Closed github-actions[bot] closed 3 months ago
Why was a RUSTSEC ID manually assigned on this one? It's not sequential as far as I can tell...
I think the issue was this advisory had an ID assigned in the PR and I didn't catch it before it was merged: https://github.com/rustsec/advisory-db/pull/1927/files
I don't think it causes any problems, but I also don't understand why it was done and if it reflects some sort of problem with the tooling?
On Sun, Mar 31, 2024 at 11:07 AM Tony Arcieri @.***> wrote:
I think the issue was this advisory had an ID assigned in the PR and I didn't catch it before it was merged: https://github.com/rustsec/advisory-db/pull/1927/files
— Reply to this email directly, view it on GitHub https://github.com/rustsec/advisory-db/pull/1928#issuecomment-2028790113, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBBX3HODQQWVOKHWNFTY3ARDFAVCNFSM6AAAAABFQPG56OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRYG44TAMJRGM . You are receiving this because you commented.Message ID: @.***>
-- All that is necessary for evil to succeed is for good people to do nothing.
I suppose I could've just closed it.
It would be good for the advisory lint on the PR to make sure the advisory is in the form RUSTSEC-0000-0000
until assigned.
How does it know if it's assigned :-)
On Sun, Mar 31, 2024 at 11:17 AM Tony Arcieri @.***> wrote:
I suppose I could've just closed it.
It would be good for the advisory lint on the PR to make sure the advisory is in the form RUSTSEC-0000-0000 until assigned.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>
-- All that is necessary for evil to succeed is for good people to do nothing.
We'd need something to lint the most recent commit in the context of PRs and make sure the filename is in the correct format.
It could just be a bash script if we want.
I guess we'd need to do something special for these assignment PRs to shut it off.
Automated changes by create-pull-request GitHub action