feat: Integration with NVD API 2.0 (#2542)

[anthonyharrison]

No description provided.

[anthonyharrison]

Interesting failures. Wonder if there is a differences in the data produced using the different APIs becuase when I run test_langauge.py on my API2 download, I get 4 failures (Go, Ruby, Python and R).

[terriko]

I'm pretty sure all the test fails will be fixed by #2574 (looks like commonmark got dropped by rich) but given how finicky the NVD API can be I think I'll re-run the tests here before I merge.

[terriko]

Updating branch for tests now.

[codecov-commenter]

Codecov Report

Merging #2562 (1ed3551) into main (2263e4c) will decrease coverage by 0.26%.
The diff coverage is 2.89%.

@@            Coverage Diff             @@
##             main    #2562      +/-   ##
==========================================
- Coverage   76.91%   76.65%   -0.26%     
==========================================
  Files         594      594              
  Lines        9793     9831      +38     
  Branches     1336     1345       +9     
==========================================
+ Hits         7532     7536       +4     
- Misses       1958     1992      +34     
  Partials      303      303              

Flag	Coverage Δ
longtests	76.65% <2.89%> (-0.26%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cve_bin_tool/data_sources/nvd_source.py	22.17% <0.00%> (-0.65%)	⬇️
cve_bin_tool/nvd_api.py	18.32% <4.25%> (-2.93%)	⬇️
cve_bin_tool/cli.py	63.98% <0.00%> (+0.96%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[terriko]

I think we're good to merge this. We should talk soon about whether we need a 3.2.1 release for this -- I think probably yes, but I was hoping to also fix the LegacyVersion stuff and that hasn't been completed yet. I'll file an issue about the timeout so we don't forget to look it later.

[terriko]

I strongly suspect we're going to want a total timeout to keep it from hanging indefinitely (specifically because this seems to happen in github actions windows instances), but I'm not sure what the value should be here. Maybe we could open a bug to look at it in future?