fix: fail-on with severity-threshold

Author: gitphill

test/acceptance/cli-fail-on.test.ts

@@ -39,6 +39,11 @@ const patchableResult = getWorkspaceJSON(
   'patchable',
   'vulns-result.json',
 );
+const multiSeveritiesResult = getWorkspaceJSON(
+  'fail-on',
+  'multiple-severities',
+  'vulns-result.json',
+);
 
 // @later: remove this config stuff.
 // Was copied straight from ../src/cli-server.js
@@ -393,6 +398,26 @@ test('test project with no vulns and --fail-on=patchable --json', async (t) => {
   }
 });
 
+test('test project with multiple severities with upgrade and patch with --fail-on=patchable and --severity=high', async (t) => {
+  try {
+    server.setNextResponse(multiSeveritiesResult);
+    chdirWorkspaces('fail-on');
+    await cli.test('multiple-severities', {
+      failOn: 'upgradable',
+      severityThreshold: 'high',
+    });
+    t.fail('expected test to throw exception');
+  } catch (err) {
+    t.match(err, /Patchable issues/, 'should show patchable issues');
+    t.notMatch(
+      err,
+      /Issues to fix by upgrading/,
+      'should not show upgradable issues',
+    );
+    t.equal(err.code, 'VULNS', 'should throw exception');
+  }
+});
+
 // test invalid arg
 test('test project with --fail-on=invalid', async (t) => {
   try {

test/acceptance/workspaces/fail-on/multiple-severities/package-lock.json

@@ -0,0 +1,10 @@
+{
+  "name": "upgradable-app",
+  "version": "1.0.0",
+  "description": "multiple severity vulns that are upgradable",
+  "dependencies": {
+    "yarn": "1.17.1",
+    "ms": "^1.0.0"
+  },
+  "devDependencies": {}
+}