profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/alastairs/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

alastairs/buildprogress 13

This simple and light-weight Visual Studio AddIn displays the progress of the current solution build in the Windows 7 task bar. When a project build fails, the progress bar turns red. When the build has completed, an icon overlay is added to indicate success or failure.

alastairs/BobTheBuilder 11

Can we build it? Yes we can!

alastairs/7in7 2

Tracking my progress through Bruce Tate's book Seven Languages in Seven Weeks

alastairs/alastairs.github.io 1

My personal website.

alastairs/biddr 1

A Bridge bidding system on your smartphone

alastairs/BridgeSolver 1

Skiing Bridge Funnage!!

alastairs/cgowebsite 1

The new CGO website!

alastairs/continuity 1

CAMDUG's Project Continuity

alastairs/continuity_server 1

Rails Server-Side component

starteddot-i/k8s-operator-node

started time in 2 days

startedenvoyproxy/envoy

started time in 3 days

fork davidfowl/AssemblyUnloadableSignalR

Repro of error where SignalR is unable to unload a collectible assembly

fork in 4 days

starteddotnet/aspnetcore

started time in 4 days

starteddotnet/aspnetcore

started time in 4 days

Pull request review commentdavidfowl/AspNetCoreDiagnosticScenarios

fix typo

  ## A note about WebClient -WebClient is considered a legacy .NET API at this point and has been completely superseded by HttpClient. No new code should be written with HttpClient.+WebClient is considered a legacy .NET API at this point and has been completely superseded by HttpClient. No new code should be written with WebClient.

"New code should be written with HttpClient" != "No new code should be written with HttpClient" So maybe "No new code should be written with WebClient" is better😄.

Ruikuan

comment created time in 5 days

Pull request review commentdavidfowl/AspNetCoreDiagnosticScenarios

fix typo

  ## A note about WebClient -WebClient is considered a legacy .NET API at this point and has been completely superseded by HttpClient. No new code should be written with HttpClient.+WebClient is considered a legacy .NET API at this point and has been completely superseded by HttpClient. No new code should be written with WebClient.

There is a 'No' at the start of this sentence; I believe it already says what you think you're making it say by changing it ;)

Ruikuan

comment created time in 5 days

startedashok-khanna/pdf

started time in 6 days

PR opened alastairs/codebork.com

[Snyk] Fix for 1 vulnerabilities

<h3>Snyk has created this PR to fix one or more vulnerable packages in the rubygems dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile

<details> <summary>⚠️ <b>Warning</b></summary>

Failed to update the Gemfile.lock, please update manually before merging.

</details>

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000 <br/> Why? Recently disclosed, Has a fix available, CVSS 3.3 Improper Input Validation <br/>SNYK-RUBY-REXML-1244518 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkMjQ0ZTkyMS02OTc5LTRjOTEtYjg0OC00ZDJmNGYzYzMzMzEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQyNDRlOTIxLTY5NzktNGM5MS1iODQ4LTRkMmY0ZjNjMzMzMSJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+1 -1

0 comment

1 changed file

pr created time in 6 days

startedfluxcd/flux2

started time in 8 days

push eventdavidfowl/AspNetCoreDiagnosticScenarios

David Fowler

commit sha 9c0313ff75f6473e51c520d5fde864ca541d81ac

Update HttpClientGuidance.md

view details

push time in 8 days

push eventdavidfowl/AspNetCoreDiagnosticScenarios

David Fowler

commit sha 90ccf7d3767ad56964f7ae339ce7ae8a9b8037c6

Create HttpClientGuidance.md

view details

push time in 8 days

MemberEvent

issue openeddotnet/announcements

April 2021 .NET Updates

The following .NET updates were released in April 2021. This issue will be updated if there are any additional releases during the month.

<h2>.NET </h2>

<h2>.NET Support Policies</h2> Microsoft support policies are defined in the following documents:

created time in 9 days

issue openeddotnet/announcements

NuGet package restore broken on .NET 5+ with Removal of Trust of Verisign CA

NuGet package restore broken on .NET 5+ with Removal of Trust of Verisign CA

NuGet package signing verification relies on the VeriSign Universal Root Certification Authority as part of establishing a chain-of-trust for NuGet packages. VeriSign Universal Root Certification Authority was recently removed from NSS and ca-certificates packages. This removal effectively breaks NuGet package signing verification, which has the result of breaking the ability to restore NuGet packages.

This break in behavior is only observed with .NET 5 and .NET 6, which have NuGet package verification enabled (and it cannot be disabled). NET 5 NuGet Restore Failures on Linux distributions has been observed on some distros already and we expect it to become pervasive quickly as more distros are updated to include more recent version of NSS and ca-certificates (with the VeriSign CA removed). We are in the process of releasing updated builds of .NET 5 and .NET 6 that have NuGet package verification disabled on Linux and macOS.

We need developers, companies, and commercial providers to install (or otherwise use) updated builds of .NET 5 and .NET 6 if you rely on those .NET versions on Linux. If you adopt the updated .NET versions soon, you should not observe a break in functional behavior, and will be able to confidently update to newer versions of NSS and ca-certificates packages.

Discussion

Please share your feedback on this topic and see what others are saying at:

https://github.com/NuGet/Home/issues/10712

Updated .NET builds

New .NET builds will be provided with NuGet package verification disabled on Linux and macOS. The following are the expected release dates:

  • .NET SDK 5.0.202 -- April 6, 2021.
  • .NET 6 Preview 3 -- April 8, 2021.

