search

rustsec / advisory-db

Security advisory database for Rust crates published through crates.io
https://rustsec.org
Other
892 stars 342 forks source link

Assigned #1928

Closed github-actions[bot] closed 3 months ago

github-actions[bot] commented 3 months ago

Automated changes by create-pull-request GitHub action

alex commented 3 months ago

Why was a RUSTSEC ID manually assigned on this one? It's not sequential as far as I can tell...

tarcieri commented 3 months ago

I think the issue was this advisory had an ID assigned in the PR and I didn't catch it before it was merged: https://github.com/rustsec/advisory-db/pull/1927/files

alex commented 3 months ago

I don't think it causes any problems, but I also don't understand why it was done and if it reflects some sort of problem with the tooling?

On Sun, Mar 31, 2024 at 11:07 AM Tony Arcieri @.***> wrote:

I think the issue was this advisory had an ID assigned in the PR and I didn't catch it before it was merged: https://github.com/rustsec/advisory-db/pull/1927/files

— Reply to this email directly, view it on GitHub https://github.com/rustsec/advisory-db/pull/1928#issuecomment-2028790113, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBBX3HODQQWVOKHWNFTY3ARDFAVCNFSM6AAAAABFQPG56OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRYG44TAMJRGM . You are receiving this because you commented.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

tarcieri commented 3 months ago

I suppose I could've just closed it.

It would be good for the advisory lint on the PR to make sure the advisory is in the form RUSTSEC-0000-0000 until assigned.

alex commented 3 months ago

How does it know if it's assigned :-)

On Sun, Mar 31, 2024 at 11:17 AM Tony Arcieri @.***> wrote:

I suppose I could've just closed it.

It would be good for the advisory lint on the PR to make sure the advisory is in the form RUSTSEC-0000-0000 until assigned.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

tarcieri commented 3 months ago

We'd need something to lint the most recent commit in the context of PRs and make sure the filename is in the correct format.

It could just be a bash script if we want.

I guess we'd need to do something special for these assignment PRs to shut it off.