-
Hi,
We notice that you are using topic names from ROS parameters at the following locations:
https://github.com/fictionlab/pincher_arm/blob/8c1f6fbdd7b9995ad57ba652f95ce8ad97d7b382/pincher_arm_bri…
-
## Problem
As you know, **supply-chain attacks** are a big problem for the JavaScript ecosystem.
Although Deno already has a [well-thought-out permissions system](https://docs.deno.com/runtime/f…
-
Hi,
We notice that you are using topic and service names from ROS parameters, e.g. at the following locations:
https://github.com/skasperski/navigation_2d/blob/noetic/nav2d_navigator/src/RobotNavi…
-
Hi,
We notice that you are using topic names from ROS parameters at the following locations:
https://github.com/rst-tu-dortmund/costmap_converter/blob/e8c1d2c8c8d5e34b1980062e28e4a4dc1817bade/src/…
-
## What is the Problem Being Solved?
As discussed in [Trojan Source Attacks](https://trojansource.codes/) aka CVE-2021-42574 and CVE-2021-42694, there's a risk that code we depend on is modified ma…
-
**Describe the problem**
When you use Gnome software it will complain that the RPM package isn't signed. This isn't the end of the world but it got me thinking about security and resistance to supply…
-
In 3 installers (java, node, ruby), the install.sh script includes a step where a script is curl'ed and piped into bash:
https://github.com/devcontainers/features/blob/7a3a9c5fcaa59cf4d7dbbcece47094…
-
### Steps to reproduce
Hi! I package this project for Arch Linux.
For some time now, the prebuilt application bundle vendors a (currently) one year old prebuilt version of `kitinerary-extractor` (…
dvzrv updated
10 months ago
-
**Is your feature request related to a problem? Please describe.**
To improve security of Presidio and to avoid potential supply chain attacks, the project should apply at least one dynamic analysi…
-
Hi,
We notice that you are using topic names from ROS parameters at the following locations:
https://github.com/tork-a/visualization_rwt/blob/6a14ae64aeebe52854a5711816aa56fc0bffe6c6/rwt_moveit/no…