jasnow/gist:c05238fab1b2dcb34535e85c6c77de2e

## gistfile1.txt
Here are the additional Pre-537 work needed after running
github_advisory_sync.rb script (related to GitHub Action; issue #537):

 I. ISS#647: "Add an explicit ignore list to the github_advisory_sync.rb script"
    * OR: "Summary the categories of advisories that must
      be deleted  after a sync script run (script).
    * Will cover:
      * (GHSA/BUG/#52) D1. (A) Delete duplicated advisories based
        on filename/"gems:" character case:
        * GHSA: arabic-prawn and redcloth
        * RAD:: Arabic-Prawn and RedCloth
        -- 6/18/2023; Blocked by GHSA Bug:
           https://github.com/github/advisory-database/issues/52
      * (FIXED) D2. (B) Delete old versions for GHSA "rails" advisories
        split into 1 or more sub-rails gems in ruby-advisory-db, such
        as [actionpack, activerecord, activesupport, actionview].
        * Examples: CVE-2009-3009, CVE-2011-2197
      * D3. (C) Delete GSHA-* names
        advisories with CVE values which we renamed (4 of them).
      * D4. (D) Delete GSHA "gems" advisories that
        ruby-advisory-db have as "ruby" (webrick/CVE-2009-4492).
      * (FIXED BY Postmodern) D5. (E) Delete GHSA "gems" name ("grit")
        is different from ruby-advisory-db "gems" name. (gitlab-grit).

 II. ISS#648: Patched_versions field
     * M1/P. Convert patched_versions: field.
       * Previously "patched_versions"  => ["<FILL IN SEE BELOW>"],

 III. ISS#649: Unaffected_versions field
      * M1/U. Convert unaffected_versions field.
        * Previously: "unaffected_versions" => ["<OPTIONAL: FILL IN SEE BELOW>"]

 IV. ISS#650: STYLE
     * A3. Fix indentation for related:/url:, patched_versions:
       and unafffected_versions fields.
     * M6. Fix description: multi-line format syntax.
     * A4. Remove extra "url:" from related:/url: values.
     * M4. Line wrap description: field to 80 columns.

 V. ISS#651: CVSS_V[2345] field (Issue: TBD)
     * M5. Add cvss_v2 field using NVD link.
       * Previously "cvss_v3"  => ("<FILL IN IF AVAILABLE>" unless cvss),

 VI. Remove Debug output
     * PR#620(Removed): M7. Remove two blanks lines at end of file.
     * PR#637(Canceled) A1. Remove extra "debug" sync code/text output from sync script.

 VII. Probably Still Manual
    * (TBD) M2. Pick better "url: and title: field values.
    * ISS#674: M3. Verify all url: and related:/url: values are
      available or convert them to using wayback machine web site.
EOF
	Here are the additional Pre-537 work needed after running
	github_advisory_sync.rb script (related to GitHub Action; issue #537):

	I. ISS#647: "Add an explicit ignore list to the github_advisory_sync.rb script"
	* OR: "Summary the categories of advisories that must
	be deleted after a sync script run (script).
	* Will cover:
	* (GHSA/BUG/#52) D1. (A) Delete duplicated advisories based
	on filename/"gems:" character case:
	* GHSA: arabic-prawn and redcloth
	* RAD:: Arabic-Prawn and RedCloth
	-- 6/18/2023; Blocked by GHSA Bug:
	https://github.com/github/advisory-database/issues/52
	* (FIXED) D2. (B) Delete old versions for GHSA "rails" advisories
	split into 1 or more sub-rails gems in ruby-advisory-db, such
	as [actionpack, activerecord, activesupport, actionview].
	* Examples: CVE-2009-3009, CVE-2011-2197
	* D3. (C) Delete GSHA-* names
	advisories with CVE values which we renamed (4 of them).
	* D4. (D) Delete GSHA "gems" advisories that
	ruby-advisory-db have as "ruby" (webrick/CVE-2009-4492).
	* (FIXED BY Postmodern) D5. (E) Delete GHSA "gems" name ("grit")
	is different from ruby-advisory-db "gems" name. (gitlab-grit).

	II. ISS#648: Patched_versions field
	* M1/P. Convert patched_versions: field.
	* Previously "patched_versions" => ["<FILL IN SEE BELOW>"],

	III. ISS#649: Unaffected_versions field
	* M1/U. Convert unaffected_versions field.
	* Previously: "unaffected_versions" => ["<OPTIONAL: FILL IN SEE BELOW>"]

	IV. ISS#650: STYLE
	* A3. Fix indentation for related:/url:, patched_versions:
	and unafffected_versions fields.
	* M6. Fix description: multi-line format syntax.
	* A4. Remove extra "url:" from related:/url: values.
	* M4. Line wrap description: field to 80 columns.

	V. ISS#651: CVSS_V[2345] field (Issue: TBD)
	* M5. Add cvss_v2 field using NVD link.
	* Previously "cvss_v3" => ("<FILL IN IF AVAILABLE>" unless cvss),

	VI. Remove Debug output
	* PR#620(Removed): M7. Remove two blanks lines at end of file.
	* PR#637(Canceled) A1. Remove extra "debug" sync code/text output from sync script.

	VII. Probably Still Manual
	* (TBD) M2. Pick better "url: and title: field values.
	* ISS#674: M3. Verify all url: and related:/url: values are
	available or convert them to using wayback machine web site.
	EOF