Merge development into main: consolidated branches, history nav, severity enrichment#14
Open
stevologic wants to merge 8 commits into
Open
Merge development into main: consolidated branches, history nav, severity enrichment#14stevologic wants to merge 8 commits into
stevologic wants to merge 8 commits into
Conversation
* Refactor dependency explorer data flow and UI * Refactor dependency explorer data flow * Refactor dependency explorer data handling * Add GraphViz and GitHub dependency export support * code auto-enhancements * Add copyable audit brief for GitHub dependency review * Add GitHub repo deep links and audit brief export * Surface unsupported GitHub SBOM dependencies * Add skipped dependency JSON export * Export transitive dependency data in CSV and SBOM * Add SPDX export for repository imports
Move the skipped-dependency queue JSON, CSV, and Markdown brief export logic out of the App component into pure builder functions exposed via test hooks, and add node:test coverage. Fixes missing-license items being classified "Needs review" instead of "Missing SPDX" in the brief. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Port of codex/add-cve-severity-lookup-via-alias-url, adapted to the current cache layer: when an OSV advisory lacks severity data, resolve its aliases (from the aliases field and CVE/GHSA-shaped reference URLs) against api.osv.dev/v1/vulns and copy the first severity found. Alias lookups are capped per vuln and cached individually; the query cache key is bumped so previously cached unenriched results refresh. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Deep-link URLs (package, CVE, repository) now push history entries instead of replacing in place, and a popstate listener re-drives the matching analysis flow, so browser back/forward pivots between package, advisory, and repository views. Clearing the form is also a navigable step. Same-URL updates still replace to avoid duplicate entries. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Package, CVE, and repository views now set descriptive document titles so browser history entries, tabs, and shared links are identifiable. Add meta description and theme-color to index.html and bump the app.js cache-buster. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
ui/chat.html was an early command-style lookup UI that nothing links to. It duplicated a small subset of the main explorer and pulled tsparticles and fonts from CDNs, unlike the self-contained main app. History preserves it if ever needed. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
README gains a Web UI section covering the package, CVE, and repository analysis modes, deep links, and history navigation, plus a note on OSV severity alias enrichment. CONTRIBUTING points feature branches at development and documents the test commands. CI now fails on gofmt violations (previously gofmt -l never failed the build) and runs the node:test UI suite. Add .gitattributes to normalize line endings. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings main level with development after full branch consolidation (all other branches verified merged or superseded and deleted).
What's included
codex/add-cve-severity-lookup-via-alias-url, adapted to the current cache layer)Verification
go build ./... && go vet ./... && go test ./...greennode --test "ui/**/*.test.mjs"green (3/3)?repo=deep link), back/forward across all three views, light/dark themes contrast-audited, mobile viewport overflow-free🤖 Generated with Claude Code