GitHub

Install dev dependencies of transitive workspace packages when targeting a single package

Currently, uv sync does not install the dev dependencies of transitive workspace packages when targeting a single package. Some existing issues mention to use --all-packages, which we do during local ...
The Hacker News

Securing Open Source: Lessons from the Software Supply Chain Revolution

The software supply chain has become a prime target for cyberattacks, with incidents like SolarWinds and Log4j demonstrating the critical vulnerabilities inherent in today's development ecosystems.
Business Wire

Binary Risk Hunt: A Free Vulnerability Scanner With SBOMs

LOS ANGELES--(BUSINESS WIRE)--Binarly, provider of the industry-leading AI-powered firmware and software supply chain security platform, today unveiled Binary Risk Hunt with advanced capabilities and ...
IEEE

Update operation and partition dependency in distributed database systems

Abstract: Partition dependency is a data allocation constraint in distributed database systems. It has been shown that this constraint can be used to speed up query processing. However, some update ...
IEEE

Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem

Abstract: Third-party libraries with rich functionalities facilitate the fast development of JavaScript software, leading to the explosive growth of the NPM ecosystem. However, it also brings new ...
GitHub

Transitive dependency versions getting conflated with parent dependencies (such as xstream -> mxparser)

Some new vulnerabilities were added to the database w.r.t. XStream versions earlier than 1.4.16. That's of course a good thing. However, even after updating the XStream dependency to version 1.4.16, ...