dependabot-core VS reactos

Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)

Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).

Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.

[0] https://github.com/dependabot/dependabot-core/issues/2521

P.S. While this being a powerful and handy tool itself, it is only a part of Dependabot’s capabilities. If you are interested, you’ll find more about them in the GitHub docs.

Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.

- https://github.com/dependabot/dependabot-core

An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle

To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Github’s built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.

I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach

Disclosure: Renovate author

Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.

Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...

Waiting for Yarn v2/v3 support in Dependabot has been a saga.

https://github.com/dependabot/dependabot-core/issues/1297

https://reactos.org/ implement some of the windows API

You can use Rufus: https://rufus.ie/en/

To modify the ISO to turn off hardware check and TPM support for Windows 11 to install it on an unsupported PC.

https://github.com/pbatard/rufus/wiki/FAQ#user-content-Help_...

Besides Linux and BSD Unix there is: https://reactos.org/ https://aros.sourceforge.io/ https://www.haiku-os.org/ and https://www.arcanoae.com/arcaos/

I know some third-world nations still use DOS and the BORLAND DOS compilers because people donate old computers to their nations.

With the right OS, old computers are still usable. Please don't throw them away, e-cycle them so they get used by poor nations that cannot afford new PCs.

ReactOS is sometimes very disappointing. Take the issue with toolbar icons, for example. Toolbar icons in at least Office 97, Office 2000 and Visual Basic 6 were affected, as was some game [0]. Microsoft Office is a complex Win32 application, making it a good guinea pig for testing compatibility. And yet, this was fixed a few months ago, and the Office bug was reported in 2016 [1]. The bug with no text wrapping for tray balloons is also an embarrassing thing to have lingering for years (I assume it was like this since the balloons were first implemented in ReactOS).

Does the world really need a buggy Windows Server 2003 reimplementation? I think the efforts of the development team could be better spent elsewhere.

[0]: https://github.com/reactos/reactos/pull/5227

[1]: https://jira.reactos.org/browse/CORE-12377

Anyone tried ReactOS recently? Supposed to be a clean-room FOSS Windows NT compatible OS.

https://reactos.org/

It's still on my TODO. Mostly cause my parents want XP back.

> It's whitespace. There's wayyyy too much god damn whitespace in modern UIs, and it's awful.

I wanted to see how LibreOffice would compare on my netbook, and frankly it's better than the new Word, but still "worse" than the old version: https://i.imgur.com/cWGYh3M.png

That said, at least LibreOffice lets you have your custom themes and actually offers a variety of different interface layouts, which I think is a nice touch: https://wiki.documentfoundation.org/Videos/User_interface

> Windows 7 with the Classic theme (which really was just a slight evolution over Win2K) was peak UI/UX, and you'll never change my mind. It's been downhill ever since, getting worse and worse with each generation.

To be honest, I'm inclined to agree with this. That's also why I rather enjoyed the Redmond theme even in *nix distros. There's just something so very usable about the old Windows look and more modern attempts, such as SerenityOS https://serenityos.org/ and even ReactOS https://reactos.org/