dependabot-bun 0.326.1 → 0.327.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bun/metadata_finder.rb +31 -10
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 01c5fe0976efe49daa9cd4b1bb5f0312f406d6b1f3a15b26958f007449695942
|
|
4
|
+
data.tar.gz: 4a6e833c389ebe66f3ee65db7a23469ccc6477b705ffc08974fe29e43f3a6b02
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2ae287d01812499998379f701a0a0a7d9b0b7ca85c009b7edac4bb7d7e1e404aa276adf671debcc09f0174911316d6389c9c4ab893b3757eefd18afb1802edf0
|
|
7
|
+
data.tar.gz: a5f6c406a4efe7af69fd65bc4269f03ce64012bf49b6152ff3ce53477beeff060e2118b57ea8b46fcdb88490e01a7eacf04f58f417bcdd9d24b1c6ad912a9771
|
|
@@ -22,8 +22,8 @@ module Dependabot
|
|
|
22
22
|
# array can be slow (if it's large)
|
|
23
23
|
return latest_version_listing["homepage"] if latest_version_listing["homepage"]
|
|
24
24
|
|
|
25
|
-
listing = all_version_listings.find { |l| l["homepage"] }
|
|
26
|
-
listing&.fetch("homepage", nil) || super
|
|
25
|
+
listing = all_version_listings.find { |_, l| l["homepage"] }
|
|
26
|
+
listing&.last&.fetch("homepage", nil) || super
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
sig { override.returns(T.nilable(String)) }
|
|
@@ -55,8 +55,8 @@ module Dependabot
|
|
|
55
55
|
sig { returns(T.nilable(String)) }
|
|
56
56
|
def npm_releaser
|
|
57
57
|
all_version_listings
|
|
58
|
-
.find { |v| v
|
|
59
|
-
&.dig("_npmUser", "name")
|
|
58
|
+
.find { |v, _| v == dependency.version }
|
|
59
|
+
&.last&.dig("_npmUser", "name")
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
sig { returns(T.nilable(T::Array[String])) }
|
|
@@ -73,7 +73,7 @@ module Dependabot
|
|
|
73
73
|
|
|
74
74
|
all_version_listings
|
|
75
75
|
.reject { |v, _| Time.parse(times[v]) > cutoff }
|
|
76
|
-
.filter_map { |d| d.fetch("_npmUser", nil)&.fetch("name", nil) }
|
|
76
|
+
.filter_map { |_, d| d.fetch("_npmUser", nil)&.fetch("name", nil) }
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
sig { returns(T.nilable(Source)) }
|
|
@@ -90,7 +90,7 @@ module Dependabot
|
|
|
90
90
|
return potential_sources.first if potential_sources.any?
|
|
91
91
|
|
|
92
92
|
potential_sources =
|
|
93
|
-
all_version_listings.flat_map do |listing|
|
|
93
|
+
all_version_listings.flat_map do |_, listing|
|
|
94
94
|
[
|
|
95
95
|
get_source(listing["repository"]),
|
|
96
96
|
get_source(listing["homepage"]),
|
|
@@ -110,7 +110,7 @@ module Dependabot
|
|
|
110
110
|
sources.first
|
|
111
111
|
end
|
|
112
112
|
|
|
113
|
-
sig { params(details: T.any(String, T::Hash[String, String])).returns(T.nilable(Source)) }
|
|
113
|
+
sig { params(details: T.nilable(T.any(String, T::Hash[String, String]))).returns(T.nilable(Source)) }
|
|
114
114
|
def get_source(details)
|
|
115
115
|
potential_url = get_url(details)
|
|
116
116
|
return unless potential_url
|
|
@@ -144,7 +144,7 @@ module Dependabot
|
|
|
144
144
|
"https://github.com/" + url
|
|
145
145
|
end
|
|
146
146
|
|
|
147
|
-
sig { params(details: T.any(String, T::Hash[String, String])).returns(T.nilable(String)) }
|
|
147
|
+
sig { params(details: T.nilable(T.any(String, T::Hash[String, String]))).returns(T.nilable(String)) }
|
|
148
148
|
def get_directory(details)
|
|
149
149
|
# Only return a directory if it is explicitly specified
|
|
150
150
|
return unless details.is_a?(Hash)
|
|
@@ -177,7 +177,7 @@ module Dependabot
|
|
|
177
177
|
@latest_version_listing = T.let({}, T.nilable(T::Hash[String, T.untyped]))
|
|
178
178
|
end
|
|
179
179
|
|
|
180
|
-
sig { returns(T::Array[T::Hash[String, T.untyped]]) }
|
|
180
|
+
sig { returns(T::Array[[String, T::Hash[String, T.untyped]]]) }
|
|
181
181
|
def all_version_listings
|
|
182
182
|
return [] if npm_listing["versions"].nil?
|
|
183
183
|
|
|
@@ -208,16 +208,37 @@ module Dependabot
|
|
|
208
208
|
sig { returns(String) }
|
|
209
209
|
def dependency_url
|
|
210
210
|
registry_url =
|
|
211
|
-
if new_source.nil?
|
|
211
|
+
if new_source.nil?
|
|
212
|
+
configured_registry_from_credentials || "https://registry.npmjs.org"
|
|
212
213
|
else
|
|
213
214
|
new_source&.fetch(:url)
|
|
214
215
|
end
|
|
215
216
|
|
|
217
|
+
# Remove trailing slashes and escape spaces for proper URL formatting
|
|
218
|
+
registry_url = URI::DEFAULT_PARSER.escape(registry_url)&.gsub(%r{/+$}, "")
|
|
219
|
+
|
|
216
220
|
# NPM registries expect slashes to be escaped
|
|
217
221
|
escaped_dependency_name = dependency.name.gsub("/", "%2F")
|
|
218
222
|
"#{registry_url}/#{escaped_dependency_name}"
|
|
219
223
|
end
|
|
220
224
|
|
|
225
|
+
sig { returns(T.nilable(String)) }
|
|
226
|
+
def configured_registry_from_credentials
|
|
227
|
+
# Look for a credential that replaces the base registry (global registry replacement)
|
|
228
|
+
replaces_base_cred = credentials.find { |cred| cred["type"] == "npm_registry" && cred.replaces_base? }
|
|
229
|
+
return normalize_registry_url(replaces_base_cred["registry"]) if replaces_base_cred
|
|
230
|
+
|
|
231
|
+
nil
|
|
232
|
+
end
|
|
233
|
+
|
|
234
|
+
sig { params(registry: T.nilable(String)).returns(T.nilable(String)) }
|
|
235
|
+
def normalize_registry_url(registry)
|
|
236
|
+
return nil unless registry
|
|
237
|
+
return registry if registry.start_with?("http")
|
|
238
|
+
|
|
239
|
+
"https://#{registry}"
|
|
240
|
+
end
|
|
241
|
+
|
|
221
242
|
sig { returns(T::Hash[String, String]) }
|
|
222
243
|
def registry_auth_headers
|
|
223
244
|
return {} unless auth_token
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bun
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.327.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.327.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.327.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -347,7 +347,7 @@ licenses:
|
|
|
347
347
|
- MIT
|
|
348
348
|
metadata:
|
|
349
349
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
350
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.327.0
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|
|
353
353
|
- lib
|