Merge pull request #416 from davelosert/adjust_summary_format

Adjust summary format

.gitignore

@@ -100,3 +100,5 @@ Thumbs.db
 # Ignore built ts files
 __tests__/runner/*
 lib/**/*
+
+tmp

__tests__/config.test.ts

@@ -5,13 +5,13 @@ import * as Utils from '../src/utils'
 
 // GitHub Action inputs come in the form of environment variables
 // with an INPUT prefix (e.g. INPUT_FAIL-ON-SEVERITY)
-function setInput(input: string, value: string) {
+function setInput(input: string, value: string): void {
   process.env[`INPUT_${input.toUpperCase()}`] = value
 }
 
 // We want a clean ENV before each test. We use `delete`
 // since we want `undefined` values and not empty strings.
-function clearInputs() {
+function clearInputs(): void {
   const allowedOptions = [
     'FAIL-ON-SEVERITY',
     'FAIL-ON-SCOPES',
@@ -26,6 +26,7 @@ function clearInputs() {
     'COMMENT-SUMMARY-IN-PR'
   ]
 
+  // eslint-disable-next-line github/array-foreach
   allowedOptions.forEach(option => {
     delete process.env[`INPUT_${option.toUpperCase()}`]
   })
@@ -238,7 +239,7 @@ test('it supports comma-separated lists', async () => {
     'config-file',
     './__tests__/fixtures/inline-license-config-sample.yml'
   )
-  let config = await readConfig()
+  const config = await readConfig()
 
   expect(config.allow_licenses).toEqual(['MIT', 'GPL-2.0-only'])
 })

__tests__/filter.test.ts

@@ -1,12 +1,12 @@
 import {expect, test} from '@jest/globals'
-import {Change, Changes} from '../src/schemas'
+import {Change} from '../src/schemas'
 import {
   filterChangesBySeverity,
   filterChangesByScopes,
   filterAllowedAdvisories
 } from '../src/filter'
 
-let npmChange: Change = {
+const npmChange: Change = {
   manifest: 'package.json',
   change_type: 'added',
   ecosystem: 'npm',
@@ -26,7 +26,7 @@ let npmChange: Change = {
   ]
 }
 
-let rubyChange: Change = {
+const rubyChange: Change = {
   change_type: 'added',
   manifest: 'Gemfile.lock',
   ecosystem: 'rubygems',
@@ -52,7 +52,7 @@ let rubyChange: Change = {
   ]
 }
 
-let noVulnNpmChange: Change = {
+const noVulnNpmChange: Change = {
   manifest: 'package.json',
   change_type: 'added',
   ecosystem: 'npm',
@@ -92,7 +92,7 @@ test('it properly filters changes by scope', async () => {
 
 test('it properly handles undefined advisory IDs', async () => {
   const changes = [npmChange, rubyChange, noVulnNpmChange]
-  let result = filterAllowedAdvisories(undefined, changes)
+  const result = filterAllowedAdvisories(undefined, changes)
   expect(result).toEqual([npmChange, rubyChange, noVulnNpmChange])
 })
 

__tests__/fixtures/create-test-change.ts

@@ -0,0 +1,36 @@
+import {Change} from '../../src/schemas'
+import {createTestVulnerability} from './create-test-vulnerability'
+
+const defaultChange: Change = {
+  change_type: 'added',
+  manifest: 'package.json',
+  ecosystem: 'npm',
+  name: 'lodash',
+  version: '4.17.20',
+  package_url: 'pkg:npm/lodash@4.17.20',
+  license: 'MIT',
+  source_repository_url: 'https://github.com/lodash/lodash',
+  scope: 'runtime',
+  vulnerabilities: [
+    createTestVulnerability({
+      severity: 'high',
+      advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
+      advisory_summary: 'Command Injection in lodash',
+      advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
+    }),
+    createTestVulnerability({
+      severity: 'moderate',
+      advisory_ghsa_id: 'GHSA-29mw-wpgm-hmr9',
+      advisory_summary:
+        'Regular Expression Denial of Service (ReDoS) in lodash',
+      advisory_url: 'https://github.com/advisories/GHSA-29mw-wpgm-hmr9'
+    })
+  ]
+}
+
+const createTestChange = (overwrites: Partial<Change> = {}): Change => ({
+  ...defaultChange,
+  ...overwrites
+})
+
+export {createTestChange}

__tests__/fixtures/create-test-vulnerability.ts

@@ -0,0 +1,19 @@
+import {Change} from '../../src/schemas'
+
+type Vulnerability = Change['vulnerabilities'][0]
+
+const defaultTestVulnerability: Vulnerability = {
+  severity: 'high',
+  advisory_ghsa_id: 'GHSA-35jh-r3h4-6jhm',
+  advisory_summary: 'Command Injection in lodash',
+  advisory_url: 'https://github.com/advisories/GHSA-35jh-r3h4-6jhm'
+}
+
+const createTestVulnerability = (
+  overwrites: Partial<Vulnerability> = {}
+): Vulnerability => ({
+  ...defaultTestVulnerability,
+  ...overwrites
+})
+
+export {createTestVulnerability}

__tests__/licenses.test.ts

@@ -3,7 +3,7 @@ import {Change, Changes} from '../src/schemas'
 
 let getInvalidLicenseChanges: Function
 
-let npmChange: Change = {
+const npmChange: Change = {
   manifest: 'package.json',
   change_type: 'added',
   ecosystem: 'npm',
@@ -23,7 +23,7 @@ let npmChange: Change = {
   ]
 }
 
-let rubyChange: Change = {
+const rubyChange: Change = {
   change_type: 'added',
   manifest: 'Gemfile.lock',
   ecosystem: 'rubygems',
@@ -63,6 +63,7 @@ const mockOctokit = {
 
 jest.mock('octokit', () => {
   return {
+    // eslint-disable-next-line @typescript-eslint/no-extraneous-class
     Octokit: class {
       constructor() {
         return mockOctokit
@@ -78,6 +79,7 @@ beforeEach(async () => {
     // true for BSD, false for all others
     return jest.fn((license: string, _: string): boolean => license === 'BSD')
   })
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
   ;({getInvalidLicenseChanges} = require('../src/licenses'))
 })
 
@@ -140,6 +142,7 @@ test('it adds all licenses to unresolved if it is unable to determine the validi
       throw new Error('Some Error')
     })
   })
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
   ;({getInvalidLicenseChanges} = require('../src/licenses'))
   const changes: Changes = [npmChange, rubyChange]
   const invalidLicenses = await getInvalidLicenseChanges(changes, {