Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
wkl3nk opened a draft pull request on oss-review-toolkit/ort
fix(vulnerable-code): Fix search for Go package vulnerabilities
For Go packages, both the namespace and name may contain path segments separated by a "/" character. The purl specification requires these "/" characters to be percent-encoded in the namespace and ...
github-actions[bot] published a release on oss-review-toolkit/ort
https://github.com/oss-review-toolkit/ort/releases/tag/36.0.0
## What's Changed ### Breaking Changes 🛠 - 447067538eb8fe507e71371481159c7875251a26 chore(clearly-defined)!: Make `CoordinatesSerializer` internal ### Bug Fixes 🐞 - 03b4ed943b9e7b66aad00db0c46f13...
sschuberth created a tag on oss-review-toolkit/ort
36.0.0 - A suite of tools to automate software compliance checks.
sschuberth closed an issue on oss-review-toolkit/ort
Mask proxy credentials in log output
### What is the existing functionality and how should it be enhanced? In version `35.0.0`, with log level `info`, a summary of relevant environment variables is printed: ```bash Environment varia...
sschuberth pushed 1 commit to main oss-review-toolkit/ort
- fix(cli): Remove credentials from environment variables Do not expose any credentials, e.g. when included in proxy U... 03b4ed9
sschuberth closed a pull request on oss-review-toolkit/ort
fix(cli): Remove credentials from environment variables
Do not expose any credentials, e.g. when included in proxy URLs. Fixes #9294.
sschuberth pushed 2 commits to pub-imps oss-review-toolkit/ort
- refactor(pub): Reorder classes into packages Remove the `utils` package and move its only class to the root. In exch... 45fe73d
- refactor(pub): Only use a single shared YAML instance Signed-off-by: Sebastian Schuberth <[email protected]> b93a23b
oheger-bosch created a review comment on a pull request on oss-review-toolkit/ort
I have implemented the proposal; `parseYarnInfo` now returns a `PackageJson`.
sschuberth created a review on a pull request on oss-review-toolkit/ort
LGTM. @fviernau please dismiss / approve if you don't have any further objections.
sschuberth pushed 3 commits to no-print-credentials oss-review-toolkit/ort
- ci(release): Increase the timeout for creating the staging repository Creating the Sonatype staging repository occas... bac154a
- test(pub): Update expected results Signed-off-by: Sebastian Schuberth <[email protected]> 64dc2c1
- fix(cli): Remove credentials from environment variables Do not expose any credentials, e.g. when included in proxy U... b4319eb
sschuberth pushed 9 commits to pub-imps oss-review-toolkit/ort
- ci(release): Increase the timeout for creating the staging repository Creating the Sonatype staging repository occas... bac154a
- test(pub): Update expected results Signed-off-by: Sebastian Schuberth <[email protected]> 64dc2c1
- chore: Align custom kotlinx-serializers to be objects, part 2 This is a follow-up to 9607cd0 for code that was merge... c1d57a8
- docs(pub): Add links to dependency types Signed-off-by: Sebastian Schuberth <[email protected]> ee33a49
- chore(pub): Order dependency classes as in the linked documentation Signed-off-by: Sebastian Schuberth <sebastian@do... 6113bbf
- fix(pub): Use the correct property name for own package repositories The property is called `hosted`, not `url`, see... 587e557
- refactor(pub): Reduce code by delegating to the default serializer Signed-off-by: Sebastian Schuberth <sebastian@dou... 63ede13
- chore(pub): Simplify deserializing dependencies The dependencies node itself is never a scalar, so the code can be s... 189e5fa
- chore(pub): Handle dependency types in the same order as documented Signed-off-by: Sebastian Schuberth <sebastian@do... a8c986f
sschuberth created a review on a pull request on oss-review-toolkit/ort
LGTM. @fviernau please dismiss / approve if you don't have any further objections.
sschuberth created a comment on an issue on oss-review-toolkit/ort
> I don't want to open discussions if this is valid or not, but there is a point in saying "the / character is used to separate the parts that build up a purl, and for this reason, if a namespace o...
sschuberth pushed 1 commit to main oss-review-toolkit/ort
- test(pub): Update expected results Signed-off-by: Sebastian Schuberth <[email protected]> 64dc2c1
wkl3nk opened an issue on oss-review-toolkit/ort
VulnerableCode returns no findings for Go packages
### Describe the bug I am scanning a project with `ModGo` ORT package manager. One dependency is _quic-go_, release 0.40.0 , which definitely has vulnerability findings in the [VulnerableCode](ht...
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9297?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
sschuberth pushed 1 commit to main oss-review-toolkit/ort
- ci(release): Increase the timeout for creating the staging repository Creating the Sonatype staging repository occas... bac154a
sschuberth closed a pull request on oss-review-toolkit/ort
ci(release): Increase the timeout for creating the staging repository
Creating the Sonatype staging repository occasionally fails with a timeout, therefore increase it from the default 1 minute [1] to 5 minutes. [1]: https://vanniktech.github.io/gradle-maven-publi...
sschuberth created a comment on a pull request on oss-review-toolkit/ort
Merging this despite the unrelated `funTtest-docker` failure.