Dany Marques
06/28/2022, 10:07 AMMatt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Dany Marques
06/28/2022, 10:28 AMMatt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Dany Marques
06/28/2022, 11:46 AMDany Marques
06/28/2022, 11:47 AMDany Marques
06/28/2022, 11:47 AMMatt (pactflow.io / pact-js / pact-go)
Yousaf Nabi (pactflow.io)
They don’t care if it’s a devdep or dep.That is bad sec practise, as it gets people worried about the wrong thing imo. Hope you are sorted now, but the sec team will have to understand that open source projects do not have necessarily have SLA's for user's issues, and blocking your entire pipeline for code outside your control is a serious risk.
Yousaf Nabi (pactflow.io)
Yousaf Nabi (pactflow.io)
Timothy Jones
06/28/2022, 1:22 PMTimothy Jones
06/28/2022, 1:23 PMDany Marques
06/28/2022, 4:40 PMMatt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Matt (pactflow.io / pact-js / pact-go)
Boris
06/29/2022, 6:18 AMTimothy Jones
06/29/2022, 7:32 AM