Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ingest first patched version of security vulnerabilities from the GitHub API #7686

Merged
merged 6 commits into from Nov 15, 2019

Conversation

@scottbommarito
Copy link
Member

scottbommarito commented Nov 8, 2019

We have decided we would like to ingest this field from GitHub as well.

Unfortunately, this means that we also need to introduce logic to compare the existing vulnerable range metadata to the updated vulnerable range metadata, because previously these could not change. If we find that a vulnerable range has been updated, we must mark all packages it applies to as updated as well, so the new first patched version will flow through V3.

@scottbommarito scottbommarito force-pushed the sb-firstpatchedversion branch from c2ebaf2 to 7051e96 Nov 13, 2019
Scott Bommarito added 5 commits Nov 13, 2019
Scott Bommarito
Scott Bommarito
Scott Bommarito
Scott Bommarito
@scottbommarito scottbommarito merged commit 7d1f3ca into dev Nov 15, 2019
2 checks passed
2 checks passed
NuGetGallery - CI #65434 succeeded
Details
license/cla All CLA requirements met.
Details
@scottbommarito scottbommarito deleted the sb-firstpatchedversion branch Nov 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.