The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
This is basically the same issue as in #3487. We're getting errors from the a few jobs job that look suspiciously like the errors we saw when trying out python 3.12. Since we're not likely to support 3.12 for at least a few weeks (I'm busy with hacktoberfest and prepping for our next release), I'd like to switch those workflows to use python 3.11 explicitly so they don't cause problems.
This should be a set of one-line changes (change 3.x in .github/workflows/*.yml to be 3.11) so I'm going to mark this as a good first issue and suitable for hacktoberfest folk who are still looking to get their last commits in.
A quick grep -ri "3.x" .github/* yields the following:
cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR). A good potential title for this one is in the title of this issue.
You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.
Claiming issues:
You do not need to have an issue assigned to you before you work on it. To "claim" an issue either make a linked pull request or comment on the issue saying you'll be working on it.
If someone else has already commented or opened a pull request, assume it is claimed and find another issue to work on.
If it's been more than 1 week without progress, you can ask in a comment if the claimant is still working on it before claiming it yourself (give them at least 3 days to respond before assuming they have moved on).
https://github.com/intel/cve-bin-tool/blob/main/.github/workflows/formatting.yml
This is basically the same issue as in #3487. We're getting errors from the a few jobs job that look suspiciously like the errors we saw when trying out python 3.12. Since we're not likely to support 3.12 for at least a few weeks (I'm busy with hacktoberfest and prepping for our next release), I'd like to switch those workflows to use python 3.11 explicitly so they don't cause problems.
This should be a set of one-line changes (change
3.x
in .github/workflows/*.yml to be3.11
) so I'm going to mark this as a good first issue and suitable for hacktoberfest folk who are still looking to get their last commits in.A quick
grep -ri "3.x" .github/*
yields the following:So there should be 5 files to change in total.
Short tips for new contributors:
Claiming issues: