dependabot-core 0.86.2 → 0.86.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/metadata_finders/ruby/bundler.rb +66 -14
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79480d8761aa9ae5e22a3d197b8c81770866eaf147d8b245c64d57d3b9134e12
|
|
4
|
+
data.tar.gz: 1c955f487998a185bb77262a1b442b098ad72c68b2cd8be0352bf81a6a31f616
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: edb02105ebee6e2d9285b927833e0de0e51f752a9033f963baa4b627c0242f5445c9522f526ef8952a8cc8cf7c6a5d4d11eb7d0e90e9fe7659f32aa84934c7cb
|
|
7
|
+
data.tar.gz: 46e9c2785aa3148c36b59ee9a3eb518317bbcfa54668f859ad84b6d30887c58a90698004fa0abb5513d349304164a45678fb79f960648c88ffb9445cf44f79e4
|
data/CHANGELOG.md
CHANGED
|
@@ -19,21 +19,18 @@ module Dependabot
|
|
|
19
19
|
).freeze
|
|
20
20
|
|
|
21
21
|
def homepage_url
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
return rubygems_listing["homepage_uri"]
|
|
25
|
-
end
|
|
26
|
-
end
|
|
22
|
+
return super unless %w(default rubygems).include?(new_source_type)
|
|
23
|
+
return super unless rubygems_api_response["homepage_uri"]
|
|
27
24
|
|
|
28
|
-
|
|
25
|
+
rubygems_api_response["homepage_uri"]
|
|
29
26
|
end
|
|
30
27
|
|
|
31
28
|
private
|
|
32
29
|
|
|
33
30
|
def look_up_source
|
|
34
31
|
case new_source_type
|
|
35
|
-
when "default", "rubygems" then find_source_from_rubygems_listing
|
|
36
32
|
when "git" then find_source_from_git_url
|
|
33
|
+
when "default", "rubygems" then find_source_from_rubygems
|
|
37
34
|
else raise "Unexpected source type: #{new_source_type}"
|
|
38
35
|
end
|
|
39
36
|
end
|
|
@@ -48,8 +45,15 @@ module Dependabot
|
|
|
48
45
|
sources.first[:type] || sources.first.fetch("type")
|
|
49
46
|
end
|
|
50
47
|
|
|
51
|
-
def
|
|
52
|
-
|
|
48
|
+
def find_source_from_rubygems
|
|
49
|
+
api_source = find_source_from_rubygems_api_response
|
|
50
|
+
return api_source if api_source || new_source_type == "default"
|
|
51
|
+
|
|
52
|
+
find_source_from_gemspec_download
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def find_source_from_rubygems_api_response
|
|
56
|
+
source_url = rubygems_api_response.
|
|
53
57
|
values_at(*SOURCE_KEYS).
|
|
54
58
|
compact.
|
|
55
59
|
find { |url| Source.from_url(url) }
|
|
@@ -64,8 +68,54 @@ module Dependabot
|
|
|
64
68
|
Source.from_url(url)
|
|
65
69
|
end
|
|
66
70
|
|
|
67
|
-
def
|
|
68
|
-
|
|
71
|
+
def find_source_from_gemspec_download
|
|
72
|
+
github_urls = []
|
|
73
|
+
return unless rubygems_marshalled_gemspec_response
|
|
74
|
+
|
|
75
|
+
rubygems_marshalled_gemspec_response.scan(Source::SOURCE_REGEX) do
|
|
76
|
+
github_urls << Regexp.last_match.to_s
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
source_url = github_urls.find do |url|
|
|
80
|
+
repo = Source.from_url(url).repo
|
|
81
|
+
repo.downcase.end_with?(dependency.name)
|
|
82
|
+
end
|
|
83
|
+
return unless source_url
|
|
84
|
+
|
|
85
|
+
Source.from_url(source_url)
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
# Note: This response MUST NOT be unmarshalled
|
|
89
|
+
# (as calling Marshal.load is unsafe)
|
|
90
|
+
def rubygems_marshalled_gemspec_response
|
|
91
|
+
if defined?(@rubygems_marshalled_gemspec_response)
|
|
92
|
+
return @rubygems_marshalled_gemspec_response
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
gemspec_uri =
|
|
96
|
+
"#{registry_url}quick/Marshal.4.8/"\
|
|
97
|
+
"#{dependency.name}-#{dependency.version}.gemspec.rz"
|
|
98
|
+
|
|
99
|
+
response =
|
|
100
|
+
Excon.get(
|
|
101
|
+
gemspec_uri,
|
|
102
|
+
headers: registry_auth_headers,
|
|
103
|
+
idempotent: true,
|
|
104
|
+
**SharedHelpers.excon_defaults
|
|
105
|
+
)
|
|
106
|
+
|
|
107
|
+
if response.status >= 400
|
|
108
|
+
return @rubygems_marshalled_gemspec_response = nil
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
@rubygems_marshalled_gemspec_response =
|
|
112
|
+
Zlib::Inflate.inflate(response.body)
|
|
113
|
+
rescue Zlib::DataError
|
|
114
|
+
@rubygems_marshalled_gemspec_response = nil
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
def rubygems_api_response
|
|
118
|
+
return @rubygems_api_response if defined?(@rubygems_api_response)
|
|
69
119
|
|
|
70
120
|
response =
|
|
71
121
|
Excon.get(
|
|
@@ -74,13 +124,15 @@ module Dependabot
|
|
|
74
124
|
idempotent: true,
|
|
75
125
|
**SharedHelpers.excon_defaults
|
|
76
126
|
)
|
|
127
|
+
return @rubygems_api_response = {} if response.status >= 400
|
|
128
|
+
|
|
77
129
|
response_body = response.body
|
|
78
130
|
response_body = augment_private_response_if_appropriate(response_body)
|
|
79
131
|
|
|
80
|
-
@
|
|
81
|
-
append_slash_to_source_code_uri(@
|
|
132
|
+
@rubygems_api_response = JSON.parse(response_body)
|
|
133
|
+
append_slash_to_source_code_uri(@rubygems_api_response)
|
|
82
134
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
83
|
-
@
|
|
135
|
+
@rubygems_api_response = {}
|
|
84
136
|
end
|
|
85
137
|
|
|
86
138
|
def append_slash_to_source_code_uri(listing)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.86.
|
|
4
|
+
version: 0.86.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-12-
|
|
11
|
+
date: 2018-12-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|