openvsx
openvsx copied to clipboard
eclipse
An open-source registry for VS Code extensions
Contributes to #468 Use Apache Tika to detect mimetype
Fixes #379 ### Testing steps - Open this PR in Gitpod. - Let Gitpod initialize. This can take 5 - 10 minutes, because it will download 485 `vscode.bat` extensions and...
I downloaded and scanned openvsx-server docker image version 72706d1, and found that it has/uses/references debian libfreetype6 2.9.1-3+deb10u1 (CVE-2020-15999). could you confirm if this is actually used within the image? And...
I downloaded and scanned openvsx-server docker image version 72706d1, and found that it has/uses/references spring-webmvc 5.3.1 (CVE-2022-22965) could you confirm if this is actually used within the image? And if...
I downloaded and scanned openvsx-server docker image version 72706d1, and found that it has/uses/references log4j-core 2.13.3 which is vulnerable (CVE-2021-45046). could you confirm if this is actually used within the...
Fixes #417 ### Testing Steps #### Setup - Open this branch in Gitpod. - Wait until the publisher process has published all test extensions. - Stop the server. - Configure...
ref https://github.com/microsoft/vscode-vsce/pull/732/files There's a new tag `__sponsor_extension` and a new resource `Microsoft.VisualStudio.Code.SponsorLink` Also they added a link to the publisher homepage but that's broken for us because they use the...
From https://github.com/gitpod-io/gitpod/issues/10523 It seems the root cause of that bug is that Web extension resources served from openvsx return an incorrect MIME type For example: - Requesting for https://openvsxorg.blob.core.windows.net/resources/pomdtr/excalidraw-editor/3.0.1/extension/public/static/css/main.9cab4879.chunk.css returns...
More and more we are getting cases where owner want to transfer their extensions to a new namespace. I don’t believe this can be done currently, so what it means...
For now, if you configure an upstream, it aggregates all results, including "local links" and "upstream links". But let say you deploy a private instance of OpenVSX and only granting...
