From c2789486ed065f4d42d808ae1f24eec77638f837 Mon Sep 17 00:00:00 2001 From: Maitray Shah Date: Tue, 20 Sep 2022 15:05:32 -0700 Subject: [PATCH 1/3] Yarn Auto Fix - Use Recommended Patch Version --- lib/salus/auto_fix/yarn_audit_v1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/salus/auto_fix/yarn_audit_v1.rb b/lib/salus/auto_fix/yarn_audit_v1.rb index 456336de..8939a67d 100644 --- a/lib/salus/auto_fix/yarn_audit_v1.rb +++ b/lib/salus/auto_fix/yarn_audit_v1.rb @@ -160,7 +160,7 @@ def update_sub_parent_resolution(blocks, parts) if part.include?(source) && !match.nil? && !is_major_bump( match.to_s.split(" ").last, version_to_update_to ) - replace = target + ' "^' + version_to_update_to + '"' + replace = target + ' "^' + patch.first[:patch].tr(">=", "").tr(">", "") + '"' part.sub!(/("|)(!:|#{target})("| ).*/, replace) parts[index] = part end From 6c3e3659563375eda2ef262148a153855861b820 Mon Sep 17 00:00:00 2001 From: Maitray Shah Date: Tue, 20 Sep 2022 16:16:07 -0700 Subject: [PATCH 2/3] Update direct dependency --- lib/salus/auto_fix/yarn_audit_v1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/salus/auto_fix/yarn_audit_v1.rb b/lib/salus/auto_fix/yarn_audit_v1.rb index 8939a67d..9b844225 100644 --- a/lib/salus/auto_fix/yarn_audit_v1.rb +++ b/lib/salus/auto_fix/yarn_audit_v1.rb @@ -79,7 +79,7 @@ def update_package_definition(blocks, parts) updated_resolved = "resolved " + '"' + fixed_package_info["data"]["dist"]["tarball"] \ + "#" + fixed_package_info["data"]["dist"]["shasum"] + '"' updated_integrity = "integrity " + fixed_package_info['data']['dist']['integrity'] - updated_name = package_name + "@^" + version_to_update_to + updated_name = package_name + "@^" + patch.first[:patch].tr(">=", "").tr(">", "") parts.each_with_index do |part, index| current_v = parts[index].match(/(("|)version("|).*)/) From 072cf2d4fc8ebc3a61a79c7f34fa672168481051 Mon Sep 17 00:00:00 2001 From: Maitray Shah Date: Tue, 20 Sep 2022 16:33:50 -0700 Subject: [PATCH 3/3] Minor --- lib/salus/auto_fix/yarn_audit_v1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/salus/auto_fix/yarn_audit_v1.rb b/lib/salus/auto_fix/yarn_audit_v1.rb index 9b844225..0af9e4ce 100644 --- a/lib/salus/auto_fix/yarn_audit_v1.rb +++ b/lib/salus/auto_fix/yarn_audit_v1.rb @@ -79,7 +79,7 @@ def update_package_definition(blocks, parts) updated_resolved = "resolved " + '"' + fixed_package_info["data"]["dist"]["tarball"] \ + "#" + fixed_package_info["data"]["dist"]["shasum"] + '"' updated_integrity = "integrity " + fixed_package_info['data']['dist']['integrity'] - updated_name = package_name + "@^" + patch.first[:patch].tr(">=", "").tr(">", "") + updated_name = package_name + "@^" + versions.first[:patch].tr(">=", "").tr(">", "") parts.each_with_index do |part, index| current_v = parts[index].match(/(("|)version("|).*)/)