Closed janpio closed 1 year ago
Hello? Anything I can do to get this noticed? Can I even see the raw information on the website that cargo pants
is using to double check if this was fixed already somehow?
Sorry for the delay. We are still working on developing processes to handle issues, and I have been away for a while (catching up now)!
This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.
As per the new process you should start to see SIGNIFICANTLY faster response times.
Any update here?
Very sorry for the delay. You should have seen the issue resolved sometime in the last several months for a couple reasons:
Now that we are on the newer database you should see significantly faster progress on issue and many more vulnerabilities. In addition, if you raise future issues through email at ossindex@sonatype.org you will find more rapid response as that is now being actively monitored by a team to ensure resolutions happen at a reasonable pace.
Vulnerability URL Provide the URL to the vulnerability. For example:
Component URL Provide the URL to the component. For example:
Description
cargo pants
(which uses this dataset) is outputting the above vulnerability for version 15.1.0 of theim
crate:im
GitHub repo also confirms this: https://github.com/bodil/im-rs/issues/157 + https://github.com/bodil/im-rs/releases/tag/v15.1.0 (15.1.0 is also the latest release available).I think your dataset should not report 15.1.0 as vulnerable. Thanks.
PS: FYI, the instructions in your main
README
and your issue template default subject do not match - I am not super sure I named this issue exactly how it should be named. Please let me know if I should fix something. PPS: Going from the vulnerability to the component was surprisingly different without prior knowledge of your system. I hope I figured that out correctly as well.