Skip to content

Commit 9927487

Browse files
djcdjc
authored
Hide withdrawn advisories (#12693)
1 parent 8bbf8ab commit 9927487

File tree

2 files changed

+36
-1
lines changed

2 files changed

+36
-1
lines changed

app/routes/crate/security.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,9 @@ async function fetchAdvisories(crateId) {
1212
let advisories = await response.json();
1313
return advisories
1414
.filter(
15-
advisory => !advisory.affected?.some(affected => affected.database_specific?.informational === 'unmaintained'),
15+
advisory =>
16+
!advisory.withdrawn &&
17+
!advisory.affected?.some(affected => affected.database_specific?.informational === 'unmaintained'),
1618
)
1719
.map(advisory => ({
1820
...advisory,

e2e/acceptance/security.spec.ts

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,4 +164,37 @@ test.describe('Acceptance | crate security page', { tag: '@acceptance' }, () =>
164164
await expect(page.locator('[data-test-list]')).toContainText('TEST-VULN');
165165
await expect(page.locator('[data-test-list]')).toContainText('TEST-ANOTHER');
166166
});
167+
168+
test('filters out withdrawn advisories', async ({ page, msw }) => {
169+
let crate = await msw.db.crate.create({ name: 'withdrawn-test' });
170+
await msw.db.version.create({ crate, num: '1.0.0' });
171+
172+
let advisories = [
173+
{
174+
id: 'TEST-ACTIVE',
175+
summary: 'Active security vulnerability',
176+
details: 'This is an active security issue.',
177+
},
178+
{
179+
id: 'TEST-WITHDRAWN',
180+
summary: 'Withdrawn advisory',
181+
details: 'This advisory was withdrawn after circumstances changed.',
182+
withdrawn: '2025-02-22T12:00:00Z',
183+
},
184+
];
185+
186+
await msw.worker.use(http.get('https://rustsec.org/packages/:crateId.json', () => HttpResponse.json(advisories)));
187+
await page.goto('/crates/withdrawn-test/security');
188+
189+
// Should only show 1 advisory (the withdrawn one should be filtered out)
190+
await expect(page.locator('[data-test-list] li')).toHaveCount(1);
191+
192+
// Verify the withdrawn advisory is not shown
193+
await expect(page.locator('[data-test-list]')).not.toContainText('TEST-WITHDRAWN');
194+
await expect(page.locator('[data-test-list]')).not.toContainText('Withdrawn advisory');
195+
196+
// Verify the active vulnerability is shown
197+
await expect(page.locator('[data-test-list]')).toContainText('TEST-ACTIVE');
198+
await expect(page.locator('[data-test-list]')).toContainText('Active security vulnerability');
199+
});
167200
});

0 commit comments

Comments
 (0)