Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Collect additional vulnerability data, surface in JSON API #10197

Merged
merged 5 commits into from
Oct 19, 2021
Merged

Collect additional vulnerability data, surface in JSON API #10197

merged 5 commits into from
Oct 19, 2021

Conversation

di
Copy link
Member

@di di commented Oct 15, 2021

This PR updates the vulnerability endpoint to collect additional fields from the vulnerability report, and also surfaces the vulnerabilities for a given release in the JSON API.

@di di mentioned this pull request Oct 15, 2021
Closed
tetsuo-cpp
tetsuo-cpp approved these changes Oct 18, 2021
View reviewed changes
Copy link
Contributor

@tetsuo-cpp tetsuo-cpp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@di di force-pushed the add-vulns-to-api branch from 94a9a63 to a58e924 Compare October 19, 2021 17:36
@di di requested a review from ewdurbin October 19, 2021 17:47
ewdurbin
ewdurbin approved these changes Oct 19, 2021
View reviewed changes
Copy link
Member

@ewdurbin ewdurbin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding some information to the help page on PyPI.org for folks to understand where this information comes from is probably a good idea.

Some users may understand this as coming from maintainers?

Some maintainers may be surprised/confused to see this published via our API without their involvement?

warehouse/integrations/vulnerabilities/utils.py Show resolved Hide resolved
@di di merged commit eaa6539 into main Oct 19, 2021
@di di deleted the add-vulns-to-api branch October 19, 2021 20:27
@domdfcoding domdfcoding mentioned this pull request Oct 20, 2021
Closed
@di di mentioned this pull request Mar 23, 2022
Open
domdfcoding pushed a commit to domdfcoding/warehouse that referenced this pull request Jun 7, 2022
@di @domdfcoding
Collect additional vulnerability data, surface in JSON API (pypi#10197)
b930725 
* Collect additional data from vulnerability reports

* Surface vulnerabilities in JSON API

* Address code review

* Add help section

* Update translations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewjoachim ewjoachim ewjoachim left review comments

@tetsuo-cpp tetsuo-cpp tetsuo-cpp approved these changes

@ewdurbin ewdurbin ewdurbin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@di @ewdurbin @ewjoachim @tetsuo-cpp