Merge branch 'main' into 1214-fix-ver-range

Author: TG1999

requirements.txt

@@ -27,7 +27,7 @@ dateparser==1.1.1
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
-Django==4.2.15
+Django==4.2.16
 django-crispy-forms==2.3
 django-environ==0.11.2
 django-filter==24.3
@@ -39,7 +39,7 @@ docutils==0.17.1
 drf-spectacular==0.24.2
 drf-spectacular-sidecar==2022.10.1
 executing==0.8.3
-fetchcode==0.3.0
+fetchcode==0.6.0
 freezegun==1.2.1
 frozenlist==1.3.0
 gitdb==4.0.9

setup.cfg

@@ -90,7 +90,7 @@ install_requires =
     # networking
     GitPython>=3.1.17
     requests>=2.25.1
-    fetchcode>=0.3.0
+    fetchcode>=0.6.0
 
     #pipeline
     aboutcode.pipeline>=0.1.0

vulnerabilities/improvers/valid_versions.py

@@ -433,6 +433,7 @@ class GitHubBasicImprover(ValidVersionImprover):
             "3.0.0b3-",
             "3.0b6dev-r41684",
             "-class.-jw.util.version.Version-",
+            "vulnerabilities",
         ]
     )
 

vulnerabilities/tests/pipelines/test_github_importer_pipeline.py

@@ -303,6 +303,13 @@ def test_get_package_versions(mock_response):
 
     improver = GitHubBasicImprover()
     valid_versions = [
+        "1.0.1",
+        "1.0.2",
+        "1.0.3",
+        "1.0.4",
+        "1.1",
+        "1.1.1",
+        "1.1.2",
         "1.1.3",
         "1.1.4",
         "1.10",
@@ -317,7 +324,9 @@ def test_get_package_versions(mock_response):
         "1.10a1",
         "1.10b1",
         "1.10rc1",
+        "vulnerabilities",
     ]
+
     result = sorted(
         improver.get_package_versions(package_url=PackageURL(type="pypi", name="django"))
     )

vulnerabilities/tests/pipelines/test_nginx_importer_pipeline.py

@@ -195,7 +195,7 @@ def interesting_advisories(self) -> QuerySet:
         )
         assert interesting_advisories == advisories
 
-    @mock.patch("fetchcode.package_versions.github_response")
+    @mock.patch("fetchcode.utils.github_response")
     def test_NginxBasicImprover_fetch_nginx_version_from_git_tags(self, mock_fetcher):
         reponse_files = [
             "github-nginx-nginx-0.json",

vulntotal/datasources/github.py

@@ -11,7 +11,7 @@
 from typing import Iterable
 
 from dotenv import load_dotenv
-from fetchcode.package_versions import github_response
+from fetchcode.utils import github_response
 from packageurl import PackageURL
 
 from vulntotal.validator import DataSource