From 6f5ec7f4e18269af4d0afc975181992129d49a0d Mon Sep 17 00:00:00 2001 From: Garry Yao Date: Fri, 5 Jan 2024 16:46:10 +0000 Subject: [PATCH 1/2] chore: add PR fixture --- test/__fixtures/pulls.json | 384 +++++++++++++++++++++++++++++++++---- 1 file changed, 351 insertions(+), 33 deletions(-) diff --git a/test/__fixtures/pulls.json b/test/__fixtures/pulls.json index cedfce8..03dd852 100644 --- a/test/__fixtures/pulls.json +++ b/test/__fixtures/pulls.json @@ -164,7 +164,7 @@ "parent": null } ], - "labels": [ ], + "labels": [], "milestone": null, "draft": false, "commits_url": "https://api.github.com/repos/CondeNast/journey-purchase/pulls/1017/commits", @@ -289,11 +289,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -418,11 +414,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -618,7 +610,7 @@ "parent": null } ], - "labels": [ ], + "labels": [], "milestone": null, "draft": false, "commits_url": "https://api.github.com/repos/CondeNast/journey-purchase/pulls/1015/commits", @@ -743,11 +735,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -872,11 +860,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -1072,7 +1056,7 @@ "parent": null } ], - "labels": [ ], + "labels": [], "milestone": null, "draft": false, "commits_url": "https://api.github.com/repos/CondeNast/journey-purchase/pulls/1016/commits", @@ -1197,11 +1181,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -1326,11 +1306,7 @@ "allow_forking": false, "is_template": false, "web_commit_signoff_required": false, - "topics": [ - "martech", - "order-forms", - "subscriptions" - ], + "topics": ["martech", "order-forms", "subscriptions"], "visibility": "internal", "forks": 1, "open_issues": 35, @@ -1367,6 +1343,348 @@ "author_association": "CONTRIBUTOR", "auto_merge": null, "active_lock_reason": null + }, + { + "url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199", + "id": 1626811841, + "node_id": "PR_kwDOEH10Z85g9y3B", + "html_url": "https://github.com/CondeNast/martech-services/pull/2199", + "diff_url": "https://github.com/CondeNast/martech-services/pull/2199.diff", + "patch_url": "https://github.com/CondeNast/martech-services/pull/2199.patch", + "issue_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199", + "number": 2199, + "state": "open", + "locked": false, + "title": "[Snyk] Security upgrade node from 18.17.1-alpine to 18.19-alpine", + "user": { + "login": "angieconde", + "id": 17026601, + "node_id": "MDQ6VXNlcjE3MDI2NjAx", + "avatar_url": "https://avatars.githubusercontent.com/u/17026601?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/angieconde", + "html_url": "https://github.com/angieconde", + "followers_url": "https://api.github.com/users/angieconde/followers", + "following_url": "https://api.github.com/users/angieconde/following{/other_user}", + "gists_url": "https://api.github.com/users/angieconde/gists{/gist_id}", + "starred_url": "https://api.github.com/users/angieconde/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/angieconde/subscriptions", + "organizations_url": "https://api.github.com/users/angieconde/orgs", + "repos_url": "https://api.github.com/users/angieconde/repos", + "events_url": "https://api.github.com/users/angieconde/events{/privacy}", + "received_events_url": "https://api.github.com/users/angieconde/received_events", + "type": "User", + "site_admin": false + }, + "body": "As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.\n\nKeeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.\n\n#### Changes included in this PR \n\n\n- services/email/Dockerfile\n\nWe recommend upgrading to `node:18.19-alpine`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.\n\n\n\nSome of the most important vulnerabilities in your base image include:\n\n| Severity | Priority Score / 1000 | Issue | Exploit Maturity |\n| :------: | :-------------------- | :---- | :--------------- |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **64** | Improper Check for Unusual or Exceptional Conditions
[SNYK-ALPINE318-OPENSSL-6055795](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795) | No Known Exploit |\n| ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png \"low severity\") | **74** | Information Exposure
[SNYK-UPSTREAM-NODE-5969349](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **129** | Improper Verification of Cryptographic Signature
[SNYK-UPSTREAM-NODE-5969356](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356) | No Known Exploit |\n\n\n\n---\n\n**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._\n\nFor more information: \n🧐 [View latest project report](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr)\n\n🛠 [Adjust project settings](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr/settings)\n\n[//]: # 'snyk:metadata:{\"prId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"prPublicId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"dependencies\":[{\"name\":\"node\",\"from\":\"18.17.1-alpine\",\"to\":\"18.19-alpine\"}],\"packageManager\":\"dockerfile\",\"projectPublicId\":\"dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64\",\"projectUrl\":\"https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr\",\"type\":\"auto\",\"patch\":[],\"vulns\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-UPSTREAM-NODE-5969356\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-ALPINE318-OPENSSL-6055795\"],\"upgrade\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6055795\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-UPSTREAM-NODE-5969356\"],\"isBreakingChange\":false,\"env\":\"prod\",\"prType\":\"fix\",\"templateVariants\":[\"updated-fix-title\",\"priorityScore\"],\"priorityScoreList\":[161,129,74,64],\"remediationStrategy\":\"vuln\"}'\n\n---\n\n**Learn how to fix vulnerabilities with free interactive lessons:**\n\n 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)\n", + "created_at": "2023-12-02T18:38:28Z", + "updated_at": "2023-12-02T18:38:28Z", + "closed_at": null, + "merged_at": null, + "merge_commit_sha": "a978b7afd44981e65920b317869303af520d4ebf", + "assignee": null, + "assignees": [], + "requested_reviewers": [], + "requested_teams": [], + "labels": [], + "milestone": null, + "draft": false, + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits", + "review_comments_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments", + "review_comment_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9", + "head": { + "label": "CondeNast:snyk-fix-0446d2b83f102b2b24e140d4842c63ea", + "ref": "snyk-fix-0446d2b83f102b2b24e140d4842c63ea", + "sha": "8e86c205b13e279fd0038ca324f67255355a13e9", + "user": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "repo": { + "id": 