Skip to content

Update README for v0.2.x features and new advisory URL#10

Merged
TooFastTooCurious merged 1 commit intomainfrom
readme-updates
Apr 24, 2026
Merged

Update README for v0.2.x features and new advisory URL#10
TooFastTooCurious merged 1 commit intomainfrom
readme-updates

Conversation

@TooFastTooCurious
Copy link
Copy Markdown
Contributor

@TooFastTooCurious TooFastTooCurious commented Apr 24, 2026

Summary

Three targeted README updates to match current behavior after v0.2.0 and v0.2.1.

Changes

  1. Drop the static "current advisories" table. It listed only ABOM-2026-001 and was going to keep drifting as new advisories land. Point readers at the published JSON instead.
  2. Update the Auto-updated bullet to reference `advisories.juliet.sh` (the v0.2.1 endpoint) while still linking the contribution repo.
  3. Document the auto SHA→tag resolution behavior from fix: SHA-pinned refs at fixed versions should not be flagged as compromised #8. This is the biggest behavior change in v0.2.0 and previously had no documentation. Users seeing the old "verify manually" annotation wouldn't know it's now cleared automatically when the resolved tag is outside the affected range.
  4. Reword the "Fast" feature bullet to make it clear that `raw.githubusercontent.com` is about fetching action content (not advisories, which now live at `advisories.juliet.sh`).

Not included (deferred)

  • A rendered human-readable advisory index on advisories.juliet.sh itself. Right now we link to the raw JSON, which isn't great UX. Worth a follow-up once abom-advisories gains per-advisory HTML pages.

@TooFastTooCurious
Update README: advisory URL, auto SHA resolution, dedup fast-path
fa24126 
- Point the Advisory database section at the new advisories.juliet.sh
  endpoint and drop the static 'current advisories' table, which was
  already out of date.
- Document the SHA-pinned auto-tag-resolution behavior added in #8:
  --check now resolves SHA-pinned advisory-matched refs to upstream
  tags via git ls-remote and clears false positives at fixed versions.
- Clarify that the 'Fast' feature bullet's raw.githubusercontent.com
  reference is about action content fetching, not advisories.
@TooFastTooCurious TooFastTooCurious merged commit 6dd6c79 into main Apr 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TooFastTooCurious