Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NpmRelaxer ¶
type NpmRelaxer struct{}
func (NpmRelaxer) Relax ¶
func (r NpmRelaxer) Relax(ctx context.Context, cl resolve.Client, req resolve.RequirementVersion, config upgrade.Config) (resolve.RequirementVersion, bool)
type RequirementRelaxer ¶
type RequirementRelaxer interface { // Relax attempts to relax import requirement. // Returns the newly relaxed import and true it was successful. // If unsuccessful, it returns the original import and false. Relax(ctx context.Context, cl resolve.Client, req resolve.RequirementVersion, config upgrade.Config) (resolve.RequirementVersion, bool) }
A RequirementRelaxer provides an ecosystem-specific method for 'relaxing' the specified versions of dependencies for vulnerability remediation. Relaxing involves incrementally widening and bumping the version specifiers of the requirement to allow more recent versions to be selected during dependency resolution. It has access to the available versions of a package via a resolve client.
e.g. in a semver-like ecosystem, relaxation could follow the sequence: 1.2.3 -> 1.2.* -> 1.*.* -> 2.*.* -> 3.*.* -> ...
func GetRelaxer ¶
func GetRelaxer(ecosystem resolve.System) (RequirementRelaxer, error)
Click to show internal directories.
Click to hide internal directories.