276657255, + "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", + "name": "martech-services", + "full_name": "CondeNast/martech-services", + "private": true, + "owner": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/CondeNast/martech-services", + "description": "🔗 Exposes endpoints that Journey Purchase uses", + "fork": false, + "url": "https://api.github.com/repos/CondeNast/martech-services", + "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", + "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", + "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", + "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", + "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", + "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", + "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", + "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", + "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", + "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", + "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", + "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", + "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", + "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", + "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", + "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", + "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", + "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", + "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", + "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", + "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", + "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", + "created_at": "2020-07-02T13:43:52Z", + "updated_at": "2023-10-18T07:36:18Z", + "pushed_at": "2024-01-05T11:01:41Z", + "git_url": "git://github.com/CondeNast/martech-services.git", + "ssh_url": "git@github.com:CondeNast/martech-services.git", + "clone_url": "https://github.com/CondeNast/martech-services.git", + "svn_url": "https://github.com/CondeNast/martech-services", + "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", + "size": 15584, + "stargazers_count": 2, + "watchers_count": 2, + "language": "TypeScript", + "has_issues": true, + "has_projects": false, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": true, + "forks_count": 1, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 82, + "license": null, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": ["backend-services", "martech"], + "visibility": "internal", + "forks": 1, + "open_issues": 82, + "watchers": 2, + "default_branch": "master" + } + }, + "base": { + "label": "CondeNast:master", + "ref": "master", + "sha": "a012d1d13335f511751fd374b37b7029ec90fd63", + "user": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "repo": { + "id": 276657255, + "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", + "name": "martech-services", + "full_name": "CondeNast/martech-services", + "private": true, + "owner": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/CondeNast/martech-services", + "description": "🔗 Exposes endpoints that Journey Purchase uses", + "fork": false, + "url": "https://api.github.com/repos/CondeNast/martech-services", + "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", + "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", + "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", + "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", + "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", + "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", + "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", + "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", + "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", + "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", + "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", + "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", + "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", + "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", + "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", + "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", + "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", + "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", + "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", + "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", + "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", + "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", + "created_at": "2020-07-02T13:43:52Z", + "updated_at": "2023-10-18T07:36:18Z", + "pushed_at": "2024-01-05T11:01:41Z", + "git_url": "git://github.com/CondeNast/martech-services.git", + "ssh_url": "git@github.com:CondeNast/martech-services.git", + "clone_url": "https://github.com/CondeNast/martech-services.git", + "svn_url": "https://github.com/CondeNast/martech-services", + "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", + "size": 15584, + "stargazers_count": 2, + "watchers_count": 2, + "language": "TypeScript", + "has_issues": true, + "has_projects": false, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": true, + "forks_count": 1, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 82, + "license": null, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": ["backend-services", "martech"], + "visibility": "internal", + "forks": 1, + "open_issues": 82, + "watchers": 2, + "default_branch": "master" + } + }, + "_links": { + "self": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199" + }, + "html": { + "href": "https://github.com/CondeNast/martech-services/pull/2199" + }, + "issue": { + "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199" + }, + "comments": { + "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments" + }, + "review_comments": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments" + }, + "review_comment": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}" + }, + "commits": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits" + }, + "statuses": { + "href": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9" + } + }, + "author_association": "CONTRIBUTOR", + "auto_merge": null, + "active_lock_reason": null, + "merged": false, + "mergeable": true, + "rebaseable": true, + "mergeable_state": "behind", + "merged_by": null, + "comments": 0, + "review_comments": 0, + "maintainer_can_modify": false, + "commits": 1, + "additions": 2, + "deletions": 2, + "changed_files": 1 } ], "reqheaders": { From 788e6b44e76a52ed58cf5db1de97a6059161b473 Mon Sep 17 00:00:00 2001 From: Garry Yao Date: Fri, 5 Jan 2024 17:21:19 +0000 Subject: [PATCH 2/2] fix: coerce into semver before diff --- lib/run.ts | 7 +- test/__fixtures/pulls.json | 342 ------------------------------- test/__fixtures/pulls_2.json | 385 +++++++++++++++++++++++++++++++++++ test/run_2.spec.ts | 149 ++++++++++++++ 4 files changed, 538 insertions(+), 345 deletions(-) create mode 100644 test/__fixtures/pulls_2.json create mode 100644 test/run_2.spec.ts diff --git a/lib/run.ts b/lib/run.ts index f08a873..6f442cb 100644 --- a/lib/run.ts +++ b/lib/run.ts @@ -1,6 +1,6 @@ import { getInput, info as logInfo } from "@actions/core"; import { getOctokit } from "@actions/github"; -import { diff } from "semver"; +import { diff, coerce } from "semver"; import { addLabelsToPR, tryAutoMergePR, autoApprovePR } from "./utils"; const SNYK_UPGRADE_PR_TITLE_REGEXP = /\[Snyk\].+?[Uu]pgrade (.+?) from (.+?) to (.+?)$/; @@ -58,8 +58,9 @@ export const run = async () => { const matches = pr.title.match(SNYK_UPGRADE_PR_TITLE_REGEXP); if (matches) { let pkgName = matches[1]; - let from = matches[2]; - let to = matches[3]; + let from = coerce(matches[2]); + let to = coerce(matches[3]); + if (from === null || to === null) continue; diffType = diff(from, to); } diff --git a/test/__fixtures/pulls.json b/test/__fixtures/pulls.json index 03dd852..17c80d5 100644 --- a/test/__fixtures/pulls.json +++ b/test/__fixtures/pulls.json @@ -1343,348 +1343,6 @@ "author_association": "CONTRIBUTOR", "auto_merge": null, "active_lock_reason": null - }, - { - "url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199", - "id": 1626811841, - "node_id": "PR_kwDOEH10Z85g9y3B", - "html_url": "https://github.com/CondeNast/martech-services/pull/2199", - "diff_url": "https://github.com/CondeNast/martech-services/pull/2199.diff", - "patch_url": "https://github.com/CondeNast/martech-services/pull/2199.patch", - "issue_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199", - "number": 2199, - "state": "open", - "locked": false, - "title": "[Snyk] Security upgrade node from 18.17.1-alpine to 18.19-alpine", - "user": { - "login": "angieconde", - "id": 17026601, - "node_id": "MDQ6VXNlcjE3MDI2NjAx", - "avatar_url": "https://avatars.githubusercontent.com/u/17026601?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/angieconde", - "html_url": "https://github.com/angieconde", - "followers_url": "https://api.github.com/users/angieconde/followers", - "following_url": "https://api.github.com/users/angieconde/following{/other_user}", - "gists_url": "https://api.github.com/users/angieconde/gists{/gist_id}", - "starred_url": "https://api.github.com/users/angieconde/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/angieconde/subscriptions", - "organizations_url": "https://api.github.com/users/angieconde/orgs", - "repos_url": "https://api.github.com/users/angieconde/repos", - "events_url": "https://api.github.com/users/angieconde/events{/privacy}", - "received_events_url": "https://api.github.com/users/angieconde/received_events", - "type": "User", - "site_admin": false - }, - "body": "As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.\n\nKeeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.\n\n#### Changes included in this PR \n\n\n- services/email/Dockerfile\n\nWe recommend upgrading to `node:18.19-alpine`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.\n\n\n\nSome of the most important vulnerabilities in your base image include:\n\n| Severity | Priority Score / 1000 | Issue | Exploit Maturity |\n| :------: | :-------------------- | :---- | :--------------- |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **64** | Improper Check for Unusual or Exceptional Conditions
[SNYK-ALPINE318-OPENSSL-6055795](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795) | No Known Exploit |\n| ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png \"low severity\") | **74** | Information Exposure
[SNYK-UPSTREAM-NODE-5969349](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **129** | Improper Verification of Cryptographic Signature
[SNYK-UPSTREAM-NODE-5969356](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356) | No Known Exploit |\n\n\n\n---\n\n**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._\n\nFor more information: \n🧐 [View latest project report](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr)\n\n🛠 [Adjust project settings](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr/settings)\n\n[//]: # 'snyk:metadata:{\"prId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"prPublicId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"dependencies\":[{\"name\":\"node\",\"from\":\"18.17.1-alpine\",\"to\":\"18.19-alpine\"}],\"packageManager\":\"dockerfile\",\"projectPublicId\":\"dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64\",\"projectUrl\":\"https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr\",\"type\":\"auto\",\"patch\":[],\"vulns\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-UPSTREAM-NODE-5969356\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-ALPINE318-OPENSSL-6055795\"],\"upgrade\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6055795\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-UPSTREAM-NODE-5969356\"],\"isBreakingChange\":false,\"env\":\"prod\",\"prType\":\"fix\",\"templateVariants\":[\"updated-fix-title\",\"priorityScore\"],\"priorityScoreList\":[161,129,74,64],\"remediationStrategy\":\"vuln\"}'\n\n---\n\n**Learn how to fix vulnerabilities with free interactive lessons:**\n\n 