New container images will be published for Alpine, Debian, and Ubuntu on both of these dates, for the respective releases.

These builds include significant additional functionality beyond disabling NuGet package verification. We originally planned to release these builds as regular releases for all supported operating systems and architectures, targeting April 13th. We made two changes from our original release plan: earlier release dates and include the change in NuGet functionality for Linux and macOS.

Who is affected

.NET 5+ users will be affected on any operating system that has removed the VeriSign Universal Root Certification Authority. We are maintaining a list of Linux distros that are known to be affected.

nuget.exe is sometimes used on Linux with Mono. This scenario is not affected.

There has been an industry-wide movement to distrust the VeriSign root CA, including companies like Apple, Google, Microsoft, and Mozilla. This may mean that at anytime in the future, Apple and Microsoft can remove VeriSign Universal Root Certification Authority from their trusted root CA list.

Solution

The NuGet team has disabled the package verification feature for macOS and Linux. If needed, we will disable the feature for Windows at a later time. This change will be available in the updated .NET builds covered earlier.

We are also talking to some Linux distro package maintainers to ask them to delay the removal of the VeriSign Universal Root Certification Authority (for code signing only). Even a month of grace would help a lot, to enable .NET users on Linux to adopt the newer .NET 5 and .NET 6 builds.

To clarify, this change does not affect .NET Core 3.1 and earlier versions. It does not affect .NET Framework. It does not affect any .NET functionality on Windows, at least not at this time.

More Context

We observed NuGet Restore Issues on Debian Family Linux Distros in January, 2021. This led us to discover that there has been an industry-wide movement to remove the VeriSign Universal Root Certification Authority.

NuGet has historically relied on two key certificates:

  • NuGet Microsoft Author Signing Certificate Update - Expired January 27th, 2021
  • NuGet.org Repository Signing Certificate Update - Expires April 14th, 2021

After those certificates expire, the NuGet client falls back to timestamp verification, which enables package verification to still function. The timestamp verification relies on VeriSign root certificate authority. The absence of this root certificate authority being available on a machine means that timestamp verification is no longer functional, which causes package signature verification to fail.

Security is very important to us. We are putting together a plan to use a new system that will allow us to re-enable package signing verification on all supported operating systems. We will have more to share on our future plans once we are sure that all systems are once again functional.

.NET 5 NuGet Restore Failures on Linux distributions provides more details on error messages, affected environments, and solutions.

created time in 10 days

MemberEvent
MemberEvent

startedpinterest/gestalt

started time in 10 days

startedARautio/aws-lambda-pdf-generator-puppeteer

started time in 11 days

created repositorycoreyhaines/icon-learning

Repository of code for learning icon. Part of my newsletter project: https://coreyhaines.substack.com/

created time in 12 days

started8T4/c4sharp

started time in 14 days

created repositoryRendleLabs/OverBlaze

Local overlay for OBS etc written with Blazor

created time in 14 days

fork haacked/microsoft-graph-docs

Documentation for the Microsoft Graph REST API

fork in 14 days

PR opened alastairs/codebork.com

[Snyk] Security upgrade github-pages from 207 to 214

<h3>Snyk has created this PR to fix one or more vulnerable packages in the rubygems dependencies of this project.</h3>

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Gemfile

<details> <summary>⚠️ <b>Warning</b></summary>

Failed to update the Gemfile.lock, please update manually before merging.

</details>

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 576/1000 <br/> Why? Recently disclosed, Has a fix available, CVSS 5.6 Deserialization of Untrusted Data <br/>SNYK-RUBY-KRAMDOWN-1087436 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmNzAzNzlkNy0xNzI5LTRhNmItOWJiMS1hZmVmZTRjYjQ5YWIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImY3MDM3OWQ3LTE3MjktNGE2Yi05YmIxLWFmZWZlNGNiNDlhYiJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+1 -1

0 comment

1 changed file

pr created time in 15 days

issue closeddotnet/announcements

Preserve git refspec to local patches and branches after renamed origin's master

For all those who can't pull master, it should have renamed to main.

To preserve refspec to patches and branches, just changing the heads/master to heads/main should work.

[remote "origin"]
	url = https://github.com/dotnet/your-repo
-	fetch = +refs/heads/master:refs/remotes/origin/master
+	fetch = +refs/heads/main:refs/remotes/origin/master
	tagopt = --no-tags
[branch "master"]
	remote = origin
-	merge = refs/heads/master
+	merge = refs/heads/main

Putting this out there, if anyone else facing similar issue with git.

closed time in 16 days

Nirmal4G

fork davidfowl/up-for-grabs.net

This is a list of projects which have curated tasks specifically for new contributors. These issues are a great way to get started with a project, or to help share the load of working on open source projects. Jump in!

https://up-for-grabs.net/

fork in 18 days

issue commentdavidfowl/AspNetCoreDiagnosticScenarios

Recommended handling in ConcurrencyDictionary<string, Task<T>> when task fails

Another approach might be to wrap it like this: https://stackoverflow.com/a/33942013/11635 There's an evolution of that with expiration semantics too (there are some tests if one wanted to port it to C#)

passuied

comment created time in 20 days

startedgitops-working-group/gitops-working-group

started time in 20 days