Skip to content

Commit

Permalink
tools: update undici CPE in vuln checking script
Browse files Browse the repository at this point in the history
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
  • Loading branch information
facutuesca authored and juanarbol committed Oct 11, 2022
1 parent 4ee8ac3 commit 5d5971c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion tools/dep_checker/dependencies.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]:
version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv")
),
"undici": Dependency(
version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici"
version=vp.get_undici_version(),
cpe=CPE(vendor="nodejs", product="undici"),
npm_name="undici",
),
"OpenSSL": Dependency(
version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")
Expand Down

0 comments on commit 5d5971c

Please sign in to comment.