Skip to content

ci: add cve-fix label and vulnerability category to release notes#253

Merged
WilliamBerryiii merged 3 commits intomainfrom
ci/141-add-cve-fix-label-release-notes
Mar 15, 2026
Merged

ci: add cve-fix label and vulnerability category to release notes#253
WilliamBerryiii merged 3 commits intomainfrom
ci/141-add-cve-fix-label-release-notes

Conversation

@WilliamBerryiii
Copy link
Member

@WilliamBerryiii WilliamBerryiii commented Mar 14, 2026

Description

Adds a new 🔒 Vulnerabilities Fixed section to the GitHub automatic release notes configuration and creates the cve-fix label used to categorize CVE-related pull requests. The Security category is updated with an exclusion rule to prevent cve-fix PRs from appearing in both sections.

Related Issue

Fixes #141

Type of Change

  • Bug fix (non-breaking change fixing an issue)
  • New feature (non-breaking change adding functionality)
  • Breaking change (change that would cause existing functionality to not work as expected)
  • Blueprint modification (changes to deployment blueprints)
  • Component modification (changes to infrastructure components)
  • Documentation update
  • CI/CD pipeline change
  • Other (please describe):

Implementation Details

  • .github/release.yml: Added 🔒 Vulnerabilities Fixed category with the cve-fix label, positioned between Breaking Changes and Security to surface vulnerability fixes prominently in release notes.
  • .github/release.yml: Added exclude: labels: [cve-fix] to the 🔐 Security category to prevent dual-categorization.
  • GitHub label: Created cve-fix label (color #b60205, description "Pull requests that fix CVE vulnerabilities") on microsoft/edge-ai.

Testing Performed

  • Terraform plan succeeds
  • Terraform apply succeeds
  • Blueprint deployment tested
  • Unit tests added/updated
  • Integration tests added/updated
  • Regression tests pass
  • Manual validation performed

Validation details: YAML linting passed. Verified release.yml structure and label ordering are correct.

Validation Steps

  1. Open .github/release.yml and confirm the new 🔒 Vulnerabilities Fixed category appears with the cve-fix label.
  2. Confirm the 🔐 Security category has an exclude block listing cve-fix.
  3. Confirm the cve-fix label exists on the repository with color #b60205.

Checklist

  • I have updated the documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests pass
  • I have run terraform fmt and terraform validate (if applicable)
  • I have run bicep format and bicep build (if applicable)
  • I have checked that no sensitive data is included in this PR
  • I have run MegaLinter locally and resolved any issues

Additional Notes

This is a CI configuration-only change. No infrastructure, application, or documentation changes are included. Most checklist items (Terraform, Bicep, tests, docs) are not applicable.

Screenshots

N/A

@WilliamBerryiii
ci: add cve-fix label and vulnerability category to release notes
d1a824f 
- add Vulnerabilities Fixed category with cve-fix label
- exclude cve-fix from Security category to prevent duplication

🔒 - Generated by Copilot
@WilliamBerryiii WilliamBerryiii requested a review from a team as a code owner March 14, 2026 03:12
Copilot AI review requested due to automatic review settings March 14, 2026 03:12
Copilot AI reviewed Mar 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub automatic release notes configuration to surface CVE remediation pull requests in a dedicated “Vulnerabilities Fixed” section and prevent duplication in the existing Security section.

Changes:

  • Added a new 🔒 Vulnerabilities Fixed changelog category keyed off the cve-fix label.
  • Updated the 🔐 Security changelog category to exclude PRs labeled cve-fix.

agreaves-ms
agreaves-ms reviewed Mar 14, 2026
View reviewed changes
Copilot AI review requested due to automatic review settings March 15, 2026 20:27
Copilot AI reviewed Mar 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s GitHub auto-generated release notes configuration to better surface CVE remediation work by adding a dedicated “Vulnerabilities Fixed” category and preventing duplication within the existing Security category.

Changes:

  • Added a new release-notes category 🔒 Vulnerabilities Fixed keyed off the cve-fix label.
  • Updated the existing 🔐 Security category to exclude PRs labeled cve-fix to avoid double-listing.

@WilliamBerryiii WilliamBerryiii merged commit 259072b into main Mar 15, 2026
35 checks passed
@WilliamBerryiii WilliamBerryiii deleted the ci/141-add-cve-fix-label-release-notes branch March 15, 2026 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@agreaves-ms agreaves-ms agreaves-ms approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ci(release): add cve-fix label and vulnerability section to release notes

3 participants

@WilliamBerryiii @agreaves-ms