Guard against empty SCA results in vulnerable packages package (!25) · Merge requests · repos / security / Wikimedia Code Health Check · GitLab

How to register an account on GitLab. Due to spam, new accounts are locked until approved by an admin or the approver bot. Your GitLab account gets automatically approved within one hour if you are a member of Trusted Contributors in Gerrit, or a member of the Trusted-Contributors group in Phabricator and linked your Developer account to your Phabricator account. If none of these apply, you can file an unlock request to expedite access.

Take the 2024 Developer Satisfaction Survey ^{(privacy statement)} to help identify areas for improvement and measure satisfaction within the Wikimedia developer community.

Support: mw:GitLab, how to host a project on GitLab, #wikimedia-gitlab on libera.chat, #GitLab on Phabricator.

SBassett requested to merge T348787-fix-vuln-deps-bug into main Nov 21, 2023

This code adds an additional check to ensure the "results" key is present and that it is not an empty array or null value (both of which can be returned by osv-scanner, apparently)

Bug: T348787