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)\n", - "created_at": "2023-12-02T18:38:28Z", - "updated_at": "2023-12-02T18:38:28Z", - "closed_at": null, - "merged_at": null, - "merge_commit_sha": "a978b7afd44981e65920b317869303af520d4ebf", - "assignee": null, - "assignees": [], - "requested_reviewers": [], - "requested_teams": [], - "labels": [], - "milestone": null, - "draft": false, - "commits_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits", - "review_comments_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments", - "review_comment_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}", - "comments_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments", - "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9", - "head": { - "label": "CondeNast:snyk-fix-0446d2b83f102b2b24e140d4842c63ea", - "ref": "snyk-fix-0446d2b83f102b2b24e140d4842c63ea", - "sha": "8e86c205b13e279fd0038ca324f67255355a13e9", - "user": { - "login": "CondeNast", - "id": 1012897, - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", - "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/CondeNast", - "html_url": "https://github.com/CondeNast", - "followers_url": "https://api.github.com/users/CondeNast/followers", - "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", - "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", - "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", - "organizations_url": "https://api.github.com/users/CondeNast/orgs", - "repos_url": "https://api.github.com/users/CondeNast/repos", - "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", - "received_events_url": "https://api.github.com/users/CondeNast/received_events", - "type": "Organization", - "site_admin": false - }, - "repo": { - "id": 276657255, - "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", - "name": "martech-services", - "full_name": "CondeNast/martech-services", - "private": true, - "owner": { - "login": "CondeNast", - "id": 1012897, - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", - "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/CondeNast", - "html_url": "https://github.com/CondeNast", - "followers_url": "https://api.github.com/users/CondeNast/followers", - "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", - "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", - "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", - "organizations_url": "https://api.github.com/users/CondeNast/orgs", - "repos_url": "https://api.github.com/users/CondeNast/repos", - "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", - "received_events_url": "https://api.github.com/users/CondeNast/received_events", - "type": "Organization", - "site_admin": false - }, - "html_url": "https://github.com/CondeNast/martech-services", - "description": "🔗 Exposes endpoints that Journey Purchase uses", - "fork": false, - "url": "https://api.github.com/repos/CondeNast/martech-services", - "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", - "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", - "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", - "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", - "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", - "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", - "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", - "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", - "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", - "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", - "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", - "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", - "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", - "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", - "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", - "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", - "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", - "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", - "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", - "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", - "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", - "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", - "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", - "created_at": "2020-07-02T13:43:52Z", - "updated_at": "2023-10-18T07:36:18Z", - "pushed_at": "2024-01-05T11:01:41Z", - "git_url": "git://github.com/CondeNast/martech-services.git", - "ssh_url": "git@github.com:CondeNast/martech-services.git", - "clone_url": "https://github.com/CondeNast/martech-services.git", - "svn_url": "https://github.com/CondeNast/martech-services", - "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", - "size": 15584, - "stargazers_count": 2, - "watchers_count": 2, - "language": "TypeScript", - "has_issues": true, - "has_projects": false, - "has_downloads": true, - "has_wiki": false, - "has_pages": false, - "has_discussions": true, - "forks_count": 1, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 82, - "license": null, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": ["backend-services", "martech"], - "visibility": "internal", - "forks": 1, - "open_issues": 82, - "watchers": 2, - "default_branch": "master" - } - }, - "base": { - "label": "CondeNast:master", - "ref": "master", - "sha": "a012d1d13335f511751fd374b37b7029ec90fd63", - "user": { - "login": "CondeNast", - "id": 1012897, - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", - "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/CondeNast", - "html_url": "https://github.com/CondeNast", - "followers_url": "https://api.github.com/users/CondeNast/followers", - "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", - "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", - "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", - "organizations_url": "https://api.github.com/users/CondeNast/orgs", - "repos_url": "https://api.github.com/users/CondeNast/repos", - "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", - "received_events_url": "https://api.github.com/users/CondeNast/received_events", - "type": "Organization", - "site_admin": false - }, - "repo": { - "id": 276657255, - "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", - "name": "martech-services", - "full_name": "CondeNast/martech-services", - "private": true, - "owner": { - "login": "CondeNast", - "id": 