New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignore and/or report invalid package names in github security advisories #209
Comments
do you think it makes sense to implement a simple validator-corrector for package name ? |
Thank you, @slash3b! \o/ |
This is already part of upstream composer tooling - I'm wondering if we should somehow notify github security about this problem in their feeds 🤔 |
thank you, @Ocramius ^^ I did ask the one who published advisory to edit it. Waiting for a reply. |
It was corrected. We are good to go \o/ |
Yup, the problem is that this will happen again 😅 |
See https://github.com/Roave/SecurityAdvisories/blob/2762ddacb0bf083e0bdc53eab51361fddced402d/composer.json#L200-L201
GHSA-6gw4-x63h-5499 caused this to break (I had to contact the folks at @Sylius directly to get it fixed).
Basically,
sylius\sylius
was entered instead ofsylius/sylius
.I think we can do two things:
The text was updated successfully, but these errors were encountered: