dependabot-npm_and_yarn 0.113.13 → 0.113.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +3 -5
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0dcea9ab94cde2328be8bb63ecd471d5b46f7e278fea2a1e625478f61c4c35ad
4
- data.tar.gz: ecf14c40e32f2d73252fde518ce12715660ad80c02121cdf7a88768f8a8bd04d
3
+ metadata.gz: a7ca0b919fdad1b9750dcb45446dde881a01966873c9908db0215d4ead6a6038
4
+ data.tar.gz: d36cf7d0025b1d9574decec61e8f0175a80cd48145c0c172d5e457179bea4fe3
5
5
  SHA512:
6
- metadata.gz: e18ebb2119fda097698973c68b1695f6e3f151875d0333e5b770fe470a9332990034d691ae110f5c1eb6ce42d186f4e2773bb2d6c4f5935375087b907169061c
7
- data.tar.gz: 6e5b0237257fec700264aa48c3468e499777244f7421544f35337774fd7c4a873a98ca0ebdb48f90061bdb5f811a4af31d17af098d3100db9d44fc0a66eb85da
6
+ metadata.gz: cb560e55243fce9b3e7fb7cb4808a790adb4081702ab23539256595d47de8f60e69a39cbaea49f28c8f307f7eca792779789c7c7d47d197b159730c2a84d8946
7
+ data.tar.gz: adb1c9566238f0cda1179f45ff3eb25a9f8d1de220f8309338ad815d631296274f07da5b218cb521fa3798eab5c7e31a0f2ce4e4423bdd0838f233dfbde51681
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -133,9 +133,7 @@ module Dependabot
133
133
  end
134
134
 
135
135
  def resolve_latest_previous_version(dep, updated_version)
136
- if dep.version && version_class.correct?(dep.version)
137
- return version_class.new(dep.version)
138
- end
136
+ return dep.version if dep.version
139
137
 
140
138
  @resolve_latest_previous_version ||= {}
141
139
  @resolve_latest_previous_version[dep] ||= begin
@@ -153,13 +151,13 @@ module Dependabot
153
151
  relevant_versions.select do |version|
154
152
  req.any? { |r| r.satisfied_by?(version) }
155
153
  end.max
156
- end.min
154
+ end.min&.to_s
157
155
 
158
156
  # Handle cases where the latest resolvable previous version is the
159
157
  # latest version. This often happens if you don't have lockfiles and
160
158
  # have requirements update strategy set to bump_versions, where an
161
159
  # update might go from ^1.1.1 to ^1.1.2 (both resolve to 1.1.2).
162
- return if updated_version.to_s == latest_previous_version.to_s
160
+ return if updated_version.to_s == latest_previous_version
163
161
 
164
162
  latest_previous_version
165
163
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.113.13
4
+ version: 0.113.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-16 00:00:00.000000000 Z
11
+ date: 2019-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.113.13
19
+ version: 0.113.14
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.113.13
26
+ version: 0.113.14
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement