Skip to content

feat(guided remediation): add --upgrade-config flag#1191

Merged
michaelkedar merged 11 commits intogoogle:mainfrom
michaelkedar:gr-patch-config
Aug 21, 2024
Merged

feat(guided remediation): add --upgrade-config flag#1191
michaelkedar merged 11 commits intogoogle:mainfrom
michaelkedar:gr-patch-config

Conversation

@michaelkedar
Copy link
Copy Markdown
Member

@michaelkedar michaelkedar commented Aug 20, 2024
edited
Loading

closes #1177

  • Adds --upgrade-config flag for configuring allowed upgrades on a per-package basis.
  • Hide & deprecate previous --disallow-major-upgrades and --disallow-package-upgrades flags.
  • Update docs & example script to use new flag.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Aug 20, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 71.69811% with 30 lines in your changes missing coverage. Please review.

Project coverage is 65.79%. Comparing base (2bc1b28) to head (eee13d0).
Report is 560 commits behind head on main.

Files with missing lines Patch % Lines
cmd/osv-scanner/fix/main.go 73.91% 9 Missing and 3 partials ⚠️
scripts/generate_mock_resolution_universe/main.go 0.00% 9 Missing ⚠️
internal/remediation/in_place.go 40.00% 1 Missing and 2 partials ⚠️
internal/remediation/override.go 25.00% 1 Missing and 2 partials ⚠️
internal/remediation/upgrade/level.go 86.66% 2 Missing ⚠️
internal/remediation/relax.go 50.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1191      +/-   ##
==========================================
+ Coverage   65.66%   65.79%   +0.13%     
==========================================
  Files         165      167       +2     
  Lines       13983    14064      +81     
==========================================
+ Hits         9182     9254      +72     
- Misses       4298     4304       +6     
- Partials      503      506       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@michaelkedar michaelkedar marked this pull request as ready for review August 20, 2024 05:29
@michaelkedar michaelkedar requested review from cuixq and oliverchang and removed request for cuixq August 20, 2024 05:29
@michaelkedar michaelkedar added the guided remediation Related to guided remediation / osv-scanner fix label Aug 20, 2024
@michaelkedar michaelkedar changed the title feat(guided remediation: add --upgrade-config flag feat(guided remediation): add --upgrade-config flag Aug 20, 2024
oliverchang
oliverchang approved these changes Aug 20, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

docs/guided-remediation.md Outdated
- `patch` allows for updates `>=1.2.3, <1.3.0`
- `none` disallows any updates

If `package-name:` is omitted, `level` is applied to all packages. Default is `--upgrade-config=major`.
Copy link
Copy Markdown
Collaborator

@oliverchang oliverchang Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add some detail to describe precedence?

i.e. our behavior is to take the most specific setting right? if a specific package is specified in a config, that takes precedence over a global config.

Copy link
Copy Markdown
Contributor

@cuixq cuixq Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 - it is not clear to me whether the specific settings overwrite the global ones until I see the example usage.

Copy link
Copy Markdown
Member Author

@michaelkedar michaelkedar Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some explanation w.r.t precedence here

cuixq
cuixq reviewed Aug 20, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@cuixq cuixq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

docs/guided-remediation.md Outdated
- `patch` allows for updates `>=1.2.3, <1.3.0`
- `none` disallows any updates

If `package-name:` is omitted, `level` is applied to all packages. Default is `--upgrade-config=major`.
Copy link
Copy Markdown
Contributor

@cuixq cuixq Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 - it is not clear to me whether the specific settings overwrite the global ones until I see the example usage.

@michaelkedar michaelkedar merged commit 61979fe into google:main Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oliverchang oliverchang oliverchang approved these changes

@cuixq cuixq cuixq approved these changes

Assignees

No one assigned

Labels

guided remediation Related to guided remediation / osv-scanner fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow control over allowed individual package upgrade versions in non-interactive guided remediation

4 participants

@michaelkedar @codecov-commenter @oliverchang @cuixq