-
Adrian Taylor authored
Each time a dependency is changed, the script will now check for known vulnerabilities. This is not perfect since ideally we'd be checking on a regular cadence; it's likely that equivalent functionality will be moved into Vomit or some other automated system in the future, but this is a good interim step to ensure that a large fraction of Chrome's open-source dependencies (212 out of 717) have some automated monitoring for vulnerabilities, where they previously had only manual monitoring. Testing done: * Add this line to build.gradle and ensure fetch_all.py fails with the desired diagnostics. compile "org.jetbrains.kotlin:kotlin-stdlib:1.2.70" * Add --ignore-vulnerabilities and ensure it continues. Bug: 1105911 Bug: 895969 Change-Id: If017d73765ef366959595facb000fc52a528cd08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2317706 Commit-Queue: Adrian Taylor <adetaylor@chromium.org> Commit-Queue: Peter Wen <wnwen@chromium.org> Reviewed-by:
Andrew Grieve <agrieve@chromium.org> Reviewed-by:
Peter Wen <wnwen@chromium.org> Cr-Commit-Position: refs/heads/master@{#791951}
2a89f928
