G-Rath
Follow
G-Rath
Follow
Achievements
Achievements
Highlights
Pinned
3,292 contributions in the last year
Less
More
Activity overview
Contributed to
jest-community/eslint-plugin-jest,
G-Rath/osv-detector,
ackama/eslint-config-ackama
and 5 other
repositories
Contribution activity
March 2022
Created 2 repositories
Created a pull request in github/advisory-database that received 9 comments
Contribution to "Arbitrary expression injection in Pillow"
Updates Affected products Description
+6
−11
•
9
comments
Opened 74 other pull requests in 6 repositories
G-Rath/osv-detector
54
merged
1
closed
- fix: trim off leading "v" in version strings when parsing
- feat: support being passed multiple files
- fix: sort packages with the same name by their versions
-
refactor: use
runfunction that returns an error code to avoid multipleos.Exitcalls -
fix: make
list-ecosystemsflag actually useful again - ci: run prettier
-
feat: add
--cache-all-databasesflag -
refactor: rename
lockfile.TryParsetolockfile.Parse -
refactor: rename
semverpackage tointernal -
test: rename pip fixtures to not have the word
requirement -
refactor: rename
semverpackage tosemantic - chore: mark line for prettier to ignore
-
refactor: rename
parserspackage tolockfile - fix: don't report vulnerabilities multiple times under different aliases
- fix: improve description of OSVs to handle summary not being present + linking to non GH advisories
- feat: use osv.dev databases instead of github advisory database
-
feat: support OSV advisories with just
versionsarray in affected - feat: support SEMVER ranges
- fix: normalize names of python packages to favor false positives over false negatives
-
chore: add
test-with-coveragecommand -
test: add specs for
OSV#IsAffected - fix: support python packages that have "added support" syntax
- fix: include a newline at the end of the version details output
- fix: print a newline before listing ecosystems
- fix: sort ecosystems by name when listing
- Some pull requests not shown.
github/advisory-database
9
merged
1
closed
- Contribution to "Authentication bypass in SilverStripe GraphQL"
- Contribution to "Moderate severity vulnerability that affects webrick"
- Contribution to "Moderate severity vulnerability that affects webrick"
- Contribution to "Improper Input Validation in xdLocalStorage"
- Contribution to "Open Redirect in xdLocalStorage"
- Contribution to "Improper Input Validation in xdLocalStorage"
- Contribution to "Infinite loop causing Denial of Service in colors"
- Contribution to "Malicious package may avoid detection in python auditing"
- Improve GHSA-mg2g-8pwj-r2j2
- Contribution to "Regular Expression Denial of Service in clean-css"
FriendsOfPHP/security-advisories
1
merged
2
closed
G-Rath/audit-app
3
merged
ackama/rails-template
1
open
1
merged
jest-community/eslint-plugin-jest
1
merged
Reviewed 13 pull requests in 7 repositories
octokit/webhooks
4 pull requests
- chore(ci): enable renovate explicitely and upgrade deps
-
🤖 📯 Octokit webhooks changed -
fix:
auto_mergeproperty can also be an object,changesproperty is not always present onproject.editedevent, add missingruns_rerequestableandrerequestableproperties tocheck_suite.rerequested - build: update webhooks docs URL
ackama/eslint-config-ackama
3 pull requests
ackama/rails-template
2 pull requests
emotion-js/emotion
1 pull request
octokit/plugin-throttling.js
1 pull request
ODNZSL/nzsl-online
1 pull request
ackama/nzsl-share
1 pull request
Created an issue in ruby/webrick that received 6 comments
How does this relate to WEBrick that ships with Ruby? (asking for CVE-2009-4492)
I came across CVE-2009-4492 while working on a tool that uses the Github Advisory database, which doesn't have a fixed version in it's advisory data.
6
comments
Opened 22 other issues in 3 repositories
G-Rath/osv-detector
8
open
11
closed
- Rename this library? (and if so, alternative names wanted!)
- Support checking if things are approaching EOL with endoflife.date
- Use OSV database(s) instead of GitHub
-
Support
--versionflag - Handle gems being present multiple times with different platforms
- Support parsing go.mod / golang
- Support parsing pom.xml / maven / java
- Support cargo.lock / rust
- Fix remaining linting errors
- Set exit code based on if there were vulnerabilities
- Support parsing yarn.lock
- Support being passed package details as a CSV
- Support being passed multiple arguments at a time
- Support being passed a directory
- Support JSON output format
- Support ignoring vulnerabilities
- Setup CI to run tests
- Setup releases
- Handle version comparison properly
github/advisory-database
2
open
ackama/rails-template
1
open
131
contributions
in private repositories
Mar 1 – Mar 24