Skip to content

Update undici CPE in vulnerability checking script#44128

Merged
nodejs-github-bot merged 1 commit intonodejs:mainfrom
facutuesca:dep-checker-undici
Aug 6, 2022
Merged

Update undici CPE in vulnerability checking script#44128
nodejs-github-bot merged 1 commit intonodejs:mainfrom
facutuesca:dep-checker-undici

Conversation

@facutuesca
Copy link
Contributor

@facutuesca facutuesca commented Aug 4, 2022

This changes the search method for undici on the NVD database.

Before, since undici did not have a CPE assigned, the search was by keyword.
Now that a CPE was assigned, it is used to query for new vulnerabilities.

@facutuesca
tools: update undici CPE in vuln checking script
1887ff7 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.
@nodejs-github-bot nodejs-github-bot added the tools Issues and PRs related to the tools directory. label Aug 4, 2022
@facutuesca facutuesca mentioned this pull request Aug 4, 2022
Closed
@RafaelGSS
Copy link
Member

RafaelGSS commented Aug 4, 2022

cc: @nodejs/security-wg

RafaelGSS
RafaelGSS approved these changes Aug 4, 2022
View reviewed changes
Copy link
Member

@RafaelGSS RafaelGSS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

mhdawson
mhdawson approved these changes Aug 4, 2022
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mhdawson mhdawson added the fast-track PRs that do not need to wait for 48 hours to land. label Aug 4, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Aug 4, 2022

Fast-track has been requested by @mhdawson. Please 👍 to approve.

@richardlau richardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Aug 6, 2022
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Aug 6, 2022
@nodejs-github-bot nodejs-github-bot merged commit 994081f into nodejs:main Aug 6, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Aug 6, 2022

Landed in 994081f

@facutuesca facutuesca deleted the dep-checker-undici branch August 10, 2022 06:17
danielleadams pushed a commit that referenced this pull request Aug 16, 2022
@facutuesca @danielleadams
tools: update undici CPE in vuln checking script
6c4b2e0 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
@danielleadams danielleadams mentioned this pull request Aug 16, 2022
Closed
ruyadorno pushed a commit that referenced this pull request Aug 23, 2022
@facutuesca @ruyadorno
tools: update undici CPE in vuln checking script
b252f38 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
@ruyadorno ruyadorno mentioned this pull request Aug 23, 2022
Merged
targos pushed a commit that referenced this pull request Sep 5, 2022
@facutuesca @targos
tools: update undici CPE in vuln checking script
e125523 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Fyko pushed a commit to Fyko/node that referenced this pull request Sep 15, 2022
@facutuesca @Fyko
tools: update undici CPE in vuln checking script
3d99a4e 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: nodejs#44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
juanarbol pushed a commit that referenced this pull request Oct 10, 2022
@facutuesca @juanarbol
tools: update undici CPE in vuln checking script
2ed13cc 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
@juanarbol juanarbol mentioned this pull request Oct 11, 2022
Merged
juanarbol pushed a commit that referenced this pull request Oct 11, 2022
@facutuesca @juanarbol
tools: update undici CPE in vuln checking script
5d5971c 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Jan 3, 2023
@facutuesca @guangwong
tools: update undici CPE in vuln checking script
22fd196 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: nodejs/node#44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Jan 3, 2023
@facutuesca @guangwong
tools: update undici CPE in vuln checking script
395c6f8 
This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: nodejs/node#44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richardlau richardlau richardlau approved these changes

@mhdawson mhdawson mhdawson approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@VoltrexKeyva VoltrexKeyva VoltrexKeyva approved these changes

+1 more reviewer

@DanielRuf DanielRuf DanielRuf approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

fast-track PRs that do not need to wait for 48 hours to land. tools Issues and PRs related to the tools directory.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@facutuesca @RafaelGSS @nodejs-github-bot @DanielRuf @richardlau @mhdawson @VoltrexKeyva