Add latestPluginVersionV2 to security.json (#22)

* feat: add latestPluginVersionV2 to security.json

This commit introduces a new field `latestPluginVersionV2` to the `security.json` file.
This field contains a map of the latest compatible security plugin version for Shopware 6.4, 6.5, 6.6, and 6.7.
The version is dynamically determined by finding the latest tag for each major.minor version and querying the Shopware Plugin Store API.
The existing `latestPluginVersion` field is preserved with its original logic.

* feat: add latestPluginVersionV2 to security.json

This commit introduces a new field `latestPluginVersionV2` to the `security.json` file.
This field contains a map of the latest compatible security plugin version for Shopware 6.4, 6.5, 6.6, and 6.7.
The version is dynamically determined by finding the latest tag for each major.minor version and querying the Shopware Plugin Store API.
The existing `latestPluginVersion` field is preserved with its original logic.

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

Author: google-labs-jules[bot]

data/security.json

@@ -1,5 +1,11 @@
 {
   "latestPluginVersion": "1.0.39",
+  "latestPluginVersionV2": {
+    "6.4": "1.0.39",
+    "6.5": "2.0.15",
+    "6.6": "3.0.11",
+    "6.7": "4.0.5"
+  },
   "advisories": {
     "PKSA-1twh-tt7h-ds25": {
       "title": "Leak of information via Store-API aggregations in shopware/platform and shopware/core",

security.go

@@ -9,6 +9,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"strings"
 )
 
 type packagistSecurityResponse struct {
@@ -39,16 +40,30 @@ func generateSecurityAdvisories(ctx context.Context, tags []*github.RepositoryTa
 		return err
 	}
 
-	latestVersion, err := getSecurityPluginLatestVersion(ctx)
+	latestVersion, err := getSecurityPluginLatestVersion(ctx, "6.4.14.0")
 
 	if err != nil {
 		return err
 	}
 
 	fileStruct := securityFile{
-		LatestPluginVersion: latestVersion,
-		Advisories:          make(map[string]advisories),
-		VersionToAdvisories: make(map[string][]string),
+		LatestPluginVersion:   latestVersion,
+		LatestPluginVersionV2: make(map[string]string),
+		Advisories:            make(map[string]advisories),
+		VersionToAdvisories:   make(map[string][]string),
+	}
+
+	for _, v := range []string{"6.7", "6.6", "6.5", "6.4"} {
+		latest, err := findLatestVersion(tags, v)
+		if err != nil {
+			return err
+		}
+
+		pluginVer, err := getSecurityPluginLatestVersion(ctx, latest)
+		if err != nil {
+			return err
+		}
+		fileStruct.LatestPluginVersionV2[v] = pluginVer
 	}
 
 	for _, advisory := range packagistAdvisories.Advisories.ShopwarePlatform {
@@ -129,8 +144,8 @@ type shopwareApiResponse []struct {
 	Version string `json:"version"`
 }
 
-func getSecurityPluginLatestVersion(ctx context.Context) (string, error) {
-	r, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://api.shopware.com/pluginStore/pluginsByName?locale=en-GB&shopwareVersion=6.4.14.0&technicalNames%5B0%5D=SwagPlatformSecurity", nil)
+func getSecurityPluginLatestVersion(ctx context.Context, shopwareVersion string) (string, error) {
+	r, err := http.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("https://api.shopware.com/pluginStore/pluginsByName?locale=en-GB&shopwareVersion=%s&technicalNames%%5B0%%5D=SwagPlatformSecurity", shopwareVersion), nil)
 
 	if err != nil {
 		return "", err
@@ -166,3 +181,31 @@ func getSecurityPluginLatestVersion(ctx context.Context) (string, error) {
 
 	return apiResponse[0].Version, nil
 }
+
+func findLatestVersion(tags []*github.RepositoryTag, prefix string) (string, error) {
+	var latestVer *version.Version
+	var latestTagName string
+
+	for _, tag := range tags {
+		name := tag.GetName()
+		if !strings.HasPrefix(name, "v"+prefix) {
+			continue
+		}
+
+		v, err := version.NewVersion(name)
+		if err != nil {
+			continue
+		}
+
+		if latestVer == nil || v.GreaterThan(latestVer) {
+			latestVer = v
+			latestTagName = name
+		}
+	}
+
+	if latestVer == nil {
+		return "", fmt.Errorf("cannot find latest version for prefix %s", prefix)
+	}
+
+	return strings.TrimPrefix(latestTagName, "v"), nil
+}

types.go

@@ -1,9 +1,10 @@
 package main
 
 type securityFile struct {
-	LatestPluginVersion string                `json:"latestPluginVersion"`
-	Advisories          map[string]advisories `json:"advisories"`
-	VersionToAdvisories map[string][]string   `json:"versionToAdvisories"`
+	LatestPluginVersion   string                `json:"latestPluginVersion"`
+	LatestPluginVersionV2 map[string]string     `json:"latestPluginVersionV2"`
+	Advisories            map[string]advisories `json:"advisories"`
+	VersionToAdvisories   map[string][]string   `json:"versionToAdvisories"`
 }
 
 type advisories struct {