Kurt Boberg

Note - reporter is asking for behavior closer to https://github.com/kyoh86/exportloopref Original rule is based on known-noisier behavior of https://github.com/kyoh86/looppointer Remediation should be "add rule for exportloopref" and replace this rule...

the fact that this needs an explicit string cast is....annoying - can we add this to docs?

FWIW, it looks like I improved this rule before leaving and it no longer has a leading ellipsis: ```yaml rules: - id: react-dangerouslysetinnerhtml patterns: - pattern-either: - pattern: | -...

the following representation covers `params`, `cookies` (excluding tamper-resistant cookies), and `request.env` ```yaml - pattern-either: - pattern: | cookies[...] - patterns: - pattern: | cookies. ... .$PROPERTY[...] - metavariable-regex: metavariable: $PROPERTY...

see https://pipenv-fork.readthedocs.io/en/latest/advanced.html#using-pipenv-for-deployments for background info

@minusworld is this something that we need to work on CI enforcement of? Should we be tracking that with this ticket or a separate one?

adding a +1 to this - star-importing is not generally considered idiomatic Java due to namespace cluttering (and depending on the library may introduce vulnerable code or exploit primitives unnecessarily).

@1lyasam please pull in latest or remove pipfile changes from this PR

@PhanThanhTam0408 please sign the CLA - we can't accept this contribution without it.

Opened a bug for this publish issue - it looks like we don't create PRs for YAML-targeted stuff correctly.