Open
Conversation
Add GHDependabotAlert, GHDependabotAlertState, and
GHDependabotAlertsIterable following the same pattern as the existing
GHCodeScanningAlert and GHSecretScanningAlert implementations.
New classes:
- GHDependabotAlert: Main alert class with nested Dependency,
SecurityAdvisory, SecurityVulnerability, Package, PatchedVersion
- GHDependabotAlertState: OPEN, DISMISSED, FIXED, AUTO_DISMISSED
- GHDependabotAlertsIterable: Paginated iteration with owner wrapping
New GHRepository methods:
- listDependabotAlerts() / listDependabotAlerts(state) /
listDependabotAlerts(filters)
- getDependabotAlert(number)
Endpoint: GET /repos/{owner}/{repo}/dependabot/alerts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
cac066e to
22872d3
Compare
|
deploy step is trying to publish to a maven repo, but we don't need that here. https://cortexio.slack.com/archives/CRKQXMSM6/p1750954398537059 ^some additional context on the deploy error; previous prs have bypassed this check example pr: #35 |
|
@rychang03 I think you might want to take a run at just simplifying the CI. That deploy failure makes it look like we are trying to push to a public nexus repo still (probably from the original fork). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
GHDependabotAlertsupport to the library, following the same pattern asGHCodeScanningAlertandGHSecretScanningAlert.Additionally, bump the "setup-java" and "checkout" actions to v4 -- the v2 version is deprecated and causes build errors in CI (as seen in commit 22872d3)
New classes
GHDependabotAlert— Main alert class with nestedDependency,SecurityAdvisory,SecurityVulnerability,Package,PatchedVersionGHDependabotAlertState—OPEN,DISMISSED,FIXED,AUTO_DISMISSEDGHDependabotAlertsIterable— Paginated iteration with owner wrappingNew GHRepository methods
listDependabotAlerts()/listDependabotAlerts(state)/listDependabotAlerts(filters)getDependabotAlert(number)Endpoint
GET /repos/{owner}/{repo}/dependabot/alertsContext
Needed by brain-backend (CET-24466) to fetch Dependabot alerts via REST API instead of GraphQL
vulnerabilityAlerts, which silently returns empty on GHES instances with restricted token permissions.