You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem with omitting this information is that people tend to ignore advisories that have no actionable fixes.
Perhaps even saying in GHSA that the RustSec advisory referenced may contain actionable fixes as to how to resolve the advisory can help the advisory consumer.
The text was updated successfully, but these errors were encountered:
Follow-Up from: #683 as another issue
We typically strive hard to include actionable advice as to any fixes if any on informational advisories.
Currently GHSA Is omitting to include that actionable advice we've included -
This means when Dependabot raises issue with the repo maintainer they don't really know how to resolve it.
e.g. ansi_term we provided advice as to how to fix it: https://rustsec.org/advisories/RUSTSEC-2021-0139.html
But GHSA omitted this: GHSA-74w3-p89x-ffgh
Problem with omitting this information is that people tend to ignore advisories that have no actionable fixes.
Perhaps even saying in GHSA that the RustSec advisory referenced may contain actionable fixes as to how to resolve the advisory can help the advisory consumer.
The text was updated successfully, but these errors were encountered: