Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic PRs should use a proxy when referring to PRs #357

Closed
oliviertassinari opened this issue Aug 21, 2024 · 5 comments
Closed

Automatic PRs should use a proxy when referring to PRs #357

oliviertassinari opened this issue Aug 21, 2024 · 5 comments

Comments

@oliviertassinari
Copy link

oliviertassinari commented Aug 21, 2024
edited
Loading

Snyk should use a proxy when referencing other PRs on GitHub. This spam all the open source projects:

SCR-20240822-bojx

Source of the screenshot: mui/mui-x#13350

Renovate uses github.com renovatebot/renovate#10796
Dependabot uses github.com

Could Synk do the same? This seems much better. Thanks

cc @TashaTBaker I see you have been making changes to https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/create-automatic-prs-for-new-fixes lately. Could you help me bring this to the attention of the right team?
@oliviertassinari oliviertassinari changed the title [sync] Automatic PRs should use a proxy when referring to PRs Automatic PRs should use a proxy when referring to PRs Aug 21, 2024
@TashaTBaker
Copy link
Collaborator

Hi Olivier,
Thank you for your comments here. I will direct this to the right team internally so they can have a look.

@Jdunsby
Copy link

Jdunsby commented Aug 23, 2024

Hi Olivier

Thanks for flagging this issue. It seems that it originated in a PR where the banner image had been incorrectly formatted, so the markdown (including GitHub URL) was displayed instead of the image.

We've since fixed this issue with the default PR templates, so the banner URL isn't present, and you won't see any further GH URLs in those PRs using the default templates.

I've also made sure that we have redirect Github URLs in place for PRs that are using a custom templates, so this issue shouldn't occur in those PRs either.

Please let us know if you spot any recurrence or other issues with Snyk. Your feedback is much appreciated.

@oliviertassinari
Copy link
Author

oliviertassinari commented Aug 23, 2024
edited
Loading

@Jdunsby Thanks for looking into it.

If Synk implemented a custom redirection domain, to potentially be careful about it, GitHub has protection against it: renovatebot/renovate#29370.

I will let you know if I spot more of those backlink spam in any open source project 👍. Appreciated the fix, I'm convinced all open-source maintainers will too.

@oliviertassinari
Copy link
Author

oliviertassinari commented Sep 21, 2024
edited
Loading

@Jdunsby The problem is still present. I didn't notice behavioral changes. For example in prathik2401/my-portfolio#64. Those are still direct URLs:

SCR-20240921-pgtq

I would expect this change would solve the problem. Can we apply them?:

-https://github.com/mui/material-ui/pull/43488
+https://github.com/mui/material-ui/pull/43488

Thanks

@oliviertassinari
Copy link
Author

oliviertassinari commented Oct 1, 2024
edited
Loading

Any update? Snyk is spamming all the open-source projects on GitHub. For example:

Screen.Recording.2024-10-08.at.20.06.59.mov

@oliviertassinari oliviertassinari mentioned this issue Oct 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@oliviertassinari @Jdunsby @TashaTBaker