Skip to content

Commit 206c76d

Browse files
jdaltonjdalton
authored
Skip on newVersion and not firstPatchedVersionIdentifier (#649)
1 parent 9142db4 commit 206c76d

File tree

3 files changed

+30
-34
lines changed

3 files changed

+30
-34
lines changed

src/commands/fix/npm-fix.mts

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -327,16 +327,26 @@ export async function npmFix(
327327
firstPatchedVersionIdentifier,
328328
vulnerableVersionRange,
329329
} of infos.values()) {
330-
if (semver.gte(oldVersion, firstPatchedVersionIdentifier)) {
331-
debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`)
332-
continue infosLoop
333-
}
334330
const newVersion = findBestPatchVersion(
335331
node,
336332
availableVersions,
337333
vulnerableVersionRange,
338-
firstPatchedVersionIdentifier,
339334
)
335+
const newVersionPackument = newVersion
336+
? packument.versions[newVersion]
337+
: undefined
338+
339+
if (!(newVersion && newVersionPackument)) {
340+
warningsForAfter.add(
341+
`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`,
342+
)
343+
continue infosLoop
344+
}
345+
346+
if (semver.gte(oldVersion, newVersion)) {
347+
debugFn(`skip: ${oldId} is >= ${newVersion}`)
348+
continue infosLoop
349+
}
340350

341351
if (
342352
activeBranches.find(
@@ -353,17 +363,6 @@ export async function npmFix(
353363
continue infosLoop
354364
}
355365

356-
const newVersionPackument = newVersion
357-
? packument.versions[newVersion]
358-
: undefined
359-
360-
if (!(newVersion && newVersionPackument)) {
361-
warningsForAfter.add(
362-
`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`,
363-
)
364-
continue infosLoop
365-
}
366-
367366
const newVersionRange = applyRange(oldVersion, newVersion, rangeStyle)
368367
const newId = `${name}@${newVersionRange}`
369368

src/commands/fix/pnpm-fix.mts

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -435,17 +435,26 @@ export async function pnpmFix(
435435
firstPatchedVersionIdentifier,
436436
vulnerableVersionRange,
437437
} of infos) {
438-
if (semver.gte(oldVersion, firstPatchedVersionIdentifier)) {
439-
debugFn(`skip: ${oldId} is >= ${firstPatchedVersionIdentifier}`)
440-
continue infosLoop
441-
}
442-
443438
const newVersion = findBestPatchVersion(
444439
node,
445440
availableVersions,
446441
vulnerableVersionRange,
447-
firstPatchedVersionIdentifier,
448442
)
443+
const newVersionPackument = newVersion
444+
? packument.versions[newVersion]
445+
: undefined
446+
447+
if (!(newVersion && newVersionPackument)) {
448+
warningsForAfter.add(
449+
`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`,
450+
)
451+
continue infosLoop
452+
}
453+
454+
if (semver.gte(oldVersion, newVersion)) {
455+
debugFn(`skip: ${oldId} is >= ${newVersion}`)
456+
continue infosLoop
457+
}
449458

450459
if (
451460
activeBranches.find(
@@ -462,17 +471,6 @@ export async function pnpmFix(
462471
continue infosLoop
463472
}
464473

465-
const newVersionPackument = newVersion
466-
? packument.versions[newVersion]
467-
: undefined
468-
469-
if (!(newVersion && newVersionPackument)) {
470-
warningsForAfter.add(
471-
`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`,
472-
)
473-
continue infosLoop
474-
}
475-
476474
const overrideKey = `${name}@${vulnerableVersionRange}`
477475
const newVersionRange = applyRange(
478476
oldOverrides?.[overrideKey] ?? oldVersion,

src/shadow/npm/arborist-helpers.mts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ export function findBestPatchVersion(
4545
node: NodeClass,
4646
availableVersions: string[],
4747
vulnerableVersionRange?: string,
48-
_firstPatchedVersionIdentifier?: string | undefined,
4948
): string | null {
5049
const manifestData = getManifestData(NPM, node.name)
5150
let eligibleVersions

0 commit comments

Comments
 (0)