Jon

👀 Not sure how much time I can dedicate to that, but what sort of help are you looking for?

Hey @MarkLee131, are you just going off the commit text here or do you have a stronger linkage between this commit and the advisory that you can share?

Hey @JamesMcGhee sorry for the delay, but we've just recently merged in a fix for this. You shouldn't be seeing these erroneous alerts anymore 😄 I'm gonna close this issue...

Following up here with this https://github.blog/changelog/2023-06-19-dependency-graph-dependabot-alerts-and-advisory-database-now-support-swift-advisories/ 🎉

@0xTim question for you; you don't have an example of a swift package hosted somewhere other than github do you? I'm trying to find an example just so we know...

> Have you tried using SSH URLs as well? Those are used sometimes I have not. Please share if you have some examples 👍

These would still refer to the same code though right? I guess someone could setup their own sever and have `https://some_domain/some_path` point to a different set of code than `git@some_domain/some_path`,...

Gotcha. Ya, we're focused not necessarily on http code sources, but on public ones and I have a hard time imagining a scenario where someone hosts of a public code...

Hey all 👋 Quick update on this. I'm gonna close this issue out as we have just recently merged in a fix for this issue. If you see more erroneous...

The short answer is `Sorta`. As of today our data should be considered to refer to objects on maven central only and if the package names and versions happen to...