-
Depending upon your definition of "dependency", you'll always depend upon `third-party-packages`, thus `dependencies-lists` will always be required.
Writing a python package, you depend upon the py…
-
The following errors were reported by 5.5.0-dev.20240414
[Pipeline that generated this bug](https://typescript.visualstudio.com/TypeScript/_build?definitionId=48)
[Logs for the pipeline run](https://t…
-
There are several instances where you might legitimately want to include a package with a security advisory in your project. Quite often, upgrading to a newer secure version of a package may be diffic…
-
# Issue Metrics
| Metric | Value |
| --- | ---: |
| Average time to first response | 19:17:49.004149 |
| Average time to close | 1 day, 3:10:56.204947 |
| Number of items that remain open | 53 |
| Nu…
-
Can you please share following log while you are installing the extension
- F1 > Developer: Set Log Level... > Trace
- Reproduce the issue
- Share F1 > Open View... > Shared
- Shar…
-
# Description
We can backport some changes from GDS and their improved way of doing package management.
CDS documentation on patch management: https://github.com/cds-snc/platform-sre-security-suppor…
-
Hi @davidtheclark @ChristianMurphy @transitive-bullshit, thanks for this remark-lint plugin, very useful!
Would you be open to upgrading to `check-links@^2.0.0`?
It addresses a security vulnerab…
-
At the moment, Snyk runs when the button on the Actions screen is pushed (it used to run when a PR was created / updated with new commits, but that was disabled in PR #607). It would be helpful if we…
-
**Description**
`docker-compose config` formats the `published` port as a string, this can be a problem when parsing this output.
This starts to happen in 2.3.0.
In [documentation](https:…
-
jruby-complete bundles snakeyaml, which is receiving considerable attention at the moment because it contains an as of yet unpatched java serialization related arbitrary code execution vulnerability. …