RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.212.0 → 0.213.0 - Mend

dependabot-npm_and_yarn 0.212.0 → 0.213.0

Files changed (27) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ff4958e3092d765d3d92a6035f05dee25680d26697649b3adad94b2b876df7b
-  data.tar.gz: 0adce108f8a33fefd73641d55db1730ba0bdfd167d2e0a8b7d674d1074455c87
+  metadata.gz: 8461e9323e6bcb02cdaa77e8d2c899cb3a9657c08e31a548a8b32f89d462e807
+  data.tar.gz: 8b2455cc54d1098df6de9bf1e7f2dc0dbed789174215c6c63ea1ee5666d36bc6
 SHA512:
-  metadata.gz: 3eac1860e88136dc0b8ebc851b1fdad2ae27459df2a39937d401372b86cd6c86432d46bfe93d68422098d664ebe776fdaf3f7674f07911525e5c97fce83e0136
-  data.tar.gz: c7c5f918a175e8f8de6cfc8110895f3c13f15cd1af0e342ab2cdd74794c2d383c74e46ea2076b36a3059a75cc5e93a92233a1d08368e5cfdd456fb3a5d89bc34
+  metadata.gz: 64952d698c5c11ee8ee6c7c32bba2588028c1baa07a535f5061475b1dbc1afa98ab627695d859ac57b7eb34256aa19e6d0c6a4b57d838e08e16f34c3252991eb
+  data.tar.gz: dce94a154ba1dc8e15ce85e715d6bff9ce382d4d08d27b58a7b75b965ef8d1ddd4e238e56318e96cde4214902c8d9563b1c35656c8aa424019ba912870882f52

data/helpers/.eslintrc CHANGED Viewed

@@ -6,6 +6,6 @@
     "node": true
   },
   "parserOptions": {
-    "ecmaVersion": 9
+    "ecmaVersion": "latest"
   }
 }

data/helpers/README.md CHANGED Viewed

@@ -24,6 +24,6 @@ yarn test path/to/test.js
 In order to run an interactive debugger:
 - `node --inspect-brk node_modules/.bin/jest --runInBand path/to/test/test.js`
-- In Chrome, nativate to chrome://inspect
+- In Chrome, navigate to `chrome://inspect`
 - Click `Open dedicated DevTools for Node`
-- You'll now be able to interactively debug using the chrome dev tools.
+- You'll now be able to interactively debug using the Chrome dev tools.

data/helpers/lib/npm/vulnerability-auditor.js CHANGED Viewed

@@ -139,11 +139,6 @@ async function findVulnerableDependencies(directory, advisories) {
 }
 function convertAdvisoriesToRegistryBulkFormat(advisories) {
-  // npm audit differentiates advisories by `id`. In order to prevent
-  // advisories from being clobbered, we maintain a counter so that each
-  // advisory gets a unique `id`.
-  let nextAdvisoryId = 1
   return advisories.reduce((formattedAdvisories, advisory) => {
     if (!formattedAdvisories[advisory.dependency_name]) {
       formattedAdvisories[advisory.dependency_name] = []
@@ -151,7 +146,7 @@ function convertAdvisoriesToRegistryBulkFormat(advisories) {
     let formattedVersions =
       advisory.affected_versions.reduce((memo, version) => {
         memo.push({
-          id: nextAdvisoryId++,
+          id: Math.floor(Math.random() * Number.MAX_SAFE_INTEGER),
           vulnerable_versions: version
         })
         return memo
@@ -192,7 +187,12 @@ function buildDependencyChains(auditReport, name) {
     }
     if (auditReport.has(node.name)) {
       const vuln = auditReport.get(node.name)
-      return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
+      if (vuln.isVulnerable(node)) {
+        return [{ fixAvailable: vuln.fixAvailable, nodes: [node, ...chain.nodes] }]
+      } else if (node.name == name) {
+        // This is a non-vulnerable version of the advisory dependency; end path.
+        return []
+      }
     }
     if (!node.edgesOut.size) {
       // This is a leaf node that is unaffected by the vuln; end path.