dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Broken feedback link in security vulnerability header

Open HebaruSan opened this issue 2 years ago • 1 comments

Disclaimer

For support on the GitHub-integrated Dependabot service, please contact GitHub support This issue-tracker is meant for issues related to Dependabot's updating logic, a good rule of thumb is that if you have questions about the diff in a PR, it belongs here, otherwise the GitHub support team is best equipped to help you

I checked support.github.com, but it does not have a facility to report this bug. This is not specifically about the diff in a PR, but this is the only place I can find to report it, so I am reluctantly disregarding that part of the template. I'm sorry if this is in the wrong place, please move it or refer me to the right place (and consider updating the issue template with that same link for similar future cases).

Problem

A pull request from @dependabot features this at the top:

image

(Don't worry, this is a false positive; we don't actually have a security vulnerability, let alone a high severity one.)

The "give us feedback" link goes here:

https://github.com/contact?form%5Bsubject%5D=Dependabot+security+updates

But that link seems to be broken; when you click it, it goes here:

https://support.github.com/request?tags=dotcom-contact-params

... which is just the generic support landing page, not specific to Dependabot.

Suggestion

~~The new correct place for Dependabot feedback can be found if the user searches for it:~~

~~https://github.com/github/feedback/discussions/categories/dependabot-feedback?discussions_q=dependabot+category%3A%22Dependabot+Feedback%22~~

~~The link would be more useful if it went there instead.~~

As noted below, that link has broken as well, so now the only working replacement that I know of is the bug tracker:

https://github.com/dependabot/dependabot-core/issues

HebaruSan avatar Apr 10 '22 11:04 HebaruSan

Well, between April 10 and July 28, https://github.com/github/feedback/discussions/categories/dependabot-feedback ceased to be valid.

To be slightly more detailed about this:

  1. https://github.com/github/feedback/discussions -> https://github.com/github-community/community/discussions/
  2. https://github.com/github-community/community/discussions/ -> https://github.com/community/community/discussions

And at some point, the Dependabot Feedback category was removed/lost.

jsoref avatar Jul 28 '22 22:07 jsoref

@bradify I'd like to avoid using dependabot-core as a place for feedback or general questions, it feels like community is the right place for this. But I don't know if product has a specific place that they use now.

If you could let me know what product would prefer, it's a quick change to fix this up. Or just remove the link 😄

andymckay avatar Aug 22 '22 18:08 andymckay

My guess is 👉 https://github.com/community/community/discussions/categories/code-security

andymckay avatar Aug 22 '22 18:08 andymckay

I'd vote for that.

jsoref avatar Aug 22 '22 18:08 jsoref

Thank you so much for this feedback and finding the broken link for us @jsoref along with some good suggestions 🙇🏾

As it turns out this was removed from the codebase a couple of weeks ago and this particular message doesn't show up anymore. If only I'd gotten to this sooner 😄

andymckay avatar Aug 24 '22 19:08 andymckay