Gareth Jones
Gareth Jones
Recently `vue-eslint-parser` v10 has been released which is required by v10 of `eslint-plugin-vue`, but the latest published version of `eslint-plugin-vuejs-accessibility` requires `vue-eslint-parser` - while it's a direct dependency here, its...
Because this plugin [imports `globals` directly at runtime](https://github.com/vue-a11y/eslint-plugin-vuejs-accessibility/blob/main/src/configs/flat/recommended.ts#L2) it should specify it as a dependency - technically, it could be a standard dependency, but I've gone with specifying it as...
Resolves #591
This is focused on just having us generate apps with Rails 8.1 so its doing as little as possible which is why `bin/ci` and `config/ci` are just being removed -...
Currently we generate our nonce with a completely random value each time: ``` config.content_security_policy_nonce_generator = ->(_request) { SecureRandom.base64(16) } ``` However, Rails 8 uses the `request.session.id`: ``` config.content_security_policy_nonce_generator = ->(request)...
[CMSS](https://www.nist.gov/news-events/news/2012/07/software-features-and-inherent-risks-nists-guide-rating-software) is used by the [Drupal ecosystem](https://www.drupal.org/drupal-security-team/security-risk-levels-defined) which we've recently [created a database for](https://github.com/ackama/drupal-advisory-database). My understanding is that there is some overlap with CVSS meaning it could be theoretically possible...