Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings. I have already landed 22(!) bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps. Credited "Reported in Joshua's sarif data" if you want to look for yourself
"Sorry, I can't. Under the current administration I don't feel safe and comfortable with traveling to the US so I need to pass. Thanks for asking."
that way! image
Giant company begs tiny Open Source project to graciously spend more of our copious spare time to help them - for free. Apparently the latest #curl release has a build problem on HarmonyOS. What a pity.
Who could have figured out that automatically downloading half the internet and ten thousand always-changing dependencies every time you build could actually be a weakness?