New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ruby: add vuln matching #949
Conversation
ec8b249
to
b2172ac
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will be nice to have an integration test to run OSV updater and match Ruby CVEs with an index report. But it could be a pain to generate an index report.
c3e61a1
to
3bbc42f
Compare
a little bit of a pain, but worth it. Found some issues which I have since fixed :) |
1098a99
to
95fc869
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a couple of comments
Signed-off-by: RTann <rtannenb@redhat.com>
Note: Ruby recommends semver, but it is not enforced. I am taking the stance here that we will not support non-semver versions. This is relevant because I did find an example which broke semver: https://osv.dev/vulnerability/GHSA-23f7-99jx-m54r (0.119.0.beta1 is not proper semver. It should be 0.119.0-beta1)