renovate 43.127.3 → 43.128.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/modules/datasource/npm/schema.js +1 -1
- package/dist/modules/datasource/npm/schema.js.map +1 -1
- package/dist/modules/platform/github/schema.d.ts +4 -0
- package/dist/modules/platform/github/schema.js +2 -0
- package/dist/modules/platform/github/schema.js.map +1 -1
- package/dist/modules/versioning/types.d.ts +6 -0
- package/dist/workers/repository/init/vulnerability.js +26 -21
- package/dist/workers/repository/init/vulnerability.js.map +1 -1
- package/dist/workers/repository/process/lookup/generate.js +3 -2
- package/dist/workers/repository/process/lookup/generate.js.map +1 -1
- package/dist/workers/repository/process/lookup/index.js +4 -2
- package/dist/workers/repository/process/lookup/index.js.map +1 -1
- package/package.json +1 -1
- package/renovate-schema.json +2 -2
|
@@ -13,7 +13,7 @@ const Version = z.object({
|
|
|
13
13
|
gitHead: z.string().optional(),
|
|
14
14
|
dependencies: z.record(z.string()).optional(),
|
|
15
15
|
devDependencies: z.record(z.string()).optional(),
|
|
16
|
-
engines: z.object({ node: z.string().optional() }).optional(),
|
|
16
|
+
engines: z.object({ node: z.string().optional() }).optional().catch(void 0),
|
|
17
17
|
dist: Distribution.optional()
|
|
18
18
|
});
|
|
19
19
|
const CachedPackument = z.object({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","names":[],"sources":["../../../../lib/modules/datasource/npm/schema.ts"],"sourcesContent":["import { z } from 'zod/v3';\n\nconst Repository = z.union([\n z.string(),\n z.object({\n url: z.string().optional(),\n directory: z.string().optional(),\n }),\n]);\n\nconst Attestations = z.object({\n url: z.string().optional(),\n});\n\nconst Distribution = z.object({\n attestations: Attestations.optional(),\n});\n\nconst Version = z.object({\n repository: Repository.optional(),\n homepage: z.string().optional(),\n deprecated: z.union([z.string(), z.boolean()]).optional(),\n gitHead: z.string().optional(),\n dependencies: z.record(z.string()).optional(),\n devDependencies: z.record(z.string()).optional(),\n engines: z.object({ node: z.string().optional() }).optional(),\n dist: Distribution.optional(),\n});\n\nexport const CachedPackument = z.object({\n versions: z.record(Version).optional(),\n repository: Repository.optional(),\n homepage: z.string().optional(),\n time: z.record(z.string()).optional(),\n 'dist-tags': z.record(z.string()).optional(),\n});\n"],"mappings":";;AAEA,MAAM,aAAa,EAAE,MAAM,CACzB,EAAE,QAAQ,EACV,EAAE,OAAO;CACP,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,WAAW,EAAE,QAAQ,CAAC,UAAU;CACjC,CAAC,CACH,CAAC;AAEF,MAAM,eAAe,EAAE,OAAO,EAC5B,KAAK,EAAE,QAAQ,CAAC,UAAU,EAC3B,CAAC;AAEF,MAAM,eAAe,EAAE,OAAO,EAC5B,cAAc,aAAa,UAAU,EACtC,CAAC;AAEF,MAAM,UAAU,EAAE,OAAO;CACvB,YAAY,WAAW,UAAU;CACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,UAAU;CACzD,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC9B,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CAC7C,iBAAiB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CAChD,SAAS,
|
|
1
|
+
{"version":3,"file":"schema.js","names":[],"sources":["../../../../lib/modules/datasource/npm/schema.ts"],"sourcesContent":["import { z } from 'zod/v3';\n\nconst Repository = z.union([\n z.string(),\n z.object({\n url: z.string().optional(),\n directory: z.string().optional(),\n }),\n]);\n\nconst Attestations = z.object({\n url: z.string().optional(),\n});\n\nconst Distribution = z.object({\n attestations: Attestations.optional(),\n});\n\nconst Version = z.object({\n repository: Repository.optional(),\n homepage: z.string().optional(),\n deprecated: z.union([z.string(), z.boolean()]).optional(),\n gitHead: z.string().optional(),\n dependencies: z.record(z.string()).optional(),\n devDependencies: z.record(z.string()).optional(),\n engines: z\n .object({ node: z.string().optional() })\n .optional()\n .catch(undefined),\n dist: Distribution.optional(),\n});\n\nexport const CachedPackument = z.object({\n versions: z.record(Version).optional(),\n repository: Repository.optional(),\n homepage: z.string().optional(),\n time: z.record(z.string()).optional(),\n 'dist-tags': z.record(z.string()).optional(),\n});\n"],"mappings":";;AAEA,MAAM,aAAa,EAAE,MAAM,CACzB,EAAE,QAAQ,EACV,EAAE,OAAO;CACP,KAAK,EAAE,QAAQ,CAAC,UAAU;CAC1B,WAAW,EAAE,QAAQ,CAAC,UAAU;CACjC,CAAC,CACH,CAAC;AAEF,MAAM,eAAe,EAAE,OAAO,EAC5B,KAAK,EAAE,QAAQ,CAAC,UAAU,EAC3B,CAAC;AAEF,MAAM,eAAe,EAAE,OAAO,EAC5B,cAAc,aAAa,UAAU,EACtC,CAAC;AAEF,MAAM,UAAU,EAAE,OAAO;CACvB,YAAY,WAAW,UAAU;CACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,UAAU;CACzD,SAAS,EAAE,QAAQ,CAAC,UAAU;CAC9B,cAAc,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CAC7C,iBAAiB,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CAChD,SAAS,EACN,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,UAAU,EAAE,CAAC,CACvC,UAAU,CACV,MAAM,KAAA,EAAU;CACnB,MAAM,aAAa,UAAU;CAC9B,CAAC;AAEF,MAAa,kBAAkB,EAAE,OAAO;CACtC,UAAU,EAAE,OAAO,QAAQ,CAAC,UAAU;CACtC,YAAY,WAAW,UAAU;CACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;CAC/B,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CACrC,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,UAAU;CAC7C,CAAC"}
|
|
@@ -3,6 +3,8 @@ import { z } from "zod/v3";
|
|
|
3
3
|
//#region lib/modules/platform/github/schema.d.ts
|
|
4
4
|
declare const GithubVulnerabilityAlerts: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodAny, "many">, {
|
|
5
5
|
security_advisory: {
|
|
6
|
+
ghsa_id: string;
|
|
7
|
+
summary: string;
|
|
6
8
|
description: string;
|
|
7
9
|
identifiers: {
|
|
8
10
|
value: string;
|
|
@@ -40,6 +42,8 @@ declare const GithubVulnerabilityAlerts: z.ZodEffects<z.ZodEffects<z.ZodArray<z.
|
|
|
40
42
|
dismissed_reason?: string | null | undefined;
|
|
41
43
|
}[], any[]>, {
|
|
42
44
|
security_advisory: {
|
|
45
|
+
ghsa_id: string;
|
|
46
|
+
summary: string;
|
|
43
47
|
description: string;
|
|
44
48
|
identifiers: {
|
|
45
49
|
value: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","names":[],"sources":["../../../../lib/modules/platform/github/schema.ts"],"sourcesContent":["import { z } from 'zod/v3';\nimport { logger } from '../../../logger/index.ts';\nimport { LooseArray } from '../../../util/schema-utils/index.ts';\n\nconst Ecosystem = z.enum([\n 'actions',\n 'composer',\n 'go',\n 'maven',\n 'npm',\n 'nuget',\n 'pip',\n 'rubygems',\n 'rust',\n]);\nexport type Ecosystem = z.infer<typeof Ecosystem>;\n\nconst Package = z.object({\n ecosystem: Ecosystem.catch((ctx) => {\n logger.debug(\n { ecosystem: ctx.input },\n 'Skipping vulnerability alert with unsupported ecosystem',\n );\n return undefined as any;\n }),\n name: z.string(),\n});\n\nconst Severity = z.enum(['low', 'medium', 'high', 'critical']);\n\nconst SecurityVulnerability = z\n .object({\n first_patched_version: z.object({ identifier: z.string() }).nullish(),\n package: Package,\n severity: Severity,\n vulnerable_version_range: z.string(),\n })\n .nullable();\n\nconst CvssSeverity = z.object({\n vector_string: z.string().nullable(),\n score: z.number().nullable(),\n});\n\nconst SecurityAdvisory = z.object({\n description: z.string(),\n identifiers: z.array(\n z.object({\n type: z.string(),\n value: z.string(),\n }),\n ),\n references: z.array(z.object({ url: z.string() })).optional(),\n severity: Severity,\n cvss_severities: z\n .object({\n cvss_v3: CvssSeverity.nullish(),\n cvss_v4: CvssSeverity.nullish(),\n })\n .nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisory>;\n\nexport const GithubVulnerabilityAlerts = LooseArray(\n z.object({\n dismissed_reason: z.string().nullish(),\n security_advisory: SecurityAdvisory,\n security_vulnerability: SecurityVulnerability,\n dependency: z.object({\n manifest_path: z.string(),\n }),\n }),\n {\n onError: ({ error }) => {\n logger.debug(\n { error },\n 'Vulnerability Alert: Failed to parse some alerts',\n );\n },\n },\n).transform((alerts) =>\n alerts.filter((alert) => alert.security_vulnerability?.package?.ecosystem),\n);\nexport type GithubVulnerabilityAlerts = z.infer<\n typeof GithubVulnerabilityAlerts\n>;\nexport type GithubVulnerabilityAlert = GithubVulnerabilityAlerts[number];\n\n// https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#get-repository-content\nconst GithubResponseMetadata = z.object({\n name: z.string(),\n path: z.string(),\n});\n\nexport const GithubFileMeta = GithubResponseMetadata.extend({\n type: z.literal('file'),\n});\nexport type GithubFileMeta = z.infer<typeof GithubFileMeta>;\n\nexport const GithubFile = GithubFileMeta.extend({\n content: z.string(),\n encoding: z.string(),\n});\nexport type GithubFile = z.infer<typeof GithubFile>;\n\nexport const GithubDirectory = GithubResponseMetadata.extend({\n type: z.literal('dir'),\n});\n\nexport type GithubDirectory = z.infer<typeof GithubDirectory>;\n\nexport const GithubOtherContent = GithubResponseMetadata.extend({\n type: z.literal('symlink').or(z.literal('submodule')),\n});\n\nexport type GithubOtherContent = z.infer<typeof GithubOtherContent>;\n\nexport const GithubElement = GithubFile.or(GithubFileMeta)\n .or(GithubDirectory)\n .or(GithubOtherContent);\nexport type GithubElement = z.infer<typeof GithubElement>;\n\nexport const GithubContentResponse = z.array(GithubElement).or(GithubElement);\n\nexport const GithubBranchProtection = z.object({\n required_status_checks: z\n .object({\n strict: z.boolean(),\n })\n .nullish()\n .optional(),\n});\nexport type GithubBranchProtection = z.infer<typeof GithubBranchProtection>;\n\nconst GithubRulesetRule = z.discriminatedUnion('type', [\n z.object({\n type: z.literal('non_fast_forward'),\n }),\n z.object({\n type: z.literal('required_status_checks'),\n parameters: z.object({\n strict_required_status_checks_policy: z.boolean().optional(),\n }),\n }),\n // prevents deletion\n z.object({\n type: z.literal('deletion'),\n }),\n]);\n\nexport const GithubBranchRulesets = LooseArray(GithubRulesetRule);\nexport type GithubBranchRulesets = z.infer<typeof GithubBranchRulesets>;\n"],"mappings":";;;;AAIA,MAAM,YAAY,EAAE,KAAK;CACvB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAM,UAAU,EAAE,OAAO;CACvB,WAAW,UAAU,OAAO,QAAQ;AAClC,SAAO,MACL,EAAE,WAAW,IAAI,OAAO,EACxB,0DACD;GAED;CACF,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAM,WAAW,EAAE,KAAK;CAAC;CAAO;CAAU;CAAQ;CAAW,CAAC;AAE9D,MAAM,wBAAwB,EAC3B,OAAO;CACN,uBAAuB,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC,SAAS;CACrE,SAAS;CACT,UAAU;CACV,0BAA0B,EAAE,QAAQ;CACrC,CAAC,CACD,UAAU;AAEb,MAAM,eAAe,EAAE,OAAO;CAC5B,eAAe,EAAE,QAAQ,CAAC,UAAU;CACpC,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC7B,CAAC;AAEF,MAAM,mBAAmB,EAAE,OAAO;CAChC,aAAa,EAAE,QAAQ;CACvB,aAAa,EAAE,MACb,EAAE,OAAO;EACP,MAAM,EAAE,QAAQ;EAChB,OAAO,EAAE,QAAQ;EAClB,CAAC,CACH;CACD,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,UAAU;CAC7D,UAAU;CACV,iBAAiB,EACd,OAAO;EACN,SAAS,aAAa,SAAS;EAC/B,SAAS,aAAa,SAAS;EAChC,CAAC,CACD,SAAS;CACb,CAAC;AAGF,MAAa,4BAA4B,WACvC,EAAE,OAAO;CACP,kBAAkB,EAAE,QAAQ,CAAC,SAAS;CACtC,mBAAmB;CACnB,wBAAwB;CACxB,YAAY,EAAE,OAAO,EACnB,eAAe,EAAE,QAAQ,EAC1B,CAAC;CACH,CAAC,EACF,EACE,UAAU,EAAE,YAAY;AACtB,QAAO,MACL,EAAE,OAAO,EACT,mDACD;GAEJ,CACF,CAAC,WAAW,WACX,OAAO,QAAQ,UAAU,MAAM,wBAAwB,SAAS,UAAU,CAC3E;AAOD,MAAM,yBAAyB,EAAE,OAAO;CACtC,MAAM,EAAE,QAAQ;CAChB,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAa,iBAAiB,uBAAuB,OAAO,EAC1D,MAAM,EAAE,QAAQ,OAAO,EACxB,CAAC;AAGF,MAAa,aAAa,eAAe,OAAO;CAC9C,SAAS,EAAE,QAAQ;CACnB,UAAU,EAAE,QAAQ;CACrB,CAAC;AAGF,MAAa,kBAAkB,uBAAuB,OAAO,EAC3D,MAAM,EAAE,QAAQ,MAAM,EACvB,CAAC;AAIF,MAAa,qBAAqB,uBAAuB,OAAO,EAC9D,MAAM,EAAE,QAAQ,UAAU,CAAC,GAAG,EAAE,QAAQ,YAAY,CAAC,EACtD,CAAC;AAIF,MAAa,gBAAgB,WAAW,GAAG,eAAe,CACvD,GAAG,gBAAgB,CACnB,GAAG,mBAAmB;AAGzB,MAAa,wBAAwB,EAAE,MAAM,cAAc,CAAC,GAAG,cAAc;AAE7E,MAAa,yBAAyB,EAAE,OAAO,EAC7C,wBAAwB,EACrB,OAAO,EACN,QAAQ,EAAE,SAAS,EACpB,CAAC,CACD,SAAS,CACT,UAAU,EACd,CAAC;AAmBF,MAAa,uBAAuB,WAhBV,EAAE,mBAAmB,QAAQ;CACrD,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,mBAAmB,EACpC,CAAC;CACF,EAAE,OAAO;EACP,MAAM,EAAE,QAAQ,yBAAyB;EACzC,YAAY,EAAE,OAAO,EACnB,sCAAsC,EAAE,SAAS,CAAC,UAAU,EAC7D,CAAC;EACH,CAAC;CAEF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,WAAW,EAC5B,CAAC;CACH,CAAC,CAE+D"}
|
|
1
|
+
{"version":3,"file":"schema.js","names":[],"sources":["../../../../lib/modules/platform/github/schema.ts"],"sourcesContent":["import { z } from 'zod/v3';\nimport { logger } from '../../../logger/index.ts';\nimport { LooseArray } from '../../../util/schema-utils/index.ts';\n\nconst Ecosystem = z.enum([\n 'actions',\n 'composer',\n 'go',\n 'maven',\n 'npm',\n 'nuget',\n 'pip',\n 'rubygems',\n 'rust',\n]);\nexport type Ecosystem = z.infer<typeof Ecosystem>;\n\nconst Package = z.object({\n ecosystem: Ecosystem.catch((ctx) => {\n logger.debug(\n { ecosystem: ctx.input },\n 'Skipping vulnerability alert with unsupported ecosystem',\n );\n return undefined as any;\n }),\n name: z.string(),\n});\n\nconst Severity = z.enum(['low', 'medium', 'high', 'critical']);\n\nconst SecurityVulnerability = z\n .object({\n first_patched_version: z.object({ identifier: z.string() }).nullish(),\n package: Package,\n severity: Severity,\n vulnerable_version_range: z.string(),\n })\n .nullable();\n\nconst CvssSeverity = z.object({\n vector_string: z.string().nullable(),\n score: z.number().nullable(),\n});\n\nconst SecurityAdvisory = z.object({\n ghsa_id: z.string(),\n summary: z.string(),\n description: z.string(),\n identifiers: z.array(\n z.object({\n type: z.string(),\n value: z.string(),\n }),\n ),\n references: z.array(z.object({ url: z.string() })).optional(),\n severity: Severity,\n cvss_severities: z\n .object({\n cvss_v3: CvssSeverity.nullish(),\n cvss_v4: CvssSeverity.nullish(),\n })\n .nullish(),\n});\nexport type SecurityAdvisory = z.infer<typeof SecurityAdvisory>;\n\nexport const GithubVulnerabilityAlerts = LooseArray(\n z.object({\n dismissed_reason: z.string().nullish(),\n security_advisory: SecurityAdvisory,\n security_vulnerability: SecurityVulnerability,\n dependency: z.object({\n manifest_path: z.string(),\n }),\n }),\n {\n onError: ({ error }) => {\n logger.debug(\n { error },\n 'Vulnerability Alert: Failed to parse some alerts',\n );\n },\n },\n).transform((alerts) =>\n alerts.filter((alert) => alert.security_vulnerability?.package?.ecosystem),\n);\nexport type GithubVulnerabilityAlerts = z.infer<\n typeof GithubVulnerabilityAlerts\n>;\nexport type GithubVulnerabilityAlert = GithubVulnerabilityAlerts[number];\n\n// https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#get-repository-content\nconst GithubResponseMetadata = z.object({\n name: z.string(),\n path: z.string(),\n});\n\nexport const GithubFileMeta = GithubResponseMetadata.extend({\n type: z.literal('file'),\n});\nexport type GithubFileMeta = z.infer<typeof GithubFileMeta>;\n\nexport const GithubFile = GithubFileMeta.extend({\n content: z.string(),\n encoding: z.string(),\n});\nexport type GithubFile = z.infer<typeof GithubFile>;\n\nexport const GithubDirectory = GithubResponseMetadata.extend({\n type: z.literal('dir'),\n});\n\nexport type GithubDirectory = z.infer<typeof GithubDirectory>;\n\nexport const GithubOtherContent = GithubResponseMetadata.extend({\n type: z.literal('symlink').or(z.literal('submodule')),\n});\n\nexport type GithubOtherContent = z.infer<typeof GithubOtherContent>;\n\nexport const GithubElement = GithubFile.or(GithubFileMeta)\n .or(GithubDirectory)\n .or(GithubOtherContent);\nexport type GithubElement = z.infer<typeof GithubElement>;\n\nexport const GithubContentResponse = z.array(GithubElement).or(GithubElement);\n\nexport const GithubBranchProtection = z.object({\n required_status_checks: z\n .object({\n strict: z.boolean(),\n })\n .nullish()\n .optional(),\n});\nexport type GithubBranchProtection = z.infer<typeof GithubBranchProtection>;\n\nconst GithubRulesetRule = z.discriminatedUnion('type', [\n z.object({\n type: z.literal('non_fast_forward'),\n }),\n z.object({\n type: z.literal('required_status_checks'),\n parameters: z.object({\n strict_required_status_checks_policy: z.boolean().optional(),\n }),\n }),\n // prevents deletion\n z.object({\n type: z.literal('deletion'),\n }),\n]);\n\nexport const GithubBranchRulesets = LooseArray(GithubRulesetRule);\nexport type GithubBranchRulesets = z.infer<typeof GithubBranchRulesets>;\n"],"mappings":";;;;AAIA,MAAM,YAAY,EAAE,KAAK;CACvB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAGF,MAAM,UAAU,EAAE,OAAO;CACvB,WAAW,UAAU,OAAO,QAAQ;AAClC,SAAO,MACL,EAAE,WAAW,IAAI,OAAO,EACxB,0DACD;GAED;CACF,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAM,WAAW,EAAE,KAAK;CAAC;CAAO;CAAU;CAAQ;CAAW,CAAC;AAE9D,MAAM,wBAAwB,EAC3B,OAAO;CACN,uBAAuB,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAC,SAAS;CACrE,SAAS;CACT,UAAU;CACV,0BAA0B,EAAE,QAAQ;CACrC,CAAC,CACD,UAAU;AAEb,MAAM,eAAe,EAAE,OAAO;CAC5B,eAAe,EAAE,QAAQ,CAAC,UAAU;CACpC,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC7B,CAAC;AAEF,MAAM,mBAAmB,EAAE,OAAO;CAChC,SAAS,EAAE,QAAQ;CACnB,SAAS,EAAE,QAAQ;CACnB,aAAa,EAAE,QAAQ;CACvB,aAAa,EAAE,MACb,EAAE,OAAO;EACP,MAAM,EAAE,QAAQ;EAChB,OAAO,EAAE,QAAQ;EAClB,CAAC,CACH;CACD,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,UAAU;CAC7D,UAAU;CACV,iBAAiB,EACd,OAAO;EACN,SAAS,aAAa,SAAS;EAC/B,SAAS,aAAa,SAAS;EAChC,CAAC,CACD,SAAS;CACb,CAAC;AAGF,MAAa,4BAA4B,WACvC,EAAE,OAAO;CACP,kBAAkB,EAAE,QAAQ,CAAC,SAAS;CACtC,mBAAmB;CACnB,wBAAwB;CACxB,YAAY,EAAE,OAAO,EACnB,eAAe,EAAE,QAAQ,EAC1B,CAAC;CACH,CAAC,EACF,EACE,UAAU,EAAE,YAAY;AACtB,QAAO,MACL,EAAE,OAAO,EACT,mDACD;GAEJ,CACF,CAAC,WAAW,WACX,OAAO,QAAQ,UAAU,MAAM,wBAAwB,SAAS,UAAU,CAC3E;AAOD,MAAM,yBAAyB,EAAE,OAAO;CACtC,MAAM,EAAE,QAAQ;CAChB,MAAM,EAAE,QAAQ;CACjB,CAAC;AAEF,MAAa,iBAAiB,uBAAuB,OAAO,EAC1D,MAAM,EAAE,QAAQ,OAAO,EACxB,CAAC;AAGF,MAAa,aAAa,eAAe,OAAO;CAC9C,SAAS,EAAE,QAAQ;CACnB,UAAU,EAAE,QAAQ;CACrB,CAAC;AAGF,MAAa,kBAAkB,uBAAuB,OAAO,EAC3D,MAAM,EAAE,QAAQ,MAAM,EACvB,CAAC;AAIF,MAAa,qBAAqB,uBAAuB,OAAO,EAC9D,MAAM,EAAE,QAAQ,UAAU,CAAC,GAAG,EAAE,QAAQ,YAAY,CAAC,EACtD,CAAC;AAIF,MAAa,gBAAgB,WAAW,GAAG,eAAe,CACvD,GAAG,gBAAgB,CACnB,GAAG,mBAAmB;AAGzB,MAAa,wBAAwB,EAAE,MAAM,cAAc,CAAC,GAAG,cAAc;AAE7E,MAAa,yBAAyB,EAAE,OAAO,EAC7C,wBAAwB,EACrB,OAAO,EACN,QAAQ,EAAE,SAAS,EACpB,CAAC,CACD,SAAS,CACT,UAAU,EACd,CAAC;AAmBF,MAAa,uBAAuB,WAhBV,EAAE,mBAAmB,QAAQ;CACrD,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,mBAAmB,EACpC,CAAC;CACF,EAAE,OAAO;EACP,MAAM,EAAE,QAAQ,yBAAyB;EACzC,YAAY,EAAE,OAAO,EACnB,sCAAsC,EAAE,SAAS,CAAC,UAAU,EAC7D,CAAC;EACH,CAAC;CAEF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,WAAW,EAC5B,CAAC;CACH,CAAC,CAE+D"}
|
|
@@ -8,6 +8,12 @@ interface NewValueConfig {
|
|
|
8
8
|
currentVersion?: string;
|
|
9
9
|
newVersion: string;
|
|
10
10
|
isReplacement?: boolean;
|
|
11
|
+
/**
|
|
12
|
+
* All versions numbers that this given Release has.
|
|
13
|
+
*
|
|
14
|
+
* Allows Versioning modules to determine whether the version they're proposing matches a known version.
|
|
15
|
+
*/
|
|
16
|
+
allVersions?: string[];
|
|
11
17
|
}
|
|
12
18
|
interface VersioningApi {
|
|
13
19
|
/**
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { NO_VULNERABILITY_ALERTS } from "../../../constants/error-messages.js";
|
|
2
|
-
import { escapeRegExp } from "../../../util/regex.js";
|
|
2
|
+
import { escapeRegExp, regEx } from "../../../util/regex.js";
|
|
3
3
|
import { titleCase } from "../../../util/string.js";
|
|
4
4
|
import { logger } from "../../../logger/index.js";
|
|
5
5
|
import { id } from "../../../modules/versioning/pep440/index.js";
|
|
@@ -70,26 +70,7 @@ async function detectVulnerabilityAlerts(input) {
|
|
|
70
70
|
if (!val.firstPatchedVersion) continue;
|
|
71
71
|
let prBodyNotes = [];
|
|
72
72
|
try {
|
|
73
|
-
prBodyNotes =
|
|
74
|
-
const identifiers = advisory.identifiers;
|
|
75
|
-
const description = advisory.description;
|
|
76
|
-
let content = "#### ";
|
|
77
|
-
let heading;
|
|
78
|
-
if (identifiers.some((id) => id.type === "CVE")) heading = identifiers.filter((id) => id.type === "CVE").map((id) => id.value).join(" / ");
|
|
79
|
-
else heading = identifiers.map((id) => id.value).join(" / ");
|
|
80
|
-
if (advisory.references?.length) heading = `[${heading}](${advisory.references[0].url})`;
|
|
81
|
-
content += heading;
|
|
82
|
-
content += "\n\n";
|
|
83
|
-
content += sanitizeMarkdown(description);
|
|
84
|
-
content += "\n\n##### Severity\n";
|
|
85
|
-
const { cvss_v4, cvss_v3 } = advisory.cvss_severities ?? {};
|
|
86
|
-
const cvss = cvss_v4?.vector_string ? cvss_v4 : cvss_v3;
|
|
87
|
-
if (is.number(cvss?.score) && cvss?.vector_string) {
|
|
88
|
-
content += `- CVSS Score: ${cvss.score.toFixed(1)} / 10 (${titleCase(advisory.severity)})\n`;
|
|
89
|
-
content += `- Vector String: \`${cvss.vector_string}\``;
|
|
90
|
-
} else content += titleCase(advisory.severity);
|
|
91
|
-
return content;
|
|
92
|
-
}));
|
|
73
|
+
prBodyNotes = val.advisories.flatMap((advisory) => generatePrBodyNotes(advisory));
|
|
93
74
|
} catch (err) /* istanbul ignore next */ {
|
|
94
75
|
logger.warn({ err }, "Error generating vulnerability PR notes");
|
|
95
76
|
}
|
|
@@ -115,6 +96,30 @@ async function detectVulnerabilityAlerts(input) {
|
|
|
115
96
|
config.packageRules = (config.packageRules ?? []).concat(alertPackageRules);
|
|
116
97
|
return config;
|
|
117
98
|
}
|
|
99
|
+
function generatePrBodyNotes(advisory) {
|
|
100
|
+
const aliases = advisory.identifiers.map((id) => id.value).sort().map((id) => {
|
|
101
|
+
if (id.startsWith("CVE-")) return `[${id}](https://nvd.nist.gov/vuln/detail/${id})`;
|
|
102
|
+
if (id.startsWith("GHSA-")) return `[${id}](https://github.com/advisories/${id})`;
|
|
103
|
+
return id;
|
|
104
|
+
});
|
|
105
|
+
let content = "\n\n---\n\n### ";
|
|
106
|
+
content += `${advisory.summary}\n`;
|
|
107
|
+
content += `${aliases.join(" / ")}\n`;
|
|
108
|
+
content += `\n<details>\n<summary>More information</summary>\n`;
|
|
109
|
+
const details = advisory.description.replace(regEx(/^#{1,4} /gm), "##### ");
|
|
110
|
+
content += `#### Details\n${details}\n`;
|
|
111
|
+
content += "#### Severity\n";
|
|
112
|
+
const { cvss_v4, cvss_v3 } = advisory.cvss_severities ?? {};
|
|
113
|
+
const cvss = cvss_v4?.vector_string ? cvss_v4 : cvss_v3;
|
|
114
|
+
if (is.number(cvss?.score) && cvss?.vector_string) {
|
|
115
|
+
content += `- CVSS Score: ${cvss.score.toFixed(1)} / 10 (${titleCase(advisory.severity)})\n`;
|
|
116
|
+
content += `- Vector String: \`${cvss.vector_string}\`\n`;
|
|
117
|
+
} else content += `${titleCase(advisory.severity)}\n`;
|
|
118
|
+
content += `\n#### References\n${advisory.references?.map((ref) => `- [${ref.url}](${ref.url})`).join("\n") ?? "No references."}`;
|
|
119
|
+
content += `\n\nThis data is provided by the [GitHub Advisory Database](https://github.com/advisories/${advisory.ghsa_id}) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).\n`;
|
|
120
|
+
content += `</details>`;
|
|
121
|
+
return [sanitizeMarkdown(content)];
|
|
122
|
+
}
|
|
118
123
|
//#endregion
|
|
119
124
|
export { detectVulnerabilityAlerts };
|
|
120
125
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vulnerability.js","names":["semverVersioning.id","composerVersioning.id","mavenVersioning.id","pep440Versioning.id","rubyVersioning.id","allVersioning.get"],"sources":["../../../../lib/workers/repository/init/vulnerability.ts"],"sourcesContent":["import is from '@sindresorhus/is';\nimport type { PackageRule, RenovateConfig } from '../../../config/types.ts';\nimport { NO_VULNERABILITY_ALERTS } from '../../../constants/error-messages.ts';\nimport { logger } from '../../../logger/index.ts';\nimport { GithubTagsDatasource } from '../../../modules/datasource/github-tags/index.ts';\nimport { MavenDatasource } from '../../../modules/datasource/maven/index.ts';\nimport { NugetDatasource } from '../../../modules/datasource/nuget/index.ts';\nimport type { SecurityAdvisory } from '../../../modules/platform/github/schema.ts';\nimport { platform } from '../../../modules/platform/index.ts';\nimport * as composerVersioning from '../../../modules/versioning/composer/index.ts';\nimport * as allVersioning from '../../../modules/versioning/index.ts';\nimport * as mavenVersioning from '../../../modules/versioning/maven/index.ts';\nimport * as npmVersioning from '../../../modules/versioning/npm/index.ts';\nimport * as pep440Versioning from '../../../modules/versioning/pep440/index.ts';\nimport * as rubyVersioning from '../../../modules/versioning/ruby/index.ts';\nimport * as semverVersioning from '../../../modules/versioning/semver/index.ts';\nimport { sanitizeMarkdown } from '../../../util/markdown.ts';\nimport { escapeRegExp } from '../../../util/regex.ts';\nimport { titleCase } from '../../../util/string.ts';\nimport { githubEcosystemToDatasource } from '../../../util/vulnerability/ecosystem.ts';\nimport {\n getFixedVersionConstraint,\n getHighestVulnerabilitySeverity,\n} from '../../../util/vulnerability/utils.ts';\n\ntype Datasource = string;\ntype DependencyName = string;\n\ntype CombinedAlert = Record<\n Datasource,\n Record<\n DependencyName,\n {\n advisories: SecurityAdvisory[];\n firstPatchedVersion?: string;\n severity?: string;\n }\n >\n>;\n\nexport function getFixedVersionByDatasource(\n fixedVersion: string,\n datasource: string,\n): string {\n return getFixedVersionConstraint(fixedVersion, datasource);\n}\n\n// TODO can return `null` and `undefined` (#22198)\nexport async function detectVulnerabilityAlerts(\n input: RenovateConfig,\n): Promise<RenovateConfig> {\n if (!input?.vulnerabilityAlerts) {\n return input;\n }\n if (input.vulnerabilityAlerts.enabled === false) {\n logger.debug('Vulnerability alerts are disabled');\n return input;\n }\n const alerts = await platform.getVulnerabilityAlerts?.();\n if (!alerts?.length) {\n logger.debug('No vulnerability alerts found');\n if (input.vulnerabilityAlertsOnly) {\n throw new Error(NO_VULNERABILITY_ALERTS);\n }\n return input;\n }\n const config = { ...input };\n const versionings: Record<string, string> = {\n 'github-tags': semverVersioning.id,\n go: semverVersioning.id,\n packagist: composerVersioning.id,\n maven: mavenVersioning.id,\n npm: npmVersioning.id,\n nuget: semverVersioning.id,\n pypi: pep440Versioning.id,\n rubygems: rubyVersioning.id,\n };\n const combinedAlerts: CombinedAlert = {};\n for (const alert of alerts) {\n try {\n if (alert.dismissed_reason) {\n continue;\n }\n if (!alert.security_vulnerability?.first_patched_version) {\n logger.debug(\n { alert },\n 'Vulnerability alert has no firstPatchedVersion - skipping',\n );\n continue;\n }\n const datasource =\n githubEcosystemToDatasource[\n alert.security_vulnerability.package.ecosystem\n ];\n const depName = alert.security_vulnerability.package.name;\n const firstPatchedVersion =\n alert.security_vulnerability.first_patched_version.identifier;\n const advisory = alert.security_advisory;\n\n combinedAlerts[datasource] ??= {};\n combinedAlerts[datasource][depName] ??= {\n advisories: [],\n };\n const alertDetails = combinedAlerts[datasource][depName];\n alertDetails.advisories.push(advisory);\n alertDetails.severity = getHighestVulnerabilitySeverity(\n { vulnerabilitySeverity: alertDetails.severity },\n { vulnerabilitySeverity: alert.security_vulnerability.severity },\n );\n const versioningApi = allVersioning.get(versionings[datasource]);\n if (versioningApi.isVersion(firstPatchedVersion)) {\n if (\n !alertDetails.firstPatchedVersion ||\n versioningApi.isGreaterThan(\n firstPatchedVersion,\n alertDetails.firstPatchedVersion,\n )\n ) {\n alertDetails.firstPatchedVersion = firstPatchedVersion;\n }\n } else {\n logger.debug('Invalid firstPatchedVersion: ' + firstPatchedVersion);\n }\n } catch (err) {\n logger.warn({ err }, 'Error parsing vulnerability alert');\n }\n }\n const alertPackageRules: PackageRule[] = [];\n config.remediations = {} as never;\n for (const [datasource, dependencies] of Object.entries(combinedAlerts)) {\n for (const [depName, val] of Object.entries(dependencies)) {\n if (!val.firstPatchedVersion) {\n continue;\n }\n\n let prBodyNotes: string[] = [];\n try {\n prBodyNotes = ['### GitHub Vulnerability Alerts'].concat(\n val.advisories.map((advisory) => {\n const identifiers = advisory.identifiers;\n const description = advisory.description;\n let content = '#### ';\n let heading: string;\n if (identifiers.some((id) => id.type === 'CVE')) {\n heading = identifiers\n .filter((id) => id.type === 'CVE')\n .map((id) => id.value)\n .join(' / ');\n } else {\n heading = identifiers.map((id) => id.value).join(' / ');\n }\n if (advisory.references?.length) {\n heading = `[${heading}](${advisory.references[0].url})`;\n }\n content += heading;\n content += '\\n\\n';\n\n content += sanitizeMarkdown(description);\n\n content += '\\n\\n##### Severity\\n';\n const { cvss_v4, cvss_v3 } = advisory.cvss_severities ?? {};\n const cvss = cvss_v4?.vector_string ? cvss_v4 : cvss_v3;\n if (is.number(cvss?.score) && cvss?.vector_string) {\n content += `- CVSS Score: ${cvss.score.toFixed(1)} / 10 (${titleCase(advisory.severity)})\\n`;\n content += `- Vector String: \\`${cvss.vector_string}\\``;\n } else {\n content += titleCase(advisory.severity);\n }\n\n return content;\n }),\n );\n } catch (err) /* istanbul ignore next */ {\n logger.warn({ err }, 'Error generating vulnerability PR notes');\n }\n let matchRule: PackageRule = {\n matchDatasources: [datasource],\n matchPackageNames: [depName],\n };\n\n let matchCurrentVersion = `< ${val.firstPatchedVersion}`;\n if (\n datasource === MavenDatasource.id ||\n datasource === NugetDatasource.id\n ) {\n matchCurrentVersion = `(,${val.firstPatchedVersion})`;\n } else if (datasource === GithubTagsDatasource.id) {\n matchCurrentVersion = `!/^${escapeRegExp(val.firstPatchedVersion)}$/`;\n }\n\n matchRule = {\n ...matchRule,\n matchCurrentVersion,\n vulnerabilityFixVersion: val.firstPatchedVersion,\n vulnerabilitySeverity: val.severity,\n prBodyNotes,\n isVulnerabilityAlert: true,\n force: {\n ...config.vulnerabilityAlerts,\n },\n };\n alertPackageRules.push(matchRule);\n }\n }\n logger.debug({ alertPackageRules }, 'alert package rules');\n config.packageRules = (config.packageRules ?? []).concat(alertPackageRules);\n return config;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgDA,eAAsB,0BACpB,OACyB;AACzB,KAAI,CAAC,OAAO,oBACV,QAAO;AAET,KAAI,MAAM,oBAAoB,YAAY,OAAO;AAC/C,SAAO,MAAM,oCAAoC;AACjD,SAAO;;CAET,MAAM,SAAS,MAAM,SAAS,0BAA0B;AACxD,KAAI,CAAC,QAAQ,QAAQ;AACnB,SAAO,MAAM,gCAAgC;AAC7C,MAAI,MAAM,wBACR,OAAM,IAAI,MAAM,wBAAwB;AAE1C,SAAO;;CAET,MAAM,SAAS,EAAE,GAAG,OAAO;CAC3B,MAAM,cAAsC;EAC1C,eAAeA;EACf,IAAIA;EACJ,WAAWC;EACX,OAAOC;EACP,KAAK;EACL,OAAOF;EACP,MAAMG;EACN,UAAUC;EACX;CACD,MAAM,iBAAgC,EAAE;AACxC,MAAK,MAAM,SAAS,OAClB,KAAI;AACF,MAAI,MAAM,iBACR;AAEF,MAAI,CAAC,MAAM,wBAAwB,uBAAuB;AACxD,UAAO,MACL,EAAE,OAAO,EACT,4DACD;AACD;;EAEF,MAAM,aACJ,4BACE,MAAM,uBAAuB,QAAQ;EAEzC,MAAM,UAAU,MAAM,uBAAuB,QAAQ;EACrD,MAAM,sBACJ,MAAM,uBAAuB,sBAAsB;EACrD,MAAM,WAAW,MAAM;AAEvB,iBAAe,gBAAgB,EAAE;AACjC,iBAAe,YAAY,aAAa,EACtC,YAAY,EAAE,EACf;EACD,MAAM,eAAe,eAAe,YAAY;AAChD,eAAa,WAAW,KAAK,SAAS;AACtC,eAAa,WAAW,gCACtB,EAAE,uBAAuB,aAAa,UAAU,EAChD,EAAE,uBAAuB,MAAM,uBAAuB,UAAU,CACjE;EACD,MAAM,gBAAgBC,IAAkB,YAAY,YAAY;AAChE,MAAI,cAAc,UAAU,oBAAoB;OAE5C,CAAC,aAAa,uBACd,cAAc,cACZ,qBACA,aAAa,oBACd,CAED,cAAa,sBAAsB;QAGrC,QAAO,MAAM,kCAAkC,oBAAoB;UAE9D,KAAK;AACZ,SAAO,KAAK,EAAE,KAAK,EAAE,oCAAoC;;CAG7D,MAAM,oBAAmC,EAAE;AAC3C,QAAO,eAAe,EAAE;AACxB,MAAK,MAAM,CAAC,YAAY,iBAAiB,OAAO,QAAQ,eAAe,CACrE,MAAK,MAAM,CAAC,SAAS,QAAQ,OAAO,QAAQ,aAAa,EAAE;AACzD,MAAI,CAAC,IAAI,oBACP;EAGF,IAAI,cAAwB,EAAE;AAC9B,MAAI;AACF,iBAAc,CAAC,kCAAkC,CAAC,OAChD,IAAI,WAAW,KAAK,aAAa;IAC/B,MAAM,cAAc,SAAS;IAC7B,MAAM,cAAc,SAAS;IAC7B,IAAI,UAAU;IACd,IAAI;AACJ,QAAI,YAAY,MAAM,OAAO,GAAG,SAAS,MAAM,CAC7C,WAAU,YACP,QAAQ,OAAO,GAAG,SAAS,MAAM,CACjC,KAAK,OAAO,GAAG,MAAM,CACrB,KAAK,MAAM;QAEd,WAAU,YAAY,KAAK,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM;AAEzD,QAAI,SAAS,YAAY,OACvB,WAAU,IAAI,QAAQ,IAAI,SAAS,WAAW,GAAG,IAAI;AAEvD,eAAW;AACX,eAAW;AAEX,eAAW,iBAAiB,YAAY;AAExC,eAAW;IACX,MAAM,EAAE,SAAS,YAAY,SAAS,mBAAmB,EAAE;IAC3D,MAAM,OAAO,SAAS,gBAAgB,UAAU;AAChD,QAAI,GAAG,OAAO,MAAM,MAAM,IAAI,MAAM,eAAe;AACjD,gBAAW,iBAAiB,KAAK,MAAM,QAAQ,EAAE,CAAC,SAAS,UAAU,SAAS,SAAS,CAAC;AACxF,gBAAW,sBAAsB,KAAK,cAAc;UAEpD,YAAW,UAAU,SAAS,SAAS;AAGzC,WAAO;KACP,CACH;WACM,kCAAgC;AACvC,UAAO,KAAK,EAAE,KAAK,EAAE,0CAA0C;;EAEjE,IAAI,YAAyB;GAC3B,kBAAkB,CAAC,WAAW;GAC9B,mBAAmB,CAAC,QAAQ;GAC7B;EAED,IAAI,sBAAsB,KAAK,IAAI;AACnC,MACE,eAAe,gBAAgB,MAC/B,eAAe,gBAAgB,GAE/B,uBAAsB,KAAK,IAAI,oBAAoB;WAC1C,eAAe,qBAAqB,GAC7C,uBAAsB,MAAM,aAAa,IAAI,oBAAoB,CAAC;AAGpE,cAAY;GACV,GAAG;GACH;GACA,yBAAyB,IAAI;GAC7B,uBAAuB,IAAI;GAC3B;GACA,sBAAsB;GACtB,OAAO,EACL,GAAG,OAAO,qBACX;GACF;AACD,oBAAkB,KAAK,UAAU;;AAGrC,QAAO,MAAM,EAAE,mBAAmB,EAAE,sBAAsB;AAC1D,QAAO,gBAAgB,OAAO,gBAAgB,EAAE,EAAE,OAAO,kBAAkB;AAC3E,QAAO"}
|
|
1
|
+
{"version":3,"file":"vulnerability.js","names":["semverVersioning.id","composerVersioning.id","mavenVersioning.id","pep440Versioning.id","rubyVersioning.id","allVersioning.get"],"sources":["../../../../lib/workers/repository/init/vulnerability.ts"],"sourcesContent":["import is from '@sindresorhus/is';\nimport type { PackageRule, RenovateConfig } from '../../../config/types.ts';\nimport { NO_VULNERABILITY_ALERTS } from '../../../constants/error-messages.ts';\nimport { logger } from '../../../logger/index.ts';\nimport { GithubTagsDatasource } from '../../../modules/datasource/github-tags/index.ts';\nimport { MavenDatasource } from '../../../modules/datasource/maven/index.ts';\nimport { NugetDatasource } from '../../../modules/datasource/nuget/index.ts';\nimport type { SecurityAdvisory } from '../../../modules/platform/github/schema.ts';\nimport { platform } from '../../../modules/platform/index.ts';\nimport * as composerVersioning from '../../../modules/versioning/composer/index.ts';\nimport * as allVersioning from '../../../modules/versioning/index.ts';\nimport * as mavenVersioning from '../../../modules/versioning/maven/index.ts';\nimport * as npmVersioning from '../../../modules/versioning/npm/index.ts';\nimport * as pep440Versioning from '../../../modules/versioning/pep440/index.ts';\nimport * as rubyVersioning from '../../../modules/versioning/ruby/index.ts';\nimport * as semverVersioning from '../../../modules/versioning/semver/index.ts';\nimport { sanitizeMarkdown } from '../../../util/markdown.ts';\nimport { escapeRegExp, regEx } from '../../../util/regex.ts';\nimport { titleCase } from '../../../util/string.ts';\nimport { githubEcosystemToDatasource } from '../../../util/vulnerability/ecosystem.ts';\nimport {\n getFixedVersionConstraint,\n getHighestVulnerabilitySeverity,\n} from '../../../util/vulnerability/utils.ts';\n\ntype Datasource = string;\ntype DependencyName = string;\n\ntype CombinedAlert = Record<\n Datasource,\n Record<\n DependencyName,\n {\n advisories: SecurityAdvisory[];\n firstPatchedVersion?: string;\n severity?: string;\n }\n >\n>;\n\nexport function getFixedVersionByDatasource(\n fixedVersion: string,\n datasource: string,\n): string {\n return getFixedVersionConstraint(fixedVersion, datasource);\n}\n\n// TODO can return `null` and `undefined` (#22198)\nexport async function detectVulnerabilityAlerts(\n input: RenovateConfig,\n): Promise<RenovateConfig> {\n if (!input?.vulnerabilityAlerts) {\n return input;\n }\n if (input.vulnerabilityAlerts.enabled === false) {\n logger.debug('Vulnerability alerts are disabled');\n return input;\n }\n const alerts = await platform.getVulnerabilityAlerts?.();\n if (!alerts?.length) {\n logger.debug('No vulnerability alerts found');\n if (input.vulnerabilityAlertsOnly) {\n throw new Error(NO_VULNERABILITY_ALERTS);\n }\n return input;\n }\n const config = { ...input };\n const versionings: Record<string, string> = {\n 'github-tags': semverVersioning.id,\n go: semverVersioning.id,\n packagist: composerVersioning.id,\n maven: mavenVersioning.id,\n npm: npmVersioning.id,\n nuget: semverVersioning.id,\n pypi: pep440Versioning.id,\n rubygems: rubyVersioning.id,\n };\n const combinedAlerts: CombinedAlert = {};\n for (const alert of alerts) {\n try {\n if (alert.dismissed_reason) {\n continue;\n }\n if (!alert.security_vulnerability?.first_patched_version) {\n logger.debug(\n { alert },\n 'Vulnerability alert has no firstPatchedVersion - skipping',\n );\n continue;\n }\n const datasource =\n githubEcosystemToDatasource[\n alert.security_vulnerability.package.ecosystem\n ];\n const depName = alert.security_vulnerability.package.name;\n const firstPatchedVersion =\n alert.security_vulnerability.first_patched_version.identifier;\n const advisory = alert.security_advisory;\n\n combinedAlerts[datasource] ??= {};\n combinedAlerts[datasource][depName] ??= {\n advisories: [],\n };\n const alertDetails = combinedAlerts[datasource][depName];\n alertDetails.advisories.push(advisory);\n alertDetails.severity = getHighestVulnerabilitySeverity(\n { vulnerabilitySeverity: alertDetails.severity },\n { vulnerabilitySeverity: alert.security_vulnerability.severity },\n );\n const versioningApi = allVersioning.get(versionings[datasource]);\n if (versioningApi.isVersion(firstPatchedVersion)) {\n if (\n !alertDetails.firstPatchedVersion ||\n versioningApi.isGreaterThan(\n firstPatchedVersion,\n alertDetails.firstPatchedVersion,\n )\n ) {\n alertDetails.firstPatchedVersion = firstPatchedVersion;\n }\n } else {\n logger.debug('Invalid firstPatchedVersion: ' + firstPatchedVersion);\n }\n } catch (err) {\n logger.warn({ err }, 'Error parsing vulnerability alert');\n }\n }\n const alertPackageRules: PackageRule[] = [];\n config.remediations = {} as never;\n for (const [datasource, dependencies] of Object.entries(combinedAlerts)) {\n for (const [depName, val] of Object.entries(dependencies)) {\n if (!val.firstPatchedVersion) {\n continue;\n }\n\n let prBodyNotes: string[] = [];\n try {\n prBodyNotes = val.advisories.flatMap((advisory) =>\n generatePrBodyNotes(advisory),\n );\n } catch (err) /* istanbul ignore next */ {\n logger.warn({ err }, 'Error generating vulnerability PR notes');\n }\n let matchRule: PackageRule = {\n matchDatasources: [datasource],\n matchPackageNames: [depName],\n };\n\n let matchCurrentVersion = `< ${val.firstPatchedVersion}`;\n if (\n datasource === MavenDatasource.id ||\n datasource === NugetDatasource.id\n ) {\n matchCurrentVersion = `(,${val.firstPatchedVersion})`;\n } else if (datasource === GithubTagsDatasource.id) {\n matchCurrentVersion = `!/^${escapeRegExp(val.firstPatchedVersion)}$/`;\n }\n\n matchRule = {\n ...matchRule,\n matchCurrentVersion,\n vulnerabilityFixVersion: val.firstPatchedVersion,\n vulnerabilitySeverity: val.severity,\n prBodyNotes,\n isVulnerabilityAlert: true,\n force: {\n ...config.vulnerabilityAlerts,\n },\n };\n alertPackageRules.push(matchRule);\n }\n }\n logger.debug({ alertPackageRules }, 'alert package rules');\n config.packageRules = (config.packageRules ?? []).concat(alertPackageRules);\n return config;\n}\n\nfunction generatePrBodyNotes(advisory: SecurityAdvisory): string[] {\n const aliases = advisory.identifiers\n .map((id) => id.value)\n .sort()\n .map((id) => {\n if (id.startsWith('CVE-')) {\n return `[${id}](https://nvd.nist.gov/vuln/detail/${id})`;\n }\n if (id.startsWith('GHSA-')) {\n return `[${id}](https://github.com/advisories/${id})`;\n }\n return id;\n });\n\n let content = '\\n\\n---\\n\\n### ';\n content += `${advisory.summary}\\n`;\n content += `${aliases.join(' / ')}\\n`;\n content += `\\n<details>\\n<summary>More information</summary>\\n`;\n\n const details = advisory.description.replace(regEx(/^#{1,4} /gm), '##### ');\n content += `#### Details\\n${details}\\n`;\n\n content += '#### Severity\\n';\n const { cvss_v4, cvss_v3 } = advisory.cvss_severities ?? {};\n const cvss = cvss_v4?.vector_string ? cvss_v4 : cvss_v3;\n if (is.number(cvss?.score) && cvss?.vector_string) {\n content += `- CVSS Score: ${cvss.score.toFixed(1)} / 10 (${titleCase(advisory.severity)})\\n`;\n content += `- Vector String: \\`${cvss.vector_string}\\`\\n`;\n } else {\n content += `${titleCase(advisory.severity)}\\n`;\n }\n\n content += `\\n#### References\\n${\n advisory.references\n ?.map((ref) => `- [${ref.url}](${ref.url})`)\n .join('\\n') ?? 'No references.'\n }`;\n\n content += `\\n\\nThis data is provided by the [GitHub Advisory Database](https://github.com/advisories/${advisory.ghsa_id}) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).\\n`;\n content += `</details>`;\n\n return [sanitizeMarkdown(content)];\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgDA,eAAsB,0BACpB,OACyB;AACzB,KAAI,CAAC,OAAO,oBACV,QAAO;AAET,KAAI,MAAM,oBAAoB,YAAY,OAAO;AAC/C,SAAO,MAAM,oCAAoC;AACjD,SAAO;;CAET,MAAM,SAAS,MAAM,SAAS,0BAA0B;AACxD,KAAI,CAAC,QAAQ,QAAQ;AACnB,SAAO,MAAM,gCAAgC;AAC7C,MAAI,MAAM,wBACR,OAAM,IAAI,MAAM,wBAAwB;AAE1C,SAAO;;CAET,MAAM,SAAS,EAAE,GAAG,OAAO;CAC3B,MAAM,cAAsC;EAC1C,eAAeA;EACf,IAAIA;EACJ,WAAWC;EACX,OAAOC;EACP,KAAK;EACL,OAAOF;EACP,MAAMG;EACN,UAAUC;EACX;CACD,MAAM,iBAAgC,EAAE;AACxC,MAAK,MAAM,SAAS,OAClB,KAAI;AACF,MAAI,MAAM,iBACR;AAEF,MAAI,CAAC,MAAM,wBAAwB,uBAAuB;AACxD,UAAO,MACL,EAAE,OAAO,EACT,4DACD;AACD;;EAEF,MAAM,aACJ,4BACE,MAAM,uBAAuB,QAAQ;EAEzC,MAAM,UAAU,MAAM,uBAAuB,QAAQ;EACrD,MAAM,sBACJ,MAAM,uBAAuB,sBAAsB;EACrD,MAAM,WAAW,MAAM;AAEvB,iBAAe,gBAAgB,EAAE;AACjC,iBAAe,YAAY,aAAa,EACtC,YAAY,EAAE,EACf;EACD,MAAM,eAAe,eAAe,YAAY;AAChD,eAAa,WAAW,KAAK,SAAS;AACtC,eAAa,WAAW,gCACtB,EAAE,uBAAuB,aAAa,UAAU,EAChD,EAAE,uBAAuB,MAAM,uBAAuB,UAAU,CACjE;EACD,MAAM,gBAAgBC,IAAkB,YAAY,YAAY;AAChE,MAAI,cAAc,UAAU,oBAAoB;OAE5C,CAAC,aAAa,uBACd,cAAc,cACZ,qBACA,aAAa,oBACd,CAED,cAAa,sBAAsB;QAGrC,QAAO,MAAM,kCAAkC,oBAAoB;UAE9D,KAAK;AACZ,SAAO,KAAK,EAAE,KAAK,EAAE,oCAAoC;;CAG7D,MAAM,oBAAmC,EAAE;AAC3C,QAAO,eAAe,EAAE;AACxB,MAAK,MAAM,CAAC,YAAY,iBAAiB,OAAO,QAAQ,eAAe,CACrE,MAAK,MAAM,CAAC,SAAS,QAAQ,OAAO,QAAQ,aAAa,EAAE;AACzD,MAAI,CAAC,IAAI,oBACP;EAGF,IAAI,cAAwB,EAAE;AAC9B,MAAI;AACF,iBAAc,IAAI,WAAW,SAAS,aACpC,oBAAoB,SAAS,CAC9B;WACM,kCAAgC;AACvC,UAAO,KAAK,EAAE,KAAK,EAAE,0CAA0C;;EAEjE,IAAI,YAAyB;GAC3B,kBAAkB,CAAC,WAAW;GAC9B,mBAAmB,CAAC,QAAQ;GAC7B;EAED,IAAI,sBAAsB,KAAK,IAAI;AACnC,MACE,eAAe,gBAAgB,MAC/B,eAAe,gBAAgB,GAE/B,uBAAsB,KAAK,IAAI,oBAAoB;WAC1C,eAAe,qBAAqB,GAC7C,uBAAsB,MAAM,aAAa,IAAI,oBAAoB,CAAC;AAGpE,cAAY;GACV,GAAG;GACH;GACA,yBAAyB,IAAI;GAC7B,uBAAuB,IAAI;GAC3B;GACA,sBAAsB;GACtB,OAAO,EACL,GAAG,OAAO,qBACX;GACF;AACD,oBAAkB,KAAK,UAAU;;AAGrC,QAAO,MAAM,EAAE,mBAAmB,EAAE,sBAAsB;AAC1D,QAAO,gBAAgB,OAAO,gBAAgB,EAAE,EAAE,OAAO,kBAAkB;AAC3E,QAAO;;AAGT,SAAS,oBAAoB,UAAsC;CACjE,MAAM,UAAU,SAAS,YACtB,KAAK,OAAO,GAAG,MAAM,CACrB,MAAM,CACN,KAAK,OAAO;AACX,MAAI,GAAG,WAAW,OAAO,CACvB,QAAO,IAAI,GAAG,qCAAqC,GAAG;AAExD,MAAI,GAAG,WAAW,QAAQ,CACxB,QAAO,IAAI,GAAG,kCAAkC,GAAG;AAErD,SAAO;GACP;CAEJ,IAAI,UAAU;AACd,YAAW,GAAG,SAAS,QAAQ;AAC/B,YAAW,GAAG,QAAQ,KAAK,MAAM,CAAC;AAClC,YAAW;CAEX,MAAM,UAAU,SAAS,YAAY,QAAQ,MAAM,aAAa,EAAE,SAAS;AAC3E,YAAW,iBAAiB,QAAQ;AAEpC,YAAW;CACX,MAAM,EAAE,SAAS,YAAY,SAAS,mBAAmB,EAAE;CAC3D,MAAM,OAAO,SAAS,gBAAgB,UAAU;AAChD,KAAI,GAAG,OAAO,MAAM,MAAM,IAAI,MAAM,eAAe;AACjD,aAAW,iBAAiB,KAAK,MAAM,QAAQ,EAAE,CAAC,SAAS,UAAU,SAAS,SAAS,CAAC;AACxF,aAAW,sBAAsB,KAAK,cAAc;OAEpD,YAAW,GAAG,UAAU,SAAS,SAAS,CAAC;AAG7C,YAAW,sBACT,SAAS,YACL,KAAK,QAAQ,MAAM,IAAI,IAAI,IAAI,IAAI,IAAI,GAAG,CAC3C,KAAK,KAAK,IAAI;AAGnB,YAAW,6FAA6F,SAAS,QAAQ;AACzH,YAAW;AAEX,QAAO,CAAC,iBAAiB,QAAQ,CAAC"}
|
|
@@ -4,7 +4,7 @@ import { getMergeConfidenceLevel } from "../../../../util/merge-confidence/index
|
|
|
4
4
|
import { getUpdateType } from "./update-type.js";
|
|
5
5
|
import { isNonEmptyArray } from "@sindresorhus/is";
|
|
6
6
|
//#region lib/workers/repository/process/lookup/generate.ts
|
|
7
|
-
async function generateUpdate(config, currentValue, versioningApi, rangeStrategy, currentVersion, bucket, release) {
|
|
7
|
+
async function generateUpdate(config, currentValue, versioningApi, rangeStrategy, currentVersion, bucket, release, allVersions) {
|
|
8
8
|
const newVersion = release.version;
|
|
9
9
|
const update = {
|
|
10
10
|
bucket,
|
|
@@ -36,7 +36,8 @@ async function generateUpdate(config, currentValue, versioningApi, rangeStrategy
|
|
|
36
36
|
currentValue,
|
|
37
37
|
rangeStrategy,
|
|
38
38
|
currentVersion,
|
|
39
|
-
newVersion
|
|
39
|
+
newVersion,
|
|
40
|
+
allVersions
|
|
40
41
|
});
|
|
41
42
|
} catch (err) /* istanbul ignore next */ {
|
|
42
43
|
logger.warn({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate.js","names":[],"sources":["../../../../../lib/workers/repository/process/lookup/generate.ts"],"sourcesContent":["import { isNonEmptyArray } from '@sindresorhus/is';\nimport { logger } from '../../../../logger/index.ts';\nimport type { Release } from '../../../../modules/datasource/index.ts';\nimport type { LookupUpdate } from '../../../../modules/manager/types.ts';\nimport type { VersioningApi } from '../../../../modules/versioning/index.ts';\nimport type { RangeStrategy } from '../../../../types/index.ts';\nimport { getElapsedDays } from '../../../../util/date.ts';\nimport { getMergeConfidenceLevel } from '../../../../util/merge-confidence/index.ts';\nimport type { LookupUpdateConfig } from './types.ts';\nimport { getUpdateType } from './update-type.ts';\n\nexport async function generateUpdate(\n config: LookupUpdateConfig,\n currentValue: string | undefined,\n versioningApi: VersioningApi,\n rangeStrategy: RangeStrategy,\n currentVersion: string,\n bucket: string,\n release: Release,\n): Promise<LookupUpdate> {\n const newVersion = release.version;\n const update: LookupUpdate = {\n bucket,\n newVersion,\n newValue: null!,\n hasAttestation: release.attestation,\n };\n\n // istanbul ignore if\n if (release.checksumUrl !== undefined) {\n update.checksumUrl = release.checksumUrl;\n }\n // istanbul ignore if\n if (release.downloadUrl !== undefined) {\n update.downloadUrl = release.downloadUrl;\n }\n // istanbul ignore if\n if (release.newDigest !== undefined) {\n update.newDigest = release.newDigest;\n }\n // istanbul ignore if\n if (release.releaseTimestamp) {\n update.releaseTimestamp = release.releaseTimestamp;\n update.newVersionAgeInDays = getElapsedDays(release.releaseTimestamp);\n }\n // istanbul ignore if\n if (release.registryUrl !== undefined) {\n /**\n * This means:\n * - registry strategy is set to merge\n * - releases were fetched from multiple registry urls\n */\n update.registryUrl = release.registryUrl;\n }\n\n if (currentValue) {\n try {\n update.newValue = versioningApi.getNewValue({\n currentValue,\n rangeStrategy,\n currentVersion,\n newVersion,\n })!;\n } catch (err) /* istanbul ignore next */ {\n logger.warn(\n { err, currentValue, rangeStrategy, currentVersion, newVersion },\n 'getNewValue error',\n );\n update.newValue = currentValue;\n }\n } else {\n update.newValue = currentValue;\n }\n update.newMajor = versioningApi.getMajor(newVersion)!;\n update.newMinor = versioningApi.getMinor(newVersion)!;\n update.newPatch = versioningApi.getPatch(newVersion)!;\n // istanbul ignore if\n if (!update.updateType && !currentVersion) {\n logger.debug({ update }, 'Update has no currentVersion');\n update.newValue = currentValue!;\n return update;\n }\n update.updateType =\n update.updateType ??\n getUpdateType(config, versioningApi, currentVersion, newVersion);\n if (versioningApi.isBreaking) {\n // This versioning scheme has breaking awareness\n update.isBreaking = versioningApi.isBreaking(currentVersion, newVersion);\n } else {\n // This versioning scheme does not have breaking awareness - assume only major updates are breaking\n // Updates from, or to, unstable releases should be treated as breaking too.\n // But we should not add that as default behavior until we stop treating non-LTS versions as unstable first\n update.isBreaking = update.updateType === 'major';\n }\n const { datasource, packageName, packageRules } = config;\n if (packageRules?.some((pr) => isNonEmptyArray(pr.matchConfidence))) {\n update.mergeConfidenceLevel = await getMergeConfidenceLevel(\n datasource,\n packageName,\n currentVersion,\n newVersion,\n update.updateType,\n );\n }\n if (!versioningApi.isVersion(update.newValue)) {\n update.isRange = true;\n }\n if (rangeStrategy === 'update-lockfile' && currentValue === update.newValue) {\n update.isLockfileUpdate = true;\n }\n if (\n rangeStrategy === 'bump' &&\n // TODO #22198\n versioningApi.matches(newVersion, currentValue!)\n ) {\n update.isBump = true;\n }\n return update;\n}\n"],"mappings":";;;;;;AAWA,eAAsB,eACpB,QACA,cACA,eACA,eACA,gBACA,QACA,
|
|
1
|
+
{"version":3,"file":"generate.js","names":[],"sources":["../../../../../lib/workers/repository/process/lookup/generate.ts"],"sourcesContent":["import { isNonEmptyArray } from '@sindresorhus/is';\nimport { logger } from '../../../../logger/index.ts';\nimport type { Release } from '../../../../modules/datasource/index.ts';\nimport type { LookupUpdate } from '../../../../modules/manager/types.ts';\nimport type { VersioningApi } from '../../../../modules/versioning/index.ts';\nimport type { RangeStrategy } from '../../../../types/index.ts';\nimport { getElapsedDays } from '../../../../util/date.ts';\nimport { getMergeConfidenceLevel } from '../../../../util/merge-confidence/index.ts';\nimport type { LookupUpdateConfig } from './types.ts';\nimport { getUpdateType } from './update-type.ts';\n\nexport async function generateUpdate(\n config: LookupUpdateConfig,\n currentValue: string | undefined,\n versioningApi: VersioningApi,\n rangeStrategy: RangeStrategy,\n currentVersion: string,\n bucket: string,\n release: Release,\n allVersions: string[],\n): Promise<LookupUpdate> {\n const newVersion = release.version;\n const update: LookupUpdate = {\n bucket,\n newVersion,\n newValue: null!,\n hasAttestation: release.attestation,\n };\n\n // istanbul ignore if\n if (release.checksumUrl !== undefined) {\n update.checksumUrl = release.checksumUrl;\n }\n // istanbul ignore if\n if (release.downloadUrl !== undefined) {\n update.downloadUrl = release.downloadUrl;\n }\n // istanbul ignore if\n if (release.newDigest !== undefined) {\n update.newDigest = release.newDigest;\n }\n // istanbul ignore if\n if (release.releaseTimestamp) {\n update.releaseTimestamp = release.releaseTimestamp;\n update.newVersionAgeInDays = getElapsedDays(release.releaseTimestamp);\n }\n // istanbul ignore if\n if (release.registryUrl !== undefined) {\n /**\n * This means:\n * - registry strategy is set to merge\n * - releases were fetched from multiple registry urls\n */\n update.registryUrl = release.registryUrl;\n }\n\n if (currentValue) {\n try {\n update.newValue = versioningApi.getNewValue({\n currentValue,\n rangeStrategy,\n currentVersion,\n newVersion,\n allVersions,\n })!;\n } catch (err) /* istanbul ignore next */ {\n logger.warn(\n { err, currentValue, rangeStrategy, currentVersion, newVersion },\n 'getNewValue error',\n );\n update.newValue = currentValue;\n }\n } else {\n update.newValue = currentValue;\n }\n update.newMajor = versioningApi.getMajor(newVersion)!;\n update.newMinor = versioningApi.getMinor(newVersion)!;\n update.newPatch = versioningApi.getPatch(newVersion)!;\n // istanbul ignore if\n if (!update.updateType && !currentVersion) {\n logger.debug({ update }, 'Update has no currentVersion');\n update.newValue = currentValue!;\n return update;\n }\n update.updateType =\n update.updateType ??\n getUpdateType(config, versioningApi, currentVersion, newVersion);\n if (versioningApi.isBreaking) {\n // This versioning scheme has breaking awareness\n update.isBreaking = versioningApi.isBreaking(currentVersion, newVersion);\n } else {\n // This versioning scheme does not have breaking awareness - assume only major updates are breaking\n // Updates from, or to, unstable releases should be treated as breaking too.\n // But we should not add that as default behavior until we stop treating non-LTS versions as unstable first\n update.isBreaking = update.updateType === 'major';\n }\n const { datasource, packageName, packageRules } = config;\n if (packageRules?.some((pr) => isNonEmptyArray(pr.matchConfidence))) {\n update.mergeConfidenceLevel = await getMergeConfidenceLevel(\n datasource,\n packageName,\n currentVersion,\n newVersion,\n update.updateType,\n );\n }\n if (!versioningApi.isVersion(update.newValue)) {\n update.isRange = true;\n }\n if (rangeStrategy === 'update-lockfile' && currentValue === update.newValue) {\n update.isLockfileUpdate = true;\n }\n if (\n rangeStrategy === 'bump' &&\n // TODO #22198\n versioningApi.matches(newVersion, currentValue!)\n ) {\n update.isBump = true;\n }\n return update;\n}\n"],"mappings":";;;;;;AAWA,eAAsB,eACpB,QACA,cACA,eACA,eACA,gBACA,QACA,SACA,aACuB;CACvB,MAAM,aAAa,QAAQ;CAC3B,MAAM,SAAuB;EAC3B;EACA;EACA,UAAU;EACV,gBAAgB,QAAQ;EACzB;;AAGD,KAAI,QAAQ,gBAAgB,KAAA,EAC1B,QAAO,cAAc,QAAQ;;AAG/B,KAAI,QAAQ,gBAAgB,KAAA,EAC1B,QAAO,cAAc,QAAQ;;AAG/B,KAAI,QAAQ,cAAc,KAAA,EACxB,QAAO,YAAY,QAAQ;;AAG7B,KAAI,QAAQ,kBAAkB;AAC5B,SAAO,mBAAmB,QAAQ;AAClC,SAAO,sBAAsB,eAAe,QAAQ,iBAAiB;;;AAGvE,KAAI,QAAQ,gBAAgB,KAAA;;;;;;AAM1B,QAAO,cAAc,QAAQ;AAG/B,KAAI,aACF,KAAI;AACF,SAAO,WAAW,cAAc,YAAY;GAC1C;GACA;GACA;GACA;GACA;GACD,CAAC;UACK,iCAAgC;AACvC,SAAO,KACL;GAAE;GAAK;GAAc;GAAe;GAAgB;GAAY,EAChE,oBACD;AACD,SAAO,WAAW;;KAGpB,QAAO,WAAW;AAEpB,QAAO,WAAW,cAAc,SAAS,WAAW;AACpD,QAAO,WAAW,cAAc,SAAS,WAAW;AACpD,QAAO,WAAW,cAAc,SAAS,WAAW;;AAEpD,KAAI,CAAC,OAAO,cAAc,CAAC,gBAAgB;AACzC,SAAO,MAAM,EAAE,QAAQ,EAAE,+BAA+B;AACxD,SAAO,WAAW;AAClB,SAAO;;AAET,QAAO,aACL,OAAO,cACP,cAAc,QAAQ,eAAe,gBAAgB,WAAW;AAClE,KAAI,cAAc,WAEhB,QAAO,aAAa,cAAc,WAAW,gBAAgB,WAAW;KAKxE,QAAO,aAAa,OAAO,eAAe;CAE5C,MAAM,EAAE,YAAY,aAAa,iBAAiB;AAClD,KAAI,cAAc,MAAM,OAAO,gBAAgB,GAAG,gBAAgB,CAAC,CACjE,QAAO,uBAAuB,MAAM,wBAClC,YACA,aACA,gBACA,YACA,OAAO,WACR;AAEH,KAAI,CAAC,cAAc,UAAU,OAAO,SAAS,CAC3C,QAAO,UAAU;AAEnB,KAAI,kBAAkB,qBAAqB,iBAAiB,OAAO,SACjE,QAAO,mBAAmB;AAE5B,KACE,kBAAkB,UAElB,cAAc,QAAQ,YAAY,aAAc,CAEhD,QAAO,SAAS;AAElB,QAAO"}
|
|
@@ -231,11 +231,13 @@ async function lookupUpdates(inconfig) {
|
|
|
231
231
|
}
|
|
232
232
|
const depResultConfig = mergeChildConfig(config, res);
|
|
233
233
|
for (const [bucket, releases] of Object.entries(buckets)) {
|
|
234
|
-
const
|
|
234
|
+
const sortedReleases = releases.sort((r1, r2) => versioningApi.sortVersions(r1.version, r2.version));
|
|
235
|
+
const allReleaseVersions = releases.map((r) => r.version);
|
|
236
|
+
const { release, pendingChecks, pendingReleases } = await filterInternalChecks(depResultConfig, versioningApi, bucket, sortedReleases);
|
|
235
237
|
// istanbul ignore next
|
|
236
238
|
if (!release) return Result.ok(res);
|
|
237
239
|
const newVersion = release.version;
|
|
238
|
-
const update = await generateUpdate(config, compareValue, versioningApi, rangeStrategy, config.lockedVersion ?? currentVersion, bucket, release);
|
|
240
|
+
const update = await generateUpdate(config, compareValue, versioningApi, rangeStrategy, config.lockedVersion ?? currentVersion, bucket, release, allReleaseVersions);
|
|
239
241
|
if (config.manager === "gomod" && compareValue?.startsWith("v0.0.0-") && update.newValue?.startsWith("v0.0.0-") && config.currentDigest !== update.newDigest) update.updateType = "digest";
|
|
240
242
|
if (pendingChecks) update.pendingChecks = pendingChecks;
|
|
241
243
|
if (pendingReleases.length) update.pendingVersions = pendingReleases.map((r) => r.version);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":["allVersioning.get"],"sources":["../../../../../lib/workers/repository/process/lookup/index.ts"],"sourcesContent":["import { isNonEmptyString, isString, isUndefined } from '@sindresorhus/is';\nimport { mergeChildConfig } from '../../../../config/index.ts';\nimport type { ValidationMessage } from '../../../../config/types.ts';\nimport { CONFIG_VALIDATION } from '../../../../constants/error-messages.ts';\nimport { logger } from '../../../../logger/index.ts';\nimport {\n getDatasourceFor,\n getDefaultVersioning,\n} from '../../../../modules/datasource/common.ts';\nimport type {\n GetDigestInputConfig,\n Release,\n ReleaseResult,\n} from '../../../../modules/datasource/index.ts';\nimport {\n applyDatasourceFilters,\n getDigest,\n getRawPkgReleases,\n isGetPkgReleasesConfig,\n supportsDigests,\n} from '../../../../modules/datasource/index.ts';\nimport { postprocessRelease } from '../../../../modules/datasource/postprocess-release.ts';\nimport { getRangeStrategy } from '../../../../modules/manager/index.ts';\nimport { id as dockerVersioningId } from '../../../../modules/versioning/docker/index.ts';\nimport * as allVersioning from '../../../../modules/versioning/index.ts';\nimport { ExternalHostError } from '../../../../types/errors/external-host-error.ts';\nimport { assignKeys } from '../../../../util/assign-keys.ts';\nimport { getElapsedDays } from '../../../../util/date.ts';\nimport { applyPackageRules } from '../../../../util/package-rules/index.ts';\nimport { regEx } from '../../../../util/regex.ts';\nimport { Result } from '../../../../util/result.ts';\nimport type { Timestamp } from '../../../../util/timestamp.ts';\nimport { calculateAbandonment } from './abandonment.ts';\nimport { getBucket } from './bucket.ts';\nimport { getCurrentVersion } from './current.ts';\nimport { filterVersions } from './filter.ts';\nimport { filterInternalChecks } from './filter-checks.ts';\nimport { generateUpdate } from './generate.ts';\nimport { getRollbackUpdate } from './rollback.ts';\nimport { calculateMostRecentTimestamp } from './timestamps.ts';\nimport type { LookupUpdateConfig, UpdateResult } from './types.ts';\nimport {\n addReplacementUpdateIfValid,\n isReplacementRulesConfigured,\n} from './utils.ts';\n\nasync function getTimestamp(\n config: LookupUpdateConfig,\n versions: Release[],\n version: string,\n versioningApi: allVersioning.VersioningApi,\n): Promise<Timestamp | null | undefined> {\n const currentRelease = versions.find(\n (v) =>\n versioningApi.isValid(v.version) &&\n versioningApi.equals(v.version, version),\n );\n\n if (!currentRelease) {\n return null;\n }\n\n if (currentRelease.releaseTimestamp) {\n return currentRelease.releaseTimestamp;\n }\n\n const remoteRelease = await postprocessRelease(config, currentRelease);\n return remoteRelease?.releaseTimestamp;\n}\n\nexport async function lookupUpdates(\n inconfig: LookupUpdateConfig,\n): Promise<Result<UpdateResult, Error>> {\n let config: LookupUpdateConfig = { ...inconfig };\n config.versioning ??= getDefaultVersioning(config.datasource);\n\n const versioningApi = allVersioning.get(config.versioning);\n\n let dependency: ReleaseResult | null = null;\n const res: UpdateResult = {\n versioning: config.versioning,\n updates: [],\n warnings: [],\n };\n\n try {\n logger.trace(\n {\n dependency: config.packageName,\n currentValue: config.currentValue,\n },\n 'lookupUpdates',\n );\n if (config.currentValue && !isString(config.currentValue)) {\n // If currentValue is not a string, then it's invalid\n // v8 ignore else -- TODO: add test #40625\n if (config.currentValue) {\n logger.debug(\n `Invalid currentValue for ${config.packageName}: ${JSON.stringify(config.currentValue)} (${typeof config.currentValue})`,\n );\n }\n res.skipReason = 'invalid-value';\n return Result.ok(res);\n }\n if (\n !isGetPkgReleasesConfig(config) ||\n !getDatasourceFor(config.datasource)\n ) {\n res.skipReason = 'invalid-config';\n return Result.ok(res);\n }\n let compareValue = config.currentValue;\n if (\n isString(config.currentValue) &&\n isString(config.versionCompatibility)\n ) {\n const versionCompatbilityRegEx = regEx(config.versionCompatibility);\n const regexMatch = versionCompatbilityRegEx.exec(config.currentValue);\n if (regexMatch?.groups) {\n logger.debug(\n {\n versionCompatibility: config.versionCompatibility,\n currentValue: config.currentValue,\n packageName: config.packageName,\n groups: regexMatch.groups,\n },\n 'version compatibility regex match',\n );\n config.currentCompatibility = regexMatch.groups.compatibility;\n compareValue = regexMatch.groups.version;\n } else {\n logger.debug(\n {\n versionCompatibility: config.versionCompatibility,\n currentValue: config.currentValue,\n packageName: config.packageName,\n },\n 'version compatibility regex mismatch',\n );\n }\n }\n\n const isValid =\n isString(compareValue) && versioningApi.isValid(compareValue);\n\n const unconstrainedValue =\n !!config.lockedVersion && isUndefined(config.currentValue);\n\n if (isValid || unconstrainedValue) {\n if (\n !config.updatePinnedDependencies &&\n // TODO #22198\n versioningApi.isSingleVersion(compareValue!)\n ) {\n res.skipReason = 'is-pinned';\n return Result.ok(res);\n }\n\n const { val: releaseResult, err: lookupError } = await getRawPkgReleases(\n config,\n )\n .transform((res) => calculateMostRecentTimestamp(versioningApi, res))\n .transform((res) => calculateAbandonment(res, config))\n .transform((res) => applyDatasourceFilters(res, config))\n .unwrap();\n\n if (lookupError instanceof Error) {\n throw lookupError;\n }\n\n if (lookupError) {\n // If dependency lookup fails then warn and return\n const warning: ValidationMessage = {\n topic: config.packageName,\n message: `Failed to look up ${config.datasource} package ${config.packageName}: ${lookupError}`,\n };\n logger.debug(\n {\n dependency: config.packageName,\n packageFile: config.packageFile,\n },\n warning.message,\n );\n // TODO: return warnings in own field\n res.warnings.push(warning);\n return Result.ok(res);\n }\n\n dependency = releaseResult;\n\n if (dependency.deprecationMessage) {\n logger.debug(\n `Found deprecationMessage for ${config.datasource} package ${config.packageName}`,\n );\n }\n\n assignKeys(res, dependency, [\n 'deprecationMessage',\n 'sourceUrl',\n 'registryUrl',\n 'sourceDirectory',\n 'homepage',\n 'changelogUrl',\n 'dependencyUrl',\n 'lookupName',\n 'packageScope',\n 'mostRecentTimestamp',\n 'isAbandoned',\n 'respectLatest',\n ]);\n\n const latestVersion = dependency.tags?.latest;\n // Filter out any results from datasource that don't comply with our versioning\n let allVersions = dependency.releases.filter((release) =>\n versioningApi.isVersion(release.version),\n );\n // istanbul ignore if\n if (allVersions.length === 0) {\n const message = `Found no results from datasource that look like a version`;\n logger.info(\n {\n dependency: config.packageName,\n result: dependency,\n },\n message,\n );\n if (!config.currentDigest) {\n return Result.ok(res);\n }\n }\n // Reapply package rules in case we missed something from sourceUrl\n config = await applyPackageRules(\n { ...config, sourceUrl: res.sourceUrl },\n 'source-url',\n );\n if (config.followTag) {\n const taggedVersion = dependency.tags?.[config.followTag];\n if (!taggedVersion) {\n res.warnings.push({\n topic: config.packageName,\n message: `Can't find version with tag ${config.followTag} for ${config.datasource} package ${config.packageName}`,\n });\n return Result.ok(res);\n }\n allVersions = allVersions.filter(\n (v) =>\n v.version === taggedVersion ||\n (v.version === compareValue &&\n versioningApi.isGreaterThan(taggedVersion, compareValue)),\n );\n }\n\n const inRangeOnlyStrategy = config.rangeStrategy === 'in-range-only';\n // Check that existing constraint can be satisfied\n const allSatisfyingVersions =\n (inRangeOnlyStrategy || config.rollbackPrs) && !unconstrainedValue\n ? allVersions.filter((v) =>\n // TODO #22198\n versioningApi.matches(v.version, compareValue!),\n )\n : allVersions;\n if (!allSatisfyingVersions.length) {\n logger.debug(\n `Found no satisfying versions with '${config.versioning}' versioning`,\n );\n }\n\n if (config.rollbackPrs && !allSatisfyingVersions.length) {\n const rollback = getRollbackUpdate(config, allVersions, versioningApi);\n // istanbul ignore if\n if (!rollback) {\n res.warnings.push({\n topic: config.packageName,\n // TODO: types (#22198)\n message: `Can't find version matching ${compareValue!} for ${\n config.datasource\n } package ${config.packageName}`,\n });\n return Result.ok(res);\n }\n res.updates.push(rollback);\n }\n let rangeStrategy = getRangeStrategy(config);\n\n // istanbul ignore next\n if (\n config.isVulnerabilityAlert &&\n rangeStrategy === 'update-lockfile' &&\n !config.lockedVersion\n ) {\n rangeStrategy = 'bump';\n }\n // unconstrained deps with lockedVersion\n if (\n config.isVulnerabilityAlert &&\n !config.currentValue &&\n config.lockedVersion\n ) {\n rangeStrategy = 'update-lockfile';\n }\n const nonDeprecatedVersions = dependency.releases\n .filter((release) => !release.isDeprecated)\n .map((release) => release.version);\n let currentVersion: string;\n if (rangeStrategy === 'update-lockfile') {\n currentVersion = config.lockedVersion!;\n } else if (allVersions.find((v) => v.version === compareValue)) {\n currentVersion = compareValue!;\n }\n // TODO #22198\n currentVersion ??=\n getCurrentVersion(\n compareValue!,\n config.lockedVersion!,\n versioningApi,\n rangeStrategy!,\n latestVersion!,\n nonDeprecatedVersions,\n ) ??\n getCurrentVersion(\n compareValue!,\n config.lockedVersion!,\n versioningApi,\n rangeStrategy!,\n latestVersion!,\n allVersions.map((v) => v.version),\n )!;\n\n if (!currentVersion) {\n // v8 ignore else -- TODO: add test #40625\n if (!config.lockedVersion) {\n logger.debug(\n `No currentVersion or lockedVersion found for ${config.packageName}`,\n );\n res.skipReason = 'invalid-value';\n }\n return Result.ok(res);\n }\n\n res.currentVersion = currentVersion!;\n const currentVersionTimestamp = await getTimestamp(\n config,\n allVersions,\n currentVersion,\n versioningApi,\n );\n\n if (isNonEmptyString(currentVersionTimestamp)) {\n res.currentVersionTimestamp = currentVersionTimestamp;\n res.currentVersionAgeInDays = getElapsedDays(currentVersionTimestamp);\n\n if (\n config.packageRules?.some((rule) =>\n isNonEmptyString(rule.matchCurrentAge),\n )\n ) {\n // Reapply package rules to check matches for matchCurrentAge\n config = await applyPackageRules(\n { ...config, currentVersionTimestamp },\n 'current-timestamp',\n );\n }\n }\n\n if (\n compareValue &&\n currentVersion &&\n rangeStrategy === 'pin' &&\n !versioningApi.isSingleVersion(compareValue)\n ) {\n const newValue =\n versioningApi.getPinnedValue?.(currentVersion) ?? currentVersion;\n res.updates.push({\n updateType: 'pin',\n isPin: true,\n newValue,\n newVersion: currentVersion,\n newMajor: versioningApi.getMajor(currentVersion)!,\n });\n }\n if (rangeStrategy === 'pin') {\n // Fall back to replace once pinning logic is done\n rangeStrategy = 'replace';\n }\n // istanbul ignore if\n if (!versioningApi.isVersion(currentVersion!)) {\n res.skipReason = 'invalid-version';\n return Result.ok(res);\n }\n // Filter latest, unstable, etc\n // TODO #22198\n let filteredReleases = filterVersions(\n config,\n currentVersion!,\n latestVersion!,\n inRangeOnlyStrategy ? allSatisfyingVersions : allVersions,\n versioningApi,\n ).filter(\n (v) =>\n // Leave only compatible versions\n unconstrainedValue ||\n versioningApi.isCompatible(v.version, compareValue),\n );\n let shrinkedViaVulnerability = false;\n if (config.isVulnerabilityAlert) {\n if (config.vulnerabilityFixVersion) {\n res.vulnerabilityFixVersion = config.vulnerabilityFixVersion;\n res.vulnerabilityFixStrategy = config.vulnerabilityFixStrategy;\n if (versioningApi.isValid(config.vulnerabilityFixVersion)) {\n let fixedFilteredReleases;\n if (versioningApi.isVersion(config.vulnerabilityFixVersion)) {\n // Retain only releases greater than or equal to the fix version\n fixedFilteredReleases = filteredReleases.filter(\n (release) =>\n !versioningApi.isGreaterThan(\n config.vulnerabilityFixVersion!,\n release.version,\n ),\n );\n } else {\n // Retain only releases which max the fix constraint\n fixedFilteredReleases = filteredReleases.filter((release) =>\n versioningApi.matches(\n release.version,\n config.vulnerabilityFixVersion!,\n ),\n );\n }\n // Warn if this filtering results caused zero releases\n if (fixedFilteredReleases.length === 0 && filteredReleases.length) {\n logger.warn(\n {\n releases: filteredReleases,\n vulnerabilityFixVersion: config.vulnerabilityFixVersion,\n packageName: config.packageName,\n },\n 'No releases satisfy vulnerabilityFixVersion',\n );\n }\n // Use the additionally filtered releases\n filteredReleases = fixedFilteredReleases;\n } else {\n logger.warn(\n {\n vulnerabilityFixVersion: config.vulnerabilityFixVersion,\n packageName: config.packageName,\n },\n 'vulnerabilityFixVersion is not valid',\n );\n }\n }\n if (config.vulnerabilityFixStrategy === 'highest') {\n // Don't shrink the list of releases - let Renovate use its normal logic\n logger.once.debug(\n `Using vulnerabilityFixStrategy=highest for ${config.packageName}`,\n );\n } else {\n // Shrink the list of releases to the lowest fixed version\n logger.once.debug(\n `Using vulnerabilityFixStrategy=lowest for ${config.packageName}`,\n );\n filteredReleases = filteredReleases.slice(0, 1);\n shrinkedViaVulnerability = true;\n }\n }\n const buckets: Record<string, [Release]> = {};\n for (const release of filteredReleases) {\n const bucket = getBucket(\n config,\n // TODO #22198\n currentVersion!,\n release.version,\n versioningApi,\n );\n // v8 ignore else -- TODO: add test #40625\n if (isString(bucket)) {\n if (buckets[bucket]) {\n buckets[bucket].push(release);\n } else {\n buckets[bucket] = [release];\n }\n }\n }\n const depResultConfig = mergeChildConfig(config, res);\n for (const [bucket, releases] of Object.entries(buckets)) {\n const sortedReleases = releases.sort((r1, r2) =>\n versioningApi.sortVersions(r1.version, r2.version),\n );\n const { release, pendingChecks, pendingReleases } =\n await filterInternalChecks(\n depResultConfig,\n versioningApi,\n bucket,\n sortedReleases,\n );\n // istanbul ignore next\n if (!release) {\n return Result.ok(res);\n }\n const newVersion = release.version;\n const update = await generateUpdate(\n config,\n compareValue,\n versioningApi,\n // TODO #22198\n\n rangeStrategy!,\n config.lockedVersion ?? currentVersion!,\n bucket,\n release,\n );\n\n // #29034\n if (\n config.manager === 'gomod' &&\n compareValue?.startsWith('v0.0.0-') &&\n update.newValue?.startsWith('v0.0.0-') &&\n config.currentDigest !== update.newDigest\n ) {\n update.updateType = 'digest';\n }\n\n if (pendingChecks) {\n update.pendingChecks = pendingChecks;\n }\n\n if (pendingReleases.length) {\n update.pendingVersions = pendingReleases.map((r) => r.version);\n }\n if (!update.newValue || update.newValue === compareValue) {\n if (!config.lockedVersion) {\n continue;\n }\n // istanbul ignore if\n if (rangeStrategy === 'bump') {\n logger.trace(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n lockedVersion: config.lockedVersion,\n newVersion,\n },\n 'Skipping bump because newValue is the same',\n );\n continue;\n }\n res.isSingleVersion = true;\n }\n res.isSingleVersion ??=\n isString(update.newValue) &&\n versioningApi.isSingleVersion(update.newValue);\n // istanbul ignore if\n if (\n config.versioning === dockerVersioningId &&\n update.updateType !== 'rollback' &&\n update.newValue &&\n versioningApi.isVersion(update.newValue) &&\n compareValue &&\n versioningApi.isVersion(compareValue) &&\n versioningApi.isGreaterThan(compareValue, update.newValue)\n ) {\n logger.warn(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n compareValue,\n currentVersion: config.currentVersion,\n update,\n allVersionsLength: allVersions.length,\n filteredReleaseVersions: filteredReleases.map((r) => r.version),\n shrinkedViaVulnerability,\n },\n 'Unexpected downgrade detected: skipping',\n );\n } else {\n res.updates.push(update);\n }\n }\n } else if (compareValue) {\n logger.debug(\n `Dependency ${config.packageName} has unsupported/unversioned value ${compareValue} (versioning=${config.versioning})`,\n );\n\n if (!config.pinDigests && !config.currentDigest) {\n logger.debug(\n `Skipping ${config.packageName} because no currentDigest or pinDigests`,\n );\n res.skipReason = 'invalid-value';\n } else {\n delete res.skipReason;\n }\n } else {\n res.skipReason = 'invalid-value';\n }\n\n if (isReplacementRulesConfigured(config)) {\n addReplacementUpdateIfValid(res.updates, config);\n } else if (dependency?.replacementName && dependency.replacementVersion) {\n res.updates.push({\n updateType: 'replacement',\n newName: dependency.replacementName,\n newValue: dependency.replacementVersion,\n });\n }\n\n // Record if the dep is fixed to a version\n if (config.lockedVersion) {\n res.currentVersion = config.lockedVersion;\n res.fixedVersion = config.lockedVersion;\n } else if (compareValue && versioningApi.isSingleVersion(compareValue)) {\n res.fixedVersion = compareValue.replace(regEx(/^=+/), '');\n }\n\n // massage versionCompatibility\n if (\n isString(config.currentValue) &&\n isString(compareValue) &&\n isString(config.versionCompatibility)\n ) {\n for (const update of res.updates) {\n logger.debug({ update });\n // v8 ignore else -- TODO: add test #40625\n if (isString(config.currentValue) && isString(update.newValue)) {\n update.newValue = config.currentValue.replace(\n compareValue,\n update.newValue,\n );\n }\n }\n }\n\n // Add digests if necessary\n if (supportsDigests(config.datasource)) {\n if (config.currentDigest) {\n if (!config.digestOneAndOnly || !res.updates.length) {\n // digest update\n res.updates.push({\n updateType: 'digest',\n newValue: config.currentValue,\n });\n }\n } else if (config.pinDigests) {\n // Create a pin only if one doesn't already exists\n // v8 ignore else -- TODO: add test #40625\n if (!res.updates.some((update) => update.updateType === 'pin')) {\n // pin digest\n res.updates.push({\n isPinDigest: true,\n updateType: 'pinDigest',\n newValue: config.currentValue,\n });\n }\n }\n if (versioningApi.valueToVersion) {\n // TODO #22198\n res.currentVersion = versioningApi.valueToVersion(res.currentVersion!);\n for (const update of res.updates) {\n // TODO #22198\n update.newVersion = versioningApi.valueToVersion(update.newVersion!);\n }\n }\n if (res.registryUrl) {\n config.registryUrls = [res.registryUrl];\n }\n\n // update digest for all\n for (const update of res.updates) {\n if (config.pinDigests === true || config.currentDigest) {\n const getDigestConfig: GetDigestInputConfig = {\n ...config,\n registryUrl: update.registryUrl ?? res.registryUrl,\n lookupName: res.lookupName,\n };\n\n // #20304 only pass it for replacement updates, otherwise we get wrong or invalid digest\n if (update.updateType !== 'replacement') {\n delete getDigestConfig.replacementName;\n }\n\n // #20304 don't use lookupName and currentDigest when we replace image name\n if (\n update.updateType === 'replacement' &&\n update.newName !== config.packageName\n ) {\n delete getDigestConfig.lookupName;\n delete getDigestConfig.currentDigest;\n getDigestConfig.replacementName = update.newName;\n }\n\n // Don't use current releases if replacement changes name, otherwise we use the wrong new digest.\n // This happens on datasources which return the digest in release info like `github-tags`.\n // We can still use it when only version is changing.\n if (\n update.updateType !== 'replacement' ||\n update.newName === config.packageName\n ) {\n update.newDigest ??= dependency?.releases.find(\n (r) => r.version === update.newValue,\n )?.newDigest;\n }\n\n update.newDigest ??= await getDigest(\n getDigestConfig,\n update.newValue,\n );\n\n // If the digest could not be determined, report this as otherwise the\n // update will be omitted later on without notice.\n if (update.newDigest === null) {\n logger.debug(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n datasource: config.datasource,\n newValue: update.newValue,\n bucket: update.bucket,\n },\n 'Could not determine new digest for update.',\n );\n\n // Only report a warning if there is a current digest.\n // Context: https://github.com/renovatebot/renovate/pull/20175#discussion_r1102615059.\n if (config.currentDigest) {\n res.warnings.push({\n message: `Could not determine new digest for update (${config.datasource} package ${config.packageName})`,\n topic: config.packageName,\n });\n }\n }\n } else {\n delete update.newDigest;\n }\n if (update.newVersion) {\n const registryUrl = dependency?.releases?.find(\n (release) => release.version === update.newVersion,\n )?.registryUrl;\n if (registryUrl && registryUrl !== res.registryUrl) {\n update.registryUrl = registryUrl;\n }\n }\n }\n }\n\n if (res.updates.length) {\n delete res.skipReason;\n }\n // Strip out any non-changed ones\n res.updates = res.updates\n .filter(\n (update) => update.newValue !== null || config.currentValue === null,\n )\n .filter((update) => update.newDigest !== null)\n .filter(\n (update) =>\n (isString(update.newName) && update.newName !== config.packageName) ||\n update.isReplacement === true ||\n update.newValue !== config.currentValue ||\n update.isLockfileUpdate === true ||\n // TODO #22198\n (update.newDigest &&\n !update.newDigest.startsWith(config.currentDigest!)),\n );\n // If range strategy specified in config is 'in-range-only', also strip out updates where currentValue !== newValue\n if (config.rangeStrategy === 'in-range-only') {\n res.updates = res.updates.filter(\n (update) => update.newValue === config.currentValue,\n );\n }\n // Handle a weird edge case involving followTag and fallbacks\n if (config.rollbackPrs && config.followTag) {\n res.updates = res.updates.filter(\n (update) =>\n update.updateType !