Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add pinning advice back to legacy formatter #826

Merged
merged 3 commits into from
Nov 4, 2019
Merged

fix: add pinning advice back to legacy formatter #826

merged 3 commits into from
Nov 4, 2019

Conversation

lwywoo
Copy link
Contributor

@lwywoo lwywoo commented Oct 21, 2019
edited

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Adding the pinning advice back to the legacy formatter for python projects.

Without the actionableCliRemediation flag and only pythonPinningAdvice flag:

Screenshot 2019-10-21 at 11 32 39

@lwywoo lwywoo requested a review from a team as a code owner October 21, 2019 10:35
@ghost ghost requested review from miiila and orsagie October 21, 2019 10:35
robcresswell
robcresswell reviewed Oct 21, 2019
View reviewed changes
Copy link
Contributor

@robcresswell robcresswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Some small comments

src/cli/commands/test/formatters/legacy-format-issue.ts Outdated Show resolved Hide resolved
test/acceptance/workspaces/pip-app-transitive-vuln/cli-output.txt Outdated Show resolved Hide resolved
src/cli/commands/test/index.ts Outdated Show resolved Hide resolved
src/cli/commands/test/index.ts Show resolved Hide resolved
@lwywoo lwywoo requested a review from lili2311 October 22, 2019 09:39
@lwywoo lwywoo force-pushed the fix/re-add-pinning-advice branch 2 times, most recently from 77c12d6 to 5c8ca24 Compare October 22, 2019 19:21
lili2311
lili2311 reviewed Oct 23, 2019
View reviewed changes
test/acceptance/workspaces/pip-app-transitive-vuln/cli-output.txt
Remediation:
Upgrade direct dependency flask@0.12.2 to flask@0.12.2 (triggers upgrades to flask@0.12.2)
Remediation:
Pin the transitive dependency Jinja2 to version 2.10.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a super weird fixture we never used to have remediation for python :|

lili2311
lili2311 reviewed Oct 23, 2019
View reviewed changes
test/acceptance/workspaces/pip-app-transitive-vuln/response-without-remediation.json
@@ -324,4 +324,4 @@
"org": "kyegupov"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

accidental change?

@lwywoo lwywoo self-assigned this Oct 24, 2019
@robcresswell robcresswell self-requested a review October 28, 2019 17:55
@lili2311
Copy link
Contributor

@lwywoo @robcresswell what is left to do here?

@robcresswell
Copy link
Contributor

@lili2311 Nothing, I've just been swamped with other high priority things.

@lili2311 lili2311 closed this Nov 4, 2019
@lili2311 lili2311 reopened this Nov 4, 2019
@lwywoo lwywoo closed this Nov 4, 2019
@lwywoo lwywoo reopened this Nov 4, 2019
@lwywoo lwywoo merged commit 10363fc into master Nov 4, 2019
@lwywoo lwywoo deleted the fix/re-add-pinning-advice branch November 4, 2019 16:58
@snyksec
Copy link

snyksec commented Nov 5, 2019

🎉 This PR is included in version 1.242.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@joshje joshje mentioned this pull request May 13, 2022
Open
@aliscco aliscco mentioned this pull request May 13, 2022
Open
@cloudgeek7 cloudgeek7 mentioned this pull request May 14, 2022
Open
@joshje joshje mentioned this pull request Jun 14, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Jun 19, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Jul 1, 2022
Open
@MaxMood96 MaxMood96 mentioned this pull request May 13, 2024
Open
@claireksnyk claireksnyk mentioned this pull request May 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lili2311 lili2311 lili2311 approved these changes

@robcresswell robcresswell robcresswell approved these changes

@miiila miiila Awaiting requested review from miiila

@orsagie orsagie Awaiting requested review from orsagie

Assignees

@lwywoo lwywoo

Labels
released
Projects
None yet
Milestone
No milestone
4 participants
@lwywoo @lili2311 @robcresswell @snyksec