dependabot-core 0.86.2 → 0.86.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/metadata_finders/ruby/bundler.rb +66 -14
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79480d8761aa9ae5e22a3d197b8c81770866eaf147d8b245c64d57d3b9134e12
|
4
|
+
data.tar.gz: 1c955f487998a185bb77262a1b442b098ad72c68b2cd8be0352bf81a6a31f616
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: edb02105ebee6e2d9285b927833e0de0e51f752a9033f963baa4b627c0242f5445c9522f526ef8952a8cc8cf7c6a5d4d11eb7d0e90e9fe7659f32aa84934c7cb
|
7
|
+
data.tar.gz: 46e9c2785aa3148c36b59ee9a3eb518317bbcfa54668f859ad84b6d30887c58a90698004fa0abb5513d349304164a45678fb79f960648c88ffb9445cf44f79e4
|
data/CHANGELOG.md
CHANGED
@@ -19,21 +19,18 @@ module Dependabot
|
|
19
19
|
).freeze
|
20
20
|
|
21
21
|
def homepage_url
|
22
|
-
|
23
|
-
|
24
|
-
return rubygems_listing["homepage_uri"]
|
25
|
-
end
|
26
|
-
end
|
22
|
+
return super unless %w(default rubygems).include?(new_source_type)
|
23
|
+
return super unless rubygems_api_response["homepage_uri"]
|
27
24
|
|
28
|
-
|
25
|
+
rubygems_api_response["homepage_uri"]
|
29
26
|
end
|
30
27
|
|
31
28
|
private
|
32
29
|
|
33
30
|
def look_up_source
|
34
31
|
case new_source_type
|
35
|
-
when "default", "rubygems" then find_source_from_rubygems_listing
|
36
32
|
when "git" then find_source_from_git_url
|
33
|
+
when "default", "rubygems" then find_source_from_rubygems
|
37
34
|
else raise "Unexpected source type: #{new_source_type}"
|
38
35
|
end
|
39
36
|
end
|
@@ -48,8 +45,15 @@ module Dependabot
|
|
48
45
|
sources.first[:type] || sources.first.fetch("type")
|
49
46
|
end
|
50
47
|
|
51
|
-
def
|
52
|
-
|
48
|
+
def find_source_from_rubygems
|
49
|
+
api_source = find_source_from_rubygems_api_response
|
50
|
+
return api_source if api_source || new_source_type == "default"
|
51
|
+
|
52
|
+
find_source_from_gemspec_download
|
53
|
+
end
|
54
|
+
|
55
|
+
def find_source_from_rubygems_api_response
|
56
|
+
source_url = rubygems_api_response.
|
53
57
|
values_at(*SOURCE_KEYS).
|
54
58
|
compact.
|
55
59
|
find { |url| Source.from_url(url) }
|
@@ -64,8 +68,54 @@ module Dependabot
|
|
64
68
|
Source.from_url(url)
|
65
69
|
end
|
66
70
|
|
67
|
-
def
|
68
|
-
|
71
|
+
def find_source_from_gemspec_download
|
72
|
+
github_urls = []
|
73
|
+
return unless rubygems_marshalled_gemspec_response
|
74
|
+
|
75
|
+
rubygems_marshalled_gemspec_response.scan(Source::SOURCE_REGEX) do
|
76
|
+
github_urls << Regexp.last_match.to_s
|
77
|
+
end
|
78
|
+
|
79
|
+
source_url = github_urls.find do |url|
|
80
|
+
repo = Source.from_url(url).repo
|
81
|
+
repo.downcase.end_with?(dependency.name)
|
82
|
+
end
|
83
|
+
return unless source_url
|
84
|
+
|
85
|
+
Source.from_url(source_url)
|
86
|
+
end
|
87
|
+
|
88
|
+
# Note: This response MUST NOT be unmarshalled
|
89
|
+
# (as calling Marshal.load is unsafe)
|
90
|
+
def rubygems_marshalled_gemspec_response
|
91
|
+
if defined?(@rubygems_marshalled_gemspec_response)
|
92
|
+
return @rubygems_marshalled_gemspec_response
|
93
|
+
end
|
94
|
+
|
95
|
+
gemspec_uri =
|
96
|
+
"#{registry_url}quick/Marshal.4.8/"\
|
97
|
+
"#{dependency.name}-#{dependency.version}.gemspec.rz"
|
98
|
+
|
99
|
+
response =
|
100
|
+
Excon.get(
|
101
|
+
gemspec_uri,
|
102
|
+
headers: registry_auth_headers,
|
103
|
+
idempotent: true,
|
104
|
+
**SharedHelpers.excon_defaults
|
105
|
+
)
|
106
|
+
|
107
|
+
if response.status >= 400
|
108
|
+
return @rubygems_marshalled_gemspec_response = nil
|
109
|
+
end
|
110
|
+
|
111
|
+
@rubygems_marshalled_gemspec_response =
|
112
|
+
Zlib::Inflate.inflate(response.body)
|
113
|
+
rescue Zlib::DataError
|
114
|
+
@rubygems_marshalled_gemspec_response = nil
|
115
|
+
end
|
116
|
+
|
117
|
+
def rubygems_api_response
|
118
|
+
return @rubygems_api_response if defined?(@rubygems_api_response)
|
69
119
|
|
70
120
|
response =
|
71
121
|
Excon.get(
|
@@ -74,13 +124,15 @@ module Dependabot
|
|
74
124
|
idempotent: true,
|
75
125
|
**SharedHelpers.excon_defaults
|
76
126
|
)
|
127
|
+
return @rubygems_api_response = {} if response.status >= 400
|
128
|
+
|
77
129
|
response_body = response.body
|
78
130
|
response_body = augment_private_response_if_appropriate(response_body)
|
79
131
|
|
80
|
-
@
|
81
|
-
append_slash_to_source_code_uri(@
|
132
|
+
@rubygems_api_response = JSON.parse(response_body)
|
133
|
+
append_slash_to_source_code_uri(@rubygems_api_response)
|
82
134
|
rescue JSON::ParserError, Excon::Error::Timeout
|
83
|
-
@
|
135
|
+
@rubygems_api_response = {}
|
84
136
|
end
|
85
137
|
|
86
138
|
def append_slash_to_source_code_uri(listing)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.86.
|
4
|
+
version: 0.86.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-12-
|
11
|
+
date: 2018-12-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-ecr
|