Add support for global advisories and unify some shared logic with repository advisories #2702
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2702 +/- ##
==========================================
- Coverage 97.46% 96.74% -0.72%
==========================================
Files 139 142 +3
Lines 14023 14361 +338
==========================================
+ Hits 13667 13894 +227
- Misses 356 467 +111 ☔ View full report in Codecov by Sentry. |
EnricoMi
requested changes
Aug 9, 2023
|
@JLLeitschuh you might be interested in reviewing this |
|
Happy to make whatever changes y'all would like. I just wasn't sure what the right answer was around the comments. |
|
@EnricoMi I'm happy to resolve the copyright comments however you think is best. Aside from that and the merge conflicts, is there anything else I should do to get this PR ready to merge? |
|
@JLLeitschuh are you happy with this refactoring of your advisories? |
|
@crimsonknave I am happy with this work, please resolve the conflicts and we are ready to go ahead (pending @JLLeitschuh approval). |
JLLeitschuh
approved these changes
Nov 21, 2023
|
@EnricoMi can I merge this? |
|
@EnricoMi friendly ping! |
lettuce-bot bot
added a commit
to lettuce-financial/github-bot-signed-commit
that referenced
this pull request
Jan 30, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [PyGithub](https://togithub.com/pygithub/pygithub) | `==2.1.1` -> `==2.2.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pygithub/pygithub (PyGithub)</summary> ### [`v2.2.0`](https://togithub.com/PyGithub/PyGithub/releases/tag/v2.2.0) [Compare Source](https://togithub.com/pygithub/pygithub/compare/v2.1.1...v2.2.0) #### Breaking Changes The `github.Comparison.Comparison` instance returned by `Repository.compare` provides a `commits` property that used to return a `list[github.Commit.Commit]`, which has now been changed to `PaginatedList[github.Commit.Commit]`. This breaks user code that assumes a `list`: ```python commits = repo.compare("v0.6", "v0.7").commits no_of_commits = len(commits) # will raise a TypeError ``` This will raise a `TypeError: object of type 'PaginatedList' has no len()`, as the returned `PaginatedList` does not support the `len()` method. Use the `totalCount` property instead: ```python commits = repo.compare("v0.6", "v0.7").commits no_of_commits = commits.totalCount ``` #### New features - Add support to call GraphQL API #### Improvements - Add parent_team_id, maintainers and notification_setting for creating and updating teams. by [@​Cheshirez](https://togithub.com/Cheshirez) in [PyGithub/PyGithub#2863 - Add support for issue reactions summary by [@​smuzaffar](https://togithub.com/smuzaffar) in [PyGithub/PyGithub#2866 - Support for DependabotAlert APIs by [@​coopernetes](https://togithub.com/coopernetes) in [PyGithub/PyGithub#2879 - Derive GraphQL URL from base_url by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2880 - Make `Repository.compare().commits` return paginated list by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2882 - Add missing branch protection fields by [@​treee111](https://togithub.com/treee111) in [PyGithub/PyGithub#2873 - Add `include_all_branches` to `create_repo_from_template` of `AuthenticatedUser` and `Organization` by [@​janssonoskar](https://togithub.com/janssonoskar) in [PyGithub/PyGithub#2871 - Add and update organisation dependabot secrets by [@​mohy01](https://togithub.com/mohy01) in [PyGithub/PyGithub#2316 - Add missing params to `Organization.create_repo` by [@​tekumara](https://togithub.com/tekumara) in [PyGithub/PyGithub#2700 - Update allowed values for `Repository` collaborator permissions by [@​flying-sheep](https://togithub.com/flying-sheep) in [PyGithub/PyGithub#1996 - Support editing PullRequestReview by [@​ColasGael](https://togithub.com/ColasGael) in [PyGithub/PyGithub#2851 - Update attributes after calling `PullRequestReview.dismiss` by [@​ColasGael](https://togithub.com/ColasGael) in [PyGithub/PyGithub#2854 - Add `request_cve` on `RepositoryAdvisories` by [@​JLLeitschuh](https://togithub.com/JLLeitschuh) in [PyGithub/PyGithub#2855 - Filter collaborators of a repository by permissions by [@​notmicaelfilipe](https://togithub.com/notmicaelfilipe) in [PyGithub/PyGithub#2792 - Set pull request to auto merge via GraphQL API by [@​heitorpolidoro](https://togithub.com/heitorpolidoro) in [PyGithub/PyGithub#2816 - Support Environment Variables and Secrets by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2848 - Update workflow.get_runs & pullrequest.add_to_assignees function signature by [@​sd-kialo](https://togithub.com/sd-kialo) in [PyGithub/PyGithub#2799 - Add `GithubObject.last_modified_datetime` to have `last_modified` as a `datetime` by [@​chouetz](https://togithub.com/chouetz) in [PyGithub/PyGithub#2772 - Add support for global advisories and unify some shared logic with repository advisories by [@​crimsonknave](https://togithub.com/crimsonknave) in [PyGithub/PyGithub#2702 - Add `internal` as valid Repository visibility value by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2806 - Add support for issue comments reactions summary by [@​smuzaffar](https://togithub.com/smuzaffar) in [PyGithub/PyGithub#2813 #### Bug Fixes - Add a bunch of missing urllib.parse.quote calls by [@​ExplodingCabbage](https://togithub.com/ExplodingCabbage) in [PyGithub/PyGithub#1976 - Fix Variable and Secret url bugs by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2835 #### Maintenance - Update the class name for NetrcAuth in the examples by [@​vinnybod](https://togithub.com/vinnybod) in [PyGithub/PyGithub#2860 - Move build to PEP517 by [@​trim21](https://togithub.com/trim21) in [PyGithub/PyGithub#2800 - Use new type assert functions in `Repository` by [@​trim21](https://togithub.com/trim21) in [PyGithub/PyGithub#2798 - PyTest: Move config to pyproject.toml by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2859 - codespell: ignore-words-list by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2858 - Improve fix-headers.py script by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2728 - Remove dependency on python-dateutil by [@​lazka](https://togithub.com/lazka) in [PyGithub/PyGithub#2804 - CI: update precommit & apply by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2600 - Docs: Fix parameter order according to Version 2.1.0 by [@​nad182](https://togithub.com/nad182) in [PyGithub/PyGithub#2786 - Add missing GitHub classes to docs by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2783 - CI: Fix mypy error by ignoring override by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2779 **Full Changelog**: PyGithub/PyGithub@v2.1.1...v2.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/lettuce-financial/github-bot-signed-commit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for the new Global Advisories api: https://docs.github.com/en/rest/security-advisories/global-advisories. It adds the
get_global_advisoryandget_global_advisoriesmethods.It creates a new
GlobalAdvisoryclass and pulls the shared fields into a class both Global and Repository Advisories inherit from. The payloads of the Global and Repository Advisories are similar, but not quite the same. Repository Advisories have fields designed to allow users to submit using the payloads that are returned. Global Advisories have additional fields that do not apply to advisories attached to a repository. I also implemented a few more fields that are present in both, but were not included (CVSS and identifiers).I have attempted to follow the code style in the other files, happy to update anything where I'm not following convention.
The fact that I renamed some of the files means that the header script is removing the copyright from anyone who was listed in the original file, which seems wrong. But, I'm not sure what the right fix is, any manual editing would be overwritten by the next person to run the script.
Side note:
script/fix_headers.pyadds# -*- coding: utf-8 -*-which is then removed by thepyupgradestep of the pre-commit hooks.