From b252f389d79f84e7f7353fb98e45b7d996fcb2d2 Mon Sep 17 00:00:00 2001
From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Date: Sat, 6 Aug 2022 12:39:58 +0200
Subject: [PATCH] tools: update undici CPE in vuln checking script

This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: https://github.com/nodejs/node/pull/44128
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
---
 tools/dep_checker/dependencies.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/dep_checker/dependencies.py b/tools/dep_checker/dependencies.py
index 0951dae5ab572c..b0c6943aa42b0b 100644
--- a/tools/dep_checker/dependencies.py
+++ b/tools/dep_checker/dependencies.py
@@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]:
         version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv")
     ),
     "undici": Dependency(
-        version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici"
+        version=vp.get_undici_version(),
+        cpe=CPE(vendor="nodejs", product="undici"),
+        npm_name="undici",
     ),
     "OpenSSL": Dependency(
         version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")