TheDiveO

> Btw, @thediveo: If adding https://github.com/gsoft-inc/craco to your project(s) is acceptable for you, then you could use [mdx-js/mdx#1870 (comment)](https://github.com/mdx-js/mdx/discussions/1870#discussioncomment-2530611) as a (temporary) workaround … CRACO unfortunately claims only CRA 4.x...

> But anyway—I'm still curious: Did you really need to use the webpack `!@mdx-js/loader!` import syntax in your project(s), @thediveo? I think so, here's an example of it: [integrated help...

That's blocking me from using ginkgo directly with some of its features especially in pipelines, but only via `go test -exec sudo ...`

And another one, where the CVE origins can't get their act correctly and make another mess: a match of `CVE-2015-5237` on google.golang.org/protobuf ... which actually is the golang version, where...

Yet the false positives I reported here are mostly hitting the npm world, except for the lately mentioned protobuf-related Go mod false positive. I find it slightly worrysome that all...

What I'm referring here to is "cross polution", or in older terms, "clan liability", due to what you term "dirty data". As we won't have an ideal world, this means...

@spiffcs https://github.com/thediveo/lxkns should suffice as a test, as it is the guinea pig repo where I tripped over the messed-up CVEs when letting syft+grype on the loose.

So I found that myself, may it be helpful to others (I have to disable server certificate verification at the moment, as I get an "E certificate is valid but...

When you might be getting at this in the future, please give some love also to the `commonname` option: I've found now out that I need to explicitly set this...

As far as I understand the situation with respect to the Kubernetes remote API, this is about the server certificate returned during SSL handshake and checking it against the server's...