Ensure advisory data object creates correct cvss vectors
Problem to solve
PackageMetadata::AdvisoryDataObject
sets cvss_v2
and cvss_v3
to ''
if either attribute is missing from the imported json. Our validator treats an empty string as an invalid cvss vector. The only valid blank value is nil
.
Proposal
Update the default value for missing cvss vectors to nil
.
Implementation Plan
-
update PackageMetadata::AdvisoryDataObject
cvss_v2 and cvss_v3 defaults from blank string tonil
Edited by Igor Frenkel