Jonatan Männchen
Jonatan Männchen
**Is your feature request related to a problem? Please describe.** Lots of projects implement build provenance attestations for their release artifacts. **Describe the solution you'd like** I would like to...
### oidcc version 3.* ### Erlang version * ### Elixir version * ### Summary Figure out a solution to provide a client jwk without also providing a client secret. ###...
### oidcc version main ### Erlang version * ### Elixir version * ### Summary The tests are currently flaky. Investigate the reason. ### Current behavior Test Fail sometimes ### How...
Needed for OpenChain Compliance ## TODO * [ ] Check if Trademark Policy ok for EEF Logos
This issue is here to track improvements whenever we start work on a new major release since it will cause breaking changes. It is not intended to be solved right...
Styles converts certain code like `:timer.minutes(5)` to newer versions like `to_timeout(minute: 5)`, which is awesome. Unfortunately it is less awesome for libraries that still support Elixir Versions older than the...
I just saw that the project did not include the full license. (besides the hint in the README) I though this would be a good time to add some legalese...
OpenSSF publishes a document called ["Principles for Package Repository Security"](https://repos.openssf.org/principles-for-package-repository-security.html) (ossf/wg-securing-software-repos#37) to rate the security of package managers. The list contains a lot of points we should have a look...
Integrate OSV.dev vulnerability database into hex.pm. This PR does the following: * Adds a new table to store vulnerabilities * Adds an updater job, which pulls in all vulnerabilities for...
When the SpdxDocumentFile package manager is used, the *project* and all contained *packages* often resolve to the **same VCS provenance** (e.g. the root of the Git repository). Before this change...