renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-11 22:46:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(vulnerabilities): do not force exact patch version for NuGet datasource (#31127)

Browse source
This commit is contained in:
Johannes Feichtner 2024-08-31 14:53:22 +02:00 committed by GitHub
parent bf43d488d8
commit fbdb8c2478
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 5 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/workers/repository/init/vulnerability.spec.ts
View file

@ -17,12 +17,9 @@ beforeEach(() => {
describe('workers/repository/init/vulnerability', () => {
describe('getFixedVersionByDatasource()', () => {
it('returns Maven version range', () => {
it('returns ecosystem-specific version range', () => {
expect(getFixedVersionByDatasource('1.2.3', 'maven')).toBe('[1.2.3,)');
});
it('returns Nuget version', () => {
expect(getFixedVersionByDatasource('1.2.3', 'nuget')).toBe('1.2.3');
expect(getFixedVersionByDatasource('1.2.3', 'nuget')).toBe('[1.2.3,)');
});
it('returns default version range', () => {

5
lib/workers/repository/init/vulnerability.ts
View file

@ -43,11 +43,8 @@ export function getFixedVersionByDatasource(
fixedVersion: string,
datasource: string,
): string {
if (datasource === MavenDatasource.id) {
if (datasource === MavenDatasource.id || datasource === NugetDatasource.id) {
return `[${fixedVersion},)`;
} else if (datasource === NugetDatasource.id) {
// TODO: add support for nuget version ranges when #26150 is merged
return fixedVersion;
}
// crates.io, Go, Hex, npm, RubyGems, PyPI

2
lib/workers/repository/process/vulnerabilities.spec.ts
View file

@ -997,7 +997,7 @@ describe('workers/repository/process/vulnerabilities', () => {
matchDatasources: ['nuget'],
matchPackageNames: ['SharpZipLib'],
matchCurrentVersion: '1.3.0',
allowedVersions: '1.3.3',
allowedVersions: '[1.3.3,)',
},
{
matchDatasources: ['npm'],

5
lib/workers/repository/process/vulnerabilities.ts
View file

@ -426,11 +426,8 @@ export class Vulnerabilities {
fixedVersion: string,
ecosystem: Ecosystem,
): string {
if (ecosystem === 'Maven') {
if (ecosystem === 'Maven' || ecosystem === 'NuGet') {
return `[${fixedVersion},)`;
} else if (ecosystem === 'NuGet') {
// TODO: add support for nuget version ranges when #26150 is merged
return fixedVersion;
}
// crates.io, Go, Hex, npm, RubyGems, PyPI