dependabot-bun 0.369.0 → 0.371.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bun/metadata_finder.rb +19 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2957e8cf92e79373f1a427a46da95171f6e5a6dd4e3826cf6273b75984e38808
|
|
4
|
+
data.tar.gz: afc63c38afe65774a9086da08373e23839f95fa79257bdd8ec2520dda465171a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f7d6ece449e0c49932b9122bd8cc4092b0c69cda97e241f02f37725f612de19ed481f28b0713d5554cef404850b4de92ad291ce92882c0d5cc37498e72a8a9c2
|
|
7
|
+
data.tar.gz: d935d57e7bcdf7cc3d68051aef61512604657ea0e7d71b9485e0d5b21a80910d0c122c14a3e1d927f145f72bb701ef20693fc7de26d1289d7cd4061ce5e16555
|
|
@@ -16,6 +16,10 @@ module Dependabot
|
|
|
16
16
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
|
17
17
|
extend T::Sig
|
|
18
18
|
|
|
19
|
+
# RFC 3986 unreserved; others need encoding (explicit ASCII class avoids UTF-8 \w issues)
|
|
20
|
+
CHARS_REQUIRING_ENCODING = T.let(/[^A-Za-z0-9._~-]/, Regexp)
|
|
21
|
+
private_constant :CHARS_REQUIRING_ENCODING
|
|
22
|
+
|
|
19
23
|
sig { override.returns(T.nilable(String)) }
|
|
20
24
|
def homepage_url
|
|
21
25
|
# Attempt to use version_listing first, as fetching the entire listing
|
|
@@ -28,17 +32,29 @@ module Dependabot
|
|
|
28
32
|
|
|
29
33
|
sig { override.returns(T.nilable(String)) }
|
|
30
34
|
def maintainer_changes
|
|
31
|
-
|
|
35
|
+
releaser = npm_releaser
|
|
36
|
+
return unless releaser
|
|
32
37
|
return unless npm_listing.dig("time", dependency.version)
|
|
33
|
-
return if previous_releasers&.include?(
|
|
38
|
+
return if previous_releasers&.include?(releaser)
|
|
34
39
|
|
|
40
|
+
encoded_releaser = encode_npm_releaser(releaser)
|
|
35
41
|
"This version was pushed to npm by " \
|
|
36
|
-
"[#{
|
|
42
|
+
"[#{releaser}](https://www.npmjs.com/~#{encoded_releaser}), a new " \
|
|
37
43
|
"releaser for #{dependency.name} since your current version."
|
|
38
44
|
end
|
|
39
45
|
|
|
40
46
|
private
|
|
41
47
|
|
|
48
|
+
# Percent-encodes npm releaser names for safe inclusion in npmjs.com profile URLs.
|
|
49
|
+
sig { params(releaser: String).returns(String) }
|
|
50
|
+
def encode_npm_releaser(releaser)
|
|
51
|
+
return releaser unless releaser.match?(CHARS_REQUIRING_ENCODING)
|
|
52
|
+
|
|
53
|
+
releaser.gsub(CHARS_REQUIRING_ENCODING) do |char|
|
|
54
|
+
char.bytes.map { |byte| "%#{format('%02X', byte)}" }.join
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
42
58
|
sig { override.returns(T.nilable(Dependabot::Source)) }
|
|
43
59
|
def look_up_source
|
|
44
60
|
return find_source_from_registry if new_source.nil?
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bun
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.371.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.371.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.371.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -347,7 +347,7 @@ licenses:
|
|
|
347
347
|
- MIT
|
|
348
348
|
metadata:
|
|
349
349
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
350
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.371.0
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|
|
353
353
|
- lib
|