Error processing vulnerable alerts #13796
Labels
priority-2-high
Bugs impacting wide number of users or very important features
type:bug
Bug fix of existing functionality
How are you running Renovate?
Self-hosted
If you're self-hosting Renovate, tell us what version of Renovate you run.
31.0.0
Please select which platform you are using if self-hosting.
GitHub Enterprise Server
If you're self-hosting Renovate, tell us what version of the platform you run.
GitHub Enterprise Server 3.1.14
Describe the bug
Similar to issue 11911 but I found different root cause.
As many projects started to adopt Renovate here and at least 3 repos have this issue. The problem is critical cause it will fail the Jenkins pipeline which runs the Renovate-bot.
After turned on the TRACE level of debug, I found few incomplete alert objects returned from github platform:
{
"dismissReason": null,
"vulnerableManifestFilename": "package-lock.json",
"vulnerableManifestPath": "package-lock.json",
"vulnerableRequirements": "= 3.12.0",
"securityAdvisory": null,
"securityVulnerability": null
}
Full trace file will be attached later.
And it's easy to reproduce the problem, copy the "alerts" array from the trace log and store it in a fixture file. Then below test will fail with the exact the same error log. After remove the two incomplete alert objects from the array, the test can pass as expected. The test code is copied from source.
Relevant debug logs
Logs
Have you created a minimal reproduction repository?
No reproduction repository
The text was updated successfully, but these errors were encountered: