Thanks Tibor, For [1]: If there are not reliable GitHub Actions, we cannot address CVE in > any way. So to be able to build a release with a CVE fix, we need to have a > build system capable of doing builds. For that is my proposal, to start > having that. >
Yep. I agree that having a build system is an excellent first step on that. My concern is that without all our automation to publish releases, the only suitable option for us would be to do the release manually, which will be a challenge due to the number of artifacts that we also produce with the number of different places that we need to release (VS Code store, Chrome Store, GitHub pages, NPM, etc.)
