relax

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 30, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type NpmRelaxer

type NpmRelaxer struct{}

type RequirementRelaxer

type RequirementRelaxer interface {
	// Relax attempts to relax import requirement.
	// Returns the newly relaxed import and true it was successful.
	// If unsuccessful, it returns the original import and false.
	Relax(ctx context.Context, cl resolve.Client, req resolve.RequirementVersion, config upgrade.Config) (resolve.RequirementVersion, bool)
}

A RequirementRelaxer provides an ecosystem-specific method for 'relaxing' the specified versions of dependencies for vulnerability remediation. Relaxing involves incrementally widening and bumping the version specifiers of the requirement to allow more recent versions to be selected during dependency resolution. It has access to the available versions of a package via a resolve client.

e.g. in a semver-like ecosystem, relaxation could follow the sequence: 1.2.3 -> 1.2.* -> 1.*.* -> 2.*.* -> 3.*.* -> ...

func GetRelaxer

func GetRelaxer(ecosystem resolve.System) (RequirementRelaxer, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL