You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
jdt.ls should store gradle wrapper checksums at build time, so it can work offline.
Then there would be no need to remotely fetch checksums for past wrapper releases, only for the new ones, between 2 jdt.ls releases. That would help avoiding false-positive detections like redhat-developer/vscode-java#1492, due to connection issues
The text was updated successfully, but these errors were encountered:
Since buildship won't auto run the embedded gradle-wrapper.jar in local user workspace, it's unnecessary to put the validator in the importer job. Please correct me if i'm wrong.
Since buildship won't auto run the embedded gradle-wrapper.jar in local user workspace, it's unnecessary to put the validator in the importer job. Please correct me if i'm wrong.
Ping again.
If it's not appropriate for open discussion, would you mind forwarding the original security report email to me? thanks. // @fbricon
Wrapper verification should be optional, or at least provide the ability to disable it for those who opt-out. Some teams use a GitHub action, for example, to only validate on CI.
jdt.ls should store gradle wrapper checksums at build time, so it can work offline.
Then there would be no need to remotely fetch checksums for past wrapper releases, only for the new ones, between 2 jdt.ls releases. That would help avoiding false-positive detections like redhat-developer/vscode-java#1492, due to connection issues
The text was updated successfully, but these errors were encountered: