dependabot-npm_and_yarn 0.117.8 → 0.118.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a29182b4388af80f9a52f7c6f7ddb4ab6b48ea5b406023c2b0261dd8bbe3dd98
4
- data.tar.gz: c9f0a016cfae05a7773aaf05a373e99586307a4b84a6c6033f9a1013aea09d8f
3
+ metadata.gz: 87f87073d5895a0bf974de82a8fd63717a41185fea23d394249e94dcf44112e5
4
+ data.tar.gz: bc5cdaf0b6a32cbfaeeb79718cf22aa3f9db0c8efefd366eb0f586f6996973e2
5
5
  SHA512:
6
- metadata.gz: 18be0147eb2c1c8ddb082921d496eb8c82b081b0c88c56dd0a4a68cb8599643d596a693bfa9d9a266e25393fb9f1d548d150fd2915c219925dc3e959387d6c0c
7
- data.tar.gz: 61299253e23e3f266eeee8f1d013612d13170f399ec7c531d0c2a2fd37b8a27b0c9f1a25bb0ba10f8ab5b8af581ee4f8ded15b5c2057b26252081d364d5f635d
6
+ metadata.gz: 0b0760347eebcbdb69bcec7733bf8e0544645fa4d5fa60e6f50b11bb1ef8f373d971c595938b956902a5073360ecefa5b455949e7bac9bb61dd331af095446fa
7
+ data.tar.gz: d9167678297ca80bfe54c4e61837c2c232044410b485a3a40a0c00d67ba62d6ea8817106be7459e9c8cb9870fbed7a71f5044933d9f37ada8ffb85a08507d756
@@ -205,6 +205,7 @@ module Dependabot
205
205
  credentials: credentials,
206
206
  dependency_files: dependency_files,
207
207
  ignored_versions: ignored_versions,
208
+ raise_on_ignored: raise_on_ignored,
208
209
  security_advisories: security_advisories
209
210
  )
210
211
  end
@@ -306,7 +307,9 @@ module Dependabot
306
307
  @git_commit_checker ||=
307
308
  GitCommitChecker.new(
308
309
  dependency: dependency,
309
- credentials: credentials
310
+ credentials: credentials,
311
+ ignored_versions: ignored_versions,
312
+ raise_on_ignored: raise_on_ignored
310
313
  )
311
314
  end
312
315
  end
@@ -21,11 +21,13 @@ module Dependabot
21
21
  end
22
22
 
23
23
  def initialize(dependency:, credentials:, dependency_files:,
24
- ignored_versions:, security_advisories:)
24
+ ignored_versions:, security_advisories:,
25
+ raise_on_ignored: false)
25
26
  @dependency = dependency
26
27
  @credentials = credentials
27
28
  @dependency_files = dependency_files
28
29
  @ignored_versions = ignored_versions
30
+ @raise_on_ignored = raise_on_ignored
29
31
  @security_advisories = security_advisories
30
32
  end
31
33
 
@@ -59,10 +61,11 @@ module Dependabot
59
61
  versions_array =
60
62
  if specified_dist_tag_requirement?
61
63
  [version_from_dist_tags].compact
62
- else possible_versions
64
+ else possible_versions(filter_ignored: false)
63
65
  end
64
66
 
65
67
  secure_versions = filter_vulnerable_versions(versions_array)
68
+ secure_versions = filter_ignored_versions(secure_versions)
66
69
  secure_versions = filter_lower_versions(secure_versions)
67
70
  secure_versions.reverse.find { |version| !yanked?(version) }
68
71
  rescue Excon::Error::Socket, Excon::Error::Timeout
@@ -80,14 +83,18 @@ module Dependabot
80
83
  end
81
84
  end
82
85
 
83
- def possible_versions_with_details
84
- possible_previous_versions_with_details.
85
- reject { |_, details| details["deprecated"] }.
86
- reject { |v, _| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
86
+ def possible_versions_with_details(filter_ignored: true)
87
+ versions = possible_previous_versions_with_details.
88
+ reject { |_, details| details["deprecated"] }
89
+
90
+ return filter_ignored_versions(versions) if filter_ignored
91
+
92
+ versions
87
93
  end
88
94
 
89
- def possible_versions
90
- possible_versions_with_details.map(&:first)
95
+ def possible_versions(filter_ignored: true)
96
+ possible_versions_with_details(filter_ignored: filter_ignored).
97
+ map(&:first)
91
98
  end
92
99
 
93
100
  private
@@ -99,6 +106,18 @@ module Dependabot
99
106
  !npm_details&.fetch("dist-tags", nil).nil?
100
107
  end
101
108
 
109
+ def filter_ignored_versions(versions_array)
110
+ filtered = versions_array.reject do |v, _|
111
+ ignore_reqs.any? { |r| r.satisfied_by?(v) }
112
+ end
113
+
114
+ if @raise_on_ignored && filtered.empty? && versions_array.any?
115
+ raise AllVersionsIgnored
116
+ end
117
+
118
+ filtered
119
+ end
120
+
102
121
  def filter_out_of_range_versions(versions_array)
103
122
  reqs = dependency.requirements.map do |r|
104
123
  NpmAndYarn::Requirement.requirements_array(r.fetch(:requirement))
@@ -397,6 +416,7 @@ module Dependabot
397
416
 
398
417
  # TODO: Remove need for me
399
418
  def git_dependency?
419
+ # ignored_version/raise_on_ignored are irrelevant.
400
420
  GitCommitChecker.new(
401
421
  dependency: dependency,
402
422
  credentials: credentials
@@ -364,6 +364,7 @@ module Dependabot
364
364
  end
365
365
 
366
366
  def git_dependency?(dep)
367
+ # ignored_version/raise_on_ignored are irrelevant.
367
368
  GitCommitChecker.
368
369
  new(dependency: dep, credentials: credentials).
369
370
  git_dependency?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.8
4
+ version: 0.118.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-12 00:00:00.000000000 Z
11
+ date: 2020-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.8
19
+ version: 0.118.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.8
26
+ version: 0.118.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.82.0
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.82.0
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement