dependabot-common 0.124.2 → 0.124.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/security_advisory.rb +11 -2
  3. data/lib/dependabot/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f8c1c6ce7dbce6606fe13ea021cddbdf6cc73561227f1e944024b0cd59c066f8
4
- data.tar.gz: 43be3e7cd0d8c583d2286a909d5c616b126eda8d1800db931ebf9ed66ee013bd
3
+ metadata.gz: 45ddffe6ea8f049656daee7b94bb0ff2c5c73cfb67746789c35a0557367c0ce3
4
+ data.tar.gz: 245e1180b6bcb30dd120e9d94162ded2d9cdc9cace6cb8fffdb8119ea411c851
5
5
  SHA512:
6
- metadata.gz: d8a3a6a7ca1e6910132f9c102c13547310eb38e1ac899df526a7fe6bf0cb8ebc264962b3f5ff9376a77f85e5cc5f385de81d58a1ccbfd165c295a9c9c5270d96
7
- data.tar.gz: 90c3aa1296c25e4616de3f29b83d5fb49c6dea2e05ccc12fa1c1f69d37342442cfc41acad10a9258d88352c21ff988a3417ae768fb559365873e317413194c23
6
+ metadata.gz: 7d02322fb6f5a3a140e793deab8c048790750c15244c1b285a03b3df5753e85c799bfbf8c72d3f7686c9d3dd995da554d1e4f787773d15ccd43e1fccf2d63d8d
7
+ data.tar.gz: 982fbcc7a24947726bd39cddf7814c69fefd6086499f8d4137db1734e750e9649ab256b2faf67acc68b671060656507ab290e0c8de1147aa94a7c32fb98948b9
data/lib/dependabot/security_advisory.rb CHANGED
@@ -43,8 +43,13 @@ module Dependabot
43
43
  safe_versions.any?
44
44
  end
45
45
 
46
- def fixes_advisory?(dependency)
47
- return false unless dependency_name == dependency.name
46
+ # Check if the advisory is fixed by the updated dependency
47
+ #
48
+ # @param dependency [Dependabot::Dependency] Updated dependency
49
+ # @return [Boolean]
50
+ def fixed_by?(dependency)
51
+ # Handle case mismatch between the security advisory and parsed name
52
+ return false unless dependency_name.downcase == dependency.name.downcase
48
53
  return false unless package_manager == dependency.package_manager
49
54
  # TODO: Support no previous version to the same level as dependency graph
50
55
  # and security alerts. We currently ignore dependency updates without a
@@ -59,6 +64,10 @@ module Dependabot
59
64
  !affects_version?(dependency.version)
60
65
  end
61
66
 
67
+ # Check if the version is affected by the advisory
68
+ #
69
+ # @param version [Dependabot::<Package Manager>::Version] version class
70
+ # @return [Boolean]
62
71
  def affects_version?(version)
63
72
  return false unless version_class.correct?(version)
64
73
  return false unless [*safe_versions, *vulnerable_versions].any?
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.124.2"
4
+ VERSION = "0.124.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.2
4
+ version: 0.124.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-26 00:00:00.000000000 Z
11
+ date: 2020-10-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit