From dd0783597f68c2fa44783700013b44986b22df70 Mon Sep 17 00:00:00 2001 From: Aryan Bakliwal <106430579+AryanBakliwal@users.noreply.github.com> Date: Wed, 18 Sep 2024 00:09:29 +0530 Subject: [PATCH 1/3] fix: match cli arguments description (#4456) Signed-off-by: Aryan Bakliwal --- cve_bin_tool/cli.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cve_bin_tool/cli.py b/cve_bin_tool/cli.py index 066ec72986..ff50d8a9c2 100644 --- a/cve_bin_tool/cli.py +++ b/cve_bin_tool/cli.py @@ -206,7 +206,7 @@ def main(argv=None): input_group.add_argument( "--vex-file", action="store", - help="provide vulnerability exchange (vex) filename for triage processing", + help="provide vulnerability exploitability exchange (vex) filename for triage processing", default="", ) @@ -353,7 +353,7 @@ def main(argv=None): vex_output_group.add_argument( "--vex-output", action="store", - help="Provide vulnerability exchange (vex) filename to generate", + help="Provide vulnerability exploitability exchange (vex) filename to generate", default="", ) vex_output_group.add_argument( @@ -361,7 +361,7 @@ def main(argv=None): action="store", default="", choices=["cyclonedx", "csaf", "openvex"], - help="specify type of vulnerability exchange (vex) to generate (default: cyclonedx)", + help="specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)", ) vex_output_group.add_argument( "--product", From 76fe5d9281d8bd857fc9f7fd5ee79185b28663de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 12:07:20 -0700 Subject: [PATCH 2/3] chore(deps): bump github/codeql-action from 3.26.6 to 3.26.8 (#4466) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...294a9d92911152fe08befb9ec03e240add280cb3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 016e346331..b3dff5888e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 From 859d1bed5e25a02596d897f0d3bebb2504921ff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 12:08:03 -0700 Subject: [PATCH 3/3] chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#4465) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.1.0 to 7.0.5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c5a7806660adbe173f04e3e038b0ccdcd758773c...5e914681df9dc83aa4e4905692ca88beb2f9e91f) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/formatting.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- .github/workflows/update-pre-commit.yml | 2 +- .github/workflows/update-spdx-header.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 337ef43463..dc99b6d2e2 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -36,7 +36,7 @@ jobs: run: | python cve_bin_tool/format_checkers.py - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: commit-message: "chore: update checkers table" title: "chore: update checkers table" diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 43954e9ea7..05fe91de08 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -62,7 +62,7 @@ jobs: cp cve-bin-tool-py${{ matrix.python }}.json sbom/cve-bin-tool-py${{ matrix.python }}.json - name: Create Pull Request if: ${{ steps.diff-sbom.outputs.changed }} - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: commit-message: "chore: update SBOM for Python ${{ matrix.python }}" title: "chore: update SBOM for Python ${{ matrix.python }}" diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index 7911a0a48d..27b1081df7 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -54,7 +54,7 @@ jobs: run: python -m pytest -v -n auto test/test_html.py - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: commit-message: "chore: update js dependencies" title: "chore: update js dependencies" diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 39aefacd56..23a58da58f 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -48,7 +48,7 @@ jobs: python .github/workflows/update-dev-requirements.py - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: commit-message: "chore: update pre-commit config" title: "chore: update pre-commit config" diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml index f2baa9cc5b..68cde73344 100644 --- a/.github/workflows/update-spdx-header.yml +++ b/.github/workflows/update-spdx-header.yml @@ -33,7 +33,7 @@ jobs: sed -i "s/[0-9]\{4\}/$(date +%Y)/" spdx_header.txt - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: commit-message: 'chore: update spdx header' title: 'chore: update spdx header'