1012897, - "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", - "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", - "gravatar_id": "", - "url": "https://api.github.com/users/CondeNast", - "html_url": "https://github.com/CondeNast", - "followers_url": "https://api.github.com/users/CondeNast/followers", - "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", - "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", - "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", - "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", - "organizations_url": "https://api.github.com/users/CondeNast/orgs", - "repos_url": "https://api.github.com/users/CondeNast/repos", - "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", - "received_events_url": "https://api.github.com/users/CondeNast/received_events", - "type": "Organization", - "site_admin": false - }, - "html_url": "https://github.com/CondeNast/martech-services", - "description": "🔗 Exposes endpoints that Journey Purchase uses", - "fork": false, - "url": "https://api.github.com/repos/CondeNast/martech-services", - "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", - "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", - "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", - "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", - "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", - "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", - "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", - "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", - "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", - "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", - "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", - "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", - "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", - "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", - "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", - "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", - "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", - "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", - "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", - "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", - "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", - "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", - "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", - "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", - "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", - "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", - "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", - "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", - "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", - "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", - "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", - "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", - "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", - "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", - "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", - "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", - "created_at": "2020-07-02T13:43:52Z", - "updated_at": "2023-10-18T07:36:18Z", - "pushed_at": "2024-01-05T11:01:41Z", - "git_url": "git://github.com/CondeNast/martech-services.git", - "ssh_url": "git@github.com:CondeNast/martech-services.git", - "clone_url": "https://github.com/CondeNast/martech-services.git", - "svn_url": "https://github.com/CondeNast/martech-services", - "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", - "size": 15584, - "stargazers_count": 2, - "watchers_count": 2, - "language": "TypeScript", - "has_issues": true, - "has_projects": false, - "has_downloads": true, - "has_wiki": false, - "has_pages": false, - "has_discussions": true, - "forks_count": 1, - "mirror_url": null, - "archived": false, - "disabled": false, - "open_issues_count": 82, - "license": null, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": ["backend-services", "martech"], - "visibility": "internal", - "forks": 1, - "open_issues": 82, - "watchers": 2, - "default_branch": "master" - } - }, - "_links": { - "self": { - "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199" - }, - "html": { - "href": "https://github.com/CondeNast/martech-services/pull/2199" - }, - "issue": { - "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199" - }, - "comments": { - "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments" - }, - "review_comments": { - "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments" - }, - "review_comment": { - "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}" - }, - "commits": { - "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits" - }, - "statuses": { - "href": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9" - } - }, - "author_association": "CONTRIBUTOR", - "auto_merge": null, - "active_lock_reason": null, - "merged": false, - "mergeable": true, - "rebaseable": true, - "mergeable_state": "behind", - "merged_by": null, - "comments": 0, - "review_comments": 0, - "maintainer_can_modify": false, - "commits": 1, - "additions": 2, - "deletions": 2, - "changed_files": 1 } ], "reqheaders": { diff --git a/test/__fixtures/pulls_2.json b/test/__fixtures/pulls_2.json new file mode 100644 index 0000000..b88f470 --- /dev/null +++ b/test/__fixtures/pulls_2.json @@ -0,0 +1,385 @@ +[ + { + "scope": "https://api.github.com", + "method": "get", + "path": "/repos/condenast/martech-services/pulls?state=open", + "body": "", + "status": 200, + "response": [ + { + "url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199", + "id": 1626811841, + "node_id": "PR_kwDOEH10Z85g9y3B", + "html_url": "https://github.com/CondeNast/martech-services/pull/2199", + "diff_url": "https://github.com/CondeNast/martech-services/pull/2199.diff", + "patch_url": "https://github.com/CondeNast/martech-services/pull/2199.patch", + "issue_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199", + "number": 2199, + "state": "open", + "locked": false, + "title": "[Snyk] Security upgrade node from 18.17.1-alpine to 18.19-alpine", + "user": { + "login": "angieconde", + "id": 17026601, + "node_id": "MDQ6VXNlcjE3MDI2NjAx", + "avatar_url": "https://avatars.githubusercontent.com/u/17026601?