tools: update undici CPE in vuln checking script

This changes the search method for `undici` on the NVD database. Before, since `undici` did not have a CPE assigned, the search was by keyword. Now that a CPE was assigned, it is used to query for new vulnerabilities. PR-URL: #44128 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Rafael Gonzaga <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]>
nodejs · Aug 22, 2022 · b252f38 · b252f38
1 parent 960a209
commit b252f38
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/tools/dep_checker/dependencies.py b/tools/dep_checker/dependencies.py
@@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]:
         version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv")
     ),
     "undici": Dependency(
-        version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici"
+        version=vp.get_undici_version(),
+        cpe=CPE(vendor="nodejs", product="undici"),
+        npm_name="undici",
     ),
     "OpenSSL": Dependency(
         version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")