You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SR-11190 SwiftPM should integrate with Github's security advisories
Issue Description:
For a healthy ecosystem it would be important for a package to be able to mark certain versions as unsupported/deprecated. It's a reasonable assumption that package authors ship for security updates for a number of releases but it's probably unreasonable to always expect them to ship security updates for all releases ever released.
One idea would be to push tags such as 1.0-unsupported which could signify that 1.0.x is now totally unsupported and SwiftPM should output a warning if it is required to build a deprecated version given the constraints.
Another option would be to put a file on the default branch (usually master) that contains all deprecated versions.
The text was updated successfully, but these errors were encountered:
Additional Detail from JIRA
md5: 29247768d0b83ae5382b87405fa454b4
relates to:
Issue Description:
For a healthy ecosystem it would be important for a package to be able to mark certain versions as unsupported/deprecated. It's a reasonable assumption that package authors ship for security updates for a number of releases but it's probably unreasonable to always expect them to ship security updates for all releases ever released.
One idea would be to push tags such as
1.0-unsupported
which could signify that 1.0.x is now totally unsupported and SwiftPM should output a warning if it is required to build a deprecated version given the constraints.Another option would be to put a file on the default branch (usually
master
) that contains all deprecated versions.The text was updated successfully, but these errors were encountered: