From 8438ab74ae3930e23e06e654d5588f90aad15dfb Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Wed, 15 Jan 2025 16:31:47 -0300
Subject: [PATCH] fix: sort impacted versions DESC (#885)

---
 lib/security_blog.js | 49 +++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 23 deletions(-)

diff --git a/lib/security_blog.js b/lib/security_blog.js
index 01fcd7d0..41f37516 100644
--- a/lib/security_blog.js
+++ b/lib/security_blog.js
@@ -299,34 +299,37 @@ export default class SecurityBlog extends SecurityRelease {
   }
 
   getImpact(content) {
-    const impact = content.reports.reduce((acc, report) => {
-      for (const affectedVersion of report.affectedVersions) {
-        if (acc[affectedVersion]) {
-          acc[affectedVersion].push(report);
-        } else {
-          acc[affectedVersion] = [report];
-        }
+    const impact = new Map();
+    for (const report of content.reports) {
+      for (const version of report.affectedVersions) {
+        if (!impact.has(version)) impact.set(version, []);
+        impact.get(version).push(report);
       }
-      return acc;
-    }, {});
-
-    const impactText = [];
-    for (const [key, value] of Object.entries(impact)) {
-      const groupedByRating = Object.values(_.groupBy(value, 'severity.rating'))
-        .map(severity => {
-          if (!severity[0]?.severity?.rating) {
-            this.cli.error(`severity.rating not found for the report ${severity[0].id}. \
-              Please add it manually before continuing.`);
+    }
+
+    const result = Array.from(impact.entries())
+      .sort(([a], [b]) => b.localeCompare(a)) // DESC
+      .map(([version, reports]) => {
+        const severityCount = new Map();
+
+        for (const report of reports) {
+          const rating = report.severity.rating?.toLowerCase();
+          if (!rating) {
+            this.cli.error(`severity.rating not found for report ${report.id}.`);
             process.exit(1);
           }
-          const firstSeverityRating = severity[0].severity.rating.toLocaleLowerCase();
-          return `${severity.length} ${firstSeverityRating} severity issues`;
-        }).join(', ');
+          severityCount.set(rating, (severityCount.get(rating) || 0) + 1);
+        }
 
-      impactText.push(`The ${key} release line of Node.js is vulnerable to ${groupedByRating}.`);
-    }
+        const groupedByRating = Array.from(severityCount.entries())
+          .map(([rating, count]) => `${count} ${rating} severity issues`)
+          .join(', ');
+
+        return `The ${version} release line of Node.js is vulnerable to ${groupedByRating}.`;
+      })
+      .join('\n');
 
-    return impactText.join('\n');
+    return result;
   }
 
   getVulnerabilities(content) {