Elliotte Rusty Harold
Elliotte Rusty Harold
Why/where do we use json-smart? It looks unmaintained and risky. Can we just remove/replace it?
Looks like we should be able to remove this dependency completely. Less dependencies --> less security bugs
Can you resolve conflicts and repush?
Absolutely nothing should be merged on a failing build. A failing build blocks everything.
clsoing since it doesn't seem to be an issue in the dependency plugin
We do want to restrict namespaces when parsing 4.0.0 files to only the specifically allowed namespaces and no namespace at all. But we should not allow arbitrary strings.
I've been pushing this for a long time, and the longer we wait the harder it gets to do. I'm not sure it can be done in 5.0
Nothing should be deployed with the 4.0 namespace as it hasn't been released yet. If something is, I can live with that breakage. Of course, once 4.0 is released, it...
FYI, a quick check of my inbox shows I've been raising red flags on this since at least 2019.
Digging into the code, I now notice that we're keying off of the namespace to select the model version, which means in the future we won't be able to change...