From f6ca4e47d50fb286039ed7fdc22eb393a3d111f3 Mon Sep 17 00:00:00 2001
From: James Gregory-Monk <james.gregory@epigenesys.org.uk>
Date: Wed, 18 Feb 2026 12:47:55 +0000
Subject: [PATCH 1/2] Correct the generation of related URLs so it matches the
 expected format

---
 lib/github_advisory_sync.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/github_advisory_sync.rb b/lib/github_advisory_sync.rb
index 65dbf5e156..3cc87873e5 100644
--- a/lib/github_advisory_sync.rb
+++ b/lib/github_advisory_sync.rb
@@ -414,7 +414,7 @@ def create(package)
 
       # populate the related information
       new_data["related"] = {
-        "url" => advisory["references"]
+        "url" => advisory["references"].map { |reference| reference['url'] }.reject(&:empty?)
       }
 
       FileUtils.mkdir_p(File.dirname(filename_to_write))

From b2f4ef705ae506c755016dfdff9290928f723d6b Mon Sep 17 00:00:00 2001
From: James Gregory-Monk <james.gregory@epigenesys.org.uk>
Date: Wed, 18 Feb 2026 12:48:17 +0000
Subject: [PATCH 2/2] Updated the package filename to correct two packages that
 have been renamed in the past

---
 lib/github_advisory_sync.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/github_advisory_sync.rb b/lib/github_advisory_sync.rb
index 3cc87873e5..3bff1ad13a 100644
--- a/lib/github_advisory_sync.rb
+++ b/lib/github_advisory_sync.rb
@@ -196,7 +196,18 @@ def updating?
       end
 
       def filename
-        File.join("gems", name, "#{@advisory.primary_id}.yml")
+        # These packages appear to have been named differently in the past
+        # This 'corrects' them so updates don't affect existing vulnerabilities
+        package_name = case name
+        when "arabic-prawn"
+          "Arabic-Prawn"
+        when "redcloth"
+          "RedCloth"
+        else
+          name
+        end
+
+        File.join("gems", package_name, "#{@advisory.primary_id}.yml")
       end
 
       def framework