Skip to content

fix: split CVE reports by scope and correct severity counting#9378

Merged
deleonio merged 1 commit intodevelopfrom
feature/fix-cve-overview-workflows-sorting
Feb 2, 2026
Merged

fix: split CVE reports by scope and correct severity counting#9378
deleonio merged 1 commit intodevelopfrom
feature/fix-cve-overview-workflows-sorting

Conversation

@deleonio
Copy link
Copy Markdown
Contributor

@deleonio deleonio commented Feb 1, 2026

Motivation

  • Ensure CVE summaries reflect actual severity tallies instead of misclassifying known severities as unknown by fixing the counting logic.
  • Provide separate visibility for production-only and all-dependencies audit results so the overview distinguishes risks for production installs vs full dependency graph.

Description

  • Extend scripts/generate-cve-report.mjs to accept --input-prod and --input-all in addition to the legacy --input, and add argument validation for the new modes.
  • Replace the inline parsing/aggregation with collectAdvisories and buildReportSection helpers that normalize severities and count them using an explicit === undefined check so zero/known values are counted correctly.
  • Emit separate report sections when both production and all-dependencies audits are provided, otherwise fall back to the single-input behavior.
  • Update .github/workflows/cve-overview.yml to run pnpm audit --json --production and pnpm audit --json and pass both outputs to the report generator.

Testing

  • Ran repository formatting via pnpm format, which completed successfully.

Codex Task

@github-actions github-actions bot added agent:codex and removed codex labels Feb 1, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 1, 2026
edited
Loading

Netlify Draft Deployment
URL: https://69802f221e35dac19e38b91a--kolibri-public-ui.netlify.app
Logs: https://app.netlify.com/projects/kolibri-public-ui/deploys/69802f221e35dac19e38b91a

github-advanced-security[bot]
github-advanced-security AI found potential problems Feb 2, 2026
View reviewed changes
Comment thread scripts/merge-cve-overview.mjs Fixed
@deleonio deleonio force-pushed the feature/fix-cve-overview-workflows-sorting branch 9 times, most recently from faa1194 to 0711260 Compare February 2, 2026 04:54
@deleonio deleonio force-pushed the feature/fix-cve-overview-workflows-sorting branch from 0711260 to b83ad59 Compare February 2, 2026 04:56
@deleonio deleonio merged commit 990cc66 into develop Feb 2, 2026
13 checks passed
@deleonio deleonio deleted the feature/fix-cve-overview-workflows-sorting branch February 2, 2026 04:59
@publicuibot publicuibot bot locked and limited conversation to collaborators Feb 2, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

agent:codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deleonio @github-advanced-security