-
Cargo moves towards using lockfile v4 (https://github.com/rust-lang/cargo/pull/14595).
The current `cargo audit` output for `Cargo.lock` with `version = 4` looks like this:
```
$ cargo audit
F…
-
**Context**
As the VeChain-SDK is a public good, the code is open for anyone to review. VeChain Foundation wants also to get the codebase reviewed by a recognised third-party professional auditor.
**…
-
**Describe the bug**
When supply chain runs encounter an error with pnpm files, in certain cases, the wrong data is added to a DependencyError object, which causes a `ci` run to never report findings…
-
Both anomalies noticed for the `token init` command in #191 are also present in `token cache` command.
I.e.
1) by running `token cache -b 100 -a` the output mentions that all the 68 decks will be…
-
Hey,
I'd like to know if it's possible to run the GitHub Action "[Security and Licence Scan](https://github.com/marketplace/actions/security-and-licence-scan)" for each GitHub's PR CI pipeline and …
-
`black==22.3.0` is a dependency and the version is pinned in spaCy's `requirements.txt`. There is a CVE affecting `black` versions prior to `24.3.0`, specifically CVE-2024-21503 (https://nvd.nist.gov/…
-
Scan through usage of dependencies and look for opportunities to remove dependencies by replacing with self-hosted utilities (with link back to orig source) or newer JDK language features (lambda, etc…
-
### Current Behavior
Running `./gradlew printSemver` crashes with:
```
Could not determine the dependencies of task ':prepareKotlinIdeaImport'.
> Could not create task ':printSemver'.
> Co…
-
# Story
As a user of Galasa I want to know that the latest vulnerability-free versions of the code it depends upon are being used, so I can be more confident in the safety of using the galasa tools an…
-
### New feature motivation
Similar to the secrets checks for the other services (lambda/ec2/ecs/etc), more checks can be implemented
### Solution Proposed
Elastic Beanstalk:
* Configuration files …