Fixing pm:security to properly identify security updates.

grasmash · grasmash · commit a1c2857f648f · 2018-04-27T14:26:15.000-04:00
diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php
@@ -78,7 +78,19 @@ public function security()
                                 'min-version' => $min_version,
                             ];
                         }
-                    } else {
+                    }
+                    // Compare exact versions that are insecure.
+                    elseif (preg_match('/^[[:digit:]](?![-*><=~ ])/', $conflict_constraint)) {
+                        $exact_version = $conflict_constraint;
+                        if (Comparator::equalTo($package['version'], $exact_version)) {
+                            $this->securityUpdates[$name] = [
+                                'name' => $name,
+                                'version' => $package['version'],
+                                'min-version' => $exact_version,
+                            ];
+                        }
+                    }
+                    else {
                         $this->logger()->warning("Could not parse drupal-security-advisories conflicting version constraint $conflict_constraint for package $name.");
                     }
                 }
