8000 feat(audit): add `--ignore` and `--ignore-unfixable` flags by IanKrieger · Pull Request #8474 · pnpm/pnpm · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat(audit): add --ignore and --ignore-unfixable flags #8474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
May 7, 2025
Merged

feat(audit): add --ignore and --ignore-unfixable flags #8474

merged 13 commits into from
May 7, 2025

Conversation

IanKrieger
Copy link
Contributor
@IanKrieger IanKrieger commented Aug 29, 2024
edited
Loading

Makes ignoring CVE with no resolutions easier.

@IanKrieger IanKrieger requested a review from zkochan as a code owner August 29, 2024 02:07
@welcome Welcome
Copy link
welcome bot commented Aug 29, 2024

💖 Thanks for opening this pull request! 💖
Please be patient and we will get back to you as soon as we can.

IanKrieger
IanKrieger commented Aug 29, 2024
View reviewed changes
IanKrieger
IanKrieger commented Aug 29, 2024
View reviewed changes
@IanKrieger IanKrieger changed the title feat(audit): add --ignore flag for unresolved CVE, specified CVE, or specified GHSA feat(audit): add --ignore flag for unresolved CVE, or specified GHSA Aug 29, 2024
zkochan
zkochan requested changes Aug 29, 2024
View reviewed changes
Copy link
Member
@zkochan zkochan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure we need the new flag in scope of this PR.

@IanKrieger IanKrieger force-pushed the feat/add-audit-ignore-cve-ability branch from 4b461a3 to 0f05047 Compare August 30, 2024 01:20
@IanKrieger IanKrieger changed the title feat(audit): add --ignore flag for unresolved CVE, or specified GHSA feat(audit): add --ignore-vulnerabilities flag for CVE, GHSA Aug 30, 2024
@IanKrieger
Copy link
Contributor Author

Opened: #8483

@IanKrieger IanKrieger force-pushed the feat/add-audit-ignore-cve-ability branch from 0f05047 to 0ad76f4 Compare August 30, 2024 01:35
@IanKrieger IanKrieger requested a review from zkochan August 30, 2024 01:44
@IanKrieger IanKrieger changed the title feat(audit): add --ignore-vulnerabilities flag for CVE, GHSA feat(audit): add --ignore-vulnerabilities flag for unresolved CVE Aug 30, 2024
@IanKrieger IanKrieger changed the title feat(audit): add --ignore-vulnerabilities flag for unresolved CVE feat(audit): add --ignore-vulnerabilities flag to automate CVE ignores Aug 30, 2024
@IanKrieger IanKrieger changed the title feat(audit): add --ignore-vulnerabilities flag to automate CVE ignores feat(audit): add --ignore-vulnerabilities flag to make CVE ignores easier Aug 30, 2024
@zkochan
Copy link
Member
zkochan commented Nov 9, 2024

Let's make it a new subcommand instead of a flag. So it will be pnpm audit ignore.

@IanKrieger IanKrieger force-pushed the feat/add-audit-ignore-cve-ability branch from 1291e1e to 6a3bc3c Compare November 26, 2024 15:40
@IanKrieger
Copy link
Contributor Author
IanKrieger commented Nov 26, 2024
edited
Loading

Let's make it a new subcommand instead of a flag. So it will be pnpm audit ignore.

@zkochan I personally feel that having a flag makes things a little bit easier and keeps feature parity with npm. Would a changing the flag to --ignore make more sense? Subcommand seems odd, but happy to do so if that is your preference.

@zkochan
Copy link
Member
zkochan commented Nov 26, 2024

keeps feature parity with npm

but npm audit uses subcommands. See npm audit --help:

Usage:
npm audit [fix|signatures]

@IanKrieger
Copy link
Contributor Author

Apologies, as I appear to have not completed my thought all the way in my previous comment. What I meant was:

keeps feature parity with the other pnpm flags

@zkochan
Copy link
Member
zkochan commented Nov 27, 2024
8000

Right, I think --fix should be changed to a subcommand as well.

@zkochan
Copy link
Member
zkochan commented Jan 8, 2025

ok, I did not change --fix in v10, so we can keep it as it is.

@zkochan zkochan changed the title feat(audit): add --ignore-vulnerabilities flag to make CVE ignores easier feat(audit): add --ignore and --ignore-unfixable flags May 7, 2025
@zkochan zkochan merged commit 5ec7255 into pnpm:main May 7, 2025
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zkochan zkochan zkochan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@IanKrieger @zkochan
0