Eric Bickle
Eric Bickle
In the next 'breaking change' release, would it be possible to modify the package.json dependencies to use peer dependencies instead of direct dependencies? - Having `pino-pretty` as a required dependency...
### Describe the issue The release notes for version 1.6.4 fixed two vulnerabilities that are missing CVEs, and as a result are not found by GitHub Dependabot or other tools...
**Describe the user need** When running `snyk-api-import`, archived/renamed/deleted packages from the SCM provider are deactivated in Snyk. While this makes sense as a the default behavior, having a `--delete` argument...
- `node -v`: v16.13.1 - `npm -v`: 8.5.1 - OS: Microsoft Windows 10 Version 21H2 - Command run: `git clone https://github.com/snyk-tech-services/snyk-api-import.git` ### Expected behaviour Repository should be usable on Windows...
Generated dependency graphs contain a `job.correlator` field used to differentiate submissions from different workflows. * **sbt-dependency-submission** sets the correlator to [`"${githubWorkflow()}_${githubJobName()}_${githubAction()}"` ](https://github.com/scalacenter/sbt-dependency-submission/blob/7c0a35abc472b4bfef5226f60513d1f011e1dc50/sbt-plugin/src/main/scala/ch/epfl/scala/SubmitDependencyGraph.scala#L169) * The GitHub **dependency submission toolkit** for JavaScript...
I'm looking to deploy dependency-review-action using a [required workflow](https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging) to ensure that all developers are aware of dependency issues when pull requests are opened. Since the required workflow rule will...
Fixes #817 #### Summary When the parameter `warn-only` is set to `true`, allow a pull request comment to be created when `comment-summary-in-pr` is set to `on-failure`. #### Testing The action...
**Is your feature request related to a problem? Please describe.** I'd like the dependency review action to have an option to create a commit status check to indicate the success...
**Description of the issue** The [Oracle Call Interface (OCI)](https://www.oracle.com/ca-en/database/technologies/appdev/oci.html) is the main low-level C API for Oracle databases. CodeQL lacks coverage for it, particularly for SQL injection sinks. While I...
Fixes #19764 * Allow queries to be extended using a new `sql-injection` Models as Data (MaD) sink kind for C/C++. * Add `sql-injection` sink models for the Oracle Call Interface...