Oliver Chang

In addition to these, I found a bunch of other invalid RubyGems names (see my PRs to fix them here: https://github.com/github/advisory-database/pulls?q=author%3Aoliverchang+is%3Apr) It may be worth considering some package name validation...

To offer some rationale for this in the spec: this is to make these package names more consistent and easier to consume and index on. The same package in Python...

> I have been wondering this as well. For instance the [Rust Advisory Database](https://github.com/rustsec/advisory-db/tree/main/rust) has reports for vulnerabilities in the rust toolchain itself separately from rust crates. It feels like...

> I think we should just be able to populate the withdrawn date? I believe we did it in the past for a loguru one. I can try to find...

Hi there! This was scraped from the NVD CVE database, which resulted in these redundant entries. While these are redundant entries, they don't necessarily conflict with OSV schema. These "events"...

> > introduced: 1.0.2 > > fixed: 2.2.3 > > introduced: 2.3.0 > > fixed: 2.3.2 > > @oliverchang this records look good. thanks! > > yes, it seems GHSA...

I think it's fair game to include these, and the reporting can re-use the existing infrastructure / tooling (i.e. pip-audit). As @westonsteimel mentioned, other vuln DBs like GHSA also track...

+1 to this! A JSON schema based validator should be trivial.

This is an area that we certainly need more investment in. Our OSV.dev team will likely be able to prioritize some work here to help with manual generation of entries...

Thanks for the reply :) We're trying to get project maintainers to help with the integration -- unfortunately we cannot scale this effort if we do the legwork ourselves. Do...