Ajmal Kottilingal
Ajmal Kottilingal
The from_string() method does not parse purls with dependencies specified properly. Steps to recreate: - Parse: `pkg:npm/@promster/[email protected]([email protected])([email protected])` - Will return: `{'type': 'npm', 'namespace': '@promster', 'name': '[email protected]([email protected])(typescript', 'version': '4.9.4)', 'qualifiers': None,...
Hey team! Been away for a while, but very glad to see that the tool has come really far these past few months! I've been doing some experiments on speeding...
Adding support for the `/repos/{owner}/{repo}/dispatches` endpoint that allows us to dispatch custom webhook events from repositories to trigger workflows. See more here: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-a-repository-dispatch-event
Since the `yarn` lock file does not contain dependency information about the root project, the tool flattens all the transitive dependencies and represents them as direct dependencies of the root...
Hi, In a multi-module gradle project, if ONE of the sub-projects don't have version defined, the tool inaccurately attributes that to at least one of the other sub-projects too. Example...
**Describe the bug** Calling `getRef().delete()` does not respect the base URL set in .withEndpoint() when creating the OAuth client. It uses `api.github.com` by default. While this would work in production,...
Hello! Currently, if the root project and one of the sub-projects have the same name, group and same/no version specified), cdxgen will ignore the sub-project and only run the dependencies...