ensure scope filtering is backward compatible with enterprise rest api versions
This commit is contained in:
@@ -124,7 +124,7 @@ This example will only fail on pull requests with `critical` and `high` vulnerab
|
||||
|
||||
### Dependency Scoping
|
||||
|
||||
By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on GHES just yet, as the REST API's introduction of `scope` will be released in an upcoming version.
|
||||
By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on GHES just yet, as the REST API's introduction of `scope` will be released in an upcoming version. We will treat all dependencies on GHES as having a `runtime` scope and thus will not be filtered away.
|
||||
|
||||
```yaml
|
||||
- name: Dependency Review
|
||||
|
||||
@@ -39,7 +39,9 @@ export function filterChangesByScopes(
|
||||
changes: Changes
|
||||
): Changes {
|
||||
const filteredChanges = changes.filter(change => {
|
||||
if (scopes.includes(change.scope)) {
|
||||
// if there is no scope on the change (GHES API for now), we will assume it is a runtime scope
|
||||
const scope = change.scope || 'runtime'
|
||||
if (scopes.includes(scope)) {
|
||||
return true
|
||||
}
|
||||
})
|
||||
|
||||
@@ -12,7 +12,7 @@ export const ChangeSchema = z.object({
|
||||
package_url: z.string(),
|
||||
license: z.string().nullable(),
|
||||
source_repository_url: z.string().nullable(),
|
||||
scope: z.enum(SCOPES),
|
||||
scope: z.enum(SCOPES).optional(),
|
||||
vulnerabilities: z
|
||||
.array(
|
||||
z.object({
|
||||
|
||||
Reference in New Issue
Block a user