Craig Andrews

icon indicating a website link https://candrews.integralblue.com icon indicating an email [email protected]

icon location https://candrews.integralblue.com

Results 178 comments of Craig Andrews

fix(general): asteval to version 1.0.6

@gruebel can you please take a look at this security update?

fix(general): asteval to version 1.0.6

@bo156 can you please take a look at this change?

fix(general): asteval to version 1.0.6

I emailed [email protected] again. I'm incredibly disappointed that checkov, which is itself security software, is completely ignoring this security finding.

Nexus RAW Proxy Mishandles URLs with Query Parameters in Version 3.66.0-02

This issue has also been reported at https://ideas.sonatype.com/ideas/IDEAS-I-1449

Unable to load component class org.sonarsource.sonarlint.core.analysis.container.analysis.filesystem.FileIndexer

Thank you for your response! I can't ask all projects to stop using the `io.spring.dependency-management` plugin. So what I'm doing instead is using the plugin to override the commons-lang3 version...

Include status message (reason phrase) in error message

This PR improves the error handling. With yarn 1.22.22, the output is: ``` $ yarn install yarn cache v1.22.22 warning package.json: No license field success Cleared cache. Done in 14.21s....

jgit 7.2.1.202505142326-r

@rpalcolea and others - can you please look at this security issue?

jgit 7.2.1.202505142326-r

https://github.com/eclipse-jgit/jgit/commit/acde6c8f5b538f900cfede9035584fd2ed654154 changed `ApplyCommand` to require the repository to support the `getObjectDatabase` method which `NotNecessarilyGitRepository` doesn't implement (see https://github.com/eclipse-jgit/jgit/commit/acde6c8f5b538f900cfede9035584fd2ed654154#diff-257677dac52357ed18fecaac57b4a18fbf5f6e4b93f20c42e77e650355af2c5eR114), resulting in test failures.