Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow CVE ID as valid author in the CHANGLOG
This commit allows CVE ID as valid author in the CHANGELOG to address these offenses at 7-2-stable. https://buildkite.com/rails/rails/builds/112671#0192925a-d433-4c41-bdbd-5a018d4fde23 ```ruby $ git checkout 7-2-stable $ tools/railspect changelogs . ..EEE........ Offenses: actionmailer/CHANGELOG.md:1 CHANGELOG entry is missing authors. * Avoid regex backtracking in `block_format` helper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actionpack/CHANGELOG.md:6 CHANGELOG entry is missing authors. * Avoid regex backtracking in HTTP Token authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actionpack/CHANGELOG.md:10 CHANGELOG entry is missing authors. * Avoid regex backtracking in query parameter filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actiontext/CHANGELOG.md:1 CHANGELOG entry is missing authors. * Avoid backtracing in plain_text_for_blockquote_node ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 13 changelogs inspected, 4 offenses detected $ ``` According to this document, CVE ID format is defined as follows. The arbitary digits is four or more. https://www.cve.org/about/Process > CVE IDs have the following format: > > CVE prefix + Year + Arbitrary Digits > > The “Year” portion is the year that the CVE ID was reserved or the year the vulnerability was made public. > The year portion is not used to indicate > when the vulnerability was discovered. > > The “Arbitrary Digits,” or sequence number portion, can include four or more digits in the sequence number portion of the ID. > For example, CVE-YYYY-NNNN with four digits in the sequence number, > CVE-YYYY-NNNNNNN with seven digits in the sequence number, etc. There is no limit on the number of arbitrary digits.
- Loading branch information
