fix(vulnerability-alerts): use datasources, not managers

lib/workers/repository/init/vulnerability.js

@@ -34,29 +34,31 @@ async function detectVulnerabilityAlerts(input) {
         );
         continue; // eslint-disable-line no-continue
       }
-      const managerMapping = {
+      const datasourceMapping = {
         MAVEN: 'maven',
         NPM: 'npm',
         NUGET: 'nuget',
-        PIP: 'pip_requirements',
+        PIP: 'pypi',
         RUBYGEMS: 'bundler',
       };
-      const manager =
-        managerMapping[alert.securityVulnerability.package.ecosystem];
-      if (!combinedAlerts[manager]) {
-        combinedAlerts[manager] = {};
+      const datasource =
+        datasourceMapping[alert.securityVulnerability.package.ecosystem];
+      if (!combinedAlerts[datasource]) {
+        combinedAlerts[datasource] = {};
       }
       const depName = alert.securityVulnerability.package.name;
-      if (!combinedAlerts[manager][depName]) {
-        combinedAlerts[manager][depName] = {
+      if (!combinedAlerts[datasource][depName]) {
+        combinedAlerts[datasource][depName] = {
           advisories: [],
           fileNames: [],
         };
       }
-      combinedAlerts[manager][depName].advisories.push(alert.securityAdvisory);
+      combinedAlerts[datasource][depName].advisories.push(
+        alert.securityAdvisory
+      );
       const fileName = alert.vulnerableManifestFilename;
-      if (!combinedAlerts[manager][depName].fileNames.includes(fileName)) {
-        combinedAlerts[manager][depName].fileNames.push(fileName);
+      if (!combinedAlerts[datasource][depName].fileNames.includes(fileName)) {
+        combinedAlerts[datasource][depName].fileNames.push(fileName);
       }
       const firstPatchedVersion =
         alert.securityVulnerability.firstPatchedVersion.identifier;
@@ -67,21 +69,21 @@ async function detectVulnerabilityAlerts(input) {
         pip_requirements: 'pep440',
         rubygems: 'ruby',
       };
-      const versionScheme = versioning.get(versionSchemes[manager]);
+      const versionScheme = versioning.get(versionSchemes[datasource]);
       if (versionScheme.isVersion(firstPatchedVersion)) {
-        if (combinedAlerts[manager][depName].firstPatchedVersion) {
+        if (combinedAlerts[datasource][depName].firstPatchedVersion) {
           if (
             versionScheme.isGreaterThan(
               firstPatchedVersion,
-              combinedAlerts[manager][depName].firstPatchedVersion
+              combinedAlerts[datasource][depName].firstPatchedVersion
             )
           ) {
-            combinedAlerts[manager][
+            combinedAlerts[datasource][
               depName
             ].firstPatchedVersion = firstPatchedVersion;
           }
         } else {
-          combinedAlerts[manager][
+          combinedAlerts[datasource][
             depName
           ].firstPatchedVersion = firstPatchedVersion;
         }
@@ -93,7 +95,7 @@ async function detectVulnerabilityAlerts(input) {
     }
   }
   const alertPackageRules = [];
-  for (const [manager, dependencies] of Object.entries(combinedAlerts)) {
+  for (const [datasource, dependencies] of Object.entries(combinedAlerts)) {
     for (const [depName, val] of Object.entries(dependencies)) {
       let prBodyNotes = [];
       try {
@@ -122,21 +124,21 @@ async function detectVulnerabilityAlerts(input) {
         logger.warn({ err }, 'Error generating vulnerability PR notes');
       }
       const matchRule = {
-        managers: [manager],
+        datasources: [datasource],
         packageNames: [depName],
         matchCurrentVersion: `< ${val.firstPatchedVersion}`,
         prBodyNotes,
         force: {
           ...config.vulnerabilityAlerts,
           vulnerabilityAlert: true,
-          branchTopic: `${manager}-${depName}-vulnerability`,
+          branchTopic: `${datasource}-${depName}-vulnerability`,
         },
       };
       alertPackageRules.push(matchRule);
       const allowedRule = JSON.parse(JSON.stringify(matchRule));
       delete allowedRule.matchCurrentVersion;
       delete allowedRule.force;
-      if (manager === 'npm') {
+      if (datasource === 'npm') {
         allowedRule.allowedVersions = `^${val.firstPatchedVersion}`;
       } else {
         allowedRule.allowedVersions = `>= ${val.firstPatchedVersion}`;

test/workers/repository/init/__snapshots__/vulnerability.spec.js.snap

@@ -3,6 +3,9 @@
 exports[`workers/repository/init/vulnerability detectVulnerabilityAlerts() returns alerts 1`] = `
 Array [
   Object {
+    "datasources": Array [
+      "npm",
+    ],
     "force": Object {
       "branchTopic": "npm-electron-vulnerability",
       "commitMessageSuffix": "[SECURITY]",
@@ -12,9 +15,6 @@ Array [
       "schedule": Array [],
       "vulnerabilityAlert": true,
     },
-    "managers": Array [
-      "npm",
-    ],
     "matchCurrentVersion": "< 1.8.3",
     "packageNames": Array [
       "electron",
@@ -28,7 +28,7 @@ Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3
   },
   Object {
     "allowedVersions": "^1.8.3",
-    "managers": Array [
+    "datasources": Array [
       "npm",
     ],
     "packageNames": Array [
@@ -42,8 +42,11 @@ Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3
     ],
   },
   Object {
+    "datasources": Array [
+      "pypi",
+    ],
     "force": Object {
-      "branchTopic": "pip_requirements-ansible-vulnerability",
+      "branchTopic": "pypi-ansible-vulnerability",
       "commitMessageSuffix": "[SECURITY]",
       "groupName": null,
       "masterIssueApproval": false,
@@ -51,10 +54,7 @@ Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3
       "schedule": Array [],
       "vulnerabilityAlert": true,
     },
-    "managers": Array [
-      "pip_requirements",
-    ],
-    "matchCurrentVersion": "< 2.2.1.0",
+    "matchCurrentVersion": "< 2.2.0",
     "packageNames": Array [
       "ansible",
     ],
@@ -81,9 +81,9 @@ Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validati
     ],
   },
   Object {
-    "allowedVersions": ">= 2.2.1.0",
-    "managers": Array [
-      "pip_requirements",
+    "allowedVersions": ">= 2.2.0",
+    "datasources": Array [
+      "pypi",
     ],
     "packageNames": Array [
       "ansible",