fix(VulnerabilityReference): Do not deserialize a lazy property #7789
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #7789 +/- ##
=========================================
Coverage 67.84% 67.84%
Complexity 2045 2045
=========================================
Files 357 357
Lines 16770 16771 +1
Branches 2378 2378
=========================================
+ Hits 11378 11379 +1
Misses 4402 4402
Partials 990 990
Flags with carried forward coverage won't be shown. Click here to find out more.
☔ View full report in Codecov by Sentry. |
This is a fixup for 8b6fe4f which introduced the `severityRating` property. Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth
force-pushed
the
no-lazy-prop-deser
branch
from
d2a62ed to
6f94149
Compare
| @@ -30,6 +32,7 @@ import java.net.URI | |||
| * with a list of references; each reference points to the source of the information and has some detailed information | |||
| * provided by this source. | |||
| */ | |||
| @JsonIgnoreProperties(value = ["severity_rating"], allowGetters = true) | |||
There was a problem hiding this comment.
Should we also not serialize the property, because it is redundant? If so, probably it would be good to instead annotate the property with @JsonIgnore. edit: <-- isn't this a funny username, referenced by accident
There was a problem hiding this comment.
Should we also not serialize the property, because it is redundant?
That's more or less the discusion I had with @mnonnenmacher over here. Not serializing it would require to reintroduce the EvaluatedVulnerabilityReference class.
There was a problem hiding this comment.
My preference would (as well?) be to not have it serialized in OrtResult at all, because of the reasons mentioned there. However, that's out of scope of this PR.
|
Merging despite the unrelated |
This is a fixup for 8b6fe4f which introduced the
severityRatingproperty.