-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple URLs in the URL field #429
Comments
I would suggest a non-breaking approach which adds a brand new The |
I like the name |
I think it's up to the advisory author to decide. If there's no definitive one, they could all just be |
It seems |
Its not as fun as references, but maybe “sources”, as in “information sources”? It would be great to have multiple, for example, if you wanted to link the issue that has most of the information but also the PR that fixed it, which I bumped into wanting to do earlier. |
@BlackHoleFox I had a similar thought, but |
Reflecting on this, I'd really like to use One possible way to do it:
It'd be interesting to experiment and determine if existing clients could parse URLs in the |
RUSTSEC-2016-0002, RUSTSEC-2019-0002, and RUSTSEC-2020-0024 seem to be the only advisories that use |
PR to rename The former is still preserved in the linter. After that we'll need to rename it in the advisories, and then add support for a new URL-based |
This frees up `references` to be used for tracking multiple URLs with additional information. See also: #429
This frees up `references` to be used for tracking multiple URLs with additional information. See also: #429
This works today as: I've added Doc PR #1354 Closing as Completed |
The current advisory format only allows a single entry in the URL field, but sometimes it is useful to include multiple URLs in advisories.
Examples:
HeaderMap::Drain
causes double-free hyperium/http#354 andHeaderMap::Drain
can cause data race hyperium/http#355. I included the links in the description section and left the URL field empty, because it only supports a single entry.grow
to shrink can cause corruption. servo/rust-smallvec#149 is also relevant.Is it too late to introduce this kind of breaking changes to the advisory format, or can we still do this as part of V3 migration (#414)?
The text was updated successfully, but these errors were encountered: