This adds a --update-config-ignores flag that aims to update the osv-detector configs to ignore all found vulnerabilities for the related lockfile if a config exists.
~For now I'm keeping this as a draft because while I think it's actually good to go, the main cli tests defeated me a bit as it's painful to craft all the different tests required; that's also why I've not yet done any cleanup or deduplication of the test helpers.~
There's also a few "extensions" on this that could be done, including having the detector note when there are ignored vulnerabilities that are no longer present, a custom indent level, and ~better handling of existing ignores (rather than requiring --no-config-ignores be set).~
This adds a
--update-config-ignores
flag that aims to update the osv-detector configs to ignore all found vulnerabilities for the related lockfile if a config exists.~For now I'm keeping this as a draft because while I think it's actually good to go, the main cli tests defeated me a bit as it's painful to craft all the different tests required; that's also why I've not yet done any cleanup or deduplication of the test helpers.~
There's also a few "extensions" on this that could be done, including having the detector note when there are ignored vulnerabilities that are no longer present, a custom indent level, and ~better handling of existing ignores (rather than requiring
--no-config-ignores
be set).~