add package release filtering for security vulneribility check

kbukum1 · kbukum1 · commit 49c4c337fca2 · 2025-04-12T02:58:01.000-07:00
diff --git a/common/lib/dependabot/update_checkers/version_filters.rb b/common/lib/dependabot/update_checkers/version_filters.rb
@@ -1,6 +1,7 @@
 # typed: strong
 # frozen_string_literal: true
 
+require "dependabot/package/package_release"
 require "sorbet-runtime"
 
 module Dependabot
@@ -19,7 +20,8 @@ module VersionFilters
             versions_array: T::Array[
               T.any(
                 T.all(T.type_parameter(:T), Gem::Version),
-                T.all(T.type_parameter(:T), T::Hash[Symbol, Gem::Version])
+                T.all(T.type_parameter(:T), T::Hash[Symbol, Gem::Version]),
+                T.all(T.type_parameter(:T), Dependabot::Package::PackageRelease)
               )],
             security_advisories: T::Array[SecurityAdvisory]
           )
@@ -30,6 +32,8 @@ def self.filter_vulnerable_versions(versions_array, security_advisories)
           security_advisories.any? do |a|
             if v.is_a?(Gem::Version)
               a.vulnerable?(v)
+            elsif v.is_a?(Dependabot::Package::PackageRelease)
+              a.vulnerable?(v.version)
             else
               a.vulnerable?(v.fetch(:version))
             end
