Dependabot-core: Mentions in Changelog send notifications

Created on 2 Oct 2019  路  5Comments  路  Source: dependabot/dependabot-core

Seems to be a recurrence of #427 except for Changelog summary. As an example this PR https://github.com/rdohms/chainlink/pull/36 mentions me in the Changelog section and I got notified about it

picture jrjohnson

All 5 comments

@jrjohnson yes will take a look at fixing this!

feelepxyz picture feelepxyz on 2 Oct 2019
👍1

Curiously, only the first part of the string up to the first code fence (```registerLoader```) seems to have been sanitized (see the body element in https://api.github.com/repos/rdohms/chainlink/issues/36). This seems to point to a bug in the logic in sanitize_links_and_mentions, where instead of iterating through all the code fences, it considers everything after the start of the first code fence to be part of the code fence, and therefore ingests it as-is.

I've added a couple of tests in my fork that demonstrate the bug. If I have some spare time I'll take a look into fixing the implementation.

pedropombeiro picture pedropombeiro on 3 Oct 2019

@PombeirP yup nice find, I've got a fix here: https://github.com/dependabot/dependabot-core/pull/1426

feelepxyz picture feelepxyz on 3 Oct 2019
👍1

Thanks @feelepxyz! I'll create a separate PR to handle an additional scenario with complex nested code fences too, to avoid false positives.

pedropombeiro picture pedropombeiro on 3 Oct 2019
👍1

Thank you!

jrjohnson picture jrjohnson on 3 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

qnighy picture qnighy  路  4Comments
exequiel09 picture exequiel09  路  4Comments
bennycode picture bennycode  路  3Comments
LankyLou picture LankyLou  路  4Comments
Tapchicoma picture Tapchicoma  路  3Comments