dependabot-core 0.83.0 → 0.83.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2650fb172ee98b05006a4ed21a800434d04f15357bd3a522b8a1a2c371ad3a45
|
|
4
|
+
data.tar.gz: '019415b7c529d4f07af5095dd23b1669ee59423f7fc95fb0e1c77fc0cecd4287'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67bc78b206f9c0225024fa0cd2c6bff53aa49a9938106a1b953223d9633643e0d9c4575e465bc8e60c54b93377e9b5db21c5187f2654916163172ea67572b4e1
|
|
7
|
+
data.tar.gz: '088375a9f620abfb22f80666fad29c3917f59e6038da3f26a7638ac2e5d44b64178a660a6b1b5f46094c4fd166a5545843f1d344d42247e0a9ffe12a31f62329'
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## v0.83.1, 13 December 2018
|
|
2
|
+
|
|
3
|
+
- Retry GitHub errors when labeling a PR
|
|
4
|
+
- JS: Handle relative resolved paths in shrinkwrap.json
|
|
5
|
+
- Go: Better file parsing (prefer revision to version for git dependencies)
|
|
6
|
+
|
|
1
7
|
## v0.83.0, 13 December 2018
|
|
2
8
|
|
|
3
9
|
- Elm: Rename elm-package to elm everywhere
|
|
@@ -41,7 +41,7 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
dependency_set << Dependency.new(
|
|
43
43
|
name: details.fetch("name"),
|
|
44
|
-
version:
|
|
44
|
+
version: version_from_declaration(details),
|
|
45
45
|
package_manager: "dep",
|
|
46
46
|
requirements: [{
|
|
47
47
|
requirement: requirement_from_declaration(details),
|
|
@@ -107,6 +107,19 @@ module Dependabot
|
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
|
|
110
|
+
def version_from_declaration(declaration)
|
|
111
|
+
lockfile_details =
|
|
112
|
+
parsed_file(lockfile).fetch("projects", []).
|
|
113
|
+
find { |details| details["name"] == declaration.fetch("name") }
|
|
114
|
+
|
|
115
|
+
if source_from_declaration(declaration).fetch(:type) == "git"
|
|
116
|
+
lockfile_details["revision"] ||
|
|
117
|
+
version_from_lockfile(lockfile_details)
|
|
118
|
+
else
|
|
119
|
+
version_from_lockfile(lockfile_details)
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
110
123
|
def appears_in_lockfile?(dependency_name)
|
|
111
124
|
parsed_file(lockfile).fetch("projects", []).
|
|
112
125
|
any? { |details| details["name"] == dependency_name }
|
|
@@ -237,6 +237,7 @@ module Dependabot
|
|
|
237
237
|
fetch("resolved", nil)
|
|
238
238
|
|
|
239
239
|
return unless resolved_url
|
|
240
|
+
return unless resolved_url.start_with?("http")
|
|
240
241
|
return if CENTRAL_REGISTRIES.any? { |u| resolved_url.start_with?(u) }
|
|
241
242
|
return if resolved_url.include?("github")
|
|
242
243
|
|
data/lib/dependabot/version.rb
CHANGED