TashaTBaker
commented
2 months ago Hi Olivier, Thank you for your comments here. I will direct this to the right team internally so they can have a look.
Closed oliviertassinari closed 2 months ago
TashaTBaker
commented
2 months ago Hi Olivier, Thank you for your comments here. I will direct this to the right team internally so they can have a look.
Jdunsby
commented
2 months ago Hi Olivier
Thanks for flagging this issue. It seems that it originated in a PR where the banner image had been incorrectly formatted, so the markdown (including GitHub URL) was displayed instead of the image.
We've since fixed this issue with the default PR templates, so the banner URL isn't present, and you won't see any further GH URLs in those PRs using the default templates.
I've also made sure that we have redirect Github URLs in place for PRs that are using a custom templates, so this issue shouldn't occur in those PRs either.
Please let us know if you spot any recurrence or other issues with Snyk. Your feedback is much appreciated.
oliviertassinari
commented
2 months ago @Jdunsby Thanks for looking into it.
If Synk implemented a custom redirection domain, to potentially be careful about it, GitHub has protection against it: https://github.com/renovatebot/renovate/issues/29370.
I will let you know if I spot more of those backlink spam in any open source project 👍. Appreciated the fix, I'm convinced all open-source maintainers will too.
oliviertassinari
commented
1 month ago @Jdunsby The problem is still present. I didn't notice behavioral changes. For example in https://github.com/prathik2401/my-portfolio/pull/64. Those are still direct URLs:
I would expect this change would solve the problem. Can we apply them?:
-https://github.com/mui/material-ui/pull/43488
+https://redirect.github.com/mui/material-ui/pull/43488Thanks
oliviertassinari
commented
1 month ago Any update? Snyk is spamming all the open-source projects on GitHub. For example:
https://github.com/user-attachments/assets/7b1203c1-25d3-492a-8f70-3254e558c10d
Thanks
Snyk should use a proxy when referencing other PRs on GitHub. This spam all the open source projects:
Source of the screenshot: https://github.com/mui/mui-x/pull/13350
Renovate uses togithub.com https://github.com/renovatebot/renovate/discussions/10796 Dependabot uses redirect.github.com
Could Synk do the same? This seems much better. Thanks
cc @TashaTBaker I see you have been making changes to https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/create-automatic-prs-for-new-fixes lately. Could you help me bring this to the attention of the right team?