@@ -28,11 +28,11 @@ jobs:
2828
2929 # 3. Filter for NEW items only
3030 # Open alerts created > 65 mins ago
31- ALERTS=$(echo "$RAW_DATA" | jq --arg TIME "$TIME_THRESHOLD" \
32- '[ .[] | select(.state == "open") | select(.created_at > $TIME) ]')
31+ # ALERTS=$(echo "$RAW_DATA" | jq --arg TIME "$TIME_THRESHOLD" \
32+ # '[ .[] | select(.state == "open") | select(.created_at > $TIME) ]')
3333
3434 # --- FOR TESTING ONLY ---
35- # ALERTS=$(echo "$RAW_DATA" | jq '[ .[] | select(.state == "open") ]')
35+ ALERTS=$(echo "$RAW_DATA" | jq '[ .[] | select(.state == "open") ]')
3636 # ---------------------------------------------------------------
3737
3838 # 4. Check count
@@ -55,21 +55,23 @@ jobs:
5555 SEVERITY=$(echo "$alert" | jq -r '.security_advisory.severity // "Unknown"')
5656 ISSUE_URL=$(echo "$alert" | jq -r '.html_url // .url // "https://github.com"')
5757
58- # Format Title (e.g., "Cross-site Scripting - next (high)")
58+ # Format Title
5959 ISSUE_TITLE="${SUMMARY} - ${PACKAGE} (${SEVERITY})"
6060
6161 echo "Sending alert for: $PACKAGE"
6262
63- # Build Slack Message
64- MESSAGE_TEXT=$(jq -n \
63+ # Build Slack Message Text
64+ # FIX: We construct the string INSIDE jq using "\(...)" interpolation.
65+ # FIX: We use -r (raw output) so the variable stores actual newlines, not escaped \n
66+ MESSAGE_TEXT=$(jq -nr \
6567 --arg repo "$REPO_NAME" \
6668 --arg title "$ISSUE_TITLE" \
6769 --arg user "$ISSUE_USER" \
6870 --arg url "$ISSUE_URL" \
69- --arg template "*🚨 New Dependabot Alert ($REPO_NAME) 🚨*\n\n*Issue Title:* $ISSUE_TITLE\n*Opened By:* $ISSUE_USER\n\n*View Issue:* $ISSUE_URL" \
70- '$template')
71+ '"*🚨 New Dependabot Alert (\($repo)) 🚨*\n\n*Issue Title:* \($title)\n*Opened By:* \($user)\n\n*View Issue:* \($url)"')
7172
72- # Build Payload
73+ # Build JSON Payload
74+ # We pass the raw MESSAGE_TEXT into this new jq command, which handles the escaping correctly for JSON.
7375 SLACK_PAYLOAD=$(jq -n \
7476 --arg text "$MESSAGE_TEXT" \
7577 '{
0 commit comments