No warnings when ignoreUntil
and effectiveUntil
have typos
#1098
Labels
enhancement
New feature or request
ignoreUntil
and effectiveUntil
have typos
#1098
Great addition with
[[PackageOverrides]]
in the latest release 馃憤 But why is the way to set an expiry time on the ignore named differently?ignoreUntil != effectiveUntil
. We almost merged a bunch of[[PackageOverrides]]
with anignoreUntil
set... And here comes the problem: If you do this mistake, or you simply have a typo in the key name, everything looks fine, but the vulnerability ignore is forever.The above ignores
GHSA-jgvc-jfgh-rjvv
forever, which is clearly not the intention of the author here (typo is that the last letter is anI
not anl
).My preference would be for
osv-scanner
to exit with an error on any configuration entry/key it does not recognize.The text was updated successfully, but these errors were encountered: