-
Notifications
You must be signed in to change notification settings - Fork 555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: sequential fix #2252
feat: sequential fix #2252
Conversation
d082aca
to
31d50d6
Compare
|
31d50d6
to
abae6e8
Compare
Support optionally upgrading 1 package at a time, this is much slower but can provide better success in upgrading vulnerable package versions
abae6e8
to
1901672
Compare
Move throwable code into try/catch to make sure we continue fixing + spinner is not stuck Update a test to show that if some dependencies fail under --sequentially-fix we can still update other dependencies.
1901672
to
d820026
Compare
const changes: FixChangesSummary[] = []; | ||
try { | ||
const { upgrades } = await generateUpgrades(entity); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move back into try/catch to not prevent further fixes & to let the spinner finish
c85ba8e
to
6cd1266
Compare
if asked fix a package 1 by 1, this is much slower but can increase success % when some packages might be incompatible
6cd1266
to
b587e46
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice one @lili2311 🙌
d6a8735
to
a5a618c
Compare
What does this PR do?
Support optionally upgrading 1 package at a time, this
is much slower but can provide better success in upgrading
vulnerable package versions
Any background context you want to provide?
Some combination of package upgraded might not be compatible, allow upgrading 1 at a time to increase the % of fixed issues. This is much slower 🐌
snyk fix --sequential
will trigger the behavior to try applying package upgrades viapoetry
andpipenv
1 by 1.Screenshots
Can't see a difference in the screenshot unless one of the upgrades fails. See the added test to show what to expect.
Actual project run
From a test that crafts the right scenario, when running with
--sequential-fix
the whole fix does not fail.