RubyGems - dependabot-common - Versions diffs - 0.154.3 → 0.154.4 - Mend

dependabot-common 0.154.3 → 0.154.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/update_checkers/version_filters.rb +19 -0
data/lib/dependabot/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aeb284b757e0874d1371b390e0a9c9759571e4cd659ed4898450cfb2b048ffd9
-  data.tar.gz: 56aa048446b8a19b08fe5c805768c6723a87978830895ea29a409af2577902c6
+  metadata.gz: db112d90ccd776ed7e343b38e963fa9612bf4e5b814e6a9c4a5867aea1a3c32b
+  data.tar.gz: 414df7ccf9cca26acf0d9eb2d95341657b27b0b635662ce001b059fd19cbbb09
 SHA512:
-  metadata.gz: 7d9d3c09880a11e91f20344828502a102fe574639f785005c72234789d1115f4ae01dc3d7f75a03103f069214370db5c416bf031045843fa163b75d6c904ab10
-  data.tar.gz: 743aa5679f2e65289da0b9e6127ba22d0d9fb290b63d5727335eb659e4ed375f7843cce929fb47a70ad4f0f4fbc85b413803ac499a5540d890ddae8c2a552e9e
+  metadata.gz: 613c7b103e9184a4b53f20abf6b9ddb8089642d5beb5036908d8429bfc68e6215115d575ac6162172be2910063d432004d25e10841457119ba65e7e3060870e3
+  data.tar.gz: ddb0f753e6b5039f4103378c45abc9981e9607ca33b2da31274c5b22a934cd1e19fc8bae4a7f47e682ccff54f1f6fa8e64fe55d5e6e7b2d8aa32fde6b1ad1d9d

data/lib/dependabot/update_checkers/version_filters.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module Dependabot
+  module UpdateCheckers
+    module VersionFilters
+      def self.filter_vulnerable_versions(versions_array, security_advisories)
+        versions_array.reject do |v|
+          security_advisories.any? do |a|
+            if v.is_a?(Gem::Version)
+              a.vulnerable?(v)
+            else
+              a.vulnerable?(v.fetch(:version))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.154.3"
+  VERSION = "0.154.4"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.154.3
+  version: 0.154.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-21 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -446,6 +446,7 @@ files:
 - lib/dependabot/update_checkers.rb
 - lib/dependabot/update_checkers/README.md
 - lib/dependabot/update_checkers/base.rb
+- lib/dependabot/update_checkers/version_filters.rb
 - lib/dependabot/utils.rb
 - lib/dependabot/version.rb
 - lib/rubygems_version_patch.rb