package-feeds
package-feeds copied to clipboard
ossf
Feed parsing for language package manager updates
PyPI deprecated the `changelog` XMLRPC response (https://warehouse.pypa.io/api-reference/xml-rpc.html#changelog-since-with-ids-false) which now returns an error. This code needs to be moved to `changelog_since_serial` (https://warehouse.pypa.io/api-reference/xml-rpc.html#changelog-since-serial-since-serial). Furthermore, we need to make the "since" parameter an...
Hello from the OpenSSF Security Insights team! Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express things like...
After fixes for #139, remaining packages that still cause timeouts all have very large response data sizes (e.g. 6MB)
Something that was mentioned as part of #26 was the possibility of adding a package-url to the output. This could follow the [`purl-spec`](https://github.com/package-url/purl-spec), which would allow downstream consumers to use...
Background: As more vulnerabilities to continue to be discovered in packages and libraries that are present in various distributions, practitioners working across their organizations need a single place to query...
RubyGems has a stable API for consuming versions changes that can be paginated across all the results in a 7 day timeframe. This should be more reliable than RSS for...
I saw OOM errors occurring at 256Mb and bumped the memory limit to 512Mb to see if that would mitigate the issue. While the errors are less frequent, they still...
Currently errors which occur during polling or publishing at a package level are logged, resulting in a generic `pollErr/pubErr`, with the given packages data being lost whilst the remaining packages...
This PR adds a feed to monitor a list of github repository for releases and produce them for the publisher. Whilst this is not the only feed to make use...
With #123 & #132 error handling has been made a lot more granular, in certain cases at a per package level. In cases where a poll or publish process fails...