Skip to content

Rule pr_vulnerability_check message when no patch exists #274

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Rule pr_vulnerability_check message when no patch exists#274
Labels
P2Nice to fix: non-critical items that should be evaluated and planned during issue triageenhancementNew feature or request
@eleftherias

Description

@eleftherias
eleftherias
opened on Jan 15, 2025

Given I have a profile with the pr_vulnerability_check rule
When I create a PR that has vulnerable dependencies
And none of the vulnerable dependencies have a fixed version
Then the review message should be "Minder found vulnerable dependencies in this PR, but could not find a new version of the dependency that is not vulnerable. Please push an updated version."

Given I have a profile with the pr_vulnerability_check rule
When I create a PR that has vulnerable dependencies
And at lease one of the vulnerable dependencies has a fixed version
Then the review message should remain unchanged, as "Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR."

Note that we are rewriting the pr_vulnerability_check ruletype to make it more generic. Let's not change the Minder built-in vulncheck evaluation step, and instead apply this change only after the rewrite.

Metadata

Assignees

No one assigned

    Labels

    P2Nice to fix: non-critical items that should be evaluated and planned during issue triageenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions