Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHSA-rjhf-4mh8-9xjq is a duplicate of GHSA-3mv5-343c-w2qg #3085

Open
lukas-braune opened this issue Dec 19, 2023 · 1 comment
Open

GHSA-rjhf-4mh8-9xjq is a duplicate of GHSA-3mv5-343c-w2qg #3085

lukas-braune opened this issue Dec 19, 2023 · 1 comment

Comments

@lukas-braune
Copy link

GHSA-rjhf-4mh8-9xjq is a duplicate of GHSA-3mv5-343c-w2qg and should be revoked as soon as that feature is available.
@lukas-braune lukas-braune mentioned this issue Dec 19, 2023
Closed
@KateCatlin
Copy link
Collaborator

Hi @lukas-braune thanks for reaching out!

Unfortunately we're unable to merge duplicate advisories right now. That's a known issue for us and one we hope to someday address, but it would take a pretty steep engineering investment so it's not on the near-term roadmap. That said, we are tracking advisories we should merge once we have that ability and we've added this one to the list.

If something like this comes up today, we would normally favor the maintainer-generated advisory and withdraw the other. Unfortunately in this particular pairing, the non-maintainer-generated advisory is coming from our friends at RustSec, so withdrawing it means we would lost any updates that RustSec may publish.

TLDR we're not going to take any action on this today, but we acknowledge it is annoying and we are sorry for that.

I'll keep this issue open in case others want to chime in!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KateCatlin @lukas-braune