GitHub Community
Don't remove links from Dependabot alert descriptions #39855
Replies: 2 comments 1 reply
-
|
Hi there @glye and welcome to our community! Thank you for the feedback! |
Beta Was this translation helpful? Give feedback.
-
|
👋 PM for Dependabot Alerts here. I've spoken with our Advisory Curation team. Are you referring to this advisory from two weeks ago? The curation team added some additional context to the description and published it here! |
Beta Was this translation helpful? Give feedback.
-
|
@erinhav Hi! 👋 Thanks. We generally use links in all our advisories. We like to have advisory information fully under our control on our own website. And it's easier for us to just insert a link to our own advisories into GH advisories, rather than copying the full text over and edit & reformat it to fit. But I realise that can make it harder for you, and for the GH end users. In the below advisory we made the effort of filling in more of the description (maybe we should keep doing that). Anyway this one was the trigger that made me post this suggestion here. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Product Feedback
Body
Security advisory descriptions can contain various text including links. When Dependabot alerts are created from an advisory, their description contains mostly the same text as the advisory, but the links are edited out. This leads to loss of information to users. It can be crucial for understanding the risks the alert is warning about.
The best would be to include the links, but if this won't be done the advisory editing UI should inform about this when links are inserted there, and advisory documentation should mention it.
Beta Was this translation helpful? Give feedback.
All reactions