Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability check overhaul #124

Merged
merged 5 commits into from
Sep 13, 2024
Merged

Vulnerability check overhaul #124

merged 5 commits into from
Sep 13, 2024

Conversation

sambsnyd
Copy link
Member

@sambsnyd sambsnyd commented Sep 13, 2024
edited
Loading

Overhaul DependencyVulnerabilityCheck.

Enhancements and fixes include:

  • Can now upgrade dependency versions in freestanding gradle scripts
  • Can now upgrade dependency versions in gradle.properties
  • Fixes upgrading dependencies with version suffixes like "M1"
  • Validates accuracy of fix versions, looking up an appropriate version when Works around inaccurate fix versions in the database
  • Fix data table marking CVEs fixable via transitive dependency upgrades as "not fixable with version update only". This under-reporting was a holdover from before this recipe supported transitive dependency upgrades.
  • Eliminated the option to add search markers. Data table is a much more useful and actionable way of viewing results.

@sambsnyd
WIP
fcf069f
@sambsnyd
Fix data table marking CVEs fixable via transitive dependency upgrade…
b0449e0 
…s as "not fixable with version update only". This was a holdover from before this recipe supported transitive dependency upgrades.
@sambsnyd
Overhaul DependencyVulnerabilityCheck.
89f4887 
Enhancements and fixes include:
- Can now upgrade dependency versions in freestanding gradle scripts
- Can now upgrade dependency versions in gradle.properties
- Fixes upgrading dependencies with version suffixes like "M1"
- Validates accuracy of fix versions, looking up an appropriate version when Works around inaccurate fix versions in the database
github-actions[bot]
github-actions bot reviewed Sep 13, 2024
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestions could not be made:

  • src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java
    • lines 301-302
  • src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java
    • lines 20-19

src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java Show resolved Hide resolved
@sambsnyd @github-actions
Update src/test/java/org/openrewrite/java/dependencies/DependencyVuln…
750dc13 
…erabilityCheckTest.java

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@timtebeek timtebeek added the enhancement New feature or request label Sep 13, 2024
github-actions[bot]
github-actions bot reviewed Sep 13, 2024
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestions could not be made:

  • src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java
    • lines 301-302

@sambsnyd sambsnyd merged commit 81f90fe into main Sep 13, 2024
2 checks passed
@sambsnyd sambsnyd deleted the vulnerability-check-overhaul branch September 13, 2024 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@sambsnyd sambsnyd

Labels
enhancement New feature or request
Projects
OpenRewrite
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sambsnyd @timtebeek