Andrey Somov
Andrey Somov
@maxandersen I am completely confused when you say "_rewriting the content_". It means that something is already written, and Jackson replaces it with something else. I see how Jackson can...
@cowtowncoder it cannot be the case because SnakeYAML does not wrire `null` as `~ `(unless explicitly instructed, but it is not the case, I studied the source code of Quarkus...
@maxandersen proposed solutions: 1. implement a fix in spotless (to apply the Core schema using SnakeYAML Engine). But I wonder how should spotless know which schema to apply 2. stop...
This is yet another false positive. The issue is very explicit about the untrusted source. Testcontainers use YAML as configuration from the classpath (not downloading it from some external URL...
I have started the migration, but the tests in the main branch failed: ``` * What went wrong: Execution failed for task ':activemq:spotlessJava'. ``` I do not want to make...
@ZachChuba I wonder why the developers tolerate these low quality tooling which create a stream of false positives. @gquintana since testcontainers already uses SafeConstructor, why should the project migrate? What...
@gquintana what is "_Nexus dependency proxy_"? Is is your corporate component? This is nice your understand the point. In this case please do not ask to "improve or fix" testcontainers....
@gquintana well, if the quality of the tooling is known to be low, then the complain should be somewhat different. @PiotrSierkin-Ki is it still an issue? Have you filed a...
@ZachChuba for your information - they do not scan any hashes, they simply check the version. Very primitive. This issue should not have been created, and the community should not...
@ZachChuba can you please amend the title of this issue? It is confusing, it looks like a bug and it mentions _Vulnerable Dependency_ Something like: escape a false positive for...