dependabot-core 0.86.10 → 0.86.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef5a65ecbedea39372a9838b6bd0c0d599fc353fd5069c6b29f3a64f7f4d8e1e
-  data.tar.gz: 354b5fe1016c8fb3ab475a1496b7c949dea4136f37786987957f75824e43e8da
+  metadata.gz: a823a69ede90ac8ad982e3d4c981c85cbc62e33507397879ea479b2e0bf00984
+  data.tar.gz: a6a9dccfe89393ae011b349ba920805d73624ad85dc2bbbd39297f40ac67276b
 SHA512:
-  metadata.gz: 1f0892f47eb105fd2ab4cc86a95035cce4e522f81280eef70ec06d21ecf05d18388cd90350caa063fc790bc69e7d2124b67373947e35409a3d62bb7c0629e032
-  data.tar.gz: 23f5175a2494e5459f95a05671cb2a00c7d6a228350629f82c4bbf8a5325955edc7ead747d64d81fd4d950a11c5892a3f5123f6ccf5e197ea96ce6e764c450de
+  metadata.gz: 96475ab54827e805d29e052e3baf27575e14fcad264453fcc35f115770219a2f607faec7563de0e0698ed80cd75d034ed3c506ba9435836259fc361e1d5fb0cf
+  data.tar.gz: 1a719919ce887458492c70a5f447d044c13d71fc313a57a618d8bb79f8a95a3c91104bd634ddcae2e8157bb294756481c7080ce739bb46d6d361b91e0b97494f

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.86.11, 25 December 2018
+
+- Ruby: Ensure gemspec paths are always pathnames
+- JS: Handle non-string entries for resolution
+
 ## v0.86.10, 24 December 2018
 
 - .NET: Filter out non-URL repos

data/lib/dependabot/file_fetchers/ruby/bundler.rb

@@ -83,8 +83,6 @@ module Dependabot
           gemspec_files = []
           unfetchable_gems = []
 
-          gemspec_paths = fetch_gemspec_paths
-
           gemspec_paths.each do |path|
             # Get any gemspecs at the path itself
             gemspecs_at_path = fetch_gemspecs_from_directory(path)
@@ -114,6 +112,10 @@ module Dependabot
           gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
         end
 
+        def gemspec_paths
+          fetch_gemspec_paths.map { |path| Pathname.new(path) }
+        end
+
         def require_relative_files(files)
           ruby_files =
             files.select { |f| f.name.end_with?(".rb", "Gemfile", ".gemspec") }

data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb

@@ -70,7 +70,7 @@ module Dependabot
               path = Pathname.new(path).relative_path_from(base_path).to_s
             end
             path = File.join(current_dir, path) unless current_dir.nil?
-            Pathname.new(path).cleanpath.to_path
+            Pathname.new(path).cleanpath
           end
 
           # rubocop:disable Security/Eval

data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb

@@ -79,6 +79,7 @@ module Dependabot
             if package_lock
               parsed_package_lock.fetch("dependencies", {}).
                 map { |_, details| details["resolved"] }.compact.
+                select { |url| url.is_a?(String) }.
                 reject { |url| url.start_with?("git") }
             elsif yarn_lock
               yarn_lock.content.scan(/ resolved "(.*?)"/).flatten

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.86.10"
+  VERSION = "0.86.11"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.86.10
+  version: 0.86.11
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-24 00:00:00.000000000 Z
+date: 2018-12-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr