Jamie Magee
Jamie Magee
@xens I would like to do it, but I don't have time right now. If you're interested in implementing it soon, I can provide support.
Yesterday's announcement makes this much easier to do now: https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/
After some further investigation, I am going to use Open Source Vulnerabilities' API instead. It's supported by Google and the Open Source Security Foundation, and collates vulnerability information from GitHub's...
I wanted to go with Open Source Vulnerabilities (OSV) over GitHub Security Advisories (GHSA) because OSV is a superset of GHSA. Mapping the OSV schema to a relational database doesn't...
I found an offline document database[^1], with a mongo-like interface that I've based my experiment around. I've renamed my `ghsa-offline` project to `osv-offline`[^2], and I'm ready to start initial integration...
Thanks @oliverchang. I was out sick last week, so haven't had a chance to check out your new bulk API yet, but will do soon.
Unfortunately, no meaningful update yet. I've been busy with other things and haven't had time to dedicate to the open PR recently. The intention is to bring vulnerability alerts to...
@fabb I'm moving this to draft while we're waiting for your response.
Yeah, this should be possible. We already have this functionality for bumping the version in `package.json` using the `bumpVersion` option, so extending this to work with helm shouldn't be too...
@viceice is correct. We do not apply any auth tokens at initial clone of submodules, only when checking for updates. Submodules are [cloned here](https://github.com/renovatebot/renovate/blob/9f2e761b4ff06072e9703b184bb7688501440e52/lib/util/git/index.ts#L316-L329) and [updated here](https://github.com/renovatebot/renovate/blob/9f2e761b4ff06072e9703b184bb7688501440e52/lib/manager/git-submodules/update.ts#L16). But before we...