Skip to content

Commit

Permalink
fix(vulnerabilities): do not force exact patch version for PyPI datas…
Browse files Browse the repository at this point in the history
…ource in GitHub alerts (#29586)
  • Loading branch information
Churro authored Jun 11, 2024
1 parent e6b04da commit 38ce2ec
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2
exports[`workers/repository/init/vulnerability detectVulnerabilityAlerts() returns pip alerts 1`] = `
[
{
"allowedVersions": "==2.2.1.0",
"allowedVersions": ">=2.2.1.0",
"force": {
"branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
"commitMessageSuffix": "[SECURITY]",
Expand Down
2 changes: 1 addition & 1 deletion lib/workers/repository/init/vulnerability.ts
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ export async function detectVulnerabilityAlerts(
// TODO: types (#22198)
const allowedVersions =
datasource === PypiDatasource.id
? `==${val.firstPatchedVersion!}`
? `>=${val.firstPatchedVersion!}`
: val.firstPatchedVersion;
const matchFileNames =
datasource === GoDatasource.id
Expand Down

0 comments on commit 38ce2ec

Please sign in to comment.