-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add security advisories for Silverstripe CMS 4.13.0 #688
Add security advisories for Silverstripe CMS 4.13.0 #688
Conversation
branches: | ||
4.0.x: | ||
time: 2023-04-26 00:44:05 | ||
versions: ['>=4.0.0', '<4.12.5'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those entries for 4.0.x are useless. The range is already covered by you 4.12.x range (in all of them)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough, though in that case the readme should probably be updated to clarify what the "branches" information is for. My understanding from what is written is that each affected branch should have its own entry.
Regardless, I'll update the pr to remove the 4.0.x branches tomorrow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need multiple branches only when the issue gets patched in multiple branches and so a single range is not enough. Auditing tools will compare the version you use to those ranges.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. I think the readme should be more explicit about that, but that's another discussion. I'll make the change to orrow as mentioned earlier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't hesitate to open a PR improving the readme :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I honestly don't feel like I understand the intention of the "branches" keys well enough to update the readme 😅 I'll leave that to someone who knows this project better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
4.0.x
branches removed
044c7d4
to
70a0dfb
Compare
I can do these in separate PRs if you prefer, but I didn't see anything about that in the README so I assume this is okay.