psecio / versionscan Public
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve add missing workflow, update CVE checks #31
Improve add missing workflow, update CVE checks #31
Conversation
The 'missing' command is great for updates, but needs some TLC to make it easier to use. * Added option 'save-results' to allow the results to be automatically added to the checks.json * Enforce sorting of the checks.json file every time the missing command is ran * Save the timestamp to checks.json as 'updatedAt' to give a reference period for how old the checks are * Add php7 changelog to the missing checker * 'sunra/php-simple-html-dom-parser' is dead and throwing a ton of errors for newer versions of PHP. Replace it with an updated fork 'kub-at/php-simple-html-dom-parser' * Bump min php version since the array syntax is not avaliable before php 5.4 * Add ext-json as a dependency
078535a
to
5af2463
Compare
With the improved workflow - I think there might be a path forward to have an automated run of the 'missing' command in travis ci. Automation could be done on a separate branch, with a manual review of the results before merging into master. |
@enygma I wouldn't mind setting up the automation if that is something you are interested in. I also would be interested in helping you maintain this project if you need assistance. Automation with travis-ci would certainly require maintenance and more review work. Having more people with merge ability would help get the CVE updates out faster. Just for reference, there was a new release today - 7.3.9 - that fixes a CVE in 7.3.8. I didn't even know about it until I was testing my updates here. |
I have not tested this out myself, but I do like the proposed approach here.
It would be nice if more then one person had pull permissions on this repo |
@enygma is this tool abandoned? |
I have permissions on this repo and would be happy to merge this :)
I was hoping for @enygma to weigh in here, since I generally only help with updating checks.json
and minor bugfixes, leaving the larger things (plus releasing new versions) up to him. But I feel this change isn't too massive and is obviously beneficial so let's merge it :)
Thanks @colinodell! Do you also have access to packagist? |
I do not, just the Github repo. |
Er, the version on Packagist updates when a new release is tagged here, not manually on the service. I can definitely push a new tag if that's needed! |
The 'missing' command is great for updates, but needs some TLC to make it easier to use.
Finally, I ran the 'missing' command with the changes I made and committed the updated checks.