UNPKG

renovate

Version:

Automated dependency updates. Flexible so you don't need to be.

renovatebot.com

renovatebot/renovate

48 lines (47 loc) 1.99 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
//#region lib/util/vulnerability/utils.ts /** * Ecosystems/datasources that use Maven-style inclusive ranges for fixed versions: `[version,)` */ const mavenStyleFixedEcosystems = new Set(["maven", "nuget"]); /** * Ecosystems/datasources that use Maven-style exclusive ranges for last-affected versions: `(version,)` */ const mavenStyleLastAffectedEcosystems = new Set(["maven"]); /** * Formats a fixed version as an allowed-version constraint appropriate for the ecosystem. * * @param fixedVersion - The first version that contains the fix * @param ecosystem - Ecosystem or datasource name (e.g., 'maven', 'npm', 'nuget'). Checked in a case-insensitive manner. */ function getFixedVersionConstraint(fixedVersion, ecosystem) { if (mavenStyleFixedEcosystems.has(ecosystem.toLowerCase())) return `[${fixedVersion},)`; return `>= ${fixedVersion}`; } /** * Formats a last-affected version as an allowed-version constraint appropriate for the ecosystem. * * @param lastAffected - The last version known to be affected * @param ecosystem - Ecosystem or datasource name. Checked in a case-insensitive manner. */ function getLastAffectedVersionConstraint(lastAffected, ecosystem) { if (mavenStyleLastAffectedEcosystems.has(ecosystem.toLowerCase())) return `(${lastAffected},)`; return `> ${lastAffected}`; } const severityOrder = { LOW: 1, MEDIUM: 2, MODERATE: 2, HIGH: 3, CRITICAL: 4, UNKNOWN: 5 }; function getHighestVulnerabilitySeverity(parent, child) { const parentVulSeverity = parent.vulnerabilitySeverity?.toUpperCase(); const childVulSeverity = child?.vulnerabilitySeverity?.toUpperCase(); if (childVulSeverity === void 0) return parentVulSeverity; if (parentVulSeverity === void 0) return childVulSeverity; return severityOrder[parentVulSeverity] >= severityOrder[childVulSeverity] ? parentVulSeverity : childVulSeverity; } //#endregion export { getFixedVersionConstraint, getHighestVulnerabilitySeverity, getLastAffectedVersionConstraint }; //# sourceMappingURL=utils.js.map