dependabot-npm_and_yarn 0.101.1 → 0.101.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/update_checker.rb +9 -10
  3. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +14 -14
  4. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1cf6617f329cb9987316bd94cfa8d5015ee5c2385e843f94a6c07195af7c9d81
4
- data.tar.gz: 258fa046ee0b0e3435b0a9c16a5bda624c77917ece08d3772701138ebeb6cad9
3
+ metadata.gz: f1a5c4f55d424ecda702c33195e05fc6c90185bb195b35db644b08423839b848
4
+ data.tar.gz: bdce9e00488a04b7281c757aa304800ce9072c06a98d4908156a794b0e4fff95
5
5
  SHA512:
6
- metadata.gz: f889d16cc3e211ac41d5d4fb4154ea084a371bfbe7341fc8b8d4c616a1688d5743615e93d02a8fe27aff8933287d8e5d2b625cf315925cab44aed1567c5b2820
7
- data.tar.gz: 734982d233f792584c01832efa2b8379fd30552986fcf879ed2df435681fd4e1b5660c546fca86900ee11166232289698effd34f168fa9a97141689e70e15c38
6
+ metadata.gz: ce2976feca5e45c4d6efe3571b2b1a8fd98ed5f43187f4872d2ab524a784a44934b3740868af80fdd6b94b15c4b420445138d29c8825c36f6840ba484643d374
7
+ data.tar.gz: bf20c7ba5a9743796f3afd1403bed3f345121586fceb7874172c9574cc56a3eb0fbd66182e4f21716da3ccfd1d0af9fcbb147ed33f27852e3bfebf0a88ca242b
data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED
@@ -151,7 +151,7 @@ module Dependabot
151
151
  # If there's been a release that includes the current pinned ref
152
152
  # or that the current branch is behind, we switch to that release.
153
153
  if git_branch_or_ref_in_latest_release?
154
- latest_release.fetch(:version)
154
+ latest_released_version
155
155
  elsif version_class.correct?(dependency.version)
156
156
  latest_git_version_details[:version] &&
157
157
  version_class.new(latest_git_version_details[:version])
@@ -161,9 +161,9 @@ module Dependabot
161
161
  end
162
162
  end
163
163
 
164
- def latest_release
165
- @latest_release ||=
166
- latest_version_finder.latest_version_details_from_registry
164
+ def latest_released_version
165
+ @latest_released_version ||=
166
+ latest_version_finder.latest_version_from_registry
167
167
  end
168
168
 
169
169
  def should_switch_source_from_git_to_registry?
@@ -175,16 +175,14 @@ module Dependabot
175
175
  end
176
176
 
177
177
  def git_branch_or_ref_in_latest_release?
178
- return false unless latest_release
178
+ return false unless latest_released_version
179
179
 
180
180
  if defined?(@git_branch_or_ref_in_latest_release)
181
181
  return @git_branch_or_ref_in_latest_release
182
182
  end
183
183
 
184
184
  @git_branch_or_ref_in_latest_release ||=
185
- git_commit_checker.branch_or_ref_in_release?(
186
- latest_release.fetch(:version)
187
- )
185
+ git_commit_checker.branch_or_ref_in_release?(latest_released_version)
188
186
  end
189
187
 
190
188
  def latest_version_details
@@ -192,7 +190,7 @@ module Dependabot
192
190
  if git_dependency? && !should_switch_source_from_git_to_registry?
193
191
  latest_git_version_details
194
192
  else
195
- latest_version_finder.latest_version_details_from_registry
193
+ { version: latest_released_version }
196
194
  end
197
195
  end
198
196
 
@@ -202,7 +200,8 @@ module Dependabot
202
200
  dependency: dependency,
203
201
  credentials: credentials,
204
202
  dependency_files: dependency_files,
205
- ignored_versions: ignored_versions
203
+ ignored_versions: ignored_versions,
204
+ security_advisories: security_advisories
206
205
  )
207
206
  end
208
207
 
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -16,20 +16,20 @@ module Dependabot
16
16
  class RegistryError < StandardError; end
17
17
 
18
18
  def initialize(dependency:, credentials:, dependency_files:,
19
- ignored_versions:)
20
- @dependency = dependency
21
- @credentials = credentials
22
- @dependency_files = dependency_files
23
- @ignored_versions = ignored_versions
19
+ ignored_versions:, security_advisories:)
20
+ @dependency = dependency
21
+ @credentials = credentials
22
+ @dependency_files = dependency_files
23
+ @ignored_versions = ignored_versions
24
+ @security_advisories = security_advisories
24
25
  end
25
26
 
26
- def latest_version_details_from_registry
27
+ def latest_version_from_registry
27
28
  return unless valid_npm_details?
28
- return { version: version_from_dist_tags } if version_from_dist_tags
29
+ return version_from_dist_tags if version_from_dist_tags
29
30
  return if specified_dist_tag_requirement?
30
31
 
31
- version = possible_versions.find { |v| !yanked?(v) }
32
- { version: version }
32
+ possible_versions.find { |v| !yanked?(v) }
33
33
  rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError
34
34
  raise if dependency_registry == "registry.npmjs.org"
35
35
  # Custom registries can be flaky. We don't want to make that
@@ -48,10 +48,6 @@ module Dependabot
48
48
  # our problem, so we quietly return `nil` here.
49
49
  end
50
50
 
51
- def possible_versions
52
- possible_versions_with_details.map(&:first)
53
- end
54
-
55
51
  def possible_versions_with_details
56
52
  npm_details.fetch("versions", {}).
57
53
  reject { |_, details| details["deprecated"] }.
@@ -61,10 +57,14 @@ module Dependabot
61
57
  sort_by(&:first).reverse
62
58
  end
63
59
 
60
+ def possible_versions
61
+ possible_versions_with_details.map(&:first)
62
+ end
63
+
64
64
  private
65
65
 
66
66
  attr_reader :dependency, :credentials, :dependency_files,
67
- :ignored_versions
67
+ :ignored_versions, :security_advisories
68
68
 
69
69
  def valid_npm_details?
70
70
  !npm_details&.fetch("dist-tags", nil).nil?
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -110,7 +110,8 @@ module Dependabot
110
110
  dependency: dep,
111
111
  credentials: credentials,
112
112
  dependency_files: dependency_files,
113
- ignored_versions: []
113
+ ignored_versions: [],
114
+ security_advisories: []
114
115
  )
115
116
  end
116
117
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.101.1
4
+ version: 0.101.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.101.1
19
+ version: 0.101.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.101.1
26
+ version: 0.101.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement