tools: update undici CPE in vuln checking script

This changes the search method for `undici` on the NVD database.
Before, since `undici` did not have a CPE assigned, the search
was by keyword. Now that a CPE was assigned, it is used to query
for new vulnerabilities.

PR-URL: #44128
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Rafael Gonzaga <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>

Author: facutuesca

tools/dep_checker/dependencies.py

@@ -47,7 +47,9 @@ def get_cpe(self) -> Optional[str]:
         version=vp.get_libuv_version(), cpe=CPE(vendor="libuv_project", product="libuv")
     ),
     "undici": Dependency(
-        version=vp.get_undici_version(), cpe=None, keyword="undici", npm_name="undici"
+        version=vp.get_undici_version(),
+        cpe=CPE(vendor="nodejs", product="undici"),
+        npm_name="undici",
     ),
     "OpenSSL": Dependency(
         version=vp.get_openssl_version(), cpe=CPE(vendor="openssl", product="openssl")