You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependabot alerts are up to 300, from 23 about a year ago.
By severity:
Solution
I will work through all alerts for necessary security patches:
Merge any pull requests that don't break the build or any test
Identify and dismiss false positives
Implement upstream patches when feasible
Analyze dependency paths to CVEs and manually update packages as necessary
Non-goals
This work excludes patching Magma source code. In places where an upgrade requires changes to, for example, React code, that is out of scope.
Work beyond 6-8 weeks.
Bid
I estimate this work will take 6-8 weeks. I am asking for $6,000 to perform it.
Note that I am submitting this bid as the first party, under my own name, and not via OSPOCO.
Acceptance:
No upgrades at severity Critical (15) or High (88) will be untriaged. I will either merge a PR, create a PR, or write a ticket when further engineering is needed.
All items at severity Moderate (181) will be reviewed. They will be dismissed when irrelevant, merged when no test is broken, manually upgraded when possible. When none of the above is possible, I will document the reasons for discussion with the TSC.
No items at severity Low (16) will be left.
The text was updated successfully, but these errors were encountered:
Alternate way to package this up: leave no critical or high severity upgrades behind. Every one should have been researched and routed, with trivial work done and non-trivial work in the engineering pipeline.
Problem
Dependabot alerts are up to 300, from 23 about a year ago.
By severity:
Solution
I will work through all alerts for necessary security patches:
Non-goals
This work excludes patching Magma source code. In places where an upgrade requires changes to, for example, React code, that is out of scope.
Work beyond 6-8 weeks.
Bid
I estimate this work will take 6-8 weeks. I am asking for $6,000 to perform it.
Note that I am submitting this bid as the first party, under my own name, and not via OSPOCO.
Acceptance:
The text was updated successfully, but these errors were encountered: