Skip to content

Commit

Permalink
fix(vulnerabilities): do not force exact patch version for NuGet data…
Browse files Browse the repository at this point in the history 
…source (#31127)
  • Loading branch information
@Churro
Churro authored Aug 31, 2024
1 parent bf43d48 commit fbdb8c2
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 14 deletions.
7 changes: 2 additions & 5 deletions lib/workers/repository/init/vulnerability.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,9 @@ beforeEach(() => {

describe('workers/repository/init/vulnerability', () => {
describe('getFixedVersionByDatasource()', () => {
it('returns Maven version range', () => {
it('returns ecosystem-specific version range', () => {
expect(getFixedVersionByDatasource('1.2.3', 'maven')).toBe('[1.2.3,)');
});

it('returns Nuget version', () => {
expect(getFixedVersionByDatasource('1.2.3', 'nuget')).toBe('1.2.3');
expect(getFixedVersionByDatasource('1.2.3', 'nuget')).toBe('[1.2.3,)');
});

it('returns default version range', () => {
Expand Down
5 changes: 1 addition & 4 deletions lib/workers/repository/init/vulnerability.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,8 @@ export function getFixedVersionByDatasource(
fixedVersion: string,
datasource: string,
): string {
if (datasource === MavenDatasource.id) {
if (datasource === MavenDatasource.id || datasource === NugetDatasource.id) {
return `[${fixedVersion},)`;
} else if (datasource === NugetDatasource.id) {
// TODO: add support for nuget version ranges when #26150 is merged
return fixedVersion;
}

// crates.io, Go, Hex, npm, RubyGems, PyPI
Expand Down
2 changes: 1 addition & 1 deletion lib/workers/repository/process/vulnerabilities.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -997,7 +997,7 @@ describe('workers/repository/process/vulnerabilities', () => {
matchDatasources: ['nuget'],
matchPackageNames: ['SharpZipLib'],
matchCurrentVersion: '1.3.0',
allowedVersions: '1.3.3',
allowedVersions: '[1.3.3,)',
},
{
matchDatasources: ['npm'],
Expand Down
5 changes: 1 addition & 4 deletions lib/workers/repository/process/vulnerabilities.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,11 +426,8 @@ export class Vulnerabilities {
fixedVersion: string,
ecosystem: Ecosystem,
): string {
if (ecosystem === 'Maven') {
if (ecosystem === 'Maven' || ecosystem === 'NuGet') {
return `[${fixedVersion},)`;
} else if (ecosystem === 'NuGet') {
// TODO: add support for nuget version ranges when #26150 is merged
return fixedVersion;
}

// crates.io, Go, Hex, npm, RubyGems, PyPI
Expand Down

0 comments on commit fbdb8c2

Please sign in to comment.