From 068d9b2e754f09380b10b6f05f1a6cb723ff4d81 Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Thu, 31 Oct 2024 10:19:19 +0200 Subject: [PATCH 1/4] canceled the fix actions for indirect dependencies --- src/main/diagnostics/descriptorActionProvider.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/diagnostics/descriptorActionProvider.ts b/src/main/diagnostics/descriptorActionProvider.ts index fe11ce2eb..2bb4ff181 100644 --- a/src/main/diagnostics/descriptorActionProvider.ts +++ b/src/main/diagnostics/descriptorActionProvider.ts @@ -115,14 +115,14 @@ export class DescriptorActionProvider extends AbstractFileActionProvider impleme const actions: vscode.CodeAction[] = []; let previousCves: Set = new Set(); - if (!dependency) { + if (!dependency || dependency.indirect) { return actions; } if (!this.availableUpdateManager(dependency)) { return actions; } - + dependency.getFixedVersionToCves().forEach((cves: Set, fixedVersion: string) => { previousCves = new Set([...previousCves, ...cves]); actions.push(this.createFixAction(dependency, previousCves, fixedVersion)); From c4c2607db85864bcee777b12184f370d1e86d319 Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Thu, 31 Oct 2024 10:26:32 +0200 Subject: [PATCH 2/4] grouped if statements --- src/main/diagnostics/descriptorActionProvider.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/main/diagnostics/descriptorActionProvider.ts b/src/main/diagnostics/descriptorActionProvider.ts index 2bb4ff181..e8a457955 100644 --- a/src/main/diagnostics/descriptorActionProvider.ts +++ b/src/main/diagnostics/descriptorActionProvider.ts @@ -115,11 +115,7 @@ export class DescriptorActionProvider extends AbstractFileActionProvider impleme const actions: vscode.CodeAction[] = []; let previousCves: Set = new Set(); - if (!dependency || dependency.indirect) { - return actions; - } - - if (!this.availableUpdateManager(dependency)) { + if (!dependency || dependency.indirect || !this.availableUpdateManager(dependency)) { return actions; } From 32a25d9223fbfc8f35057626482dc9c393d26861 Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Sun, 3 Nov 2024 11:54:01 +0200 Subject: [PATCH 3/4] frogbot debug --- .github/workflows/frogbot-scan-pull-request.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index 253b11976..1e75408e4 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -24,6 +24,7 @@ jobs: - uses: jfrog/frogbot@v2 env: + JFROG_CLI_LOG_LEVEL: "DEBUG" # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) JF_URL: ${{ secrets.FROGBOT_URL }} From 9c2fd2f906a159247d63010b84bfafc08106187e Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Mon, 4 Nov 2024 09:24:04 +0200 Subject: [PATCH 4/4] remove frogbot debug --- .github/workflows/frogbot-scan-pull-request.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index 1e75408e4..253b11976 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -24,7 +24,6 @@ jobs: - uses: jfrog/frogbot@v2 env: - JFROG_CLI_LOG_LEVEL: "DEBUG" # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) JF_URL: ${{ secrets.FROGBOT_URL }}