fix: do not assume patch ranges are pure semver notation

Mattlk13 · Jul 10, 2019 · 598ca96 · 598ca96
1 parent 170126b
commit 598ca96
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/lib/protect/apply-patch.js b/src/lib/protect/apply-patch.js
@@ -33,7 +33,7 @@ function applyPatch(patchFileName, vuln, live, patchUrl) {
       }
 
       const versionOfPackageToPatch = pkg.version;
-      const patchableVersionsRange = vuln.patches.version;
+      const patchableVersionsRange = semver.coerce(vuln.patches.version);
       if (semver.satisfies(versionOfPackageToPatch, patchableVersionsRange)) {
         debug('Patch version range %s matches package version %s',
           patchableVersionsRange, versionOfPackageToPatch);