Sebastian Poxhofer
Sebastian Poxhofer
> Then again, our reason for using re2 was to prevent external users (in repo) or other parties (e.g in registries) from DoS'ing us intentionally or by accident. In this...
Looks like they do not support subrepos https://github.com/ossf/scorecard-webapp/blob/f28966e9510138cce79c35d9d3e7a431276e8386/app/server/badge.go#L44
It's not actionable by us right now and blocked by OSSF scorecards API server implementation
IMHO there should definitly be a whitelist of allowed variable keys as this can be for example be used to proxy communication of a hosted app runner through a abitrary...
WDYT about adding a major/schema version tag to `renovate.json`? That way we know from which level to migrate and we can offer upgrades to the current version with the old...
I would simply make this two different presets and each would be separately evaluated.
How a about yet another preset `useConfigSchema` which is added to `config:base`? That schema would add the version of the currently running renovate instance to `renovate.json`. So everybody which uses...
Are you referring to this? > So everybody which uses our default values will be opted-in everybody with customisation will keep the same behaviour as before. The second batch of...
@klutchell Can you check again if this is still the case? Potentially https://github.com/renovatebot/renovate/pull/25490 has already fixed this.
Counter proposal: If `updateArtifacts` signals that updates have happened extract again and compare the result with the initial one. That way we get all information we display currently on PRs.