You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think, it would be a huge loss if your patches would be just laying around here without being contributed to the vendors, thereby helping their efforts of closing security loopholes and making the software ecosystem more secure and reliable.
The text was updated successfully, but these errors were encountered:
Hi @benedekh
Thank you for your kind words!
Due to the number of patches we produce + maintainers generally not accepting PRs for unmaintained branches (just an example: mde/ejs#580) - we decided to leave that effort up to the community/maintainers.
If you wish to pull the built artifacts directly, our artifact server is free for open source projects/individuals, and you can automatically apply the patches using the CLI https://github.com/seal-community/cli.
Hi Team,
Thanks for the great work you are doing by patching the (security) vulnerabilities in the open-source projects! 馃帀馃憦馃檹
One quick question: do you contribute these patches back to the vendors or just collect it here?
I've seen that in case of the
ip npm package
you proposed your fixes in a comment of a pull request that fixes the same problem in a different way.However, in case of jackson-databind, I have not seen your proposed fixes in their repository. (Maybe I've missed the PR.)
I think, it would be a huge loss if your patches would be just laying around here without being contributed to the vendors, thereby helping their efforts of closing security loopholes and making the software ecosystem more secure and reliable.
The text was updated successfully, but these errors were encountered: