New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(vulnerabilities): add feature-flagged support for osv #15159
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really cool feature, looking forward to seeing that.
Is there anything I can test or help out with?
e3f5396
to
946cb84
Compare
946cb84
to
b076965
Compare
b076965
to
c66ad89
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Docs look good to go.
`${vulnerability.summary ?? ''}`, | ||
'<details><summary>More information</summary>', | ||
`## Details\n${vulnerability.details ?? 'No details'} | ||
## Severity\n${vulnerability.severity?.[0].score ?? 'No severity'} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe 'Unknown severity' more accurately portraits the situation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or maybe No severity specified
?
Superseded by #20226 |
Changes
osvVulnerabilityAlerts
option asexperimental
and defaultfalse
Examples:
NOTE: This does not provide vulnerability updates for transitive dependencies. GitHub Security Advisories does do this, but currently Renovate does not extract dependencies from lockfiles, for example
package-lock.json
. So, at this point in the Renovate run we cannot lookup vulnerabilities for transitive dependencies.Context
#6562
Documentation (please check one with an [x])
(Will provide updated documentation once the feature is listed)
How I've tested my work (please tick one)
I have verified these changes via: