fixup! fixup! feat: drop number of vulnerabilities on --pre-release

Author: aduh95

lib/security-release/security-release.js

@@ -132,10 +132,14 @@ export function formatDateToYYYYMMDD(date) {
   return `${year}/${month}/${day}`;
 }
 
-export function getHighestSeverityAnnouncement(reports) {
-  const highestSeverityIndex = Math.max(...reports.map(r => SECURITY_RANKS.indexOf(report.severity.rating)));
-
-  return `The highest severity issue fixed in this release is ${SEVERITY_RANKS[highestSeverityIndex] ?? 'NONE'}.`;
+export function getHighestSeverityAnnouncement(reports, releaseLine = 'this release') {
+  const highestSeverityIndex = Math.max(...reports.map(
+    r => SEVERITY_RANKS.indexOf(r.severity.rating.toUpperCase())
+  ));
+
+  return `The highest severity issue fixed in ${releaseLine} is ${
+    SEVERITY_RANKS[highestSeverityIndex] ?? 'NONE'
+  }.`;
 }
 
 export function promptDependencies(cli) {

lib/security_blog.js

@@ -7,7 +7,6 @@ import {
   validateDate,
   SecurityRelease,
   commitAndPushVulnerabilitiesJSON,
-  getHighestSeverity,
   getHighestSeverityAnnouncement,
 } from './security-release/security-release.js';
 import auth from './auth.js';
@@ -337,10 +336,8 @@ export default class SecurityBlog extends SecurityRelease {
 
     const result = Array.from(impact.entries())
       .sort(([a], [b]) => b.localeCompare(a)) // DESC
-      .map(([version, reports]) => {
-        return `The highest severity issue fixed in the ${version} release line is ` +
-          `${getHighestSeverity(reports)}.`;
-      })
+      .map(([version, reports]) =>
+        getHighestSeverityAnnouncement(reports, `the ${version} release line`))
       .join('\n');
 
     return result;

test/unit/security_release.test.js

@@ -3,7 +3,6 @@ import assert from 'node:assert';
 
 import SecurityBlog from '../../lib/security_blog.js';
 import {
-  getHighestSeverity,
   getHighestSeverityAnnouncement
 } from '../../lib/security-release/security-release.js';
 
@@ -27,20 +26,55 @@ describe('security_release: severity announcement', () => {
       report(3, 'high')
     ];
 
-    assert.strictEqual(getHighestSeverity(reports), 'HIGH');
     assert.strictEqual(
       getHighestSeverityAnnouncement(reports),
       'The highest severity issue fixed in this release is HIGH.'
     );
   });
 
+  it('can be customized with second argument', () => {
+    const reports = [
+      report(1, 'low'),
+      report(2, 'medium'),
+      report(3, 'high')
+    ];
+
+    assert.strictEqual(
+      getHighestSeverityAnnouncement(reports, 'special release'),
+      'The highest severity issue fixed in special release is HIGH.'
+    );
+  });
+
+  it('invalid severity ratings are ignored', () => {
+    const reports = [
+      report(1, 'low'),
+      report(2, 'medium'),
+      report(3, 'hypercritical')
+    ];
+
+    assert.strictEqual(
+      getHighestSeverityAnnouncement(reports),
+      'The highest severity issue fixed in this release is MEDIUM.'
+    );
+  });
+
+  it('if no valid rating is passed, output NONE', () => {
+    const reports = [
+      report(3, 'hypercritical')
+    ];
+
+    assert.strictEqual(
+      getHighestSeverityAnnouncement(reports),
+      'The highest severity issue fixed in this release is NONE.'
+    );
+  });
+
   it('uses medium severity wording', () => {
     const reports = [
       report(1, 'low'),
       report(2, 'medium')
     ];
 
-    assert.strictEqual(getHighestSeverity(reports), 'MEDIUM');
     assert.strictEqual(
       getHighestSeverityAnnouncement(reports),
       'The highest severity issue fixed in this release is MEDIUM.'