Skip to content

Commit

Permalink
Fix: Check all possible version ranges for vulns
Browse files Browse the repository at this point in the history
  • Loading branch information
@molant
molant committed Mar 7, 2019
1 parent ad64989 commit 51f123f
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions packages/hint-no-vulnerable-javascript-libraries/src/hint.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,9 +166,11 @@ export default class NoVulnerableJavascriptLibrariesHint implements IHint {
const version = removeTagsFromVersion(lib.version) /* istanbul ignore next */ || '';

try {
if (semver.satisfies(version, vuln.semver.vulnerable[0])) {
vulns.push(vuln);
}
vuln.semver.vulnerable.forEach((vulnVersion: string) => {
if (semver.satisfies(version, vulnVersion)) {
vulns.push(vuln);
}
});
} catch (e) {
logger.error(`Version ${version} of ${lib.name} isn't semver compliant`);
}
Expand Down

0 comments on commit 51f123f

Please sign in to comment.