-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add osv-vulnerabilities and vulnerability service #14567
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're deliberately not (yet) adding invocation to this service?
Yep! I need to do some more testing and nail down a rollout plan. I think it will likely be something like:
|
564501d
to
acda78b
Compare
@viceice I'm seeing null check errors for files I haven't edited. Any ideas why? |
You need to exclude |
All tests are already excluded? Line 19 in ab8e1c6
|
Currently yes |
eb21192
to
c27b6ae
Compare
@viceice Can you review this please? Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
otherwise LGTM
02725be
to
97324be
Compare
@viceice Can I get an approval please 🙏 |
🎉 This PR is included in version 32.20.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Changes
Adds a
Vulnerabilities
class which uses@jamiemagee/osv-offline
to fetch OSV1 databases and parse them offline. This is the first part of #6562, and still needs much workContext
Initial part of #6562
Documentation (please check one with an [x])
How I've tested my work (please tick one)
I have verified these changes via:
Footnotes
https://osv.dev/ ↩