security-advisories
security-advisories copied to clipboard
haskell
--- ## Advisory - [ ] It's not duplicated - [ ] All fields are filled - [ ] It is validated by `hsec-tools` ## hsec-tools - [ ] Previous...
Is it just me or the cvss parser doesn't fully support the cvss31 standard (some metrics [haven't been implemented](https://github.com/haskell/security-advisories/blob/c38596cf4642efed39fa60b6c9cad0a669004d7b/code/cvss/src/Security/CVSS.hs#L270)) These aren't important semantically since their presence doesn't affect the score...
I had a request to publish latest version of our packages (for snapshots). Prior to that: - [ ] document snapshot/sync workflow - [x] activate snapshot branches
After #213 we support GHC-related advisories. Generated indexes should be adapted (see `code/hsec-tools/src/Security/Advisories/Generate/HTML.hs`).
9.10 build fails due to bounds on `feed` library not admitting `base-4.20.0.0` (upstream issue: https://github.com/haskell-party/feed/issues/73 ) Apart from that, this PR should fix the CI issues. *edit* converting to draft...
## Summary Support generating SPDX manifests and check them with the advisories database?
Mandatory information: * Package : ghc * cvss: `?` * affected versions: 9.0.1 Optional: * cve: `?` * keywords: `?` * aliases: `?` * related: `?` * affected OSes: all...
## Story As a haskell developer (who uses GitHub), I want Dependabot to support Haskell, so that when new versions fix security issues, Dependabot will automatically create PRs that bump...