class Dependabot::SecurityAdvisory

def fixed_by?(dependency)

def fixed_by?(dependency)
  # Handle case mismatch between the security advisory and parsed name
  return false unless dependency_name.casecmp(dependency.name)&.zero?
  return false unless package_manager == dependency.package_manager
  # TODO: Support no previous version to the same level as dependency graph
  # and security alerts. We currently ignore dependency updates without a
  # previous version because we don't know if the dependency was vulnerable.
  return false unless dependency.previous_version
  return false unless version_class.correct?(dependency.previous_version)
  # Ignore deps that weren't previously vulnerable
  return false unless affects_version?(T.must(dependency.previous_version))
  # Removing a dependency is a way to fix the vulnerability
  return true if dependency.removed?
  # Select deps that are now fixed
  !affects_version?(T.must(dependency.version))
end

Extended Modules

Dependabot::SecurityAdvisory::T::Sig

Modules

Classes

class Dependabot::SecurityAdvisory

def fixed_by?(dependency)

Extended Modules

Instance Methods