Add security advisories for Silverstripe CMS 4.13.0 #688
Conversation
| branches: | ||
| 4.0.x: | ||
| time: 2023-04-26 00:44:05 | ||
| versions: ['>=4.0.0', '<4.12.5'] |
There was a problem hiding this comment.
Those entries for 4.0.x are useless. The range is already covered by you 4.12.x range (in all of them)
There was a problem hiding this comment.
Fair enough, though in that case the readme should probably be updated to clarify what the "branches" information is for. My understanding from what is written is that each affected branch should have its own entry.
Regardless, I'll update the pr to remove the 4.0.x branches tomorrow.
There was a problem hiding this comment.
We need multiple branches only when the issue gets patched in multiple branches and so a single range is not enough. Auditing tools will compare the version you use to those ranges.
There was a problem hiding this comment.
Fair enough. I think the readme should be more explicit about that, but that's another discussion. I'll make the change to orrow as mentioned earlier.
There was a problem hiding this comment.
don't hesitate to open a PR improving the readme :)
There was a problem hiding this comment.
I honestly don't feel like I understand the intention of the "branches" keys well enough to update the readme 😅 I'll leave that to someone who knows this project better.
There was a problem hiding this comment.
4.0.x branches removed
GuySartorelli
force-pushed
the
pulls/master/4.13.0-release
branch
from
044c7d4
to
70a0dfb
Compare
I can do these in separate PRs if you prefer, but I didn't see anything about that in the README so I assume this is okay.