Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(vulnerabilities): set, maintain and expose vulnerabilitySeverity for templated fields #21939

Merged
merged 22 commits into from May 11, 2023
Merged

feat(vulnerabilities): set, maintain and expose vulnerabilitySeverity for templated fields #21939

merged 22 commits into from May 11, 2023

Conversation

setchy
Copy link
Collaborator

@setchy setchy commented May 2, 2023
edited

Changes

Set vulnerabilitySeverity for package rules, maintain the highest rating for the update group and expose for use in any template-eligible fields, such as commitMessageSuffix.

Demonstration repository: https://github.com/setchy/renovate-demo-osv-severity

Context

#21937

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@setchy setchy marked this pull request as draft May 2, 2023 21:14
@setchy setchy changed the title DRAFT feat(vulnerabilities): optional flag to include severity in commitMessageSuffix feat(vulnerabilities): optional flag to include severity in commitMessageSuffix May 2, 2023
viceice
viceice reviewed May 3, 2023
View reviewed changes
lib/config/options/index.ts Outdated Show resolved Hide resolved
secustor
secustor reviewed May 3, 2023
View reviewed changes
lib/config/options/index.ts Outdated Show resolved Hide resolved
lib/config/types.ts Show resolved Hide resolved
lib/workers/repository/process/vulnerabilities.ts Outdated Show resolved Hide resolved
@setchy
Copy link
Collaborator Author

setchy commented May 3, 2023

Update to draft PR pushed that addresses #21937 (comment) from @Churro, albeit in a somewhat hacky method

@setchy
Copy link
Collaborator Author

setchy commented May 3, 2023

Demonstration repository also created - https://github.com/setchy/renovate-demo-osv-severity

@setchy setchy changed the title feat(vulnerabilities): optional flag to include severity in commitMessageSuffix feat(vulnerabilities): surface highestVulnerabilitySeverity for use in templated fields May 3, 2023
@setchy setchy changed the title feat(vulnerabilities): surface highestVulnerabilitySeverity for use in templated fields feat(vulnerabilities): set highestVulnerabilitySeverity for use in templated fields May 3, 2023
@setchy setchy marked this pull request as ready for review May 3, 2023 16:51
@setchy
Copy link
Collaborator Author

setchy commented May 3, 2023

An alternate name to highestVulnerabilitySeverity might be aggregateVulnerabilitySeverity. Also open to other suggestions

@Churro
Copy link
Collaborator

Churro commented May 3, 2023

Update to draft PR pushed that addresses #21937 (comment) from @Churro, albeit in a somewhat hacky method

Probably that was a misunderstanding but I didn't intend to recommend the implementation a hacky solution in my comment. I'm convinced there is a more elegant way to implement this in renovate but, personally, I'd rather spend longer tinkering with a nicer solution than implementing this with a crowbar.

@setchy
Copy link
Collaborator Author

setchy commented May 3, 2023
edited

Update to draft PR pushed that addresses #21937 (comment) from @Churro, albeit in a somewhat hacky method

Probably that was a misunderstanding but I didn't intend to recommend the implementation a hacky solution in my comment. I'm convinced there is a more elegant way to implement this in renovate but, personally, I'd rather spend longer tinkering with a nicer solution than implementing this with a crowbar.

I was only referring to the multiple vulnerabilities piece you pointed out. was not suggesting you recommended this method of implementation - sorry if it came across that way. 😄

as always, absolutely happy to iterate on these PRs to find the best solution. I did spend a few hours this morning trying to find the "right place" before flattening etc occurs, but need further input.

@setchy setchy changed the title feat(vulnerabilities): set highestVulnerabilitySeverity for use in templated fields feat(vulnerabilities): maintain highest vulnerabilitySeverity for updates and expose to templated fields May 8, 2023
@setchy setchy changed the title feat(vulnerabilities): maintain highest vulnerabilitySeverity for updates and expose to templated fields feat(vulnerabilities): set, maintain and expose vulnerabilitySeverity for templated fields May 8, 2023
@setchy setchy requested a review from Churro May 8, 2023 15:23
@setchy
Copy link
Collaborator Author

setchy commented May 8, 2023
edited

Reworked the implementation this morning. Removed the crowbar approach 😅

Feedback of course welcomed.

Demo repo updated: https://github.com/setchy/renovate-demo-osv-severity/pulls

viceice
viceice reviewed May 8, 2023
View reviewed changes
lib/config/index.spec.ts Outdated Show resolved Hide resolved
lib/util/vulnerability/utils.spec.ts Outdated Show resolved Hide resolved
lib/util/vulnerability/utils.ts Outdated Show resolved Hide resolved
lib/workers/repository/process/vulnerabilities.ts Show resolved Hide resolved
lib/workers/repository/process/vulnerabilities.ts Show resolved Hide resolved
lib/workers/repository/process/vulnerabilities.ts Outdated Show resolved Hide resolved
@setchy setchy requested a review from viceice May 9, 2023 01:37
@viceice viceice requested a review from JamieMagee May 9, 2023 13:41
@setchy setchy requested a review from JamieMagee May 9, 2023 19:01
JamieMagee
JamieMagee previously approved these changes May 9, 2023
View reviewed changes
secustor
secustor reviewed May 9, 2023
View reviewed changes
lib/util/template/index.ts Outdated Show resolved Hide resolved
@setchy setchy requested a review from secustor May 9, 2023 20:32
@rarkins rarkins requested a review from JamieMagee May 10, 2023 05:39
@JamieMagee JamieMagee added this pull request to the merge queue May 11, 2023
Merged via the queue into renovatebot:main with commit a2e036e May 11, 2023
11 checks passed
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 35.80.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@setchy setchy added the type:feature Feature (new functionality) label May 13, 2023
@setchy setchy deleted the feature/osv-severity branch May 13, 2023 16:02
mjunker pushed a commit to mjunker/renovate that referenced this pull request May 17, 2023
@setchy @mjunker
feat(vulnerabilities): set, maintain and expose vulnerabilitySeverity…
b151398 
… for templated fields (renovatebot#21939)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@JamieMagee JamieMagee JamieMagee approved these changes

@secustor secustor secustor approved these changes

@Churro Churro Awaiting requested review from Churro

@rarkins rarkins Awaiting requested review from rarkins

@viceice viceice Awaiting requested review from viceice

Assignees
No one assigned
Labels
core:vulnerabilities type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@setchy @Churro @renovate-release @JamieMagee @viceice @rarkins @secustor