Rule pr_vulnerability_check message when no patch exists #274
Labels
enhancement
New feature or request
P2
Nice to fix: non-critical items that should be evaluated and planned during issue triage
Comments
eleftherias
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given I have a profile with the
pr_vulnerability_checkruleWhen I create a PR that has vulnerable dependencies
And none of the vulnerable dependencies have a fixed version
Then the review message should be "Minder found vulnerable dependencies in this PR, but could not find a new version of the dependency that is not vulnerable. Please push an updated version."
Given I have a profile with the
pr_vulnerability_checkruleWhen I create a PR that has vulnerable dependencies
And at lease one of the vulnerable dependencies has a fixed version
Then the review message should remain unchanged, as "Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR."
Note that we are rewriting the
pr_vulnerability_checkruletype to make it more generic. Let's not change the Minder built-invulncheckevaluation step, and instead apply this change only after the rewrite.The text was updated successfully, but these errors were encountered: