function compatibility (versions, range) { const baseVersion = semver.minSatisfying(versions, range) if (!baseVersion) { throw new Error('no matching version in: ' + range) } // Ignore patch because it says nothing about compatibility. const major = semver.major(baseVersion) const minor = semver.minor(baseVersion) const short = major + '.' + minor return { major, minor, short } }
// Generates the next release version given the curent version and the next level // Level can be 'major' or 'minor' function generateNextVersion(currentVersion, level) { const version = semver.inc(currentVersion, level); const minorVer = `${semver.major(version)}.${semver.minor(version)}`; const releaseBranchName = `release-v${minorVer}`; return { version, minorVer, releaseBranchName }; }
Object.keys(pick(report, Object.keys(deps))) .map(name => ({ ...report[name], name })) .forEach(({ name: offender, latest, current }) => { // check if semver can parse the versions at all if (!semver.parse(current) || !semver.parse(latest)) return const mitigation = `Upgrade to v${latest} (Current: v${current})` if (semver.major(current) < semver.major(latest)) { results.high({ offender, mitigation, code: `${offender}-1`, description: 'Module is one or more major versions out of date' }) } else if (semver.minor(current) < semver.minor(latest)) { results.medium({ offender, mitigation, code: `${offender}-2`, description: 'Module is one or more minor versions out of date' }) } else if (semver.patch(current) < semver.patch(latest)) { results.low({ offender, mitigation, code: `${offender}-3`, description: 'Module is one or more patch versions out of date' }) } })
async checkSecurityFixes(version, releases) { const majorVersion = major(version); const minorVersion = minor(version); const family = `${majorVersion}.${minorVersion}.x`; var latestRelease = releases.filter(release => satisfies(release.version, family))[0]; if(!latestRelease) { console.log(chalk.yellow(`Unknown Electron release "${family}", please check manually for available security fixes.`)); return confidence.TENTATIVE; } const semverTarget = `>${version} <=${latestRelease.version}`; var followingReleases = releases.filter(release => satisfies(release.version, semverTarget)); var securityFixes = false; for (let release of followingReleases) { for (let regex of this.releaseNoteSecurityFixRegex) if (regex.test(release.body)) securityFixes = confidence.CERTAIN; } return securityFixes; }
stdout .trim() .split('\n') .map(l => JSON.parse(l || '{}')) .filter(l => l.type === 'table') .map(finding => finding.data.body) .reduce((flatmap, results) => flatmap.concat(results), []) .reduce((results, [offender, current, _, latest]) => { // check if semver can parse the versions at all if (!semver.parse(current) || !semver.parse(latest)) return results const mitigation = `Upgrade to v${latest} (Current: v${current})` if (semver.major(current) < semver.major(latest)) { results.high({ offender, mitigation, code: `${offender}-1`, description: 'Module is one or more major versions out of date' }) } else if (semver.minor(current) < semver.minor(latest)) { results.medium({ offender, mitigation, code: `${offender}-2`, description: 'Module is one or more minor versions out of date' }) } else if (semver.patch(current) < semver.patch(latest)) { results.low({ offender, mitigation, code: `${offender}-3`, description: 'Module is one or more patch versions out of date' }) } return results }, new ModuleResults(key))
stdout .split('\n') .slice(0, -1) .map(line => ({ offender: line.substring(0, line.indexOf('(')).trim(), current: line.substring(line.indexOf('(') + 1, line.indexOf(')')), latest: line.substring(line.lastIndexOf(' ') + 1) })) .filter(({ current, latest }) => semver.valid(current) && semver.valid(latest)) .forEach(({ offender, current, latest }) => { const mitigation = `Upgrade to v${latest} (Current: v${current})` if (semver.major(current) < semver.major(latest)) { results.high({ offender, mitigation, code: 1, description: 'Module is one or more major versions out of date' }) } else if (semver.minor(current) < semver.minor(latest)) { results.medium({ offender, mitigation, code: 2, description: 'Module is one or more minor versions out of date' }) } else if (semver.patch(current) < semver.patch(latest)) { results.low({ offender, mitigation, code: 3, description: 'Module is one or more patch versions out of date' }) } })
get shortVersion() { return `${semver.major(this.scope.version)}.${semver.minor(this.scope.version)}`; }