fix(report): GitHub Security Alerts Integration

[kotakanbe]

What did you implement:

GItHub Security alerts API v4 has been changed.

• OLD

query { repository(owner:"kotakanbe", name:"tets") { url, vulnerabilityAlerts(first: 100) { pageInfo{ endCursor, hasNextPage, startCursor}, edges { node { id, externalIdentifier, externalReference, fixedIn, packageName,  dismissReason, dismissedAt } } } } }

• Error Msg

[Apr 28 13:43:06] ERROR [localhost] Failed to fill with integration: Failed to access GitHub Security Alerts: Failed to access to GitHub API. Response: {"errors":[{"path":["query","repository","vulnerabilityAlerts","edges","node","externalIdentifier"],"extensions":{"code":"undefinedField","typeName":"RepositoryVulnerabilityAlert","fieldName":"externalIdentifier"},"locations":[{"line":1,"column":162}],"message":"Field 'externalIdentifier' doesn't exist on type 'RepositoryVulnerabilityAlert'"},{"path":["query","repository","vulnerabilityAlerts","edges","node","externalReference"],"extensions":{"code":"undefinedField","typeName":"RepositoryVulnerabilityAlert","fieldName":"externalReference"},"locations":[{"line":1,"column":182}],"message":"Field 'externalReference' doesn't exist on type 'RepositoryVulnerabilityAlert'"},{"path":["query","repository","vulnerabilityAlerts","edges","node","fixedIn"],"extensions":{"code":"undefinedField","typeName":"RepositoryVulnerabilityAlert","fieldName":"fixedIn"},"locations":[{"line":1,"column":201}],"message":"Field 'fixedIn' doesn't exist on type 'RepositoryVulnerabilityAlert'"},{"path":["query","repository","vulnerabilityAlerts","edges","node","packageName"],"extensions":{"code":"undefinedField","typeName":"RepositoryVulnerabilityAlert","fieldName":"packageName"},"locations":[{"line":1,"column":210}],"message":"Field 'packageName' doesn't exist on type 'RepositoryVulnerabilityAlert'"}]}

• New

{
  repository(owner: "kotakanbe", name: "tets") {
    url
    vulnerabilityAlerts(first: 100) {
      pageInfo {
        endCursor
        hasNextPage
        startCursor
      }
      edges {
        node {
          id
          dismissReason
          dismissedAt
          securityVulnerability{
            package {
              name
              ecosystem
            }
            severity
            vulnerableVersionRange
            firstPatchedVersion {
              identifier
            }
          }
          securityAdvisory {
            description
            ghsaId
            permalink
            publishedAt
            summary
            updatedAt
            withdrawnAt
            origin
            severity
            references {
              url
            }
            identifiers {
              type
              value
            }
          }
        }
      }
    }
  }
}

https://developer.github.com/v4/object/repositoryvulnerabilityalert/

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

scan ,report with below configuration.

  [servers.ghsa]
    type="pseudo"
  [servers.ghsa.githubs."kotakanbe/tets"]
  token   = "xxxxxxxxxxxxxx"

Checklist:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES