For each formula with findings, one thread is spawned per vuln ID with no cap:
threads = batch_vulns.map do |v|
Thread.new { client.get_vulnerability(v["id"]) }
end
full_vulns = threads.map(&:value)lib/brew/vulns/cli.rb:121-124
A package with a couple of hundred known CVEs (openssl, curl, the kernel, etc.) opens that many simultaneous HTTPS connections to api.osv.dev. Each one creates a fresh Net::HTTP instance with its own TLS handshake.
Likely outcomes are file descriptor exhaustion locally or rate limiting from OSV, neither of which produces a clear error.
A simple bound would be slicing into groups of N and joining each group before starting the next. Or a thread pool if you'd rather pull in concurrent-ruby.
For each formula with findings, one thread is spawned per vuln ID with no cap:
lib/brew/vulns/cli.rb:121-124
A package with a couple of hundred known CVEs (openssl, curl, the kernel, etc.) opens that many simultaneous HTTPS connections to api.osv.dev. Each one creates a fresh
Net::HTTPinstance with its own TLS handshake.Likely outcomes are file descriptor exhaustion locally or rate limiting from OSV, neither of which produces a clear error.
A simple bound would be slicing into groups of N and joining each group before starting the next. Or a thread pool if you'd rather pull in
concurrent-ruby.