[Pre537] Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched

Question

[Pre537] Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched

jasnow opened this issue a year ago · comments

Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched.
Currently, here is the the results of lib/github_advisory_sync.rb script:

gems/arabic-prawn/CVE-2014-2322.yml:patched_versions:
gems/arabic-prawn/CVE-2014-2322.yml-- ">= "

Normally I add a notes: "ever patched" where patched_versions would be if never patched.

Al Snow · Answer 1 · Mon Jun 26 2023 23:45:53 GMT+0800 (China Standard Time)

Probably overlaps some with #157.

Postmodern · Answer 2 · Tue Jun 27 2023 15:30:29 GMT+0800 (China Standard Time)

@jasnow if there's no patched-versions, would you prefer that the patched_versions: be omitted entirely, or left empty?

Al Snow · Answer 3 · Tue Jun 27 2023 17:50:57 GMT+0800 (China Standard Time)

@jasnow if there's no patched-versions, would you prefer that the patched_versions: be omitted entirely, or left empty?

My vote for no patched_version: value is to replace it with:

notes: "Never patched"

so the future me will know explicitly that someone checked and did not find a patched version.

Al Snow · Answer 4 · Fri Jun 30 2023 00:34:02 GMT+0800 (China Standard Time)

My vote for no patched_version: value is to replace it with:

notes: "Never patched"

Sort of like the way cvss_v3 is implemented:

 "cvss_v3"             => ("<FILL IN IF AVAILABLE>" unless cvss),

Postmodern · Answer 5 · Sun Jul 02 2023 06:02:20 GMT+0800 (China Standard Time)

#664 should resolve this.

Al Snow · Answer 6 · Sun Jul 02 2023 07:32:58 GMT+0800 (China Standard Time)

#664 should resolve this.

Agree