Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(vulnerabilities): handle medium and unknown severities #22257

Merged
merged 8 commits into from May 16, 2023

Conversation

setchy
Copy link
Collaborator

@setchy setchy commented May 16, 2023

Changes

Handles two additional vulnerability scenarios

  • UKNOWN
  • MEDIUM (same as MODERATE)

Changed validated against: https://github.com/setchy/renovate-demo-osv-severity-fix

Context

#22239

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@setchy
Copy link
Collaborator Author

setchy commented May 16, 2023

I did a search for other uses of MODERATE in the codebase and found

export interface SecurityAdvisory {
description?: string;
identifiers?: { type: string; value: string }[];
references: { url: string }[];
severity: 'HIGH' | 'MODERATE' | string;
}

Interest in input on whether we leave this as-is, or update severity

secustor
secustor previously approved these changes May 16, 2023
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

failed tests, otherwise LGTM

@setchy setchy requested review from viceice and secustor May 16, 2023 11:29
@setchy setchy requested a review from secustor May 16, 2023 13:03
@JamieMagee JamieMagee enabled auto-merge May 16, 2023 15:16
@JamieMagee JamieMagee added this pull request to the merge queue May 16, 2023
Merged via the queue into renovatebot:main with commit 1c82218 May 16, 2023
11 checks passed
@setchy setchy deleted the feature/22239-osv-usecases branch May 16, 2023 16:10
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 35.88.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants