Comments (8)
Keeping a central repository (for now) seems like a good idea. Having aliases is also possible. Can you paste here a YAML document that would use such aliases?
from security-advisories.
title: Blind SQL Injection flaw
link: http://appcheck-ng.com/critical-security-flaw-patched-in-magento-blog-extension-cve-2015-3428/
cve: CVE-2015-3428
branches:
1.x:
time: 2015-05-27 12:00:00
versions: [<1.3]
reference: composer://connect20/aw_blog
aliases:
magento://AW/Blog
from security-advisories.
Sounds good to me. I suppose it should be:
aliases:
- magento://AW/Blog
from security-advisories.
yeah, Iam not used to yaml, your right
from security-advisories.
👍
from security-advisories.
@Flyingmana few things:
- did you consider poking the folks working on PSR-9 and PSR-10?
- how is this alias actually "used" outside the composer ecosystem? This tool currently checks
composer.lock
: how do you envision it working for the magento installer stuff?
from security-advisories.
@Ocramius VersionEye is already crawling the magento-security-advisories every 5 minutes. If your composer.lock file is monitored by VersionEye you will receive automatically an email notification if one of your dependencies is affected.
from security-advisories.
Closing as there is no activity here.
from security-advisories.
Related Issues (20)
- TYPO3 extension advisories HOT 4
- Using exact version constraint without boundaries are faling the validation HOT 5
- Advisories didn't pushed
- simplesamlphp v1.17.8 reported as insecure HOT 2
- alterphp/easyadmin-extension-bundle/2018-10-02.yaml HOT 2
- Would it be possible to add TYPO3 Extensions as well? HOT 8
- Consider adding a vulnerability id for non CVEs HOT 2
- Mr
- Add level of severity for PHP Security Advisories HOT 3
- Flag unsupported versions HOT 1
- propel: 2.0.0-alpha11 HOT 11
- Laravel 5.8 marked as insecure when it's not in fact vulnerable to CVE-2021-3129 HOT 4
- Work with Github to fix their Advisory Database importer? HOT 3
- facade/ignition seems to be fixed in 2.4.2 HOT 3
- [Discussion] Adopt OSV unified vulnerability schema for open source HOT 1
- Typosquatting Malware symfont/process HOT 3
- Import advisories from the Github security vulnerability database automatically HOT 10
- PHP Deprecated: Return type of Composer\Repository\ArrayRepository::count() should either be compatible with Countable::count() HOT 2
- Support for Composer 1 is deprecated and some packages will not be available. HOT 5
- Missing api-platform CVE HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-advisories.