-
Minor thing, but the project is missing lockfiles (yarn or npm)
-
**Describe the bug**
semgrep's semdep elixir/mix parser has a bug where `:git` definitions fail when they do not use the `:tag` checkout option.
See: https://hexdocs.pm/mix/1.14.5/Mix.Tasks.Deps.h…
-
```
$ cargo install cargo-open
Updating registry `https://github.com/rust-lang/crates.io-index`
Downloading cargo-open v0.3.0
Downloading clap v2.19.1
Downloading rustc-serialize v0.3.22
…
-
Apologies if I missed it but I looked through the documentation (README) and found some merge requests on the topic and it looks to me that Syft works with gradle lockfiles but not alternatives to dec…
-
I'm not sure if this is expected behavior, a pdm problem, a sign we're holding pdm wrong, or a sign I'm holding dream2nix wrong--but I noticed that new/removed/renamed groups added to my `pyproject.to…
-
On Logstash versions 6.2.4 and 6.5.4, I have seen reports of the Logstash Persistent Queue failing to acquire a lock on a lockfile, with the message indicating that the lock is already held in the cur…
-
### Summary
Ensure `yarn install` will not update the `yarn.lock` file, and fail if an update is required
### Issue Type
Feature Idea
### Component Name
yarn
### Additional Information
If a `ya…
-
On macOS arm:
```
❯ bun install bufferutil
bun add v1.0.3 (b651b16f)
fish: Job 1, 'bun install bufferutil' terminated by signal SIGSEGV (Address boundary error)
```
Attached lockfile:
[bun.…
-
A lockfile pins a potentially-huge universe of dependencies, and there's several use-cases where _efficiently_ cutting that down to only a smaller applicable set would be handy:
1. debugging/reduci…
huonw updated
1 month ago
-
Hi all
for the Future Teacher project a few of us have regularly been working on a shared LO and although I've known intermittent issues with lockfile previously I've usually blamed others ( like Ali…