Turn on the database: start creating JLSEC advisories

.github/workflows/update-and-export.yml

@@ -35,7 +35,7 @@ jobs:
 
     - name: Install osv-linter
       run: |
-        git clone https://github.com/JuliaComputing/osv-schema.git -b juliahub/julia
+        git clone https://github.com/JuliaComputing/osv-schema.git -b jlsec
         cd ./osv-schema/tools/osv-linter
         go build -o ../../../osv-linter ./cmd/osv
         cd ../../..

Project.toml

@@ -1,7 +1,7 @@
 name = "SecurityAdvisories"
 uuid = "c2087171-788c-45e6-884c-aa841a74e7f5"
 authors = ["Matt Bauman <[email protected]>"]
-version = "0.1.0"
+version = "1.0.0"
 
 [deps]
 CodecZlib = "944b1d66-785c-5afd-91f1-9de20f533193"

README.md

@@ -1,15 +1,12 @@
-# A Julia Security Advisory Database
-
-> [!CAUTION]
-> The advisories here are **in testing**, **are not valid**, and **will be deleted**. Do not import any advisories with the `DONOTUSEJLSEC-` prefix.
+# The Julia Security Advisory Database
 
 > [!WARNING]
-> Work in progress. Likely incorrect and definitely incomplete data.
+> Work in progress. The advisories here are imported on a best-effort basis and are known to be incomplete.
 
 ## Overview
 
 There are four key goals of this repository:
-* Be a database of security advisories that pertain to packages in the Julia ecosystem.
+* Be the database of security advisories that pertain to packages in the Julia ecosystem.
 * Provide the structure for authoring, reviewing, and maintaining these security advisories.
 * Export the security advisories in standard format for downstream consumers.
 * Provide tooling to search, identify, and import applicable security advisories (*both* upstream and aliasing) from multiple independent advisory databases.