Open julieqiu opened 2 years ago
jba
commented
2 years ago v5.0 is a radical change from v4.0. Even the basic object keys are in a different format: dataVersion vs. data_version. I think we'll need a completely new set of Go structs for v5.
Currently, no CVEs use v5.
julieqiu
commented
2 years ago We can probably hold off on implementing this until we see actual v5.0 CVEs in the cvelist repo.
gopherbot
commented
7 months ago Change https://go.dev/cl/545300 mentions this issue: internal/cvelistrepo: add tests for FetchCVE and ParseCVE
gopherbot
commented
7 months ago Change https://go.dev/cl/545302 mentions this issue: internal/cvelistrepo: support fetch/parse v5 cves
gopherbot
commented
7 months ago Change https://go.dev/cl/545297 mentions this issue: internal/worker: make a copy of testdata repo for worker
gopherbot
commented
7 months ago Change https://go.dev/cl/545301 mentions this issue: internal/cvelistrepo: refactor ParseCVE and FetchCVE
gopherbot
commented
7 months ago Change https://go.dev/cl/545299 mentions this issue: internal/cvelistrepo: add test data for cvelistv5
gopherbot
commented
7 months ago Change https://go.dev/cl/545296 mentions this issue: internal: add some helper functions to support CVE v5
gopherbot
commented
7 months ago Change https://go.dev/cl/545298 mentions this issue: internal/cvelistrepo: use real CVE data for cvelistrepo tests
gopherbot
commented
7 months ago Change https://go.dev/cl/547497 mentions this issue: internal/report: add basic logic to convert cve5 to report
gopherbot
commented
7 months ago Change https://go.dev/cl/547556 mentions this issue: internal/report: add basic logic to convert cve5 to report
Add support for collectionUrl and packageName in cmd/cvetriage. This is introduced in CVE schema v5.0.
https://github.com/CVEProject/cve-schema/commit/3208d6d88de9132a559afad976d151275104da5e
https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/docs/versions.md