dependabot-npm_and_yarn 0.101.1 → 0.101.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f1a5c4f55d424ecda702c33195e05fc6c90185bb195b35db644b08423839b848
|
|
4
|
+
data.tar.gz: bdce9e00488a04b7281c757aa304800ce9072c06a98d4908156a794b0e4fff95
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce2976feca5e45c4d6efe3571b2b1a8fd98ed5f43187f4872d2ab524a784a44934b3740868af80fdd6b94b15c4b420445138d29c8825c36f6840ba484643d374
|
|
7
|
+
data.tar.gz: bf20c7ba5a9743796f3afd1403bed3f345121586fceb7874172c9574cc56a3eb0fbd66182e4f21716da3ccfd1d0af9fcbb147ed33f27852e3bfebf0a88ca242b
|
|
@@ -151,7 +151,7 @@ module Dependabot
|
|
|
151
151
|
# If there's been a release that includes the current pinned ref
|
|
152
152
|
# or that the current branch is behind, we switch to that release.
|
|
153
153
|
if git_branch_or_ref_in_latest_release?
|
|
154
|
-
|
|
154
|
+
latest_released_version
|
|
155
155
|
elsif version_class.correct?(dependency.version)
|
|
156
156
|
latest_git_version_details[:version] &&
|
|
157
157
|
version_class.new(latest_git_version_details[:version])
|
|
@@ -161,9 +161,9 @@ module Dependabot
|
|
|
161
161
|
end
|
|
162
162
|
end
|
|
163
163
|
|
|
164
|
-
def
|
|
165
|
-
@
|
|
166
|
-
latest_version_finder.
|
|
164
|
+
def latest_released_version
|
|
165
|
+
@latest_released_version ||=
|
|
166
|
+
latest_version_finder.latest_version_from_registry
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
def should_switch_source_from_git_to_registry?
|
|
@@ -175,16 +175,14 @@ module Dependabot
|
|
|
175
175
|
end
|
|
176
176
|
|
|
177
177
|
def git_branch_or_ref_in_latest_release?
|
|
178
|
-
return false unless
|
|
178
|
+
return false unless latest_released_version
|
|
179
179
|
|
|
180
180
|
if defined?(@git_branch_or_ref_in_latest_release)
|
|
181
181
|
return @git_branch_or_ref_in_latest_release
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
@git_branch_or_ref_in_latest_release ||=
|
|
185
|
-
git_commit_checker.branch_or_ref_in_release?(
|
|
186
|
-
latest_release.fetch(:version)
|
|
187
|
-
)
|
|
185
|
+
git_commit_checker.branch_or_ref_in_release?(latest_released_version)
|
|
188
186
|
end
|
|
189
187
|
|
|
190
188
|
def latest_version_details
|
|
@@ -192,7 +190,7 @@ module Dependabot
|
|
|
192
190
|
if git_dependency? && !should_switch_source_from_git_to_registry?
|
|
193
191
|
latest_git_version_details
|
|
194
192
|
else
|
|
195
|
-
|
|
193
|
+
{ version: latest_released_version }
|
|
196
194
|
end
|
|
197
195
|
end
|
|
198
196
|
|
|
@@ -202,7 +200,8 @@ module Dependabot
|
|
|
202
200
|
dependency: dependency,
|
|
203
201
|
credentials: credentials,
|
|
204
202
|
dependency_files: dependency_files,
|
|
205
|
-
ignored_versions: ignored_versions
|
|
203
|
+
ignored_versions: ignored_versions,
|
|
204
|
+
security_advisories: security_advisories
|
|
206
205
|
)
|
|
207
206
|
end
|
|
208
207
|
|
|
@@ -16,20 +16,20 @@ module Dependabot
|
|
|
16
16
|
class RegistryError < StandardError; end
|
|
17
17
|
|
|
18
18
|
def initialize(dependency:, credentials:, dependency_files:,
|
|
19
|
-
ignored_versions:)
|
|
20
|
-
@dependency
|
|
21
|
-
@credentials
|
|
22
|
-
@dependency_files
|
|
23
|
-
@ignored_versions
|
|
19
|
+
ignored_versions:, security_advisories:)
|
|
20
|
+
@dependency = dependency
|
|
21
|
+
@credentials = credentials
|
|
22
|
+
@dependency_files = dependency_files
|
|
23
|
+
@ignored_versions = ignored_versions
|
|
24
|
+
@security_advisories = security_advisories
|
|
24
25
|
end
|
|
25
26
|
|
|
26
|
-
def
|
|
27
|
+
def latest_version_from_registry
|
|
27
28
|
return unless valid_npm_details?
|
|
28
|
-
return
|
|
29
|
+
return version_from_dist_tags if version_from_dist_tags
|
|
29
30
|
return if specified_dist_tag_requirement?
|
|
30
31
|
|
|
31
|
-
|
|
32
|
-
{ version: version }
|
|
32
|
+
possible_versions.find { |v| !yanked?(v) }
|
|
33
33
|
rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError
|
|
34
34
|
raise if dependency_registry == "registry.npmjs.org"
|
|
35
35
|
# Custom registries can be flaky. We don't want to make that
|
|
@@ -48,10 +48,6 @@ module Dependabot
|
|
|
48
48
|
# our problem, so we quietly return `nil` here.
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
def possible_versions
|
|
52
|
-
possible_versions_with_details.map(&:first)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
51
|
def possible_versions_with_details
|
|
56
52
|
npm_details.fetch("versions", {}).
|
|
57
53
|
reject { |_, details| details["deprecated"] }.
|
|
@@ -61,10 +57,14 @@ module Dependabot
|
|
|
61
57
|
sort_by(&:first).reverse
|
|
62
58
|
end
|
|
63
59
|
|
|
60
|
+
def possible_versions
|
|
61
|
+
possible_versions_with_details.map(&:first)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
64
|
private
|
|
65
65
|
|
|
66
66
|
attr_reader :dependency, :credentials, :dependency_files,
|
|
67
|
-
:ignored_versions
|
|
67
|
+
:ignored_versions, :security_advisories
|
|
68
68
|
|
|
69
69
|
def valid_npm_details?
|
|
70
70
|
!npm_details&.fetch("dist-tags", nil).nil?
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.101.
|
|
4
|
+
version: 0.101.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.101.
|
|
19
|
+
version: 0.101.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.101.
|
|
26
|
+
version: 0.101.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|