Ignore withdrawn advisories

Author: aegilops

src/malwareMatcher.ts

@@ -77,6 +77,9 @@ export function matchMalware(advisories: MalwareAdvisoryNode[], sboms: Repositor
   // Build advisory index keyed by ecosystem::name
   const index = new Map<string, MalwareAdvisoryNode[]>();
   for (const adv of advisories) {
+    // Ignore advisories that have been withdrawn
+    // Assumes MalwareAdvisoryNode has an optional withdrawnAt (string | null | undefined)
+    if ((adv as unknown as { withdrawnAt?: string | null }).withdrawnAt) continue;
     for (const vuln of adv.vulnerabilities) {
       if (!vuln.name || !vuln.ecosystem) continue;
       const key = `${vuln.ecosystem}::${vuln.name}`.toLowerCase();