Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document contributions from external projects which are part of the repository #332

Open
stweil opened this issue Dec 16, 2024 · 1 comment
Open

Document contributions from external projects which are part of the repository #332

stweil opened this issue Dec 16, 2024 · 1 comment
Assignees
@beatrycze-volk
Labels
🛠️ maintenance A task to keep the code up-to-date and manageable.
Milestone
DFG-Viewer 6.2.0

Comments

@stweil
Copy link
Contributor

stweil commented Dec 16, 2024

The repository slub/dfg-viewer includes code and other contributions from external projects, but does not give credits for those projects in its README. There are also no files which document such external dependencies in a way which allows Dependabot or other tools to warn if there are known security issues in the code from those external projects and required security updates.

Known examples (maybe more exist):

  • jquery 3.6.0 (2021)
  • highlight 10.7.2 (2021)
  • Google fonts (2020)
@beatrycze-volk beatrycze-volk self-assigned this Dec 17, 2024
@beatrycze-volk beatrycze-volk added the 🛠️ maintenance A task to keep the code up-to-date and manageable. label Dec 17, 2024
@beatrycze-volk beatrycze-volk added this to the DFG-Viewer 6.2.0 milestone Dec 17, 2024
@beatrycze-volk
Copy link
Contributor

Thanks for mentioning it. Could you link an example here of how such referencing should be made?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@beatrycze-volk beatrycze-volk

Labels
🛠️ maintenance A task to keep the code up-to-date and manageable.
Projects
None yet
Milestone
DFG-Viewer 6.2.0
Development

No branches or pull requests
2 participants
@stweil @beatrycze-volk