Add resolver that generates lockfile patch GitHub PRs

lunasec-io / lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

https://www.lunasec.io/

Other

1.44k stars 164 forks source link

Add resolver that generates lockfile patch GitHub PRs #1132

Open freeqaz opened 1 year ago

freeqaz commented 1 year ago

This is a GraphQL resolver that, when called with a vulnerability and package, will generate a GitHub Pull Request to the lockfile.

Current Limitations:

Only works for a single package at a time (batch PRs will come later)
Isn't wired up to the front-end
The GraphQL resolver is untested (but it should work)

Fixes #1030