dependabot-common 0.124.2 → 0.124.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/security_advisory.rb +11 -2
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 45ddffe6ea8f049656daee7b94bb0ff2c5c73cfb67746789c35a0557367c0ce3
|
4
|
+
data.tar.gz: 245e1180b6bcb30dd120e9d94162ded2d9cdc9cace6cb8fffdb8119ea411c851
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7d02322fb6f5a3a140e793deab8c048790750c15244c1b285a03b3df5753e85c799bfbf8c72d3f7686c9d3dd995da554d1e4f787773d15ccd43e1fccf2d63d8d
|
7
|
+
data.tar.gz: 982fbcc7a24947726bd39cddf7814c69fefd6086499f8d4137db1734e750e9649ab256b2faf67acc68b671060656507ab290e0c8de1147aa94a7c32fb98948b9
|
@@ -43,8 +43,13 @@ module Dependabot
|
|
43
43
|
safe_versions.any?
|
44
44
|
end
|
45
45
|
|
46
|
-
|
47
|
-
|
46
|
+
# Check if the advisory is fixed by the updated dependency
|
47
|
+
#
|
48
|
+
# @param dependency [Dependabot::Dependency] Updated dependency
|
49
|
+
# @return [Boolean]
|
50
|
+
def fixed_by?(dependency)
|
51
|
+
# Handle case mismatch between the security advisory and parsed name
|
52
|
+
return false unless dependency_name.downcase == dependency.name.downcase
|
48
53
|
return false unless package_manager == dependency.package_manager
|
49
54
|
# TODO: Support no previous version to the same level as dependency graph
|
50
55
|
# and security alerts. We currently ignore dependency updates without a
|
@@ -59,6 +64,10 @@ module Dependabot
|
|
59
64
|
!affects_version?(dependency.version)
|
60
65
|
end
|
61
66
|
|
67
|
+
# Check if the version is affected by the advisory
|
68
|
+
#
|
69
|
+
# @param version [Dependabot::<Package Manager>::Version] version class
|
70
|
+
# @return [Boolean]
|
62
71
|
def affects_version?(version)
|
63
72
|
return false unless version_class.correct?(version)
|
64
73
|
return false unless [*safe_versions, *vulnerable_versions].any?
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.124.
|
4
|
+
version: 0.124.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-10-
|
11
|
+
date: 2020-10-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|