Feature Description
When the alerts-to-issue workflow creates a parent issue for a vulnerable library, add a "Related Issues" section (either in the issue body or as a comment) that lists all other open parent issues addressing vulnerabilities in the same library.
Problem / Opportunity
A single library can contain multiple vulnerabilities, each potentially mapped to a different rule and tracked as a separate parent issue. Additionally, different vulnerabilities within the same library may be resolved by different target versions. This creates a risk that a developer fixing one vulnerability upgrades the library to a version that still contains other known issues.
Without cross-referencing context, there is no easy way to know:
- how many issues track the same library,
- which upgrade version would resolve all known vulnerabilities for that library at once.
Acceptance Criteria
- When a parent issue is created for a library, the workflow queries for other open parent issues tracking the same library.
- If related issues exist, a "Related Issues" section is added to the issue body or posted as a comment.
- The section lists each related issue with its number, title, and link.
- (Stretch goal) The section includes a recommendation of the minimum version that resolves all listed vulnerabilities for that library.
- The related issues section is kept up to date when new issues for the same library are created.
Proposed Solution
When creating or updating a parent issue, enrich it with a "Related Issues" section containing:
A list of all open parent issues that address the same library (linked by issue number and title).
(Ideal/optional) A highlighted recommendation indicating which target version resolves all known vulnerabilities associated with that library.
This section could be:
- Part of the issue body (generated/updated at creation time), or
- Added/updated as a comment on the parent issue (easier to keep fresh without full body rewrites).
Dependencies / Related
No response
Additional Context
No response
Feature Description
When the alerts-to-issue workflow creates a parent issue for a vulnerable library, add a "Related Issues" section (either in the issue body or as a comment) that lists all other open parent issues addressing vulnerabilities in the same library.
Problem / Opportunity
A single library can contain multiple vulnerabilities, each potentially mapped to a different rule and tracked as a separate parent issue. Additionally, different vulnerabilities within the same library may be resolved by different target versions. This creates a risk that a developer fixing one vulnerability upgrades the library to a version that still contains other known issues.
Without cross-referencing context, there is no easy way to know:
Acceptance Criteria
Proposed Solution
When creating or updating a parent issue, enrich it with a "Related Issues" section containing:
A list of all open parent issues that address the same library (linked by issue number and title).
(Ideal/optional) A highlighted recommendation indicating which target version resolves all known vulnerabilities associated with that library.
This section could be:
Dependencies / Related
No response
Additional Context
No response