Check for V8 vulnerabilities?

[richardlau]

Semi-related to #151, I noticed that we do not currently scan for V8 vulnerabilities in this repo:

nodejs-dependency-vuln-assessments/dep_checker/dependencies.py

Lines 71 to 72 in 2e2d73f

	# TODO: Add V8
	# "V8": Dependency("cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "v8"),

[RafaelGSS]

I think we've decided to not open V8 vulnerabilities because, currently, we don't have anyone to ask and assess if it affects Node.js. Could you confirm @mhdawson?

[mhdawson]

@RafaelGSS I don't think I remember that. I think we want to know about any public CVEs in advance versus having people report them to us like in #151.

My only guess is there was some technical reason why it was not working. I think we should try again and see if it reports properly. From the commented out line I'm not sure if checking all versions of chrome makes sense though. Maybe the issue was that we'd need to map the version of V8 in Node.js back to a version in Chrome to get sensible reports?