== 'rollback' || res.updates.length === 1,\n );\n }\n\n const release =\n res.updates.length > 0\n ? dependency?.releases.find(\n (r) => r.version === res.updates[0].newValue,\n )\n : null;\n\n if (release?.changelogContent) {\n res.changelogContent = release.changelogContent;\n res.changelogUrl = release.changelogUrl;\n }\n } catch (err) /* istanbul ignore next */ {\n if (err instanceof ExternalHostError) {\n return Result.err(err);\n }\n\n if (err instanceof Error && err.message === CONFIG_VALIDATION) {\n return Result.err(err);\n }\n\n logger.error(\n {\n currentDigest: config.currentDigest,\n currentValue: config.currentValue,\n datasource: config.datasource,\n packageName: config.packageName,\n digestOneAndOnly: config.digestOneAndOnly,\n followTag: config.followTag,\n lockedVersion: config.lockedVersion,\n packageFile: config.packageFile,\n pinDigests: config.pinDigests,\n rollbackPrs: config.rollbackPrs,\n isVulnerabilityAlert: config.isVulnerabilityAlert,\n updatePinnedDependencies: config.updatePinnedDependencies,\n err,\n },\n 'lookupUpdates error',\n );\n res.skipReason = 'internal-error';\n }\n return Result.ok(res);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,eAAe,aACb,QACA,UACA,SACA,eACuC;CACvC,MAAM,iBAAiB,SAAS,MAC7B,MACC,cAAc,QAAQ,EAAE,QAAQ,IAChC,cAAc,OAAO,EAAE,SAAS,QAAQ,CAC3C;AAED,KAAI,CAAC,eACH,QAAO;AAGT,KAAI,eAAe,iBACjB,QAAO,eAAe;AAIxB,SADsB,MAAM,mBAAmB,QAAQ,eAAe,GAChD;;AAGxB,eAAsB,cACpB,UACsC;CACtC,IAAI,SAA6B,EAAE,GAAG,UAAU;AAChD,QAAO,eAAe,qBAAqB,OAAO,WAAW;CAE7D,MAAM,gBAAgBA,IAAkB,OAAO,WAAW;CAE1D,IAAI,aAAmC;CACvC,MAAM,MAAoB;EACxB,YAAY,OAAO;EACnB,SAAS,EAAE;EACX,UAAU,EAAE;EACb;AAED,KAAI;AACF,SAAO,MACL;GACE,YAAY,OAAO;GACnB,cAAc,OAAO;GACtB,EACD,gBACD;AACD,MAAI,OAAO,gBAAgB,CAAC,SAAS,OAAO,aAAa,EAAE;;AAGzD,OAAI,OAAO,aACT,QAAO,MACL,4BAA4B,OAAO,YAAY,IAAI,KAAK,UAAU,OAAO,aAAa,CAAC,IAAI,OAAO,OAAO,aAAa,GACvH;AAEH,OAAI,aAAa;AACjB,UAAO,OAAO,GAAG,IAAI;;AAEvB,MACE,CAAC,uBAAuB,OAAO,IAC/B,CAAC,iBAAiB,OAAO,WAAW,EACpC;AACA,OAAI,aAAa;AACjB,UAAO,OAAO,GAAG,IAAI;;EAEvB,IAAI,eAAe,OAAO;AAC1B,MACE,SAAS,OAAO,aAAa,IAC7B,SAAS,OAAO,qBAAqB,EACrC;GAEA,MAAM,aAD2B,MAAM,OAAO,qBAAqB,CACvB,KAAK,OAAO,aAAa;AACrE,OAAI,YAAY,QAAQ;AACtB,WAAO,MACL;KACE,sBAAsB,OAAO;KAC7B,cAAc,OAAO;KACrB,aAAa,OAAO;KACpB,QAAQ,WAAW;KACpB,EACD,oCACD;AACD,WAAO,uBAAuB,WAAW,OAAO;AAChD,mBAAe,WAAW,OAAO;SAEjC,QAAO,MACL;IACE,sBAAsB,OAAO;IAC7B,cAAc,OAAO;IACrB,aAAa,OAAO;IACrB,EACD,uCACD;;EAIL,MAAM,UACJ,SAAS,aAAa,IAAI,cAAc,QAAQ,aAAa;EAE/D,MAAM,qBACJ,CAAC,CAAC,OAAO,iBAAiB,YAAY,OAAO,aAAa;AAE5D,MAAI,WAAW,oBAAoB;AACjC,OACE,CAAC,OAAO,4BAER,cAAc,gBAAgB,aAAc,EAC5C;AACA,QAAI,aAAa;AACjB,WAAO,OAAO,GAAG,IAAI;;GAGvB,MAAM,EAAE,KAAK,eAAe,KAAK,gBAAgB,MAAM,kBACrD,OACD,CACE,WAAW,QAAQ,6BAA6B,eAAe,IAAI,CAAC,CACpE,WAAW,QAAQ,qBAAqB,KAAK,OAAO,CAAC,CACrD,WAAW,QAAQ,uBAAuB,KAAK,OAAO,CAAC,CACvD,QAAQ;AAEX,OAAI,uBAAuB,MACzB,OAAM;AAGR,OAAI,aAAa;IAEf,MAAM,UAA6B;KACjC,OAAO,OAAO;KACd,SAAS,qBAAqB,OAAO,WAAW,WAAW,OAAO,YAAY,IAAI;KACnF;AACD,WAAO,MACL;KACE,YAAY,OAAO;KACnB,aAAa,OAAO;KACrB,EACD,QAAQ,QACT;AAED,QAAI,SAAS,KAAK,QAAQ;AAC1B,WAAO,OAAO,GAAG,IAAI;;AAGvB,gBAAa;AAEb,OAAI,WAAW,mBACb,QAAO,MACL,gCAAgC,OAAO,WAAW,WAAW,OAAO,cACrE;AAGH,cAAW,KAAK,YAAY;IAC1B;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACD,CAAC;GAEF,MAAM,gBAAgB,WAAW,MAAM;GAEvC,IAAI,cAAc,WAAW,SAAS,QAAQ,YAC5C,cAAc,UAAU,QAAQ,QAAQ,CACzC;;AAED,OAAI,YAAY,WAAW,GAAG;AAE5B,WAAO,KACL;KACE,YAAY,OAAO;KACnB,QAAQ;KACT,EALa,4DAOf;AACD,QAAI,CAAC,OAAO,cACV,QAAO,OAAO,GAAG,IAAI;;AAIzB,YAAS,MAAM,kBACb;IAAE,GAAG;IAAQ,WAAW,IAAI;IAAW,EACvC,aACD;AACD,OAAI,OAAO,WAAW;IACpB,MAAM,gBAAgB,WAAW,OAAO,OAAO;AAC/C,QAAI,CAAC,eAAe;AAClB,SAAI,SAAS,KAAK;MAChB,OAAO,OAAO;MACd,SAAS,+BAA+B,OAAO,UAAU,OAAO,OAAO,WAAW,WAAW,OAAO;MACrG,CAAC;AACF,YAAO,OAAO,GAAG,IAAI;;AAEvB,kBAAc,YAAY,QACvB,MACC,EAAE,YAAY,iBACb,EAAE,YAAY,gBACb,cAAc,cAAc,eAAe,aAAa,CAC7D;;GAGH,MAAM,sBAAsB,OAAO,kBAAkB;GAErD,MAAM,yBACH,uBAAuB,OAAO,gBAAgB,CAAC,qBAC5C,YAAY,QAAQ,MAElB,cAAc,QAAQ,EAAE,SAAS,aAAc,CAChD,GACD;AACN,OAAI,CAAC,sBAAsB,OACzB,QAAO,MACL,sCAAsC,OAAO,WAAW,cACzD;AAGH,OAAI,OAAO,eAAe,CAAC,sBAAsB,QAAQ;IACvD,MAAM,WAAW,kBAAkB,QAAQ,aAAa,cAAc;;AAEtE,QAAI,CAAC,UAAU;AACb,SAAI,SAAS,KAAK;MAChB,OAAO,OAAO;MAEd,SAAS,+BAA+B,aAAc,OACpD,OAAO,WACR,WAAW,OAAO;MACpB,CAAC;AACF,YAAO,OAAO,GAAG,IAAI;;AAEvB,QAAI,QAAQ,KAAK,SAAS;;GAE5B,IAAI,gBAAgB,iBAAiB,OAAO;;AAG5C,OACE,OAAO,wBACP,kBAAkB,qBAClB,CAAC,OAAO,cAER,iBAAgB;AAGlB,OACE,OAAO,wBACP,CAAC,OAAO,gBACR,OAAO,cAEP,iBAAgB;GAElB,MAAM,wBAAwB,WAAW,SACtC,QAAQ,YAAY,CAAC,QAAQ,aAAa,CAC1C,KAAK,YAAY,QAAQ,QAAQ;GACpC,IAAI;AACJ,OAAI,kBAAkB,kBACpB,kBAAiB,OAAO;YACf,YAAY,MAAM,MAAM,EAAE,YAAY,aAAa,CAC5D,kBAAiB;AAGnB,sBACE,kBACE,cACA,OAAO,eACP,eACA,eACA,eACA,sBACD,IACD,kBACE,cACA,OAAO,eACP,eACA,eACA,eACA,YAAY,KAAK,MAAM,EAAE,QAAQ,CAClC;AAEH,OAAI,CAAC,gBAAgB;;AAEnB,QAAI,CAAC,OAAO,eAAe;AACzB,YAAO,MACL,gDAAgD,OAAO,cACxD;AACD,SAAI,aAAa;;AAEnB,WAAO,OAAO,GAAG,IAAI;;AAGvB,OAAI,iBAAiB;GACrB,MAAM,0BAA0B,MAAM,aACpC,QACA,aACA,gBACA,cACD;AAED,OAAI,iBAAiB,wBAAwB,EAAE;AAC7C,QAAI,0BAA0B;AAC9B,QAAI,0BAA0B,eAAe,wBAAwB;AAErE,QACE,OAAO,cAAc,MAAM,SACzB,iBAAiB,KAAK,gBAAgB,CACvC,CAGD,UAAS,MAAM,kBACb;KAAE,GAAG;KAAQ;KAAyB,EACtC,oBACD;;AAIL,OACE,gBACA,kBACA,kBAAkB,SAClB,CAAC,cAAc,gBAAgB,aAAa,EAC5C;IACA,MAAM,WACJ,cAAc,iBAAiB,eAAe,IAAI;AACpD,QAAI,QAAQ,KAAK;KACf,YAAY;KACZ,OAAO;KACP;KACA,YAAY;KACZ,UAAU,cAAc,SAAS,eAAe;KACjD,CAAC;;AAEJ,OAAI,kBAAkB,MAEpB,iBAAgB;;AAGlB,OAAI,CAAC,cAAc,UAAU,eAAgB,EAAE;AAC7C,QAAI,aAAa;AACjB,WAAO,OAAO,GAAG,IAAI;;GAIvB,IAAI,mBAAmB,eACrB,QACA,gBACA,eACA,sBAAsB,wBAAwB,aAC9C,cACD,CAAC,QACC,MAEC,sBACA,cAAc,aAAa,EAAE,SAAS,aAAa,CACtD;GACD,IAAI,2BAA2B;AAC/B,OAAI,OAAO,sBAAsB;AAC/B,QAAI,OAAO,yBAAyB;AAClC,SAAI,0BAA0B,OAAO;AACrC,SAAI,2BAA2B,OAAO;AACtC,SAAI,cAAc,QAAQ,OAAO,wBAAwB,EAAE;MACzD,IAAI;AACJ,UAAI,cAAc,UAAU,OAAO,wBAAwB,CAEzD,yBAAwB,iBAAiB,QACtC,YACC,CAAC,cAAc,cACb,OAAO,yBACP,QAAQ,QACT,CACJ;UAGD,yBAAwB,iBAAiB,QAAQ,YAC/C,cAAc,QACZ,QAAQ,SACR,OAAO,wBACR,CACF;AAGH,UAAI,sBAAsB,WAAW,KAAK,iBAAiB,OACzD,QAAO,KACL;OACE,UAAU;OACV,yBAAyB,OAAO;OAChC,aAAa,OAAO;OACrB,EACD,8CACD;AAGH,yBAAmB;WAEnB,QAAO,KACL;MACE,yBAAyB,OAAO;MAChC,aAAa,OAAO;MACrB,EACD,uCACD;;AAGL,QAAI,OAAO,6BAA6B,UAEtC,QAAO,KAAK,MACV,8CAA8C,OAAO,cACtD;SACI;AAEL,YAAO,KAAK,MACV,6CAA6C,OAAO,cACrD;AACD,wBAAmB,iBAAiB,MAAM,GAAG,EAAE;AAC/C,gCAA2B;;;GAG/B,MAAM,UAAqC,EAAE;AAC7C,QAAK,MAAM,WAAW,kBAAkB;IACtC,MAAM,SAAS,UACb,QAEA,gBACA,QAAQ,SACR,cACD;;AAED,QAAI,SAAS,OAAO,CAClB,KAAI,QAAQ,QACV,SAAQ,QAAQ,KAAK,QAAQ;QAE7B,SAAQ,UAAU,CAAC,QAAQ;;GAIjC,MAAM,kBAAkB,iBAAiB,QAAQ,IAAI;AACrD,QAAK,MAAM,CAAC,QAAQ,aAAa,OAAO,QAAQ,QAAQ,EAAE;IAIxD,MAAM,EAAE,SAAS,eAAe,oBAC9B,MAAM,qBACJ,iBACA,eACA,QAPmB,SAAS,MAAM,IAAI,OACxC,cAAc,aAAa,GAAG,SAAS,GAAG,QAAQ,CACnD,CAOE;;AAEH,QAAI,CAAC,QACH,QAAO,OAAO,GAAG,IAAI;IAEvB,MAAM,aAAa,QAAQ;IAC3B,MAAM,SAAS,MAAM,eACnB,QACA,cACA,eAGA,eACA,OAAO,iBAAiB,gBACxB,QACA,QACD;AAGD,QACE,OAAO,YAAY,WACnB,cAAc,WAAW,UAAU,IACnC,OAAO,UAAU,WAAW,UAAU,IACtC,OAAO,kBAAkB,OAAO,UAEhC,QAAO,aAAa;AAGtB,QAAI,cACF,QAAO,gBAAgB;AAGzB,QAAI,gBAAgB,OAClB,QAAO,kBAAkB,gBAAgB,KAAK,MAAM,EAAE,QAAQ;AAEhE,QAAI,CAAC,OAAO,YAAY,OAAO,aAAa,cAAc;AACxD,SAAI,CAAC,OAAO,cACV;;AAGF,SAAI,kBAAkB,QAAQ;AAC5B,aAAO,MACL;OACE,aAAa,OAAO;OACpB,cAAc,OAAO;OACrB,eAAe,OAAO;OACtB;OACD,EACD,6CACD;AACD;;AAEF,SAAI,kBAAkB;;AAExB,QAAI,oBACF,SAAS,OAAO,SAAS,IACzB,cAAc,gBAAgB,OAAO,SAAS;;AAEhD,QACE,OAAO,eAAA,YACP,OAAO,eAAe,cACtB,OAAO,YACP,cAAc,UAAU,OAAO,SAAS,IACxC,gBACA,cAAc,UAAU,aAAa,IACrC,cAAc,cAAc,cAAc,OAAO,SAAS,CAE1D,QAAO,KACL;KACE,aAAa,OAAO;KACpB,cAAc,OAAO;KACrB;KACA,gBAAgB,OAAO;KACvB;KACA,mBAAmB,YAAY;KAC/B,yBAAyB,iBAAiB,KAAK,MAAM,EAAE,QAAQ;KAC/D;KACD,EACD,0CACD;QAED,KAAI,QAAQ,KAAK,OAAO;;aAGnB,cAAc;AACvB,UAAO,MACL,cAAc,OAAO,YAAY,qCAAqC,aAAa,eAAe,OAAO,WAAW,GACrH;AAED,OAAI,CAAC,OAAO,cAAc,CAAC,OAAO,eAAe;AAC/C,WAAO,MACL,YAAY,OAAO,YAAY,yCAChC;AACD,QAAI,aAAa;SAEjB,QAAO,IAAI;QAGb,KAAI,aAAa;AAGnB,MAAI,6BAA6B,OAAO,CACtC,6BAA4B,IAAI,SAAS,OAAO;WACvC,YAAY,mBAAmB,WAAW,mBACnD,KAAI,QAAQ,KAAK;GACf,YAAY;GACZ,SAAS,WAAW;GACpB,UAAU,WAAW;GACtB,CAAC;AAIJ,MAAI,OAAO,eAAe;AACxB,OAAI,iBAAiB,OAAO;AAC5B,OAAI,eAAe,OAAO;aACjB,gBAAgB,cAAc,gBAAgB,aAAa,CACpE,KAAI,eAAe,aAAa,QAAQ,MAAM,MAAM,EAAE,GAAG;AAI3D,MACE,SAAS,OAAO,aAAa,IAC7B,SAAS,aAAa,IACtB,SAAS,OAAO,qBAAqB,CAErC,MAAK,MAAM,UAAU,IAAI,SAAS;AAChC,UAAO,MAAM,EAAE,QAAQ,CAAC;;AAExB,OAAI,SAAS,OAAO,aAAa,IAAI,SAAS,OAAO,SAAS,CAC5D,QAAO,WAAW,OAAO,aAAa,QACpC,cACA,OAAO,SACR;;AAMP,MAAI,gBAAgB,OAAO,WAAW,EAAE;AACtC,OAAI,OAAO;QACL,CAAC,OAAO,oBAAoB,CAAC,IAAI,QAAQ,OAE3C,KAAI,QAAQ,KAAK;KACf,YAAY;KACZ,UAAU,OAAO;KAClB,CAAC;cAEK,OAAO;;QAGZ,CAAC,IAAI,QAAQ,MAAM,WAAW,OAAO,eAAe,MAAM,CAE5D,KAAI,QAAQ,KAAK;KACf,aAAa;KACb,YAAY;KACZ,UAAU,OAAO;KAClB,CAAC;;AAGN,OAAI,cAAc,gBAAgB;AAEhC,QAAI,iBAAiB,cAAc,eAAe,IAAI,eAAgB;AACtE,SAAK,MAAM,UAAU,IAAI,QAEvB,QAAO,aAAa,cAAc,eAAe,OAAO,WAAY;;AAGxE,OAAI,IAAI,YACN,QAAO,eAAe,CAAC,IAAI,YAAY;AAIzC,QAAK,MAAM,UAAU,IAAI,SAAS;AAChC,QAAI,OAAO,eAAe,QAAQ,OAAO,eAAe;KACtD,MAAM,kBAAwC;MAC5C,GAAG;MACH,aAAa,OAAO,eAAe,IAAI;MACvC,YAAY,IAAI;MACjB;AAGD,SAAI,OAAO,eAAe,cACxB,QAAO,gBAAgB;AAIzB,SACE,OAAO,eAAe,iBACtB,OAAO,YAAY,OAAO,aAC1B;AACA,aAAO,gBAAgB;AACvB,aAAO,gBAAgB;AACvB,sBAAgB,kBAAkB,OAAO;;AAM3C,SACE,OAAO,eAAe,iBACtB,OAAO,YAAY,OAAO,YAE1B,QAAO,cAAc,YAAY,SAAS,MACvC,MAAM,EAAE,YAAY,OAAO,SAC7B,EAAE;AAGL,YAAO,cAAc,MAAM,UACzB,iBACA,OAAO,SACR;AAID,SAAI,OAAO,cAAc,MAAM;AAC7B,aAAO,MACL;OACE,aAAa,OAAO;OACpB,cAAc,OAAO;OACrB,YAAY,OAAO;OACnB,UAAU,OAAO;OACjB,QAAQ,OAAO;OAChB,EACD,6CACD;AAID,UAAI,OAAO,cACT,KAAI,SAAS,KAAK;OAChB,SAAS,8CAA8C,OAAO,WAAW,WAAW,OAAO,YAAY;OACvG,OAAO,OAAO;OACf,CAAC;;UAIN,QAAO,OAAO;AAEhB,QAAI,OAAO,YAAY;KACrB,MAAM,cAAc,YAAY,UAAU,MACvC,YAAY,QAAQ,YAAY,OAAO,WACzC,EAAE;AACH,SAAI,eAAe,gBAAgB,IAAI,YACrC,QAAO,cAAc;;;;AAM7B,MAAI,IAAI,QAAQ,OACd,QAAO,IAAI;AAGb,MAAI,UAAU,IAAI,QACf,QACE,WAAW,OAAO,aAAa,QAAQ,OAAO,iBAAiB,KACjE,CACA,QAAQ,WAAW,OAAO,cAAc,KAAK,CAC7C,QACE,WACE,SAAS,OAAO,QAAQ,IAAI,OAAO,YAAY,OAAO,eACvD,OAAO,kBAAkB,QACzB,OAAO,aAAa,OAAO,gBAC3B,OAAO,qBAAqB,QAE3B,OAAO,aACN,CAAC,OAAO,UAAU,WAAW,OAAO,cAAe,CACxD;AAEH,MAAI,OAAO,kBAAkB,gBAC3B,KAAI,UAAU,IAAI,QAAQ,QACvB,WAAW,OAAO,aAAa,OAAO,aACxC;AAGH,MAAI,OAAO,eAAe,OAAO,UAC/B,KAAI,UAAU,IAAI,QAAQ,QACvB,WACC,OAAO,eAAe,cAAc,IAAI,QAAQ,WAAW,EAC9D;EAGH,MAAM,UACJ,IAAI,QAAQ,SAAS,IACjB,YAAY,SAAS,MAClB,MAAM,EAAE,YAAY,IAAI,QAAQ,GAAG,SACrC,GACD;AAEN,MAAI,SAAS,kBAAkB;AAC7B,OAAI,mBAAmB,QAAQ;AAC/B,OAAI,eAAe,QAAQ;;UAEtB,iCAAgC;AACvC,MAAI,eAAe,kBACjB,QAAO,OAAO,IAAI,IAAI;AAGxB,MAAI,eAAe,SAAS,IAAI,YAAA,oBAC9B,QAAO,OAAO,IAAI,IAAI;AAGxB,SAAO,MACL;GACE,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,aAAa,OAAO;GACpB,kBAAkB,OAAO;GACzB,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,aAAa,OAAO;GACpB,YAAY,OAAO;GACnB,aAAa,OAAO;GACpB,sBAAsB,OAAO;GAC7B,0BAA0B,OAAO;GACjC;GACD,EACD,sBACD;AACD,MAAI,aAAa;;AAEnB,QAAO,OAAO,GAAG,IAAI"}
|
|
1
|
+
{"version":3,"file":"index.js","names":["allVersioning.get"],"sources":["../../../../../lib/workers/repository/process/lookup/index.ts"],"sourcesContent":["import { isNonEmptyString, isString, isUndefined } from '@sindresorhus/is';\nimport { mergeChildConfig } from '../../../../config/index.ts';\nimport type { ValidationMessage } from '../../../../config/types.ts';\nimport { CONFIG_VALIDATION } from '../../../../constants/error-messages.ts';\nimport { logger } from '../../../../logger/index.ts';\nimport {\n getDatasourceFor,\n getDefaultVersioning,\n} from '../../../../modules/datasource/common.ts';\nimport type {\n GetDigestInputConfig,\n Release,\n ReleaseResult,\n} from '../../../../modules/datasource/index.ts';\nimport {\n applyDatasourceFilters,\n getDigest,\n getRawPkgReleases,\n isGetPkgReleasesConfig,\n supportsDigests,\n} from '../../../../modules/datasource/index.ts';\nimport { postprocessRelease } from '../../../../modules/datasource/postprocess-release.ts';\nimport { getRangeStrategy } from '../../../../modules/manager/index.ts';\nimport { id as dockerVersioningId } from '../../../../modules/versioning/docker/index.ts';\nimport * as allVersioning from '../../../../modules/versioning/index.ts';\nimport { ExternalHostError } from '../../../../types/errors/external-host-error.ts';\nimport { assignKeys } from '../../../../util/assign-keys.ts';\nimport { getElapsedDays } from '../../../../util/date.ts';\nimport { applyPackageRules } from '../../../../util/package-rules/index.ts';\nimport { regEx } from '../../../../util/regex.ts';\nimport { Result } from '../../../../util/result.ts';\nimport type { Timestamp } from '../../../../util/timestamp.ts';\nimport { calculateAbandonment } from './abandonment.ts';\nimport { getBucket } from './bucket.ts';\nimport { getCurrentVersion } from './current.ts';\nimport { filterVersions } from './filter.ts';\nimport { filterInternalChecks } from './filter-checks.ts';\nimport { generateUpdate } from './generate.ts';\nimport { getRollbackUpdate } from './rollback.ts';\nimport { calculateMostRecentTimestamp } from './timestamps.ts';\nimport type { LookupUpdateConfig, UpdateResult } from './types.ts';\nimport {\n addReplacementUpdateIfValid,\n isReplacementRulesConfigured,\n} from './utils.ts';\n\nasync function getTimestamp(\n config: LookupUpdateConfig,\n versions: Release[],\n version: string,\n versioningApi: allVersioning.VersioningApi,\n): Promise<Timestamp | null | undefined> {\n const currentRelease = versions.find(\n (v) =>\n versioningApi.isValid(v.version) &&\n versioningApi.equals(v.version, version),\n );\n\n if (!currentRelease) {\n return null;\n }\n\n if (currentRelease.releaseTimestamp) {\n return currentRelease.releaseTimestamp;\n }\n\n const remoteRelease = await postprocessRelease(config, currentRelease);\n return remoteRelease?.releaseTimestamp;\n}\n\nexport async function lookupUpdates(\n inconfig: LookupUpdateConfig,\n): Promise<Result<UpdateResult, Error>> {\n let config: LookupUpdateConfig = { ...inconfig };\n config.versioning ??