dependabot-common 0.124.2 → 0.124.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of dependabot-common might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/security_advisory.rb +11 -2
  3. data/lib/dependabot/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f8c1c6ce7dbce6606fe13ea021cddbdf6cc73561227f1e944024b0cd59c066f8
4
- data.tar.gz: 43be3e7cd0d8c583d2286a909d5c616b126eda8d1800db931ebf9ed66ee013bd
3
+ metadata.gz: 45ddffe6ea8f049656daee7b94bb0ff2c5c73cfb67746789c35a0557367c0ce3
4
+ data.tar.gz: 245e1180b6bcb30dd120e9d94162ded2d9cdc9cace6cb8fffdb8119ea411c851
5
5
  SHA512:
6
- metadata.gz: d8a3a6a7ca1e6910132f9c102c13547310eb38e1ac899df526a7fe6bf0cb8ebc264962b3f5ff9376a77f85e5cc5f385de81d58a1ccbfd165c295a9c9c5270d96
7
- data.tar.gz: 90c3aa1296c25e4616de3f29b83d5fb49c6dea2e05ccc12fa1c1f69d37342442cfc41acad10a9258d88352c21ff988a3417ae768fb559365873e317413194c23
6
+ metadata.gz: 7d02322fb6f5a3a140e793deab8c048790750c15244c1b285a03b3df5753e85c799bfbf8c72d3f7686c9d3dd995da554d1e4f787773d15ccd43e1fccf2d63d8d
7
+ data.tar.gz: 982fbcc7a24947726bd39cddf7814c69fefd6086499f8d4137db1734e750e9649ab256b2faf67acc68b671060656507ab290e0c8de1147aa94a7c32fb98948b9
data/lib/dependabot/security_advisory.rb CHANGED
@@ -43,8 +43,13 @@ module Dependabot
43
43
  safe_versions.any?
44
44
  end
45
45
 
46
- def fixes_advisory?(dependency)
47
- return false unless dependency_name == dependency.name
46
+ # Check if the advisory is fixed by the updated dependency
47
+ #
48
+ # @param dependency [Dependabot::Dependency] Updated dependency
49
+ # @return [Boolean]
50
+ def fixed_by?(dependency)
51
+ # Handle case mismatch between the security advisory and parsed name
52
+ return false unless dependency_name.downcase == dependency.name.downcase
48
53
  return false unless package_manager == dependency.package_manager
49
54
  # TODO: Support no previous version to the same level as dependency graph
50
55
  # and security alerts. We currently ignore dependency updates without a
@@ -59,6 +64,10 @@ module Dependabot
59
64
  !affects_version?(dependency.version)
60
65
  end
61
66
 
67
+ # Check if the version is affected by the advisory
68
+ #
69
+ # @param version [Dependabot::<Package Manager>::Version] version class
70
+ # @return [Boolean]
62
71
  def affects_version?(version)
63
72
  return false unless version_class.correct?(version)
64
73
  return false unless [*safe_versions, *vulnerable_versions].any?
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.124.2"
4
+ VERSION = "0.124.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.2
4
+ version: 0.124.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-26 00:00:00.000000000 Z
11
+ date: 2020-10-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit