[Bug] Security advisories API doesn't allow updating ecosystem: other packages
#187084
Replies: 2 comments
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
I also ran into this a few months back. I was told by support "It's working as designed". :( |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Bug
Body
While trying to update an advisory today (GHSA-8wc6-vgrq-x6cf) to add additional affected packages, I found that the API doesn't allow updating
ecosystem: otherreferences.To test this again, I've created a fake advisory:
If we try to update this, adding a new element (from the docs:
This works, and we can see both packages in the UI.
From here, if we edit - in the UI - the package ecosystem from
othertodocker:Then when we GET it via the API, we can see it's there and rendered as expected:
But if we try and update - i.e. to add another package - we get an error:
There doesn't seem to be a way to associate the custom value, which also means that updates require custom logic to replace the
dockervalue withother, and then requires re-editing it in the UI, which isn't ideal.Beta Was this translation helpful? Give feedback.
All reactions