Skip to content

Validate before creating version objects in Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#5120

Merged
mattt merged 2 commits intomainfrom
mattt/fix-version-resolver
May 10, 2022
Merged

Validate before creating version objects in Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#5120
mattt merged 2 commits intomainfrom
mattt/fix-version-resolver

Conversation

@mattt
Copy link
Copy Markdown
Contributor

@mattt mattt commented May 10, 2022

The current implementation of original_package_update_available? and types_update_available? in Dependabot::NpmAndYarn::UpdateChecker::VersionResolver calls Version.new without first validating, which raises an exception.

This PR adds missing calls to Version.correct? and returns from these methods early.

@mattt mattt requested a review from a team as a code owner May 10, 2022 18:39
@mattt mattt requested review from landongrindheim and pavera May 10, 2022 18:39
pavera
pavera approved these changes May 10, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@pavera pavera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mattt mattt enabled auto-merge May 10, 2022 18:42
@mattt mattt merged commit f0d3b81 into main May 10, 2022
@mattt mattt deleted the mattt/fix-version-resolver branch May 10, 2022 19:32
@mattt mattt mentioned this pull request May 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pavera pavera pavera approved these changes

+1 more reviewer

@landongrindheim landongrindheim landongrindheim approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mattt @pavera @landongrindheim