tools: update undici CPE in vuln checking script

This changes the search method for `undici` on the NVD database. Before, since `undici` did not have a CPE assigned, the search was by keyword. Now that a CPE was assigned, it is used to query for new vulnerabilities. PR-URL: #44128 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
nodejs · Aug 15, 2022 · 6c4b2e0 · 6c4b2e0
1 parent 8082c24
commit 6c4b2e0
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/tools/dep_checker/dependencies.py b/tools/dep_checker/dependencies.py
@@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]:
         version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv")
     ),
     "undici": Dependency(
-        version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici"
+        version=vp.get_undici_version(),
+        cpe=CPE(vendor="nodejs", product="undici"),
+        npm_name="undici",
     ),
     "OpenSSL": Dependency(
         version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")