Unable to download security-advisories zip file
Closed this issue · 3 comments
After learning about this project today and installing it for the first time, I've been having some trouble obtaining the security-advisories
database. I can access it via curl
without difficulty, but am having no luck via the local-php-security-checker
binary. Instead, an "unable to load the advisory DB: unable to fetch advisories" error is reported:
ᐅ curl https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 554k 100 554k 0 0 962k 0 --:--:-- --:--:-- --:--:-- 961k
ᐅ ./local-php-security-checker --help
Local PHP Security Checker 1.0.0, built at 2021-01-15T07:03:28Z
ᐅ ./local-php-security-checker
unable to load the advisory DB: unable to fetch advisories: Get "https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master": dial tcp: lookup codeload.github.com on [::1]:53: read udp [::1]:64419->[::1]:53: read: connection refused
Seeing something similar. Getting a timeout instead of connection refused:
$ lando composer -n deps-sniff
> ./bin/local-php-security-checker
unable to load the advisory DB: unable to fetch advisories: Get "https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master": dial tcp: i/o timeout
Script ./bin/local-php-security-checker handling the deps-sniff event returned with error code 127
I got the same error too.
unable to load the advisory DB: unable to fetch advisories: Get "https://codeload.github.com/FriendsOfPHP/security-advisories/zip/master": dial tcp 140.82.112.10:443: i/o timeout
Since I have it configured on my CI jobs, it creates false positives, so i would love to see this resolved.
The cause is probably that the requests are reaching the Api rate limits for github hosted content. It maybe needs to change to a DSN hosted in a cloud or something like that to prevent problems, but I think that has to be resolved in the security-advisories project, and then move this repo to whatever solution they come up with.
¿Should we open an Issue there?
Butting in about a similar error, although this time the error message is different
unable to load the advisory DB: unable to fetch advisories: zip: not a valid zip file
Not sure if that's the same issue ; i can open another one if needed.
EDIT: It seems to have solved itself right after i posted this, oh well.