From f3567b5cb28a835acc9737b93d6f0af032ea4dad Mon Sep 17 00:00:00 2001
From: Oliver Chang <oliverchang@users.noreply.github.com>
Date: Fri, 22 Nov 2024 15:50:42 +1100
Subject: [PATCH] Stop importing unbounded advisories automatically. (#210)

They're frequently false positives.

This updates the vulnfeeds tool to the latest, which recently had
`-exclude_unbounded` added.

Ref: #205, #207.
---
 .github/workflows/auto_import.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/auto_import.yaml b/.github/workflows/auto_import.yaml
index 011a462a..a7b0449a 100644
--- a/.github/workflows/auto_import.yaml
+++ b/.github/workflows/auto_import.yaml
@@ -17,16 +17,16 @@ jobs:
         wget http://pypa-advisory-db.storage.googleapis.com/triage/pypi_links.json
         wget http://pypa-advisory-db.storage.googleapis.com/triage/pypi_versions.json
     - run: |
-        wget https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.zip
-        unzip nvdcve-1.1-modified.json.zip
+        wget https://storage.googleapis.com/cve-osv-conversion/nvd/nvdcve-2.0-2024.json
     - run: |
-        go install github.com/google/osv/vulnfeeds/cmd/pypi@v0.0.0-20231127000918-ec867e7fd72b
+        go install github.com/google/osv/vulnfeeds/cmd/pypi@master
         pypi -false_positives triage/false_positives.yaml \
-            -nvd_json nvdcve-1.1-modified.json \
+            -nvd_json nvdcve-2.0-2024.json \
             -pypi_links pypi_links.json \
             -pypi_versions pypi_versions.json \
             -out_dir vulns \
-            -without_notes
+            -without_notes \
+            -exclude_unbounded
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add vulns