-
Notifications
You must be signed in to change notification settings - Fork 534
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: paths always shown where available #1480
feat: paths always shown where available #1480
Conversation
0b6645c
to
bbe872a
Compare
Expected release notes (by @iamtmrobinson) features:
|
if ( | ||
testOptions.showVulnPaths === 'some' && | ||
paths && | ||
paths.find((p) => p.length > 2) | ||
paths.find((p) => p.length > 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious, should this affect JSON output as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JackuB off the top of your head, do you know if the JSON output is affected by the --show-vulnerable-paths
option?
🎉 This PR is included in version 1.421.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What does this PR do?
Currently paths for top-level dependencies that have a vuln are only shown if the
all
flag is passed to--show-vulnerable-paths
. This can be a bit confusing and some people don't understand why they're not seeing an "introduced by:" line for these top-level deps (e.g. if you have a direct dependency ofadm-zip@0.4.7
)This PR changes that so that whenever a path is available it will also be shown when the default of
some
is used forshow-vulnerable-paths