update: drop number of vulnerabilities on --pre-release#1080
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1080 +/- ##
==========================================
- Coverage 71.72% 64.36% -7.37%
==========================================
Files 41 45 +4
Lines 5895 6925 +1030
==========================================
+ Hits 4228 4457 +229
- Misses 1667 2468 +801 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
When we announce a security release, we typically say we'll be fixing X High, X Medium, and so on. That policy was set before the AI era, when reports weren't as frequent. Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
RafaelGSS
force-pushed
the
drop-vuln-number-prerelease
branch
from
5e07124 to
6b726e9
Compare
|
It seems C8 no longer works on Node.js v26 |
|
I've opened #1081 to fix that |
|
Can you verify the markdown template handles the new format? |
Can you clarify what you mean? Which markdown template? |
The output of that function replaces the placeholder %VULNERABILITIES in the prerelease accouncement markdown file node-core-utils/lib/github/templates/security-pre-release.md Lines 10 to 15 in 9a4439b |
| getVulnerabilities(content) { | ||
| const grouped = _.groupBy(content.reports, 'severity.rating'); | ||
| const text = []; | ||
| for (const [key, value] of Object.entries(grouped)) { | ||
| text.push(`- ${value.length} ${key.toLocaleLowerCase()} severity issues.`); | ||
| for (const report of content.reports) { | ||
| if (!report.severity?.rating) { | ||
| this.cli.error(`severity.rating not found for report ${report.id}.`); | ||
| process.exit(1); | ||
| } | ||
| } | ||
| return text.join('\n'); | ||
| return getHighestSeverityAnnouncement(content.reports); | ||
| } |
There was a problem hiding this comment.
We probably want to keep the original list for the post release announcement. Currently we call the same function in createPreRelease and createPostRelease
node-core-utils/lib/security_blog.js
Line 41 in 9a4439b
node-core-utils/lib/security_blog.js
Line 124 in 9a4439b
3 participants
When we announce a security release, we typically say we'll be fixing X High, X Medium, and so on. That policy was set before the AI era, when reports weren't as frequent.