dependabot-common 0.95.33 → 0.95.34
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d3d3f49b2d13d093c0c8494171c48203613f0ea6205d31c960e553a6e092b14
|
|
4
|
+
data.tar.gz: cbf675a4f176c180ba658e6fe41726be6f82c4663fac58390695da6eba81acd1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94918b26c0036cae34aa8111b97e66a656a693c2a81d0a78ed05fa1ccc90565fe160b9aa0734c50a1df0b2683e5ab8b4191adb5215e4a11a4949de96de8eef96
|
|
7
|
+
data.tar.gz: dd5633fa6f0ae81aeb5a405d90f8aabf6c49680b6560325adb4db3067a7ebc5dac1c86a0b119a2643acd45d5c4fe85994c21d43ee14e5c253cf049a4b832f84e
|
|
@@ -9,6 +9,8 @@ module Dependabot
|
|
|
9
9
|
require "dependabot/metadata_finders/base/release_finder"
|
|
10
10
|
require "dependabot/metadata_finders/base/commits_finder"
|
|
11
11
|
|
|
12
|
+
PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = %w(npm_and_yarn).freeze
|
|
13
|
+
|
|
12
14
|
attr_reader :dependency, :credentials
|
|
13
15
|
|
|
14
16
|
def initialize(dependency:, credentials:)
|
|
@@ -17,7 +19,11 @@ module Dependabot
|
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def source_url
|
|
20
|
-
|
|
22
|
+
if reliable_source_directory?
|
|
23
|
+
source&.url_with_directory
|
|
24
|
+
else
|
|
25
|
+
source&.url
|
|
26
|
+
end
|
|
21
27
|
end
|
|
22
28
|
|
|
23
29
|
def homepage_url
|
|
@@ -112,6 +118,11 @@ module Dependabot
|
|
|
112
118
|
def look_up_source
|
|
113
119
|
raise NotImplementedError
|
|
114
120
|
end
|
|
121
|
+
|
|
122
|
+
def reliable_source_directory?
|
|
123
|
+
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
|
|
124
|
+
include?(dependency.package_manager)
|
|
125
|
+
end
|
|
115
126
|
end
|
|
116
127
|
end
|
|
117
128
|
end
|
|
@@ -145,12 +145,17 @@ module Dependabot
|
|
|
145
145
|
|
|
146
146
|
def github_compare_path(new_tag, previous_tag)
|
|
147
147
|
if new_tag && previous_tag
|
|
148
|
-
"compare/#{previous_tag}...#{new_tag}"
|
|
149
|
-
elsif new_tag
|
|
150
|
-
"commits/#{new_tag}"
|
|
151
|
-
else
|
|
152
|
-
"commits"
|
|
148
|
+
return "compare/#{previous_tag}...#{new_tag}"
|
|
153
149
|
end
|
|
150
|
+
|
|
151
|
+
unless reliable_source_directory? &&
|
|
152
|
+
![nil, ".", "/"].include?(source.directory)
|
|
153
|
+
return new_tag ? "commits/#{new_tag}" : "commits"
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
Pathname.
|
|
157
|
+
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
|
|
158
|
+
cleanpath.to_path
|
|
154
159
|
end
|
|
155
160
|
|
|
156
161
|
def bitbucket_compare_path(new_tag, previous_tag)
|
|
@@ -244,6 +249,11 @@ module Dependabot
|
|
|
244
249
|
dependency.package_manager
|
|
245
250
|
)
|
|
246
251
|
end
|
|
252
|
+
|
|
253
|
+
def reliable_source_directory?
|
|
254
|
+
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
|
|
255
|
+
include?(dependency.package_manager)
|
|
256
|
+
end
|
|
247
257
|
end
|
|
248
258
|
end
|
|
249
259
|
end
|
data/lib/dependabot/source.rb
CHANGED
|
@@ -36,7 +36,8 @@ module Dependabot
|
|
|
36
36
|
(?:#{AZURE_SOURCE})
|
|
37
37
|
/x.freeze
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
attr_accessor :provider, :repo, :directory, :branch, :hostname,
|
|
40
|
+
:api_endpoint
|
|
40
41
|
|
|
41
42
|
def self.from_url(url_string)
|
|
42
43
|
return unless url_string&.match?(SOURCE_REGEX)
|
|
@@ -78,6 +79,24 @@ module Dependabot
|
|
|
78
79
|
end
|
|
79
80
|
end
|
|
80
81
|
|
|
82
|
+
def url_with_directory
|
|
83
|
+
return url if [nil, ".", "/"].include?(directory)
|
|
84
|
+
|
|
85
|
+
case provider
|
|
86
|
+
when "github", "gitlab"
|
|
87
|
+
path = Pathname.new(File.join("tree/#{branch || 'HEAD'}", directory)).
|
|
88
|
+
cleanpath.to_path
|
|
89
|
+
url + "/" + path
|
|
90
|
+
when "bitbucket"
|
|
91
|
+
path = Pathname.new(File.join("src/#{branch || 'default'}", directory)).
|
|
92
|
+
cleanpath.to_path
|
|
93
|
+
url + "/" + path
|
|
94
|
+
when "azure"
|
|
95
|
+
url + "?path=#{directory}"
|
|
96
|
+
else raise "Unexpected repo provider '#{provider}'"
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
81
100
|
def organization
|
|
82
101
|
repo.split("/").first
|
|
83
102
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.34
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-02-
|
|
11
|
+
date: 2019-02-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|