From 1887ff70723d6a59567ba2d0ac7d0cbce22aae63 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Thu, 4 Aug 2022 09:00:47 +0200 Subject: [PATCH] tools: update undici CPE in vuln checking script This changes the search method for `undici` on the NVD database. Before, since `undici` did not have a CPE assigned, the search was by keyword. Now that a CPE was assigned, it is used to query for new vulnerabilities. --- tools/dep_checker/dependencies.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/dep_checker/dependencies.py b/tools/dep_checker/dependencies.py index 0951dae5ab572c..b0c6943aa42b0b 100644 --- a/tools/dep_checker/dependencies.py +++ b/tools/dep_checker/dependencies.py @@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]: version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv") ), "undici": Dependency( - version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici" + version=vp.get_undici_version(), + cpe=CPE(vendor="nodejs", product="undici"), + npm_name="undici", ), "OpenSSL": Dependency( version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")