RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.211.0 → 0.213.0 - Mend

dependabot-npm_and_yarn 0.211.0 → 0.213.0

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a59daca8d3197603d1310f3e9441dbcaf008aede06905fdb6ce6464a2a729bf
-  data.tar.gz: 1fa8b86f5de495b7fa09ee5ad9e3ca50916c152ea4350763e36580309f73491d
+  metadata.gz: 8461e9323e6bcb02cdaa77e8d2c899cb3a9657c08e31a548a8b32f89d462e807
+  data.tar.gz: 8b2455cc54d1098df6de9bf1e7f2dc0dbed789174215c6c63ea1ee5666d36bc6
 SHA512:
-  metadata.gz: '080b0ecf1699841eb2f2830bc29c962732abb6eb704b50d3ac9f64a165eea2f860ad9112eb0a5a2367918d324e408e187883c63d027bb7502c17be2146413657'
-  data.tar.gz: 3cec11a3e2321e639d455cc3df562b51a5ed9a22a197ba6d5a210d9dd63a2a1f6b65099c9bbe5c00b469442f415c6790a898a16ea54589d85468ed45f3183d56
+  metadata.gz: 64952d698c5c11ee8ee6c7c32bba2588028c1baa07a535f5061475b1dbc1afa98ab627695d859ac57b7eb34256aa19e6d0c6a4b57d838e08e16f34c3252991eb
+  data.tar.gz: dce94a154ba1dc8e15ce85e715d6bff9ce382d4d08d27b58a7b75b965ef8d1ddd4e238e56318e96cde4214902c8d9563b1c35656c8aa424019ba912870882f52

data/helpers/.eslintrc CHANGED Viewed

@@ -6,6 +6,6 @@
     "node": true
   },
   "parserOptions": {
-    "ecmaVersion": 9
+    "ecmaVersion": "latest"
   }
 }

data/helpers/README.md CHANGED Viewed

@@ -24,6 +24,6 @@ yarn test path/to/test.js
 In order to run an interactive debugger:
 - `node --inspect-brk node_modules/.bin/jest --runInBand path/to/test/test.js`
-- In Chrome, nativate to chrome://inspect
+- In Chrome, navigate to `chrome://inspect`
 - Click `Open dedicated DevTools for Node`
-- You'll now be able to interactively debug using the chrome dev tools.
+- You'll now be able to interactively debug using the Chrome dev tools.

data/helpers/lib/npm/vulnerability-auditor.js CHANGED Viewed

@@ -139,11 +139,6 @@ async function findVulnerableDependencies(directory, advisories) {
 }
 function convertAdvisoriesToRegistryBulkFormat(advisories) {
-  // npm audit differentiates advisories by `id`. In order to prevent
-  // advisories from being clobbered, we maintain a counter so that each
-  // advisory gets a unique `id`.
-  let nextAdvisoryId = 1
   return advisories.reduce((formattedAdvisories, advisory) => {
     if (!formattedAdvisories[advisory.dependency_name]) {
       formattedAdvisories[advisory.dependency_name] = []
@@ -151,7 +146,7 @@ function convertAdvisoriesToRegistryBulkFormat(advisories) {
     let formattedVersions =
       advisory.affected_versions.reduce((memo, version) => {
         memo.push({
-          id: nextAdvisoryId++,
+          id: Math.floor(Math.random() * Number.MAX_SAFE_INTEGER),
           vulnerable_versions: version
         })
         return memo
@@ -192,7 +187,12 @@ function buildDependencyChains(auditReport, name) {
     }
     if (auditReport.has(node.name)) {
       const vuln = auditReport.get(node.name)
-      return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
+      if (vuln.isVulnerable(node)) {
+        return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
+      } else if (node.name == name) {
+        // This is a non-vulnerable version of the advisory dependency; end path.
+        return []
+      }
     }
     if (!node.edgesOut.size) {
       // This is a leaf node that is unaffected by the vuln; end path.