Closed KeplerBoyce closed 3 weeks ago
Also, the osv.dev api no longer returns any vulnerabilities for those three packages (caddy, logrotate, and grafana) which previously returned vulnerabilities. This seems like it might have been a bug in the osv.dev api, as the versions of the packages shouldn't be affected by those CVEs (e.g. grafana build 2266 used grafana version 10.4.2, but the CVE says it only affects up through version 7.0.1. I just used the previous zopen_vulnerability.json
that had CVEs for those three packages to see an example of what the markdown would look like.
Great additions!
If possible, please add placeholders to begin using package names in this format. Either in this PR or later.
Example: zstd-1.5.5-4.zos.s390x.pax.zst
Closes #777.
Adds links to each package release and the latest releases on the vulnerabilities docs page. This also adds notes under vulnerabilities that can be resolved by upgrading to the latest version.
Example: