Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: vulnerabilityFixStrategy #31395

Merged
merged 17 commits into from
Sep 25, 2024
Merged

feat: vulnerabilityFixStrategy #31395

merged 17 commits into from
Sep 25, 2024

Conversation

rarkins
Copy link
Collaborator

@rarkins rarkins commented Sep 15, 2024

Changes

Adds new vulnerabilityAlerts.vulnerabilityFixStrategy option, allowing vulnerability fixes to use highest fixed version instead of lowest.

Context

Sometimes the highest/latest fixed version is a better option than the lowest/minimum.

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

renovate-reproductions/express#1

@rarkins rarkins requested a review from Churro September 15, 2024 05:15
@rarkins rarkins added the status:blocked Issue is blocked by another issue or external requirement label Sep 15, 2024
@rarkins
Copy link
Collaborator Author

rarkins commented Sep 15, 2024

Bloced by #31393

@rarkins rarkins mentioned this pull request Sep 15, 2024
Merged
6 tasks
@rarkins rarkins changed the title refactor: use vulnerabilityFixVersion for github alerts feat: vulnerabilityFixStrategy Sep 15, 2024
Churro
Churro reviewed Sep 15, 2024
View reviewed changes
lib/workers/repository/process/lookup/index.spec.ts Outdated Show resolved Hide resolved
lib/workers/repository/process/lookup/index.spec.ts Outdated Show resolved Hide resolved
lib/config/options/index.ts Outdated Show resolved Hide resolved
@rarkins rarkins requested a review from Churro September 16, 2024 05:03
Base automatically changed from refactor/vulnerability-fix-version to main September 18, 2024 10:18
@rarkins rarkins removed the status:blocked Issue is blocked by another issue or external requirement label Sep 19, 2024
@rarkins rarkins requested a review from Churro September 19, 2024 05:33
@rarkins rarkins added this pull request to the merge queue Sep 25, 2024
Merged via the queue into main with commit c56d68e Sep 25, 2024
36 checks passed
@rarkins rarkins deleted the feat/vulnerability-fix-strategy branch September 25, 2024 05:49
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 38.95.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@secustor secustor secustor approved these changes

@Churro Churro Churro approved these changes

@viceice viceice Awaiting requested review from viceice

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rarkins @renovate-release @Churro @secustor