Skip to content

feat: set User-Agent header on OSV API requests#51

Open
mvanhorn wants to merge 1 commit intoHomebrew:mainfrom
mvanhorn:osc/49-set-user-agent-on-osv-requests
Open

feat: set User-Agent header on OSV API requests#51
mvanhorn wants to merge 1 commit intoHomebrew:mainfrom
mvanhorn:osc/49-set-user-agent-on-osv-requests

Conversation

@mvanhorn
Copy link
Copy Markdown

Summary

Set a User-Agent header on all outgoing OSV API requests so the OSV team can identify brew-vulns traffic.

Fixes #49.

Why this matters

Maintainer andrew filed #49 on 2026-04-13 noting that requests from lib/brew/vulns/osv_client.rb:67-68 currently send no User-Agent. Net::HTTP falls back to a generic Ruby UA, which makes it hard for the OSV team to reach out about traffic patterns or rate limits. The issue suggests brew-vulns/#{VERSION} (+https://github.com/Homebrew/homebrew-brew-vulns) — matching what this change implements.

Both post(path, payload) (used for /query and /querybatch) and get(path) (used for /vulns/:id) go through the same pair of lines that already set Content-Type, so the header is attached in both places.

Changes

  • lib/brew/vulns/osv_client.rb: require brew/vulns/version, define USER_AGENT constant on OsvClient, set request["User-Agent"] = USER_AGENT in both post and get.
  • test/brew/test_osv_client.rb: add test_sets_user_agent_header that uses WebMock's header matcher with a regex asserting the brew-vulns/X.Y.Z (+URL) shape.
  • CHANGELOG.md: add entry under [Unreleased].

Testing

CI will run the full suite. Local test run was not possible from the contribution environment (system Ruby 2.6 lacks simplecov, and bundler 4.0.6 is not installed locally), but the diff is three minimal additions and the new test is modeled on the existing test_query_returns_vulnerabilities style with a WebMock header matcher.


This contribution was developed with AI assistance (Codex).

@mvanhorn
Copy link
Copy Markdown
Author

also just noticed this is a good first issue tag, so happy to close, lmk!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Set a User-Agent header on OSV API requests

1 participant