Skip to content

Commit

Permalink
addressing comments
Browse files Browse the repository at this point in the history
Signed-off-by: Hayley Denbraver <[email protected]>
  • Loading branch information
Hayley Denbraver committed Jul 12, 2023
1 parent e94078d commit 73f14e4
Showing 1 changed file with 7 additions and 8 deletions.
15 changes: 7 additions & 8 deletions docs/schema.md
Original file line number Diff line number Diff line change
Expand Up @@ -865,23 +865,22 @@ branch -- each expands the scope of the git commit graph to cover.
Note that we did not specify a `fixed` event here as `limit` makes it redundant.

#### `last_affected` vs `fixed` example
The difference between `last_affected` and `fixed` is subtle and these examples will
clarify the use of these fields.
The difference between last_affected and fixed has additional implications around
false negatives. These examples will clarify the difference between these fields.

The following example expresses that the vulnerability is present in all versions
of the package, up to and including version `2.1.214`. Versions above `2.1.214` are
assumed to be free from the vulnerability, but there is a potential for a false
negative. The `last_affected` field is typically assigned at the time of discovery and
assumes the vulnerability will be addressed in the following version.


```json
"ranges":[ {
"type":"ECOSYSTEM",
"events": [
{"introduced":"0"},
{"last_affected":"2.1.214"}
]
"type":"ECOSYSTEM",
"events": [
{ "introduced": "0" },
{ "last_affected": "2.1.214" },
]
} ]
```

Expand Down

0 comments on commit 73f14e4

Please sign in to comment.