From 2d2b121469031babb7a06554c6c82fbdaf8c9098 Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Mon, 1 Feb 2021 12:04:10 +0000 Subject: [PATCH 1/7] document new notification behavior --- ...nerable-dependency-notification-options.md | 28 ++++++++++++++----- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 6fd66803d4..e8f8bb3329 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -1,14 +1,28 @@ -{% if currentVersion == "free-pro-team@latest" %} -By default, you will receive notification of new {% data variables.product.prodname_dependabot_alerts %}: -- by email, an email is sent every time a vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option) -- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option) -- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option) -- in your inbox, as web notifications for new vulnerabilities with a critical or high severity (**Web** option) +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} +{% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.0" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} + +- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). +- in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option). +- on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option). +- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository and when a new vulnerability with a critical or high severity is found (**Web** option). +- on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)." + +{% note %} + +**Note:** The email and web/{% data variables.product.prodname_mobile %} notifications are: + +- _per repository_: + - when {% data variables.product.prodname_dependabot %} is enabled on the repository (when at least one vulnerability is of critical or high severity) + - when a new manifest file is committed to the repository (when at least one vulnerability is of critical or high severity.) + +- _per organization_ when a new vulnerability is discovered (when the severity is critical or high.) + +{% endnote %} You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. {% endif %} -{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %} +{% if enterpriseServerVersions contains currentVersion and (currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0") %} By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}: - by email, an email is sent every time a vulnerability {% if currentVersion ver_gt "enterprise-server@2.23" %}with a critical or high severity {% endif %}is found (**Email each time a vulnerability is found** option) - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option) From 25ef40bf0562f300f5749f652416d54bed3e2899 Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Mon, 1 Feb 2021 13:58:07 +0000 Subject: [PATCH 2/7] tidy up --- .../vulnerable-dependency-notification-options.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index e8f8bb3329..4b89887920 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -4,18 +4,16 @@ - by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option). - on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option). -- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository and when a new vulnerability with a critical or high severity is found (**Web** option). +- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option). - on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)." {% note %} **Note:** The email and web/{% data variables.product.prodname_mobile %} notifications are: -- _per repository_: - - when {% data variables.product.prodname_dependabot %} is enabled on the repository (when at least one vulnerability is of critical or high severity) - - when a new manifest file is committed to the repository (when at least one vulnerability is of critical or high severity.) +- _per repository_when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository. -- _per organization_ when a new vulnerability is discovered (when the severity is critical or high.) +- _per organization_ when a new vulnerability is discovered {% endnote %} From 2dc3839444e01b44154d95b94241f27a8207ec4c Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Mon, 1 Feb 2021 14:06:36 +0000 Subject: [PATCH 3/7] fix inline formatting --- .../vulnerable-dependency-notification-options.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 4b89887920..18f8569010 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -11,9 +11,9 @@ **Note:** The email and web/{% data variables.product.prodname_mobile %} notifications are: -- _per repository_when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository. +- _per repository_ when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository. -- _per organization_ when a new vulnerability is discovered +- _per organization_ when a new vulnerability is discovered. {% endnote %} From b67459827b75dbf8c4a80d903bccf253fb541339 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 2 Feb 2021 13:49:56 +0000 Subject: [PATCH 4/7] Apply suggestions from code review Co-authored-by: Felicity Chapman --- .../vulnerable-dependency-notification-options.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 18f8569010..54ec88b432 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -1,10 +1,10 @@ {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} {% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.0" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} -- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). +- by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option). - on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option). -- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled on a repository, when a new manifest file is committed on to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option). +- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option). - on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)." {% note %} From c1f20bc7a99e734f8f4eca0bca55a4ff6b280c4f Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Mon, 22 Feb 2021 14:49:31 +0000 Subject: [PATCH 5/7] fix incorrect Liquid versioning --- .../notifications/vulnerable-dependency-notification-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 54ec88b432..6efba4339f 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -20,7 +20,7 @@ You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. {% endif %} -{% if enterpriseServerVersions contains currentVersion and (currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0") %} +{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" %} By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}: - by email, an email is sent every time a vulnerability {% if currentVersion ver_gt "enterprise-server@2.23" %}with a critical or high severity {% endif %}is found (**Email each time a vulnerability is found** option) - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option) From f7f3e11eca352c48e5a75091e7d931132511ddea Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Tue, 16 Mar 2021 07:43:31 +0000 Subject: [PATCH 6/7] update versioning --- .../notifications/vulnerable-dependency-notification-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 6efba4339f..7cd9fd70df 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -1,4 +1,4 @@ -{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %} {% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.0" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} - by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). From ff2f58a0dec59492c00aa0f060695acb71a3015e Mon Sep 17 00:00:00 2001 From: mchammer01 <42146119+mchammer01@users.noreply.github.com> Date: Tue, 16 Mar 2021 07:58:04 +0000 Subject: [PATCH 7/7] yet more versioning updates --- .../vulnerable-dependency-notification-options.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/reusables/notifications/vulnerable-dependency-notification-options.md b/data/reusables/notifications/vulnerable-dependency-notification-options.md index 7cd9fd70df..c85f038f8a 100644 --- a/data/reusables/notifications/vulnerable-dependency-notification-options.md +++ b/data/reusables/notifications/vulnerable-dependency-notification-options.md @@ -1,5 +1,5 @@ {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %} -{% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.0" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} +{% if currentVersion == "free-pro-team@latest"%}By default, you will receive notifications:{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion gt "enterprise-server@3.1" %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %} - by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option). - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option). @@ -20,7 +20,7 @@ You can customize the way you are notified about {% data variables.product.prodname_dependabot_alerts %}. For example, you can receive a weekly digest email summarizing alerts for up to 10 of your repositories using the **Email a digest summary of vulnerabilities** and **Weekly security email digest** options. {% endif %} -{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" %} +{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" or currentVersion == "enterprise-server@3.1" %} By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}: - by email, an email is sent every time a vulnerability {% if currentVersion ver_gt "enterprise-server@2.23" %}with a critical or high severity {% endif %}is found (**Email each time a vulnerability is found** option) - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option)