Add show-fixes-in-summary to surface vulnerabilities resolved by a PR#1103
Draft
felickz wants to merge 1 commit into
Draft
Add show-fixes-in-summary to surface vulnerabilities resolved by a PR#1103felickz wants to merge 1 commit into
show-fixes-in-summary to surface vulnerabilities resolved by a PR#1103felickz wants to merge 1 commit into
Conversation
…PR (#10) * Initial plan * Add show-fixes-in-summary feature to display fixed vulnerabilities in PR summary Agent-Logs-Url: https://github.com/forks-felickz/dependency-review-action/sessions/d4753d81-a434-4948-8f3d-48fd04a79bf9 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> * fix: gate hasIssues on enabled checks and document show-fixes-in-summary --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new feature that allows the summary to highlight vulnerabilities fixed by the pull request, in addition to the existing reporting of new issues. It adds a new configuration option, updates documentation and input schemas, and implements logic and tests to support a new "🎉 Issues Fixed" section in the summary output.
The dependency review action only surfaces introduced vulnerabilities — when a PR removes a vulnerable dependency, that positive signal is invisible. This adds an opt-in
show-fixes-in-summaryinput (defaultfalse) that restructures the summary into three sections when fixes are detected:Before:
After:
New Feature: "Issues Fixed" Summary Section
show-fixes-in-summary(exposed inaction.yml,README.md, and config schema) that, when set totrue, includes a section in the summary showing vulnerabilities resolved by the PR. [1] [2] [3]Configuration and Data Flow Updates
show_fixes_in_summaryoption, ensuring it is read from inputs and included in the configuration object. [1] [2] [3]Summary Rendering Enhancements
Modified the summary generation logic (
addSummaryToSummaryinsrc/summary.ts) to render a three-section layout ("Action Needed", "Issues Fixed", "Checks Passed") when fixes are present and the feature is enabled, or fall back to the old layout otherwise. Added helper functions for building each section. [1] [2] [3] [4]Implemented
addFixedVulnerabilitiesToSummaryto render a detailed table of fixed vulnerabilities, grouped by manifest, when the feature is enabled. [1] [2]Main Workflow and Test Coverage
Updated the main workflow to identify and pass fixed vulnerabilities to the summary logic based on the new configuration. [1] [2]
Added comprehensive tests to verify that the summary displays the correct sections and details depending on the configuration and presence of fixed vulnerabilities.