Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9336?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
renovate[bot] opened a pull request on oss-review-toolkit/ort
deps: update dependency software.amazon.awssdk:s3 to v2.29.0
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [software.amazon.awssdk:s3](https://aws.amazon.com/sdkforjava) | `2...
renovate[bot] created a branch on oss-review-toolkit/ort
renovate/aws-java-sdk-v2-monorepo - A suite of tools to automate software compliance checks.
fviernau pushed 10 commits to pnpm-rewrite oss-review-toolkit/ort
- deps: update actions/setup-java digest to 8df1039 bc94e33
- deps: update actions/setup-node digest to 39370e3 17767fb
- deps: update actions/checkout digest to 11bd719 d2cfce1
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... 6f802f8
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 6999a12
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 1394274
- refactor(npm): Make `getRemotePackageDetails()` handle unsucessful runs This way `getRemotePackageDetails()` shouldn... f584536
- refactor(npm): Move `parseProject()` out of the class Prepare for re-use in an upcoming change. Signed-off-by: Fran... e3ffe11
- refactor(node)!: Move `Pnpm` into its own dedicated package Prepare for adding further `Pnpm` specific classes. Sig... 69895ae
- refactor(pnpm): Make `Pnpm` separate from `Npm` Stop inheriting from `Npm` and rely entirely on the output of `pnpm`... 21eacdd
fviernau pushed 3 commits to main oss-review-toolkit/ort
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... 6f802f8
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 6999a12
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 1394274
fviernau closed a pull request on oss-review-toolkit/ort
npm: Prepare to re-use `parsePackage()` from outside of `Npm`
Move all logger dependencies from `parsePackage()` to the callers, to avoid the need for passing the logger when moving this function outside of `Npm`. And finally perform the move. This prepares f...
sschuberth pushed 1 commit to renovate/dependencyanalysisplugin oss-review-toolkit/ort
- deps: Update the dependency-analysis-gradle-plugin to version 2.3.0 a214d63
codecov[bot] created a comment on a pull request on oss-review-toolkit/ort
## [Codecov](https://app.codecov.io/gh/oss-review-toolkit/ort/pull/9335?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=os...
renovate[bot] opened a pull request on oss-review-toolkit/ort
deps: update dependency com.autonomousapps:dependency-analysis-gradle-plugin to v2.3.0
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [com.autonomousapps:dependency-analysis-gradle-plugin](https://redi...
renovate[bot] created a branch on oss-review-toolkit/ort
renovate/dependencyanalysisplugin - A suite of tools to automate software compliance checks.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
I've checked, and `getVulnerabilityIdsForPackages()` returns a success-result with empty lists, not a failure-result, in the case of blank names or versions.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Good question, I have no idea. Maybe it depends on the approach (branches vs. sub-directories) chosen for major version bumps? The only purl for a Go package with a major version > 1 I could fin...
fviernau created a review comment on a pull request on oss-review-toolkit/ort
Could this lead to an "invalid request" response?
fviernau pushed 6 commits to yarn-simplifcations oss-review-toolkit/ort
- deps: update actions/setup-java digest to 8df1039 bc94e33
- deps: update actions/setup-node digest to 39370e3 17767fb
- deps: update actions/checkout digest to 11bd719 d2cfce1
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... fc2dd4b
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 0384e2f
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 33aeb8d
fviernau pushed 3 commits to yarn-simplifcations oss-review-toolkit/ort
- refactor(npm): Make `getRemotePackageDetails()` handle unsuccessful runs This way `getRemotePackageDetails()` doesn'... 04b94d8
- refactor(npm): Remove a now unnecessary `runCatching()` All implementations of `getRemotePackageDetails()` by now re... 0dfe910
- refactor(npm): Move `parsePackage()` outside of the `Npm` class Prepare for re-using this function from current chil... 0744817
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
While I agree that these tests are special in the sense that they do not test our code, but perform sanity checks on the test suite data, I'm not sure if it makes things better to use require condi...
sschuberth closed a pull request on oss-review-toolkit/ort
deps: update actions/checkout digest to 11bd719
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | digest | `eef6144` -> `...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
> can we then drop all the details testing and just assert that "https://github.com/advisories/GHSA-38q7-2rwv-hhrw" is amongst the returned keys? We could, but I simply wanted to align with the ...
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
For simplicity, I'd prefer to drop them. Nothing should go wrong without these checks in place.
sschuberth created a review comment on a pull request on oss-review-toolkit/ort
Because I would have needed to add a third one that allows to construct a `VulnerabilitiesForPackageRequest` from only a `Package` with a `purl`, but felt that this was too much overhead, so went t...