae
- feat(spdx): Deal with cycles in dependency relations Circular dependency relations caused the SPDX package manager t... c9d2a49
- docs(model): Clarify in a test what a "clean" purl is supposed to be Signed-off-by: Sebastian Schuberth <sebastian@d... 1219605
- chore(model): Nest purl tests in preparation for adding more tests Signed-off-by: Sebastian Schuberth <sebastian@dou... d2dd061
- chore: Align on "purl" spelling for Package URLs That seems to be the official spelling, see [1]. [1]: https://gith... 4814301
- refactor(model): Move purl-related tests to `PurlExtensionsTest` Signed-off-by: Sebastian Schuberth <sebastian@doubl... 7f07648
- chore(model): Remove a few redundant purl tests Qualifiers are already tested as part of provenance conversion. Sig... 2c79d17
- fix(model): Rework purl conversion according to the specs Implement the pseudo-algorithm described at [1]. Most impo... b1740ef
- test(model): Test against the official purl test suite data The data has been copied from [1]. [1]: https://github.... 419b42b
- docs(yarn): Re-align the docs with the function This is a fix-up for ad9a363. Signed-off-by: Frank Viernau <frank_v... 02192a3
- docs(yarn): Add information about the mentioned network issue Signed-off-by: Frank Viernau <[email protected]> 0460948
- refactor(npm): Allow `getRemotePackageDetails()` to return `null` Prepare for an upcoming change that signals that p... 771a6a5
- refactor(yarn): Use a more speaking name for `output` This function is not suitable for parsing the JSON objects on ... 8e90a79
- refactor(yarn): Extract `extractDataNodes()` Avoid code duplication in an upcoming change. Signed-off-by: Frank Vie... 26703f9
- and 5 more ...
sschuberth pushed 1 commit to main oss-review-toolkit/ort
- deps: update actions/setup-node digest to 39370e3 17767fb