Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): upgrade open-vulnerability-clients #506

Merged
merged 1 commit into from
Apr 24, 2023
Merged

build(deps): upgrade open-vulnerability-clients #506

merged 1 commit into from
Apr 24, 2023

Conversation

jeremylong
Copy link
Contributor

  • nvd-lib, gh-advisory-lib, and data-source have been combined into open-vulnerability-clients
  • Several imports have been updated as classes were moved
  • NvdCveApi has been repackaged as NvdCveClient
  • Unit tests have been updated to correctly compare double values

In addition to the above changes, the updated open-vulnerability-clients has improved the error handling for both the GHSA and NVD APIs.

@jeremylong
Copy link
Contributor Author

I'll update the PR to resolve the errors within a day or two.

@jeremylong
build(deps): upgrade open-vulnerability-clients
821cd5c 
- `nvd-lib`, `gh-advisory-lib`, and `data-source` have been combined into `open-vulnerability-clients`
- `NvdCveApi` has been repackaged as `NvdCveClient`
- Several imports have been updated as classes were moved
- Unit tests have been updated to correctly compare doubles

Signed-off-by: Jeremy Long <jeremy.long@gmail.com>
@jeremylong jeremylong force-pushed the scratch/update.openvulnerability branch from 7656289 to 821cd5c Compare April 24, 2023 10:22
@nscuro
Copy link
Member

nscuro commented Apr 24, 2023

Thanks for the PR @jeremylong, much appreciated!

The failures appear to be due to flakiness of the workflow. All tests succeed locally. The second failure was related to SonarCloud. I just triggered it again, let's see what happens.

nscuro
nscuro approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@nscuro nscuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Failure of CI pipeline is due to SonarCloud not supporting analysis of PRs from forks.

@nscuro nscuro added enhancement New feature or request domain/vuln-mirroring labels Apr 24, 2023
@nscuro nscuro merged commit 102875b into DependencyTrack:main Apr 24, 2023
10 of 11 checks passed
@jeremylong
Copy link
Contributor Author

@nscuro I will be submitting another PR in a day or two. I wasn't happy with the Float data types not being precise (duh) in the unit tests. The open-vulnerability-clients version 4.0.1 has been released that changed all the Float data types to BigDecimal and added data feeds for the CISA Known Exploited Vulnerability Catalog and First's EPSS data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
domain/vuln-mirroring enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jeremylong @nscuro