Closed r0075h3ll closed 4 months ago
@r0075h3ll Thank you very much for your contribution. I have added a few review comments.
@r0075h3ll I have made a small change. I am including the updated version for the package as a remediation advice in the JSON report. I am skipping the helper function from summaryReporter
. The reason being, summaryReport
formats the version to a form that is meant for human readability. JSON report is meant for machine parsing hence we must include only the version or nothing in case updated version is not available. We should not include strings like -
or Not Available
in JSON report IMHO.
@r0075h3ll Thanks for your contribution. I will trigger a release later tonight. You should have this change included in the latest version of vet
by tomorrow.
@abhisek Thanks for this project, it's really helping the community :)
Hi
The
--report-json
flag in Vet generated a comprehensive json report file. However, it missed a field that was being displayed in the console output - the 'UPDATE TO' column data, that display what version the package should be upgraded to in order to mitigate the risk.This PR, with a few lines of code, adds 'advices' field to the json report suggesting the alternate package version that the vulnerable package should be upgraded to.
Thanks.