feat: set User-Agent header on OSV API requests#51
Open
mvanhorn wants to merge 1 commit intoHomebrew:mainfrom
Open
feat: set User-Agent header on OSV API requests#51mvanhorn wants to merge 1 commit intoHomebrew:mainfrom
mvanhorn wants to merge 1 commit intoHomebrew:mainfrom
Conversation
Author
|
also just noticed this is a good first issue tag, so happy to close, lmk! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Set a
User-Agentheader on all outgoing OSV API requests so the OSV team can identifybrew-vulnstraffic.Fixes #49.
Why this matters
Maintainer andrew filed #49 on 2026-04-13 noting that requests from
lib/brew/vulns/osv_client.rb:67-68currently send noUser-Agent.Net::HTTPfalls back to a genericRubyUA, which makes it hard for the OSV team to reach out about traffic patterns or rate limits. The issue suggestsbrew-vulns/#{VERSION} (+https://github.com/Homebrew/homebrew-brew-vulns)— matching what this change implements.Both
post(path, payload)(used for/queryand/querybatch) andget(path)(used for/vulns/:id) go through the same pair of lines that already setContent-Type, so the header is attached in both places.Changes
lib/brew/vulns/osv_client.rb: requirebrew/vulns/version, defineUSER_AGENTconstant onOsvClient, setrequest["User-Agent"] = USER_AGENTin bothpostandget.test/brew/test_osv_client.rb: addtest_sets_user_agent_headerthat uses WebMock's header matcher with a regex asserting thebrew-vulns/X.Y.Z (+URL)shape.CHANGELOG.md: add entry under[Unreleased].Testing
CI will run the full suite. Local test run was not possible from the contribution environment (system Ruby 2.6 lacks
simplecov, andbundler 4.0.6is not installed locally), but the diff is three minimal additions and the new test is modeled on the existingtest_query_returns_vulnerabilitiesstyle with a WebMock header matcher.This contribution was developed with AI assistance (Codex).