= getDefaultVersioning(config.datasource);\n\n const versioningApi = allVersioning.get(config.versioning);\n\n let dependency: ReleaseResult | null = null;\n const res: UpdateResult = {\n versioning: config.versioning,\n updates: [],\n warnings: [],\n };\n\n try {\n logger.trace(\n {\n dependency: config.packageName,\n currentValue: config.currentValue,\n },\n 'lookupUpdates',\n );\n if (config.currentValue && !isString(config.currentValue)) {\n // If currentValue is not a string, then it's invalid\n // v8 ignore else -- TODO: add test #40625\n if (config.currentValue) {\n logger.debug(\n `Invalid currentValue for ${config.packageName}: ${JSON.stringify(config.currentValue)} (${typeof config.currentValue})`,\n );\n }\n res.skipReason = 'invalid-value';\n return Result.ok(res);\n }\n if (\n !isGetPkgReleasesConfig(config) ||\n !getDatasourceFor(config.datasource)\n ) {\n res.skipReason = 'invalid-config';\n return Result.ok(res);\n }\n let compareValue = config.currentValue;\n if (\n isString(config.currentValue) &&\n isString(config.versionCompatibility)\n ) {\n const versionCompatbilityRegEx = regEx(config.versionCompatibility);\n const regexMatch = versionCompatbilityRegEx.exec(config.currentValue);\n if (regexMatch?.groups) {\n logger.debug(\n {\n versionCompatibility: config.versionCompatibility,\n currentValue: config.currentValue,\n packageName: config.packageName,\n groups: regexMatch.groups,\n },\n 'version compatibility regex match',\n );\n config.currentCompatibility = regexMatch.groups.compatibility;\n compareValue = regexMatch.groups.version;\n } else {\n logger.debug(\n {\n versionCompatibility: config.versionCompatibility,\n currentValue: config.currentValue,\n packageName: config.packageName,\n },\n 'version compatibility regex mismatch',\n );\n }\n }\n\n const isValid =\n isString(compareValue) && versioningApi.isValid(compareValue);\n\n const unconstrainedValue =\n !!config.lockedVersion && isUndefined(config.currentValue);\n\n if (isValid || unconstrainedValue) {\n if (\n !config.updatePinnedDependencies &&\n // TODO #22198\n versioningApi.isSingleVersion(compareValue!)\n ) {\n res.skipReason = 'is-pinned';\n return Result.ok(res);\n }\n\n const { val: releaseResult, err: lookupError } = await getRawPkgReleases(\n config,\n )\n .transform((res) => calculateMostRecentTimestamp(versioningApi, res))\n .transform((res) => calculateAbandonment(res, config))\n .transform((res) => applyDatasourceFilters(res, config))\n .unwrap();\n\n if (lookupError instanceof Error) {\n throw lookupError;\n }\n\n if (lookupError) {\n // If dependency lookup fails then warn and return\n const warning: ValidationMessage = {\n topic: config.packageName,\n message: `Failed to look up ${config.datasource} package ${config.packageName}: ${lookupError}`,\n };\n logger.debug(\n {\n dependency: config.packageName,\n packageFile: config.packageFile,\n },\n warning.message,\n );\n // TODO: return warnings in own field\n res.warnings.push(warning);\n return Result.ok(res);\n }\n\n dependency = releaseResult;\n\n if (dependency.deprecationMessage) {\n logger.debug(\n `Found deprecationMessage for ${config.datasource} package ${config.packageName}`,\n );\n }\n\n assignKeys(res, dependency, [\n 'deprecationMessage',\n 'sourceUrl',\n 'registryUrl',\n 'sourceDirectory',\n 'homepage',\n 'changelogUrl',\n 'dependencyUrl',\n 'lookupName',\n 'packageScope',\n 'mostRecentTimestamp',\n 'isAbandoned',\n 'respectLatest',\n ]);\n\n const latestVersion = dependency.tags?.latest;\n // Filter out any results from datasource that don't comply with our versioning\n let allVersions = dependency.releases.filter((release) =>\n versioningApi.isVersion(release.version),\n );\n // istanbul ignore if\n if (allVersions.length === 0) {\n const message = `Found no results from datasource that look like a version`;\n logger.info(\n {\n dependency: config.packageName,\n result: dependency,\n },\n message,\n );\n if (!config.currentDigest) {\n return Result.ok(res);\n }\n }\n // Reapply package rules in case we missed something from sourceUrl\n config = await applyPackageRules(\n { ...config, sourceUrl: res.sourceUrl },\n 'source-url',\n );\n if (config.followTag) {\n const taggedVersion = dependency.tags?.[config.followTag];\n if (!taggedVersion) {\n res.warnings.push({\n topic: config.packageName,\n message: `Can't find version with tag ${config.followTag} for ${config.datasource} package ${config.packageName}`,\n });\n return Result.ok(res);\n }\n allVersions = allVersions.filter(\n (v) =>\n v.version === taggedVersion ||\n (v.version === compareValue &&\n versioningApi.isGreaterThan(taggedVersion, compareValue)),\n );\n }\n\n const inRangeOnlyStrategy = config.rangeStrategy === 'in-range-only';\n // Check that existing constraint can be satisfied\n const allSatisfyingVersions =\n (inRangeOnlyStrategy || config.rollbackPrs) && !unconstrainedValue\n ? allVersions.filter((v) =>\n // TODO #22198\n versioningApi.matches(v.version, compareValue!),\n )\n : allVersions;\n if (!allSatisfyingVersions.length) {\n logger.debug(\n `Found no satisfying versions with '${config.versioning}' versioning`,\n );\n }\n\n if (config.rollbackPrs && !allSatisfyingVersions.length) {\n const rollback = getRollbackUpdate(config, allVersions, versioningApi);\n // istanbul ignore if\n if (!rollback) {\n res.warnings.push({\n topic: config.packageName,\n // TODO: types (#22198)\n message: `Can't find version matching ${compareValue!} for ${\n config.datasource\n } package ${config.packageName}`,\n });\n return Result.ok(res);\n }\n res.updates.push(rollback);\n }\n let rangeStrategy = getRangeStrategy(config);\n\n // istanbul ignore next\n if (\n config.isVulnerabilityAlert &&\n rangeStrategy === 'update-lockfile' &&\n !config.lockedVersion\n ) {\n rangeStrategy = 'bump';\n }\n // unconstrained deps with lockedVersion\n if (\n config.isVulnerabilityAlert &&\n !config.currentValue &&\n config.lockedVersion\n ) {\n rangeStrategy = 'update-lockfile';\n }\n const nonDeprecatedVersions = dependency.releases\n .filter((release) => !release.isDeprecated)\n .map((release) => release.version);\n let currentVersion: string;\n if (rangeStrategy === 'update-lockfile') {\n currentVersion = config.lockedVersion!;\n } else if (allVersions.find((v) => v.version === compareValue)) {\n currentVersion = compareValue!;\n }\n // TODO #22198\n currentVersion ??=\n getCurrentVersion(\n compareValue!,\n config.lockedVersion!,\n versioningApi,\n rangeStrategy!,\n latestVersion!,\n nonDeprecatedVersions,\n ) ??\n getCurrentVersion(\n compareValue!,\n config.lockedVersion!,\n versioningApi,\n rangeStrategy!,\n latestVersion!,\n allVersions.map((v) => v.version),\n )!;\n\n if (!currentVersion) {\n // v8 ignore else -- TODO: add test #40625\n if (!config.lockedVersion) {\n logger.debug(\n `No currentVersion or lockedVersion found for ${config.packageName}`,\n );\n res.skipReason = 'invalid-value';\n }\n return Result.ok(res);\n }\n\n res.currentVersion = currentVersion!;\n const currentVersionTimestamp = await getTimestamp(\n config,\n allVersions,\n currentVersion,\n versioningApi,\n );\n\n if (isNonEmptyString(currentVersionTimestamp)) {\n res.currentVersionTimestamp = currentVersionTimestamp;\n res.currentVersionAgeInDays = getElapsedDays(currentVersionTimestamp);\n\n if (\n config.packageRules?.some((rule) =>\n isNonEmptyString(rule.matchCurrentAge),\n )\n ) {\n // Reapply package rules to check matches for matchCurrentAge\n config = await applyPackageRules(\n { ...config, currentVersionTimestamp },\n 'current-timestamp',\n );\n }\n }\n\n if (\n compareValue &&\n currentVersion &&\n rangeStrategy === 'pin' &&\n !versioningApi.isSingleVersion(compareValue)\n ) {\n const newValue =\n versioningApi.getPinnedValue?.(currentVersion) ?? currentVersion;\n res.updates.push({\n updateType: 'pin',\n isPin: true,\n newValue,\n newVersion: currentVersion,\n newMajor: versioningApi.getMajor(currentVersion)!,\n });\n }\n if (rangeStrategy === 'pin') {\n // Fall back to replace once pinning logic is done\n rangeStrategy = 'replace';\n }\n // istanbul ignore if\n if (!versioningApi.isVersion(currentVersion!)) {\n res.skipReason = 'invalid-version';\n return Result.ok(res);\n }\n // Filter latest, unstable, etc\n // TODO #22198\n let filteredReleases = filterVersions(\n config,\n currentVersion!,\n latestVersion!,\n inRangeOnlyStrategy ? allSatisfyingVersions : allVersions,\n versioningApi,\n ).filter(\n (v) =>\n // Leave only compatible versions\n unconstrainedValue ||\n versioningApi.isCompatible(v.version, compareValue),\n );\n let shrinkedViaVulnerability = false;\n if (config.isVulnerabilityAlert) {\n if (config.vulnerabilityFixVersion) {\n res.vulnerabilityFixVersion = config.vulnerabilityFixVersion;\n res.vulnerabilityFixStrategy = config.vulnerabilityFixStrategy;\n if (versioningApi.isValid(config.vulnerabilityFixVersion)) {\n let fixedFilteredReleases;\n if (versioningApi.isVersion(config.vulnerabilityFixVersion)) {\n // Retain only releases greater than or equal to the fix version\n fixedFilteredReleases = filteredReleases.filter(\n (release) =>\n !versioningApi.isGreaterThan(\n config.vulnerabilityFixVersion!,\n release.version,\n ),\n );\n } else {\n // Retain only releases which max the fix constraint\n fixedFilteredReleases = filteredReleases.filter((release) =>\n versioningApi.matches(\n release.version,\n config.vulnerabilityFixVersion!,\n ),\n );\n }\n // Warn if this filtering results caused zero releases\n if (fixedFilteredReleases.length === 0 && filteredReleases.length) {\n logger.warn(\n {\n releases: filteredReleases,\n vulnerabilityFixVersion: config.vulnerabilityFixVersion,\n packageName: config.packageName,\n },\n 'No releases satisfy vulnerabilityFixVersion',\n );\n }\n // Use the additionally filtered releases\n filteredReleases = fixedFilteredReleases;\n } else {\n logger.warn(\n {\n vulnerabilityFixVersion: config.vulnerabilityFixVersion,\n packageName: config.packageName,\n },\n 'vulnerabilityFixVersion is not valid',\n );\n }\n }\n if (config.vulnerabilityFixStrategy === 'highest') {\n // Don't shrink the list of releases - let Renovate use its normal logic\n logger.once.debug(\n `Using vulnerabilityFixStrategy=highest for ${config.packageName}`,\n );\n } else {\n // Shrink the list of releases to the lowest fixed version\n logger.once.debug(\n `Using vulnerabilityFixStrategy=lowest for ${config.packageName}`,\n );\n filteredReleases = filteredReleases.slice(0, 1);\n shrinkedViaVulnerability = true;\n }\n }\n const buckets: Record<string, [Release]> = {};\n for (const release of filteredReleases) {\n const bucket = getBucket(\n config,\n // TODO #22198\n currentVersion!,\n release.version,\n versioningApi,\n );\n // v8 ignore else -- TODO: add test #40625\n if (isString(bucket)) {\n if (buckets[bucket]) {\n buckets[bucket].push(release);\n } else {\n buckets[bucket] = [release];\n }\n }\n }\n const depResultConfig = mergeChildConfig(config, res);\n for (const [bucket, releases] of Object.entries(buckets)) {\n const sortedReleases = releases.sort((r1, r2) =>\n versioningApi.sortVersions(r1.version, r2.version),\n );\n const allReleaseVersions = releases.map((r) => r.version);\n const { release, pendingChecks, pendingReleases } =\n await filterInternalChecks(\n depResultConfig,\n versioningApi,\n bucket,\n sortedReleases,\n );\n // istanbul ignore next\n if (!release) {\n return Result.ok(res);\n }\n const newVersion = release.version;\n const update = await generateUpdate(\n config,\n compareValue,\n versioningApi,\n // TODO #22198\n\n rangeStrategy!,\n config.lockedVersion ?? currentVersion!,\n bucket,\n release,\n allReleaseVersions,\n );\n\n // #29034\n if (\n config.manager === 'gomod' &&\n compareValue?.startsWith('v0.0.0-') &&\n update.newValue?.startsWith('v0.0.0-') &&\n config.currentDigest !== update.newDigest\n ) {\n update.updateType = 'digest';\n }\n\n if (pendingChecks) {\n update.pendingChecks = pendingChecks;\n }\n\n if (pendingReleases.length) {\n update.pendingVersions = pendingReleases.map((r) => r.version);\n }\n if (!update.newValue || update.newValue === compareValue) {\n if (!config.lockedVersion) {\n continue;\n }\n // istanbul ignore if\n if (rangeStrategy === 'bump') {\n logger.trace(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n lockedVersion: config.lockedVersion,\n newVersion,\n },\n 'Skipping bump because newValue is the same',\n );\n continue;\n }\n res.isSingleVersion = true;\n }\n res.isSingleVersion ??=\n isString(update.newValue) &&\n versioningApi.isSingleVersion(update.newValue);\n // istanbul ignore if\n if (\n config.versioning === dockerVersioningId &&\n update.updateType !== 'rollback' &&\n update.newValue &&\n versioningApi.isVersion(update.newValue) &&\n compareValue &&\n versioningApi.isVersion(compareValue) &&\n versioningApi.isGreaterThan(compareValue, update.newValue)\n ) {\n logger.warn(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n compareValue,\n currentVersion: config.currentVersion,\n update,\n allVersionsLength: allVersions.length,\n filteredReleaseVersions: filteredReleases.map((r) => r.version),\n shrinkedViaVulnerability,\n },\n 'Unexpected downgrade detected: skipping',\n );\n } else {\n res.updates.push(update);\n }\n }\n } else if (compareValue) {\n logger.debug(\n `Dependency ${config.packageName} has unsupported/unversioned value ${compareValue} (versioning=${config.versioning})`,\n );\n\n if (!config.pinDigests && !config.currentDigest) {\n logger.debug(\n `Skipping ${config.packageName} because no currentDigest or pinDigests`,\n );\n res.skipReason = 'invalid-value';\n } else {\n delete res.skipReason;\n }\n } else {\n res.skipReason = 'invalid-value';\n }\n\n if (isReplacementRulesConfigured(config)) {\n addReplacementUpdateIfValid(res.updates, config);\n } else if (dependency?.replacementName && dependency.replacementVersion) {\n res.updates.push({\n updateType: 'replacement',\n newName: dependency.replacementName,\n newValue: dependency.replacementVersion,\n });\n }\n\n // Record if the dep is fixed to a version\n if (config.lockedVersion) {\n res.currentVersion = config.lockedVersion;\n res.fixedVersion = config.lockedVersion;\n } else if (compareValue && versioningApi.isSingleVersion(compareValue)) {\n res.fixedVersion = compareValue.replace(regEx(/^=+/), '');\n }\n\n // massage versionCompatibility\n if (\n isString(config.currentValue) &&\n isString(compareValue) &&\n isString(config.versionCompatibility)\n ) {\n for (const update of res.updates) {\n logger.debug({ update });\n // v8 ignore else -- TODO: add test #40625\n if (isString(config.currentValue) && isString(update.newValue)) {\n update.newValue = config.currentValue.replace(\n compareValue,\n update.newValue,\n );\n }\n }\n }\n\n // Add digests if necessary\n if (supportsDigests(config.datasource)) {\n if (config.currentDigest) {\n if (!config.digestOneAndOnly || !res.updates.length) {\n // digest update\n res.updates.push({\n updateType: 'digest',\n newValue: config.currentValue,\n });\n }\n } else if (config.pinDigests) {\n // Create a pin only if one doesn't already exists\n // v8 ignore else -- TODO: add test #40625\n if (!res.updates.some((update) => update.updateType === 'pin')) {\n // pin digest\n res.updates.push({\n isPinDigest: true,\n updateType: 'pinDigest',\n newValue: config.currentValue,\n });\n }\n }\n if (versioningApi.valueToVersion) {\n // TODO #22198\n res.currentVersion = versioningApi.valueToVersion(res.currentVersion!);\n for (const update of res.updates) {\n // TODO #22198\n update.newVersion = versioningApi.valueToVersion(update.newVersion!);\n }\n }\n if (res.registryUrl) {\n config.registryUrls = [res.registryUrl];\n }\n\n // update digest for all\n for (const update of res.updates) {\n if (config.pinDigests === true || config.currentDigest) {\n const getDigestConfig: GetDigestInputConfig = {\n ...config,\n registryUrl: update.registryUrl ?? res.registryUrl,\n lookupName: res.lookupName,\n };\n\n // #20304 only pass it for replacement updates, otherwise we get wrong or invalid digest\n if (update.updateType !