dependabot-common 0.95.33 → 0.95.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/metadata_finders/base.rb +12 -1
  3. data/lib/dependabot/metadata_finders/base/commits_finder.rb +15 -5
  4. data/lib/dependabot/source.rb +20 -1
  5. data/lib/dependabot/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8dfd5401844f55514737de21d8b0a99447d9645417c07fdc8f823ffa10e8f433
4
- data.tar.gz: 2e7f54e29584a74139a356065c9fba6ee14e15033dc898b1ffa2824ea6192676
3
+ metadata.gz: 9d3d3f49b2d13d093c0c8494171c48203613f0ea6205d31c960e553a6e092b14
4
+ data.tar.gz: cbf675a4f176c180ba658e6fe41726be6f82c4663fac58390695da6eba81acd1
5
5
  SHA512:
6
- metadata.gz: ed6f3c654bfa794abcb9cf057dc81e7423206ed487aee599d929af2479c7b25c2dc303bc261ddaefbaa373fef6691a921ce73bed052e7f36707b4047856a1f38
7
- data.tar.gz: 807133c70b3bad038db7f8aac333196e4bd8d455b9a8bfa9685c329784b2d5d147aebdcc125d96600654a437deccdf4a4d3c86044aa32d7a6d1e458a92e07767
6
+ metadata.gz: 94918b26c0036cae34aa8111b97e66a656a693c2a81d0a78ed05fa1ccc90565fe160b9aa0734c50a1df0b2683e5ab8b4191adb5215e4a11a4949de96de8eef96
7
+ data.tar.gz: dd5633fa6f0ae81aeb5a405d90f8aabf6c49680b6560325adb4db3067a7ebc5dac1c86a0b119a2643acd45d5c4fe85994c21d43ee14e5c253cf049a4b832f84e
data/lib/dependabot/metadata_finders/base.rb CHANGED
@@ -9,6 +9,8 @@ module Dependabot
9
9
  require "dependabot/metadata_finders/base/release_finder"
10
10
  require "dependabot/metadata_finders/base/commits_finder"
11
11
 
12
+ PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = %w(npm_and_yarn).freeze
13
+
12
14
  attr_reader :dependency, :credentials
13
15
 
14
16
  def initialize(dependency:, credentials:)
@@ -17,7 +19,11 @@ module Dependabot
17
19
  end
18
20
 
19
21
  def source_url
20
- source&.url
22
+ if reliable_source_directory?
23
+ source&.url_with_directory
24
+ else
25
+ source&.url
26
+ end
21
27
  end
22
28
 
23
29
  def homepage_url
@@ -112,6 +118,11 @@ module Dependabot
112
118
  def look_up_source
113
119
  raise NotImplementedError
114
120
  end
121
+
122
+ def reliable_source_directory?
123
+ MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
124
+ include?(dependency.package_manager)
125
+ end
115
126
  end
116
127
  end
117
128
  end
data/lib/dependabot/metadata_finders/base/commits_finder.rb CHANGED
@@ -145,12 +145,17 @@ module Dependabot
145
145
 
146
146
  def github_compare_path(new_tag, previous_tag)
147
147
  if new_tag && previous_tag
148
- "compare/#{previous_tag}...#{new_tag}"
149
- elsif new_tag
150
- "commits/#{new_tag}"
151
- else
152
- "commits"
148
+ return "compare/#{previous_tag}...#{new_tag}"
153
149
  end
150
+
151
+ unless reliable_source_directory? &&
152
+ ![nil, ".", "/"].include?(source.directory)
153
+ return new_tag ? "commits/#{new_tag}" : "commits"
154
+ end
155
+
156
+ Pathname.
157
+ new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
158
+ cleanpath.to_path
154
159
  end
155
160
 
156
161
  def bitbucket_compare_path(new_tag, previous_tag)
@@ -244,6 +249,11 @@ module Dependabot
244
249
  dependency.package_manager
245
250
  )
246
251
  end
252
+
253
+ def reliable_source_directory?
254
+ MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
255
+ include?(dependency.package_manager)
256
+ end
247
257
  end
248
258
  end
249
259
  end
data/lib/dependabot/source.rb CHANGED
@@ -36,7 +36,8 @@ module Dependabot
36
36
  (?:#{AZURE_SOURCE})
37
37
  /x.freeze
38
38
 
39
- attr_reader :provider, :repo, :directory, :branch, :hostname, :api_endpoint
39
+ attr_accessor :provider, :repo, :directory, :branch, :hostname,
40
+ :api_endpoint
40
41
 
41
42
  def self.from_url(url_string)
42
43
  return unless url_string&.match?(SOURCE_REGEX)
@@ -78,6 +79,24 @@ module Dependabot
78
79
  end
79
80
  end
80
81
 
82
+ def url_with_directory
83
+ return url if [nil, ".", "/"].include?(directory)
84
+
85
+ case provider
86
+ when "github", "gitlab"
87
+ path = Pathname.new(File.join("tree/#{branch || 'HEAD'}", directory)).
88
+ cleanpath.to_path
89
+ url + "/" + path
90
+ when "bitbucket"
91
+ path = Pathname.new(File.join("src/#{branch || 'default'}", directory)).
92
+ cleanpath.to_path
93
+ url + "/" + path
94
+ when "azure"
95
+ url + "?path=#{directory}"
96
+ else raise "Unexpected repo provider '#{provider}'"
97
+ end
98
+ end
99
+
81
100
  def organization
82
101
  repo.split("/").first
83
102
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.95.33"
4
+ VERSION = "0.95.34"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.33
4
+ version: 0.95.34
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-16 00:00:00.000000000 Z
11
+ date: 2019-02-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-ecr