New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for global advisories and unify some shared logic with repository advisories #2702
Conversation
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2702 +/- ##
==========================================
- Coverage 97.46% 96.74% -0.72%
==========================================
Files 139 142 +3
Lines 14023 14361 +338
==========================================
+ Hits 13667 13894 +227
- Misses 356 467 +111 ☔ View full report in Codecov by Sentry. |
@JLLeitschuh you might be interested in reviewing this |
Happy to make whatever changes y'all would like. I just wasn't sure what the right answer was around the comments. |
@EnricoMi I'm happy to resolve the copyright comments however you think is best. Aside from that and the merge conflicts, is there anything else I should do to get this PR ready to merge? |
@JLLeitschuh are you happy with this refactoring of your advisories? |
@crimsonknave I am happy with this work, please resolve the conflicts and we are ready to go ahead (pending @JLLeitschuh approval). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me! Happy to merge!
@EnricoMi can I merge this? |
@EnricoMi friendly ping! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [PyGithub](https://togithub.com/pygithub/pygithub) | `==2.1.1` -> `==2.2.0` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/PyGithub/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/PyGithub/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/PyGithub/2.1.1/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/PyGithub/2.1.1/2.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pygithub/pygithub (PyGithub)</summary> ### [`v2.2.0`](https://togithub.com/PyGithub/PyGithub/releases/tag/v2.2.0) [Compare Source](https://togithub.com/pygithub/pygithub/compare/v2.1.1...v2.2.0) #### Breaking Changes The `github.Comparison.Comparison` instance returned by `Repository.compare` provides a `commits` property that used to return a `list[github.Commit.Commit]`, which has now been changed to `PaginatedList[github.Commit.Commit]`. This breaks user code that assumes a `list`: ```python commits = repo.compare("v0.6", "v0.7").commits no_of_commits = len(commits) # will raise a TypeError ``` This will raise a `TypeError: object of type 'PaginatedList' has no len()`, as the returned `PaginatedList` does not support the `len()` method. Use the `totalCount` property instead: ```python commits = repo.compare("v0.6", "v0.7").commits no_of_commits = commits.totalCount ``` #### New features - Add support to call GraphQL API #### Improvements - Add parent_team_id, maintainers and notification_setting for creating and updating teams. by [@​Cheshirez](https://togithub.com/Cheshirez) in [PyGithub/PyGithub#2863 - Add support for issue reactions summary by [@​smuzaffar](https://togithub.com/smuzaffar) in [PyGithub/PyGithub#2866 - Support for DependabotAlert APIs by [@​coopernetes](https://togithub.com/coopernetes) in [PyGithub/PyGithub#2879 - Derive GraphQL URL from base_url by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2880 - Make `Repository.compare().commits` return paginated list by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2882 - Add missing branch protection fields by [@​treee111](https://togithub.com/treee111) in [PyGithub/PyGithub#2873 - Add `include_all_branches` to `create_repo_from_template` of `AuthenticatedUser` and `Organization` by [@​janssonoskar](https://togithub.com/janssonoskar) in [PyGithub/PyGithub#2871 - Add and update organisation dependabot secrets by [@​mohy01](https://togithub.com/mohy01) in [PyGithub/PyGithub#2316 - Add missing params to `Organization.create_repo` by [@​tekumara](https://togithub.com/tekumara) in [PyGithub/PyGithub#2700 - Update allowed values for `Repository` collaborator permissions by [@​flying-sheep](https://togithub.com/flying-sheep) in [PyGithub/PyGithub#1996 - Support editing PullRequestReview by [@​ColasGael](https://togithub.com/ColasGael) in [PyGithub/PyGithub#2851 - Update attributes after calling `PullRequestReview.dismiss` by [@​ColasGael](https://togithub.com/ColasGael) in [PyGithub/PyGithub#2854 - Add `request_cve` on `RepositoryAdvisories` by [@​JLLeitschuh](https://togithub.com/JLLeitschuh) in [PyGithub/PyGithub#2855 - Filter collaborators of a repository by permissions by [@​notmicaelfilipe](https://togithub.com/notmicaelfilipe) in [PyGithub/PyGithub#2792 - Set pull request to auto merge via GraphQL API by [@​heitorpolidoro](https://togithub.com/heitorpolidoro) in [PyGithub/PyGithub#2816 - Support Environment Variables and Secrets by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2848 - Update workflow.get_runs & pullrequest.add_to_assignees function signature by [@​sd-kialo](https://togithub.com/sd-kialo) in [PyGithub/PyGithub#2799 - Add `GithubObject.last_modified_datetime` to have `last_modified` as a `datetime` by [@​chouetz](https://togithub.com/chouetz) in [PyGithub/PyGithub#2772 - Add support for global advisories and unify some shared logic with repository advisories by [@​crimsonknave](https://togithub.com/crimsonknave) in [PyGithub/PyGithub#2702 - Add `internal` as valid Repository visibility value by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2806 - Add support for issue comments reactions summary by [@​smuzaffar](https://togithub.com/smuzaffar) in [PyGithub/PyGithub#2813 #### Bug Fixes - Add a bunch of missing urllib.parse.quote calls by [@​ExplodingCabbage](https://togithub.com/ExplodingCabbage) in [PyGithub/PyGithub#1976 - Fix Variable and Secret url bugs by [@​AndrewJDawes](https://togithub.com/AndrewJDawes) in [PyGithub/PyGithub#2835 #### Maintenance - Update the class name for NetrcAuth in the examples by [@​vinnybod](https://togithub.com/vinnybod) in [PyGithub/PyGithub#2860 - Move build to PEP517 by [@​trim21](https://togithub.com/trim21) in [PyGithub/PyGithub#2800 - Use new type assert functions in `Repository` by [@​trim21](https://togithub.com/trim21) in [PyGithub/PyGithub#2798 - PyTest: Move config to pyproject.toml by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2859 - codespell: ignore-words-list by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2858 - Improve fix-headers.py script by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2728 - Remove dependency on python-dateutil by [@​lazka](https://togithub.com/lazka) in [PyGithub/PyGithub#2804 - CI: update precommit & apply by [@​Borda](https://togithub.com/Borda) in [PyGithub/PyGithub#2600 - Docs: Fix parameter order according to Version 2.1.0 by [@​nad182](https://togithub.com/nad182) in [PyGithub/PyGithub#2786 - Add missing GitHub classes to docs by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2783 - CI: Fix mypy error by ignoring override by [@​EnricoMi](https://togithub.com/EnricoMi) in [PyGithub/PyGithub#2779 **Full Changelog**: PyGithub/PyGithub@v2.1.1...v2.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/lettuce-financial/github-bot-signed-commit). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
This PR adds support for the new Global Advisories api: https://docs.github.com/en/rest/security-advisories/global-advisories. It adds the
get_global_advisory
andget_global_advisories
methods.It creates a new
GlobalAdvisory
class and pulls the shared fields into a class both Global and Repository Advisories inherit from. The payloads of the Global and Repository Advisories are similar, but not quite the same. Repository Advisories have fields designed to allow users to submit using the payloads that are returned. Global Advisories have additional fields that do not apply to advisories attached to a repository. I also implemented a few more fields that are present in both, but were not included (CVSS and identifiers).I have attempted to follow the code style in the other files, happy to update anything where I'm not following convention.
The fact that I renamed some of the files means that the header script is removing the copyright from anyone who was listed in the original file, which seems wrong. But, I'm not sure what the right fix is, any manual editing would be overwritten by the next person to run the script.
Side note:
script/fix_headers.py
adds# -*- coding: utf-8 -*-
which is then removed by thepyupgrade
step of the pre-commit hooks.