== 'replacement') {\n delete getDigestConfig.replacementName;\n }\n\n // #20304 don't use lookupName and currentDigest when we replace image name\n if (\n update.updateType === 'replacement' &&\n update.newName !== config.packageName\n ) {\n delete getDigestConfig.lookupName;\n delete getDigestConfig.currentDigest;\n getDigestConfig.replacementName = update.newName;\n }\n\n // Don't use current releases if replacement changes name, otherwise we use the wrong new digest.\n // This happens on datasources which return the digest in release info like `github-tags`.\n // We can still use it when only version is changing.\n if (\n update.updateType !== 'replacement' ||\n update.newName === config.packageName\n ) {\n update.newDigest ??= dependency?.releases.find(\n (r) => r.version === update.newValue,\n )?.newDigest;\n }\n\n update.newDigest ??= await getDigest(\n getDigestConfig,\n update.newValue,\n );\n\n // If the digest could not be determined, report this as otherwise the\n // update will be omitted later on without notice.\n if (update.newDigest === null) {\n logger.debug(\n {\n packageName: config.packageName,\n currentValue: config.currentValue,\n datasource: config.datasource,\n newValue: update.newValue,\n bucket: update.bucket,\n },\n 'Could not determine new digest for update.',\n );\n\n // Only report a warning if there is a current digest.\n // Context: https://github.com/renovatebot/renovate/pull/20175#discussion_r1102615059.\n if (config.currentDigest) {\n res.warnings.push({\n message: `Could not determine new digest for update (${config.datasource} package ${config.packageName})`,\n topic: config.packageName,\n });\n }\n }\n } else {\n delete update.newDigest;\n }\n if (update.newVersion) {\n const registryUrl = dependency?.releases?.find(\n (release) => release.version === update.newVersion,\n )?.registryUrl;\n if (registryUrl && registryUrl !== res.registryUrl) {\n update.registryUrl = registryUrl;\n }\n }\n }\n }\n\n if (res.updates.length) {\n delete res.skipReason;\n }\n // Strip out any non-changed ones\n res.updates = res.updates\n .filter(\n (update) => update.newValue !== null || config.currentValue === null,\n )\n .filter((update) => update.newDigest !== null)\n .filter(\n (update) =>\n (isString(update.newName) && update.newName !== config.packageName) ||\n update.isReplacement === true ||\n update.newValue !== config.currentValue ||\n update.isLockfileUpdate === true ||\n // TODO #22198\n (update.newDigest &&\n !update.newDigest.startsWith(config.currentDigest!)),\n );\n // If range strategy specified in config is 'in-range-only', also strip out updates where currentValue !== newValue\n if (config.rangeStrategy === 'in-range-only') {\n res.updates = res.updates.filter(\n (update) => update.newValue === config.currentValue,\n );\n }\n // Handle a weird edge case involving followTag and fallbacks\n if (config.rollbackPrs && config.followTag) {\n res.updates = res.updates.filter(\n (update) =>\n update.updateType !== 'rollback' || res.updates.length === 1,\n );\n }\n\n const release =\n res.updates.length > 0\n ? dependency?.releases.find(\n (r) => r.version === res.updates[0].newValue,\n )\n : null;\n\n if (release?.changelogContent) {\n res.changelogContent = release.changelogContent;\n res.changelogUrl = release.changelogUrl;\n }\n } catch (err) /* istanbul ignore next */ {\n if (err instanceof ExternalHostError) {\n return Result.err(err);\n }\n\n if (err instanceof Error && err.message === CONFIG_VALIDATION) {\n return Result.err(err);\n }\n\n logger.error(\n {\n currentDigest: config.currentDigest,\n currentValue: config.currentValue,\n datasource: config.datasource,\n packageName: config.packageName,\n digestOneAndOnly: config.digestOneAndOnly,\n followTag: config.followTag,\n lockedVersion: config.lockedVersion,\n packageFile: config.packageFile,\n pinDigests: config.pinDigests,\n rollbackPrs: config.rollbackPrs,\n isVulnerabilityAlert: config.isVulnerabilityAlert,\n updatePinnedDependencies: config.updatePinnedDependencies,\n err,\n },\n 'lookupUpdates error',\n );\n res.skipReason = 'internal-error';\n }\n return Result.ok(res);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CA,eAAe,aACb,QACA,UACA,SACA,eACuC;CACvC,MAAM,iBAAiB,SAAS,MAC7B,MACC,cAAc,QAAQ,EAAE,QAAQ,IAChC,cAAc,OAAO,EAAE,SAAS,QAAQ,CAC3C;AAED,KAAI,CAAC,eACH,QAAO;AAGT,KAAI,eAAe,iBACjB,QAAO,eAAe;AAIxB,SADsB,MAAM,mBAAmB,QAAQ,eAAe,GAChD;;AAGxB,eAAsB,cACpB,UACsC;CACtC,IAAI,SAA6B,EAAE,GAAG,UAAU;AAChD,QAAO,eAAe,qBAAqB,OAAO,WAAW;CAE7D,MAAM,gBAAgBA,IAAkB,OAAO,WAAW;CAE1D,IAAI,aAAmC;CACvC,MAAM,MAAoB;EACxB,YAAY,OAAO;EACnB,SAAS,EAAE;EACX,UAAU,EAAE;EACb;AAED,KAAI;AACF,SAAO,MACL;GACE,YAAY,OAAO;GACnB,cAAc,OAAO;GACtB,EACD,gBACD;AACD,MAAI,OAAO,gBAAgB,CAAC,SAAS,OAAO,aAAa,EAAE;;AAGzD,OAAI,OAAO,aACT,QAAO,MACL,4BAA4B,OAAO,YAAY,IAAI,KAAK,UAAU,OAAO,aAAa,CAAC,IAAI,OAAO,OAAO,aAAa,GACvH;AAEH,OAAI,aAAa;AACjB,UAAO,OAAO,GAAG,IAAI;;AAEvB,MACE,CAAC,uBAAuB,OAAO,IAC/B,CAAC,iBAAiB,OAAO,WAAW,EACpC;AACA,OAAI,aAAa;AACjB,UAAO,OAAO,GAAG,IAAI;;EAEvB,IAAI,eAAe,OAAO;AAC1B,MACE,SAAS,OAAO,aAAa,IAC7B,SAAS,OAAO,qBAAqB,EACrC;GAEA,MAAM,aAD2B,MAAM,OAAO,qBAAqB,CACvB,KAAK,OAAO,aAAa;AACrE,OAAI,YAAY,QAAQ;AACtB,WAAO,MACL;KACE,sBAAsB,OAAO;KAC7B,cAAc,OAAO;KACrB,aAAa,OAAO;KACpB,QAAQ,WAAW;KACpB,EACD,oCACD;AACD,WAAO,uBAAuB,WAAW,OAAO;AAChD,mBAAe,WAAW,OAAO;SAEjC,QAAO,MACL;IACE,sBAAsB,OAAO;IAC7B,cAAc,OAAO;IACrB,aAAa,OAAO;IACrB,EACD,uCACD;;EAIL,MAAM,UACJ,SAAS,aAAa,IAAI,cAAc,QAAQ,aAAa;EAE/D,MAAM,qBACJ,CAAC,CAAC,OAAO,iBAAiB,YAAY,OAAO,aAAa;AAE5D,MAAI,WAAW,oBAAoB;AACjC,OACE,CAAC,OAAO,4BAER,cAAc,gBAAgB,aAAc,EAC5C;AACA,QAAI,aAAa;AACjB,WAAO,OAAO,GAAG,IAAI;;GAGvB,MAAM,EAAE,KAAK,eAAe,KAAK,gBAAgB,MAAM,kBACrD,OACD,CACE,WAAW,QAAQ,6BAA6B,eAAe,IAAI,CAAC,CACpE,WAAW,QAAQ,qBAAqB,KAAK,OAAO,CAAC,CACrD,WAAW,QAAQ,uBAAuB,KAAK,OAAO,CAAC,CACvD,QAAQ;AAEX,OAAI,uBAAuB,MACzB,OAAM;AAGR,OAAI,aAAa;IAEf,MAAM,UAA6B;KACjC,OAAO,OAAO;KACd,SAAS,qBAAqB,OAAO,WAAW,WAAW,OAAO,YAAY,IAAI;KACnF;AACD,WAAO,MACL;KACE,YAAY,OAAO;KACnB,aAAa,OAAO;KACrB,EACD,QAAQ,QACT;AAED,QAAI,SAAS,KAAK,QAAQ;AAC1B,WAAO,OAAO,GAAG,IAAI;;AAGvB,gBAAa;AAEb,OAAI,WAAW,mBACb,QAAO,MACL,gCAAgC,OAAO,WAAW,WAAW,OAAO,cACrE;AAGH,cAAW,KAAK,YAAY;IAC1B;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACD,CAAC;GAEF,MAAM,gBAAgB,WAAW,MAAM;GAEvC,IAAI,cAAc,WAAW,SAAS,QAAQ,YAC5C,cAAc,UAAU,QAAQ,QAAQ,CACzC;;AAED,OAAI,YAAY,WAAW,GAAG;AAE5B,WAAO,KACL;KACE,YAAY,OAAO;KACnB,QAAQ;KACT,EALa,4DAOf;AACD,QAAI,CAAC,OAAO,cACV,QAAO,OAAO,GAAG,IAAI;;AAIzB,YAAS,MAAM,kBACb;IAAE,GAAG;IAAQ,WAAW,IAAI;IAAW,EACvC,aACD;AACD,OAAI,OAAO,WAAW;IACpB,MAAM,gBAAgB,WAAW,OAAO,OAAO;AAC/C,QAAI,CAAC,eAAe;AAClB,SAAI,SAAS,KAAK;MAChB,OAAO,OAAO;MACd,SAAS,+BAA+B,OAAO,UAAU,OAAO,OAAO,WAAW,WAAW,OAAO;MACrG,CAAC;AACF,YAAO,OAAO,GAAG,IAAI;;AAEvB,kBAAc,YAAY,QACvB,MACC,EAAE,YAAY,iBACb,EAAE,YAAY,gBACb,cAAc,cAAc,eAAe,aAAa,CAC7D;;GAGH,MAAM,sBAAsB,OAAO,kBAAkB;GAErD,MAAM,yBACH,uBAAuB,OAAO,gBAAgB,CAAC,qBAC5C,YAAY,QAAQ,MAElB,cAAc,QAAQ,EAAE,SAAS,aAAc,CAChD,GACD;AACN,OAAI,CAAC,sBAAsB,OACzB,QAAO,MACL,sCAAsC,OAAO,WAAW,cACzD;AAGH,OAAI,OAAO,eAAe,CAAC,sBAAsB,QAAQ;IACvD,MAAM,WAAW,kBAAkB,QAAQ,aAAa,cAAc;;AAEtE,QAAI,CAAC,UAAU;AACb,SAAI,SAAS,KAAK;MAChB,OAAO,OAAO;MAEd,SAAS,+BAA+B,aAAc,OACpD,OAAO,WACR,WAAW,OAAO;MACpB,CAAC;AACF,YAAO,OAAO,GAAG,IAAI;;AAEvB,QAAI,QAAQ,KAAK,SAAS;;GAE5B,IAAI,gBAAgB,iBAAiB,OAAO;;AAG5C,OACE,OAAO,wBACP,kBAAkB,qBAClB,CAAC,OAAO,cAER,iBAAgB;AAGlB,OACE,OAAO,wBACP,CAAC,OAAO,gBACR,OAAO,cAEP,iBAAgB;GAElB,MAAM,wBAAwB,WAAW,SACtC,QAAQ,YAAY,CAAC,QAAQ,aAAa,CAC1C,KAAK,YAAY,QAAQ,QAAQ;GACpC,IAAI;AACJ,OAAI,kBAAkB,kBACpB,kBAAiB,OAAO;YACf,YAAY,MAAM,MAAM,EAAE,YAAY,aAAa,CAC5D,kBAAiB;AAGnB,sBACE,kBACE,cACA,OAAO,eACP,eACA,eACA,eACA,sBACD,IACD,kBACE,cACA,OAAO,eACP,eACA,eACA,eACA,YAAY,KAAK,MAAM,EAAE,QAAQ,CAClC;AAEH,OAAI,CAAC,gBAAgB;;AAEnB,QAAI,CAAC,OAAO,eAAe;AACzB,YAAO,MACL,gDAAgD,OAAO,cACxD;AACD,SAAI,aAAa;;AAEnB,WAAO,OAAO,GAAG,IAAI;;AAGvB,OAAI,iBAAiB;GACrB,MAAM,0BAA0B,MAAM,aACpC,QACA,aACA,gBACA,cACD;AAED,OAAI,iBAAiB,wBAAwB,EAAE;AAC7C,QAAI,0BAA0B;AAC9B,QAAI,0BAA0B,eAAe,wBAAwB;AAErE,QACE,OAAO,cAAc,MAAM,SACzB,iBAAiB,KAAK,gBAAgB,CACvC,CAGD,UAAS,MAAM,kBACb;KAAE,GAAG;KAAQ;KAAyB,EACtC,oBACD;;AAIL,OACE,gBACA,kBACA,kBAAkB,SAClB,CAAC,cAAc,gBAAgB,aAAa,EAC5C;IACA,MAAM,WACJ,cAAc,iBAAiB,eAAe,IAAI;AACpD,QAAI,QAAQ,KAAK;KACf,YAAY;KACZ,OAAO;KACP;KACA,YAAY;KACZ,UAAU,cAAc,SAAS,eAAe;KACjD,CAAC;;AAEJ,OAAI,kBAAkB,MAEpB,iBAAgB;;AAGlB,OAAI,CAAC,cAAc,UAAU,eAAgB,EAAE;AAC7C,QAAI,aAAa;AACjB,WAAO,OAAO,GAAG,IAAI;;GAIvB,IAAI,mBAAmB,eACrB,QACA,gBACA,eACA,sBAAsB,wBAAwB,aAC9C,cACD,CAAC,QACC,MAEC,sBACA,cAAc,aAAa,EAAE,SAAS,aAAa,CACtD;GACD,IAAI,2BAA2B;AAC/B,OAAI,OAAO,sBAAsB;AAC/B,QAAI,OAAO,yBAAyB;AAClC,SAAI,0BAA0B,OAAO;AACrC,SAAI,2BAA2B,OAAO;AACtC,SAAI,cAAc,QAAQ,OAAO,wBAAwB,EAAE;MACzD,IAAI;AACJ,UAAI,cAAc,UAAU,OAAO,wBAAwB,CAEzD,yBAAwB,iBAAiB,QACtC,YACC,CAAC,cAAc,cACb,OAAO,yBACP,QAAQ,QACT,CACJ;UAGD,yBAAwB,iBAAiB,QAAQ,YAC/C,cAAc,QACZ,QAAQ,SACR,OAAO,wBACR,CACF;AAGH,UAAI,sBAAsB,WAAW,KAAK,iBAAiB,OACzD,QAAO,KACL;OACE,UAAU;OACV,yBAAyB,OAAO;OAChC,aAAa,OAAO;OACrB,EACD,8CACD;AAGH,yBAAmB;WAEnB,QAAO,KACL;MACE,yBAAyB,OAAO;MAChC,aAAa,OAAO;MACrB,EACD,uCACD;;AAGL,QAAI,OAAO,6BAA6B,UAEtC,QAAO,KAAK,MACV,8CAA8C,OAAO,cACtD;SACI;AAEL,YAAO,KAAK,MACV,6CAA6C,OAAO,cACrD;AACD,wBAAmB,iBAAiB,MAAM,GAAG,EAAE;AAC/C,gCAA2B;;;GAG/B,MAAM,UAAqC,EAAE;AAC7C,QAAK,MAAM,WAAW,kBAAkB;IACtC,MAAM,SAAS,UACb,QAEA,gBACA,QAAQ,SACR,cACD;;AAED,QAAI,SAAS,OAAO,CAClB,KAAI,QAAQ,QACV,SAAQ,QAAQ,KAAK,QAAQ;QAE7B,SAAQ,UAAU,CAAC,QAAQ;;GAIjC,MAAM,kBAAkB,iBAAiB,QAAQ,IAAI;AACrD,QAAK,MAAM,CAAC,QAAQ,aAAa,OAAO,QAAQ,QAAQ,EAAE;IACxD,MAAM,iBAAiB,SAAS,MAAM,IAAI,OACxC,cAAc,aAAa,GAAG,SAAS,GAAG,QAAQ,CACnD;IACD,MAAM,qBAAqB,SAAS,KAAK,MAAM,EAAE,QAAQ;IACzD,MAAM,EAAE,SAAS,eAAe,oBAC9B,MAAM,qBACJ,iBACA,eACA,QACA,eACD;;AAEH,QAAI,CAAC,QACH,QAAO,OAAO,GAAG,IAAI;IAEvB,MAAM,aAAa,QAAQ;IAC3B,MAAM,SAAS,MAAM,eACnB,QACA,cACA,eAGA,eACA,OAAO,iBAAiB,gBACxB,QACA,SACA,mBACD;AAGD,QACE,OAAO,YAAY,WACnB,cAAc,WAAW,UAAU,IACnC,OAAO,UAAU,WAAW,UAAU,IACtC,OAAO,kBAAkB,OAAO,UAEhC,QAAO,aAAa;AAGtB,QAAI,cACF,QAAO,gBAAgB;AAGzB,QAAI,gBAAgB,OAClB,QAAO,kBAAkB,gBAAgB,KAAK,MAAM,EAAE,QAAQ;AAEhE,QAAI,CAAC,OAAO,YAAY,OAAO,aAAa,cAAc;AACxD,SAAI,CAAC,OAAO,cACV;;AAGF,SAAI,kBAAkB,QAAQ;AAC5B,aAAO,MACL;OACE,aAAa,OAAO;OACpB,cAAc,OAAO;OACrB,eAAe,OAAO;OACtB;OACD,EACD,6CACD;AACD;;AAEF,SAAI,kBAAkB;;AAExB,QAAI,oBACF,SAAS,OAAO,SAAS,IACzB,cAAc,gBAAgB,OAAO,SAAS;;AAEhD,QACE,OAAO,eAAA,YACP,OAAO,eAAe,cACtB,OAAO,YACP,cAAc,UAAU,OAAO,SAAS,IACxC,gBACA,cAAc,UAAU,aAAa,IACrC,cAAc,cAAc,cAAc,OAAO,SAAS,CAE1D,QAAO,KACL;KACE,aAAa,OAAO;KACpB,cAAc,OAAO;KACrB;KACA,gBAAgB,OAAO;KACvB;KACA,mBAAmB,YAAY;KAC/B,yBAAyB,iBAAiB,KAAK,MAAM,EAAE,QAAQ;KAC/D;KACD,EACD,0CACD;QAED,KAAI,QAAQ,KAAK,OAAO;;aAGnB,cAAc;AACvB,UAAO,MACL,cAAc,OAAO,YAAY,qCAAqC,aAAa,eAAe,OAAO,WAAW,GACrH;AAED,OAAI,CAAC,OAAO,cAAc,CAAC,OAAO,eAAe;AAC/C,WAAO,MACL,YAAY,OAAO,YAAY,yCAChC;AACD,QAAI,aAAa;SAEjB,QAAO,IAAI;QAGb,KAAI,aAAa;AAGnB,MAAI,6BAA6B,OAAO,CACtC,6BAA4B,IAAI,SAAS,OAAO;WACvC,YAAY,mBAAmB,WAAW,mBACnD,KAAI,QAAQ,KAAK;GACf,YAAY;GACZ,SAAS,WAAW;GACpB,UAAU,WAAW;GACtB,CAAC;AAIJ,MAAI,OAAO,eAAe;AACxB,OAAI,iBAAiB,OAAO;AAC5B,OAAI,eAAe,OAAO;aACjB,gBAAgB,cAAc,gBAAgB,aAAa,CACpE,KAAI,eAAe,aAAa,QAAQ,MAAM,MAAM,EAAE,GAAG;AAI3D,MACE,SAAS,OAAO,aAAa,IAC7B,SAAS,aAAa,IACtB,SAAS,OAAO,qBAAqB,CAErC,MAAK,MAAM,UAAU,IAAI,SAAS;AAChC,UAAO,MAAM,EAAE,QAAQ,CAAC;;AAExB,OAAI,SAAS,OAAO,aAAa,IAAI,SAAS,OAAO,SAAS,CAC5D,QAAO,WAAW,OAAO,aAAa,QACpC,cACA,OAAO,SACR;;AAMP,MAAI,gBAAgB,OAAO,WAAW,EAAE;AACtC,OAAI,OAAO;QACL,CAAC,OAAO,oBAAoB,CAAC,IAAI,QAAQ,OAE3C,KAAI,QAAQ,KAAK;KACf,YAAY;KACZ,UAAU,OAAO;KAClB,CAAC;cAEK,OAAO;;QAGZ,CAAC,IAAI,QAAQ,MAAM,WAAW,OAAO,eAAe,MAAM,CAE5D,KAAI,QAAQ,KAAK;KACf,aAAa;KACb,YAAY;KACZ,UAAU,OAAO;KAClB,CAAC;;AAGN,OAAI,cAAc,gBAAgB;AAEhC,QAAI,iBAAiB,cAAc,eAAe,IAAI,eAAgB;AACtE,SAAK,MAAM,UAAU,IAAI,QAEvB,QAAO,aAAa,cAAc,eAAe,OAAO,WAAY;;AAGxE,OAAI,IAAI,YACN,QAAO,eAAe,CAAC,IAAI,YAAY;AAIzC,QAAK,MAAM,UAAU,IAAI,SAAS;AAChC,QAAI,OAAO,eAAe,QAAQ,OAAO,eAAe;KACtD,MAAM,kBAAwC;MAC5C,GAAG;MACH,aAAa,OAAO,eAAe,IAAI;MACvC,YAAY,IAAI;MACjB;AAGD,SAAI,OAAO,eAAe,cACxB,QAAO,gBAAgB;AAIzB,SACE,OAAO,eAAe,iBACtB,OAAO,YAAY,OAAO,aAC1B;AACA,aAAO,gBAAgB;AACvB,aAAO,gBAAgB;AACvB,sBAAgB,kBAAkB,OAAO;;AAM3C,SACE,OAAO,eAAe,iBACtB,OAAO,YAAY,OAAO,YAE1B,QAAO,cAAc,YAAY,SAAS,MACvC,MAAM,EAAE,YAAY,OAAO,SAC7B,EAAE;AAGL,YAAO,cAAc,MAAM,UACzB,iBACA,OAAO,SACR;AAID,SAAI,OAAO,cAAc,MAAM;AAC7B,aAAO,MACL;OACE,aAAa,OAAO;OACpB,cAAc,OAAO;OACrB,YAAY,OAAO;OACnB,UAAU,OAAO;OACjB,QAAQ,OAAO;OAChB,EACD,6CACD;AAID,UAAI,OAAO,cACT,KAAI,SAAS,KAAK;OAChB,SAAS,8CAA8C,OAAO,WAAW,WAAW,OAAO,YAAY;OACvG,OAAO,OAAO;OACf,CAAC;;UAIN,QAAO,OAAO;AAEhB,QAAI,OAAO,YAAY;KACrB,MAAM,cAAc,YAAY,UAAU,MACvC,YAAY,QAAQ,YAAY,OAAO,WACzC,EAAE;AACH,SAAI,eAAe,gBAAgB,IAAI,YACrC,QAAO,cAAc;;;;AAM7B,MAAI,IAAI,QAAQ,OACd,QAAO,IAAI;AAGb,MAAI,UAAU,IAAI,QACf,QACE,WAAW,OAAO,aAAa,QAAQ,OAAO,iBAAiB,KACjE,CACA,QAAQ,WAAW,OAAO,cAAc,KAAK,CAC7C,QACE,WACE,SAAS,OAAO,QAAQ,IAAI,OAAO,YAAY,OAAO,eACvD,OAAO,kBAAkB,QACzB,OAAO,aAAa,OAAO,gBAC3B,OAAO,qBAAqB,QAE3B,OAAO,aACN,CAAC,OAAO,UAAU,WAAW,OAAO,cAAe,CACxD;AAEH,MAAI,OAAO,kBAAkB,gBAC3B,KAAI,UAAU,IAAI,QAAQ,QACvB,WAAW,OAAO,aAAa,OAAO,aACxC;AAGH,MAAI,OAAO,eAAe,OAAO,UAC/B,KAAI,UAAU,IAAI,QAAQ,QACvB,WACC,OAAO,eAAe,cAAc,IAAI,QAAQ,WAAW,EAC9D;EAGH,MAAM,UACJ,IAAI,QAAQ,SAAS,IACjB,YAAY,SAAS,MAClB,MAAM,EAAE,YAAY,IAAI,QAAQ,GAAG,SACrC,GACD;AAEN,MAAI,SAAS,kBAAkB;AAC7B,OAAI,mBAAmB,QAAQ;AAC/B,OAAI,eAAe,QAAQ;;UAEtB,iCAAgC;AACvC,MAAI,eAAe,kBACjB,QAAO,OAAO,IAAI,IAAI;AAGxB,MAAI,eAAe,SAAS,IAAI,YAAA,oBAC9B,QAAO,OAAO,IAAI,IAAI;AAGxB,SAAO,MACL;GACE,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,aAAa,OAAO;GACpB,kBAAkB,OAAO;GACzB,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,aAAa,OAAO;GACpB,YAAY,OAAO;GACnB,aAAa,OAAO;GACpB,sBAAsB,OAAO;GAC7B,0BAA0B,OAAO;GACjC;GACD,EACD,sBACD;AACD,MAAI,aAAa;;AAEnB,QAAO,OAAO,GAAG,IAAI"}
|
package/package.json
CHANGED
package/renovate-schema.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$id": "https://docs.renovatebot.com/renovate-schema.json",
|
|
3
|
-
"title": "JSON schema for Renovate 43.
|
|
3
|
+
"title": "JSON schema for Renovate 43.128.1 config files (https://renovatebot.com/)",
|
|
4
4
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
5
|
-
"x-renovate-version": "43.
|
|
5
|
+
"x-renovate-version": "43.128.1",
|
|
6
6
|
"allowComments": true,
|
|
7
7
|
"type": "object",
|
|
8
8
|
"properties": {
|