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/angieconde", + "html_url": "https://github.com/angieconde", + "followers_url": "https://api.github.com/users/angieconde/followers", + "following_url": "https://api.github.com/users/angieconde/following{/other_user}", + "gists_url": "https://api.github.com/users/angieconde/gists{/gist_id}", + "starred_url": "https://api.github.com/users/angieconde/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/angieconde/subscriptions", + "organizations_url": "https://api.github.com/users/angieconde/orgs", + "repos_url": "https://api.github.com/users/angieconde/repos", + "events_url": "https://api.github.com/users/angieconde/events{/privacy}", + "received_events_url": "https://api.github.com/users/angieconde/received_events", + "type": "User", + "site_admin": false + }, + "body": "As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.\n\nKeeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.\n\n#### Changes included in this PR \n\n\n- services/email/Dockerfile\n\nWe recommend upgrading to `node:18.19-alpine`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.\n\n\n\nSome of the most important vulnerabilities in your base image include:\n\n| Severity | Priority Score / 1000 | Issue | Exploit Maturity |\n| :------: | :-------------------- | :---- | :--------------- |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png \"high severity\") | **161** | CVE-2023-5363
[SNYK-ALPINE318-OPENSSL-6032386](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **64** | Improper Check for Unusual or Exceptional Conditions
[SNYK-ALPINE318-OPENSSL-6055795](https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795) | No Known Exploit |\n| ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png \"low severity\") | **74** | Information Exposure
[SNYK-UPSTREAM-NODE-5969349](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969349) | No Known Exploit |\n| ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png \"medium severity\") | **129** | Improper Verification of Cryptographic Signature
[SNYK-UPSTREAM-NODE-5969356](https://snyk.io/vuln/SNYK-UPSTREAM-NODE-5969356) | No Known Exploit |\n\n\n\n---\n\n**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._\n\nFor more information: \n🧐 [View latest project report](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr)\n\n🛠 [Adjust project settings](https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr/settings)\n\n[//]: # 'snyk:metadata:{\"prId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"prPublicId\":\"8dede0c2-0f54-4c6a-862d-a9b08a9c84a8\",\"dependencies\":[{\"name\":\"node\",\"from\":\"18.17.1-alpine\",\"to\":\"18.19-alpine\"}],\"packageManager\":\"dockerfile\",\"projectPublicId\":\"dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64\",\"projectUrl\":\"https://app.snyk.io/org/martech-jgn/project/dc28d5a4-e1c3-421f-8ada-94ef5d6b8f64?utm_source=github&utm_medium=referral&page=fix-pr\",\"type\":\"auto\",\"patch\":[],\"vulns\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-UPSTREAM-NODE-5969356\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-ALPINE318-OPENSSL-6055795\"],\"upgrade\":[\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6032386\",\"SNYK-ALPINE318-OPENSSL-6055795\",\"SNYK-UPSTREAM-NODE-5969349\",\"SNYK-UPSTREAM-NODE-5969356\"],\"isBreakingChange\":false,\"env\":\"prod\",\"prType\":\"fix\",\"templateVariants\":[\"updated-fix-title\",\"priorityScore\"],\"priorityScoreList\":[161,129,74,64],\"remediationStrategy\":\"vuln\"}'\n\n---\n\n**Learn how to fix vulnerabilities with free interactive lessons:**\n\n 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)\n", + "created_at": "2023-12-02T18:38:28Z", + "updated_at": "2023-12-02T18:38:28Z", + "closed_at": null, + "merged_at": null, + "merge_commit_sha": "a978b7afd44981e65920b317869303af520d4ebf", + "assignee": null, + "assignees": [], + "requested_reviewers": [], + "requested_teams": [], + "labels": [], + "milestone": null, + "draft": false, + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits", + "review_comments_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments", + "review_comment_url": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9", + "head": { + "label": "CondeNast:snyk-fix-0446d2b83f102b2b24e140d4842c63ea", + "ref": "snyk-fix-0446d2b83f102b2b24e140d4842c63ea", + "sha": "8e86c205b13e279fd0038ca324f67255355a13e9", + "user": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "repo": { + "id": 276657255, + "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", + "name": "martech-services", + "full_name": "CondeNast/martech-services", + "private": true, + "owner": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/CondeNast/martech-services", + "description": "🔗 Exposes endpoints that Journey Purchase uses", + "fork": false, + "url": "https://api.github.com/repos/CondeNast/martech-services", + "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", + "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", + "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", + "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", + "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", + "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", + "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", + "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", + "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", + "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", + "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", + "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", + "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", + "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", + "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", + "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", + "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", + "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", + "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", + "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", + "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", + "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", + "created_at": "2020-07-02T13:43:52Z", + "updated_at": "2023-10-18T07:36:18Z", + "pushed_at": "2024-01-05T11:01:41Z", + "git_url": "git://github.com/CondeNast/martech-services.git", + "ssh_url": "git@github.com:CondeNast/martech-services.git", + "clone_url": "https://github.com/CondeNast/martech-services.git", + "svn_url": "https://github.com/CondeNast/martech-services", + "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", + "size": 