Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
oheger-bosch created a review comment on a pull request on oss-review-toolkit/ort
I assume this is possible, but this means that the interaction with the cache would also have to be changed. The cache is populated with the JSON representation of the package metadata. If `parseYa...
sschuberth created a branch on oss-review-toolkit/ort
pub-funtest-update - A suite of tools to automate software compliance checks.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
To add to that, the naming in this case actually does not matter too much as these classes are not directly used via their auto-generated serializers, but the `DependencyMapSerializer` constructs t...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Hmm. The [link](https://dart.dev/tools/pub/dependencies#hosted-packages) IMO docuemnts three forms of hosted packages: 1. With a scalar value: ``` dependencies: transmogrify: ^1.4.0 ``` ...
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9296?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Yes 👍🏻 I've inlined it now as well.
sschuberth pushed 11 commits to pub-imps oss-review-toolkit/ort
- deps: update dependency io.github.pdvrieze.xmlutil:serialization to v0.90.2 06537b2
- deps: update dependency org.cyclonedx:cyclonedx-core-java to v9.1.0 8c103c4
- fix(spdx-utils): Accept the "no patent" exception See e.g. [1], which is marked as an exception. [1]: https://scanc... 9d0873c
- feat(fossid): Make FossID sensitivity configurable Add the option for the user to specify the sensitivity for a Foss... e5c6e0c
- chore: Align custom kotlinx-serializers to be objects, part 2 This is a follow-up to 9607cd0 for code that was merge... e1a572c
- docs(pub): Add links to dependency types Signed-off-by: Sebastian Schuberth <[email protected]> d5800ea
- chore(pub): Order dependency classes as in the linked documentation Signed-off-by: Sebastian Schuberth <sebastian@do... 9d079d4
- fix(pub): Use the correct property name for own package repositories The property is called `hosted`, not `url`, see... d1e040f
- refactor(pub): Reduce code by delegating to the default serializer Signed-off-by: Sebastian Schuberth <sebastian@dou... 4fe082e
- chore(pub): Simplify deserializing dependencies The dependencies node itself is never a scalar, so the code can be s... 84d6fd1
- chore(pub): Handle dependency types in the same order as documented Signed-off-by: Sebastian Schuberth <sebastian@do... 3aa5736
renovate[bot] pushed 22 commits to renovate/major-mavenresolver oss-review-toolkit/ort
- build(gradle): Remove unused Ktor version catalog entries This is a fixup for fb36bec. Signed-off-by: Sebastian Sch... 085020f
- test(cli): Remove a Gradle project analysis This specific test does not add value over the tests in the respective G... 6a8a46c
- fix(gradle): Also check for non-empty resolution alternatives Starting with Gradle 8.2, a property that defines if a... bca9748
- build(gradle): Update transitive commons-io versions Avoid CVE-2024-47554 by manually updating transitive commons-io... 1d9c188
- deps: update kotlin monorepo to v2.0.21 89af4ed
- test(pnpm): Drop the unsupported `workspaces` property When running `pnpm` in the project directory of the `workspac... 79ea2e6
- deps: update ksp to v2.0.21-1.0.25 0b82618
- deps: update dependency ch.qos.logback:logback-classic to v1.5.10 d67369d
- deps: Update the gradle-maven-publish-plugin to version 0.30.0 b4523c9
- fix(maven): Correctly convert repositories When resolving artifacts using a `ProjectBuilder`, remote repositories fr... acfb440
- test(pub): Update expected results Signed-off-by: Sebastian Schuberth <[email protected]> bb336f0
- deps: update dependency ch.qos.logback:logback-classic to v1.5.11 b54962b
- fix(gradle-plugin): Guard `dependencyResolutionManagement` usage Do not use that feature before it was added in Grad... 47f73b4
- fix(pub): Properly end the input structure when parsing specs Signed-off-by: Sebastian Schuberth <sebastian@doubleop... 0d99de2
- refactor(pub): Port the lockfile parsing to KxS Signed-off-by: Frank Viernau <[email protected]> Signed-off-by:... 831b113
- chore(clearly-defined)!: Make `CoordinatesSerializer` internal This is only used in `Coordinates.kt` of the same mod... 4470675
- chore: Align custom kotlinx-serializers to be objects Emphasize that there never will be multiple instances of these... 9607cd0
- deps: update dependency io.github.pdvrieze.xmlutil:serialization to v0.90.2 06537b2
- deps: update dependency org.cyclonedx:cyclonedx-core-java to v9.1.0 8c103c4
- fix(spdx-utils): Accept the "no patent" exception See e.g. [1], which is marked as an exception. [1]: https://scanc... 9d0873c
- and 2 more ...
sschuberth opened a pull request on oss-review-toolkit/ort
ci(release): Increase the timeout for creating the staging repository
Creating the Sonatype staging repository occasionally fails with a timeout, therefore increase it from the default 1 minute [1] to 5 minutes. [1]: https://vanniktech.github.io/gradle-maven-publi...
sschuberth created a branch on oss-review-toolkit/ort
increase-sonatype-timeout - A suite of tools to automate software compliance checks.
sschuberth created a comment on an issue on oss-review-toolkit/ort
Thanks for the report! A fix is [underway](https://github.com/oss-review-toolkit/ort/pull/9295). > Using the logs in CI/CD systems without distributing secrets to all users with read access. Just...
sschuberth opened a pull request on oss-review-toolkit/ort
fix(cli): Remove credentials from environment variables
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294.
sschuberth pushed 1 commit to no-print-credentials oss-review-toolkit/ort
- fix(cli): Remove credentials from environment variables Do not expose any credentials, e.g. when included in proxy U... aff2fda
sschuberth created a branch on oss-review-toolkit/ort
no-print-credentials - A suite of tools to automate software compliance checks.
wkl3nk created a comment on an issue on oss-review-toolkit/ort
I am using `ModGo`, and also have an issue with the percent encoding. From ort-result.zip: ``` id: "Go::github.com/quic-go/quic-go:0.40.0" purl: "pkg:golang/github.com%2Fquic-go%[email protected]" ...
mpreu opened an issue on oss-review-toolkit/ort
Mask proxy credentials in log output
### What is the existing functionality and how should it be enhanced? In version `35.0.0`, with log level `info`, a summary of relevant environment variables is printed: ```bash Environment varia...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
The link you provided points to the short form, which uses a primitive type to specify the `url` in a more compact way.
fviernau created a review comment on a pull request on oss-review-toolkit/ort
copied from the docs: ``` environment: sdk: '>=2.14.0 < 3.0.0' dependencies: transmogrify: hosted: name: transmogrify url: https://some-package-server.com version...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
can this be simplified to `input.node.yamlMap` ?
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Hosted packages can be represented in multiple ways. The link above only points to one of the representations. There is a way to specify a `url` for hosted dependencies. So, the data class sh...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
just question, not sure if idea is good: If the return type was `PackageJson?`, then it would be more easy to write the test. (e.g. without the `parseAndCheckJson()`, but with a visible assertion ...