feat: add advisories pagination (CM-1283)#4253
Open
ulemons wants to merge 6 commits into
Open
Conversation
ulemons
force-pushed
the
feat/advisories-pagination
branch
from
79521df to
7e6f7c9
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds pagination support to the Akrites “package advisories” listing endpoint to avoid returning hundreds of advisories in a single response, while keeping the package detail endpoint behavior unchanged.
Changes:
- Add
page(default 1) andpageSize(default 20, max 100) query params to the advisories endpoint, and return{ page, pageSize, total, advisories }. - Update DAL
getAdvisoriesByPackageIdto optionally paginate and return{ rows, total }, while retaining a non-paginated mode for package detail. - Update Akrites OpenAPI to document new query params and response shape.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| services/libs/data-access-layer/src/osspckgs/api.ts | Extends DAL advisories query to support optional pagination + total count. |
| backend/src/api/public/v1/packages/getPackageAdvisories.ts | Validates pagination via Zod and returns paginated response metadata. |
| backend/src/api/public/v1/packages/getPackage.ts | Adapts to new DAL return shape while still embedding full advisories list. |
| backend/src/api/public/v1/akrites/openapi.yaml | Documents the new pagination parameters and updated 200-response schema. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
ulemons
force-pushed
the
feat/advisories-pagination
branch
from
ba15058 to
43f9058
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 43f9058. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds page and pageSize query parameters to GET /api/v1/akrites/packages/advisories. Previously the endpoint returned all advisories for a package in a single response (up to 700+ for some packages), with no way to page through results.
Changes
Type of change
JIRA ticket
CM-1283
Note
Medium Risk
Public API contract changes: advisories are paginated by default (breaking for clients that expected the full list), and Advisory adds required
isCriticalplus severity enummoderateinstead ofmedium.Overview
Adds pagination and filtering to
GET /akrites/packages/advisoriesso the Security tab can load advisories in chunks instead of returning hundreds in one response. The handler now acceptspage(default 1) andpageSize(default 20, max 100), plus optionalseverity,resolution, andcriticalfilters (comma-separated or repeated query params). Responses includepage,pageSize, andtotalalongsideadvisories.getAdvisoriesByPackageIdin the DAL was refactored around a CTE that computes resolution andisCriticalfromadvisories.is_critical, applies filters, orders by severity/resolution/osvId, and runs a separateCOUNTwhen pagination opts are passed. When opts are omitted (package detail), it still returns all rows and skips the count query.Advisory objects now require
isCritical(CVSS ≥ 7.0) on both the advisories endpoint and package detailsecurity.advisories. OpenAPI updates severity tomoderate(wasmedium), documentsresolutionasopen|patched, and describes the new query params.normalizePurlreplaces the qualifier-stripping regex with an explicitstripQualifiershelper (same normalization behavior).Reviewed by Cursor Bugbot for commit 43f9058. Bugbot is set up for automated code reviews on this repo. Configure here.