15584, + "stargazers_count": 2, + "watchers_count": 2, + "language": "TypeScript", + "has_issues": true, + "has_projects": false, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": true, + "forks_count": 1, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 82, + "license": null, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": ["backend-services", "martech"], + "visibility": "internal", + "forks": 1, + "open_issues": 82, + "watchers": 2, + "default_branch": "master" + } + }, + "base": { + "label": "CondeNast:master", + "ref": "master", + "sha": "a012d1d13335f511751fd374b37b7029ec90fd63", + "user": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "repo": { + "id": 276657255, + "node_id": "MDEwOlJlcG9zaXRvcnkyNzY2NTcyNTU=", + "name": "martech-services", + "full_name": "CondeNast/martech-services", + "private": true, + "owner": { + "login": "CondeNast", + "id": 1012897, + "node_id": "MDEyOk9yZ2FuaXphdGlvbjEwMTI4OTc=", + "avatar_url": "https://avatars.githubusercontent.com/u/1012897?v=4", + "gravatar_id": "", + "url": "https://api.github.com/users/CondeNast", + "html_url": "https://github.com/CondeNast", + "followers_url": "https://api.github.com/users/CondeNast/followers", + "following_url": "https://api.github.com/users/CondeNast/following{/other_user}", + "gists_url": "https://api.github.com/users/CondeNast/gists{/gist_id}", + "starred_url": "https://api.github.com/users/CondeNast/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/CondeNast/subscriptions", + "organizations_url": "https://api.github.com/users/CondeNast/orgs", + "repos_url": "https://api.github.com/users/CondeNast/repos", + "events_url": "https://api.github.com/users/CondeNast/events{/privacy}", + "received_events_url": "https://api.github.com/users/CondeNast/received_events", + "type": "Organization", + "site_admin": false + }, + "html_url": "https://github.com/CondeNast/martech-services", + "description": "🔗 Exposes endpoints that Journey Purchase uses", + "fork": false, + "url": "https://api.github.com/repos/CondeNast/martech-services", + "forks_url": "https://api.github.com/repos/CondeNast/martech-services/forks", + "keys_url": "https://api.github.com/repos/CondeNast/martech-services/keys{/key_id}", + "collaborators_url": "https://api.github.com/repos/CondeNast/martech-services/collaborators{/collaborator}", + "teams_url": "https://api.github.com/repos/CondeNast/martech-services/teams", + "hooks_url": "https://api.github.com/repos/CondeNast/martech-services/hooks", + "issue_events_url": "https://api.github.com/repos/CondeNast/martech-services/issues/events{/number}", + "events_url": "https://api.github.com/repos/CondeNast/martech-services/events", + "assignees_url": "https://api.github.com/repos/CondeNast/martech-services/assignees{/user}", + "branches_url": "https://api.github.com/repos/CondeNast/martech-services/branches{/branch}", + "tags_url": "https://api.github.com/repos/CondeNast/martech-services/tags", + "blobs_url": "https://api.github.com/repos/CondeNast/martech-services/git/blobs{/sha}", + "git_tags_url": "https://api.github.com/repos/CondeNast/martech-services/git/tags{/sha}", + "git_refs_url": "https://api.github.com/repos/CondeNast/martech-services/git/refs{/sha}", + "trees_url": "https://api.github.com/repos/CondeNast/martech-services/git/trees{/sha}", + "statuses_url": "https://api.github.com/repos/CondeNast/martech-services/statuses/{sha}", + "languages_url": "https://api.github.com/repos/CondeNast/martech-services/languages", + "stargazers_url": "https://api.github.com/repos/CondeNast/martech-services/stargazers", + "contributors_url": "https://api.github.com/repos/CondeNast/martech-services/contributors", + "subscribers_url": "https://api.github.com/repos/CondeNast/martech-services/subscribers", + "subscription_url": "https://api.github.com/repos/CondeNast/martech-services/subscription", + "commits_url": "https://api.github.com/repos/CondeNast/martech-services/commits{/sha}", + "git_commits_url": "https://api.github.com/repos/CondeNast/martech-services/git/commits{/sha}", + "comments_url": "https://api.github.com/repos/CondeNast/martech-services/comments{/number}", + "issue_comment_url": "https://api.github.com/repos/CondeNast/martech-services/issues/comments{/number}", + "contents_url": "https://api.github.com/repos/CondeNast/martech-services/contents/{+path}", + "compare_url": "https://api.github.com/repos/CondeNast/martech-services/compare/{base}...{head}", + "merges_url": "https://api.github.com/repos/CondeNast/martech-services/merges", + "archive_url": "https://api.github.com/repos/CondeNast/martech-services/{archive_format}{/ref}", + "downloads_url": "https://api.github.com/repos/CondeNast/martech-services/downloads", + "issues_url": "https://api.github.com/repos/CondeNast/martech-services/issues{/number}", + "pulls_url": "https://api.github.com/repos/CondeNast/martech-services/pulls{/number}", + "milestones_url": "https://api.github.com/repos/CondeNast/martech-services/milestones{/number}", + "notifications_url": "https://api.github.com/repos/CondeNast/martech-services/notifications{?since,all,participating}", + "labels_url": "https://api.github.com/repos/CondeNast/martech-services/labels{/name}", + "releases_url": "https://api.github.com/repos/CondeNast/martech-services/releases{/id}", + "deployments_url": "https://api.github.com/repos/CondeNast/martech-services/deployments", + "created_at": "2020-07-02T13:43:52Z", + "updated_at": "2023-10-18T07:36:18Z", + "pushed_at": "2024-01-05T11:01:41Z", + "git_url": "git://github.com/CondeNast/martech-services.git", + "ssh_url": "git@github.com:CondeNast/martech-services.git", + "clone_url": "https://github.com/CondeNast/martech-services.git", + "svn_url": "https://github.com/CondeNast/martech-services", + "homepage": "https://miro.com/app/board/uXjVOU4YdD0=/", + "size": 15584, + "stargazers_count": 2, + "watchers_count": 2, + "language": "TypeScript", + "has_issues": true, + "has_projects": false, + "has_downloads": true, + "has_wiki": false, + "has_pages": false, + "has_discussions": true, + "forks_count": 1, + "mirror_url": null, + "archived": false, + "disabled": false, + "open_issues_count": 