Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ESLint sarif formatter improvements #2458

Merged
merged 8 commits into from
Mar 1, 2022
Merged

ESLint sarif formatter improvements #2458

merged 8 commits into from
Mar 1, 2022

Conversation

yongyan-gh
Copy link
Collaborator

@yongyan-gh yongyan-gh commented Feb 17, 2022
edited
Loading

Descriptions

Some improvements for ESLint SARIF formatter:

  • Including endLine/endColumn in region.
  • Upgrade lock file version to version 2.
  • Fix 2 vulnerable npm package references.

@yongyan-gh
Copy link
Collaborator Author

The fix resolved below vulnerable packages issue reported by Github.

Note the first alert is for src/TypeScript/Sarif.SDK/package-lock.json, it needs a separated fix.

image

@Yiwei-Ding Yiwei-Ding mentioned this pull request Mar 1, 2022
Closed
@michaelcfanning
Copy link
Member

@marmegh and @EasyRhinoMSFT , we need to start getting more eyes on SARIF formatting work. @colawton docs/user-facing output will be a prominent part of this.

michaelcfanning
michaelcfanning approved these changes Mar 1, 2022
View reviewed changes
Copy link
Member

@michaelcfanning michaelcfanning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@michaelcfanning michaelcfanning merged commit bedc46e into main Mar 1, 2022
@michaelcfanning michaelcfanning deleted the users/yongyan-gh/eslintfix1 branch March 1, 2022 16:55
@yongyan-gh yongyan-gh mentioned this pull request Mar 29, 2022
Merged
@scalvert
Copy link

Sorry to be late to reviewing this. We've moved the source to the sarif-js-sdk, but I was remiss in removing the source from this repo in favor of that, and republishing from that repo.

We should determine a plan to:

  • decommission the source from this repo
  • publish a new version from that repo (it can likely just be a patch, since it'll only be changing the repository path

This should not break/interrupt consumers, since the packages will be functionally the same.

@eddynaka
Copy link
Collaborator

Hi @scalvert ,

Yong just created a PR moving the code.
so, once we merge that, we can delete this and only use the sarif-js-sdk :)

@scalvert
Copy link

I saw that, which is what prompted me to write my comment. I've also commented on @yongyan-gh's PR in that repo. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelcfanning michaelcfanning michaelcfanning approved these changes

@eddynaka eddynaka eddynaka approved these changes

@jeffersonking jeffersonking Awaiting requested review from jeffersonking

@EasyRhinoMSFT EasyRhinoMSFT Awaiting requested review from EasyRhinoMSFT EasyRhinoMSFT is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@yongyan-gh @michaelcfanning @scalvert @eddynaka