Skip to content
Permalink
Browse files

Fix: Check all possible version ranges for vulns

  • Loading branch information...
molant committed Mar 7, 2019
1 parent ad64989 commit 51f123f74a01c38462d6f32541d9cd3c46c7100a
Showing with 5 additions and 3 deletions.
  1. +5 −3 packages/hint-no-vulnerable-javascript-libraries/src/hint.ts
@@ -166,9 +166,11 @@ export default class NoVulnerableJavascriptLibrariesHint implements IHint {
const version = removeTagsFromVersion(lib.version) /* istanbul ignore next */ || '';

try {
if (semver.satisfies(version, vuln.semver.vulnerable[0])) {
vulns.push(vuln);
}
vuln.semver.vulnerable.forEach((vulnVersion: string) => {
if (semver.satisfies(version, vulnVersion)) {
vulns.push(vuln);
}
});
} catch (e) {
logger.error(`Version ${version} of ${lib.name} isn't semver compliant`);
}

0 comments on commit 51f123f

Please sign in to comment.
You can’t perform that action at this time.