82, + "license": null, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": ["backend-services", "martech"], + "visibility": "internal", + "forks": 1, + "open_issues": 82, + "watchers": 2, + "default_branch": "master" + } + }, + "_links": { + "self": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199" + }, + "html": { + "href": "https://github.com/CondeNast/martech-services/pull/2199" + }, + "issue": { + "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199" + }, + "comments": { + "href": "https://api.github.com/repos/CondeNast/martech-services/issues/2199/comments" + }, + "review_comments": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/comments" + }, + "review_comment": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/comments{/number}" + }, + "commits": { + "href": "https://api.github.com/repos/CondeNast/martech-services/pulls/2199/commits" + }, + "statuses": { + "href": "https://api.github.com/repos/CondeNast/martech-services/statuses/8e86c205b13e279fd0038ca324f67255355a13e9" + } + }, + "author_association": "CONTRIBUTOR", + "auto_merge": null, + "active_lock_reason": null, + "merged": false, + "mergeable": true, + "rebaseable": true, + "mergeable_state": "behind", + "merged_by": null, + "comments": 0, + "review_comments": 0, + "maintainer_can_modify": false, + "commits": 1, + "additions": 2, + "deletions": 2, + "changed_files": 1 + } + ], + "reqheaders": { + "authorization": "token ", + "host": "api.github.com" + }, + "responseIsBinary": false, + "headers": { + "access-control-allow-origin": "*", + "access-control-expose-headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset", + "cache-control": "private, max-age=60, s-maxage=60", + "connection": "close", + "content-length": "578060", + "content-security-policy": "default-src 'none'", + "content-type": "application/json; charset=utf-8", + "date": "Tue, 10 Oct 2017 16:00:00 GMT", + "etag": "\"00000000000000000000000000000000\"", + "github-authentication-token-expiration": "2023-04-24 23:11:43 UTC", + "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin", + "strict-transport-security": "max-age=31536000; includeSubdomains; preload", + "x-accepted-oauth-scopes": "", + "x-content-type-options": "nosniff", + "x-frame-options": "deny", + "x-github-api-version-selected": "2022-11-28", + "x-github-media-type": "github.v3; format=json", + "x-github-request-id": "0000:00000:0000000:0000000:00000000", + "x-oauth-scopes": "repo", + "x-ratelimit-limit": "5000", + "x-ratelimit-remaining": "4999", + "x-ratelimit-reset": "1507651200000", + "x-ratelimit-resource": "core", + "x-ratelimit-used": 1, + "x-xss-protection": "0" + } + } +] diff --git a/test/run_2.spec.ts b/test/run_2.spec.ts new file mode 100644 index 0000000..95f87c5 --- /dev/null +++ b/test/run_2.spec.ts @@ -0,0 +1,149 @@ +import { mocked } from "ts-jest/utils"; +import { run } from "../lib/run"; +import { addLabelsToPR, autoApprovePR, tryAutoMergePR } from "../lib/utils"; +import { back as nockBack } from "nock"; +import { getInput, info as logInfo } from "@actions/core"; + +nockBack.fixtures = `${__dirname}/__fixtures`; +nockBack.setMode("lockdown"); + +jest.mock("@actions/core"); +jest.mock("../lib/utils"); +const mockGetInput = mocked(getInput); +const mockLogInfo = mocked(logInfo); +mockLogInfo.mockImplementation(console.log.bind(console)); + +const getInputDefaults = (name: string): string => { + switch (name) { + // to ignore PR checks status? + case "ignore-status-checks": + return "true"; + + // apply custom labels to PR? + case "labels-major": + case "labels-premajor": + case "labels-minor": + case "labels-preminor": + case "labels-patch": + case "labels-prepatch": + return ""; + + // auto apply labels to PR depends on...? + case "auto-label": + return "true"; + + // should auto merge for any upgrade? + case "merge": + return ""; + + // should auto merge depends on...? + case "merge-minor": + case "merge-preminor": + case "merge-patch": + case "merge-prepatch": + return "true"; + + // other params? + default: + return ""; + } +}; + +describe("snyk-pr-action", () => { + const OLD_ENV = process.env; + + beforeAll(() => { + jest.resetModules(); + process.env = { ...OLD_ENV }; // Make a copy + process.env.GITHUB_REPOSITORY = "condenast/martech-services"; + process.env.GITHUB_TOKEN = ""; + }); + + afterAll(() => { + process.env = OLD_ENV; + }); + + describe("scheduled run", () => { + beforeAll(async () => { + mockGetInput.mockImplementation((name) => { + const inputVal = getInputDefaults(name); + if (!inputVal) { + switch (name) { + // apply custom labels to PR? + case "labels-major": + case "labels-premajor": + case "labels-minor": + case "labels-preminor": + case "labels-patch": + case "labels-prepatch": + return `custom-${name}`; + + // should auto approve? + case "approve-major": + case "approve-premajor": + return "true"; + + // should auto merge depends on...? + case "merge-minor": + case "merge-preminor": + case "merge-patch": + case "merge-prepatch": + return "true"; + } + } + return inputVal; + }); + + // Use the following PR mocks as: + // #2199: [Snyk] Security upgrade dd-trace from 0.30.6 to 1.2.0 + // #1016: [Snyk] Security upgrade fs-extra from 10.0.0 to 11.0.0 + // #1015: [Snyk] Security upgrade node-fetch from 2.6.7 to 2.6.9 + const { nockDone } = await nockBack("pulls_2.json"); + await run(); + nockDone(); + }); + + afterAll(() => { + mockGetInput.mockReset(); + }); + + test("it should label PR based on release types", () => { + // assert auto labeling PRs + expect(addLabelsToPR).toHaveBeenCalledTimes(2); + expect(addLabelsToPR).toHaveBeenNthCalledWith( + 1, + expect.any(Object), + "condenast", + "martech-services", + 2199, + "custom-labels-minor" + ); + expect(addLabelsToPR).toHaveBeenNthCalledWith( + 2, + expect.any(Object), + "condenast", + "martech-services", + 2199, + "minor" + ); + }); + + test("it should auto-merge PR if it is minor/patch release", () => { + // assert auto merging PRs + expect(tryAutoMergePR).toHaveBeenCalledTimes(1); + expect(tryAutoMergePR).toHaveBeenNthCalledWith( + 1, + expect.any(Object), + "condenast", + "martech-services", + 2199, + "[Snyk] Security upgrade node from 18.17.1-alpine to 18.19-alpine" + ); + }); + + test("it should auto-approve PR if it is major release", () => { + // assert auto approving PRs + expect(autoApprovePR).toHaveBeenCalledTimes(0); + }); + }); +});