From 8f998120cc6bcc23d3cab994058557aa17a2e153 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 31 May 2026 15:17:53 +0200
Subject: [PATCH 1/2] Tighten schema checks

---
 spec/schema_validation_spec.rb | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/spec/schema_validation_spec.rb b/spec/schema_validation_spec.rb
index 102467881d..6ba619c789 100644
--- a/spec/schema_validation_spec.rb
+++ b/spec/schema_validation_spec.rb
@@ -25,6 +25,31 @@ def normalize_for_json(value)
   end
 end
 
+def raw_yaml_field_checks(data)
+  errors = []
+
+  if data.key?('date') && !data['date'].is_a?(Date)
+    errors << {
+      'data_pointer' => '/date',
+      'error' => 'value must be a YAML date'
+    }
+  end
+
+  %w[cvss_v2 cvss_v3 cvss_v4].each do |field|
+    next unless data.key?(field)
+
+    value = data[field]
+    next if value.is_a?(Float)
+
+    errors << {
+      'data_pointer' => "/#{field}",
+      'error' => 'value must be a float'
+    }
+  end
+
+  errors
+end
+
 def format_errors(errors)
   errors.map do |e|
     pointer = e['data_pointer'].to_s.empty? ? '<root>' : e['data_pointer']
@@ -41,8 +66,9 @@ def format_errors(errors)
     filename = path.split('/')[-2..].join('/')
 
     it "#{filename} conforms to schema" do
-      data = normalize_for_json(YAML.safe_load_file(path, permitted_classes: [Date]))
-      errors = schemer.validate(data).to_a
+      raw_data = YAML.safe_load_file(path, permitted_classes: [Date])
+      data = normalize_for_json(raw_data)
+      errors = raw_yaml_field_checks(raw_data) + schemer.validate(data).to_a
 
       expect(errors).to be_empty, lambda {
         "#{filename}\n#{format_errors(errors)}"

From a4c258bf08c2a4e1fa9aa97f09f55d331224f5af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= <josef.simanek@gmail.com>
Date: Sun, 31 May 2026 15:17:57 +0200
Subject: [PATCH 2/2] Remove kwalify

---
 Gemfile                       | 1 -
 spec/gem_advisory_example.rb  | 9 ---------
 spec/ruby_advisory_example.rb | 9 ---------
 spec/spec_helper.rb           | 9 ---------
 4 files changed, 28 deletions(-)

diff --git a/Gemfile b/Gemfile
index b547f12aa6..cc11e8934a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,6 @@ source 'https://rubygems.org'
 
 gem 'rake'
 gem 'faraday',      '~> 2.0'
-gem 'kwalify',      '~> 0.1'
 gem 'json_schemer', '~> 2.0'
 gem 'rspec',        '~> 3.0'
 
diff --git a/spec/gem_advisory_example.rb b/spec/gem_advisory_example.rb
index 5d40a5b250..69e5fc4116 100644
--- a/spec/gem_advisory_example.rb
+++ b/spec/gem_advisory_example.rb
@@ -51,14 +51,5 @@
       end
     end
 
-    let(:schema_file) { File.join(__dir__, 'schemas/gem.yml') }
-
-    it "should have valid schema" do
-      schema    = YAML.safe_load_file(schema_file)
-      validator = Kwalify::Validator.new(schema)
-      errors    = validator.validate(advisory)
-
-      expect(errors).to be_empty
-    end
   end
 end
diff --git a/spec/ruby_advisory_example.rb b/spec/ruby_advisory_example.rb
index 2c580f59ba..de5c125935 100644
--- a/spec/ruby_advisory_example.rb
+++ b/spec/ruby_advisory_example.rb
@@ -19,14 +19,5 @@
       end
     end
 
-    let(:schema_file) { File.join(__dir__, 'schemas/ruby.yml') }
-
-    it "should have valid schema" do
-      schema    = YAML.safe_load_file(schema_file)
-      validator = Kwalify::Validator.new(schema)
-      errors    = validator.validate(advisory)
-
-      expect(errors).to be_empty
-    end
   end
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 885d3fff1c..7dc07a4ae0 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,13 +1,4 @@
-require 'strscan'
-
-class StringScanner
-  def peep(len)
-    peek(len)
-  end
-end
-
 require 'date'
-require 'kwalify'
 require 'rspec'
 
 ROOT = File.expand_path(File.join(__dir__,'..'))