dependabot-npm_and_yarn 0.117.8 → 0.118.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 87f87073d5895a0bf974de82a8fd63717a41185fea23d394249e94dcf44112e5
|
4
|
+
data.tar.gz: bc5cdaf0b6a32cbfaeeb79718cf22aa3f9db0c8efefd366eb0f586f6996973e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0b0760347eebcbdb69bcec7733bf8e0544645fa4d5fa60e6f50b11bb1ef8f373d971c595938b956902a5073360ecefa5b455949e7bac9bb61dd331af095446fa
|
7
|
+
data.tar.gz: d9167678297ca80bfe54c4e61837c2c232044410b485a3a40a0c00d67ba62d6ea8817106be7459e9c8cb9870fbed7a71f5044933d9f37ada8ffb85a08507d756
|
@@ -205,6 +205,7 @@ module Dependabot
|
|
205
205
|
credentials: credentials,
|
206
206
|
dependency_files: dependency_files,
|
207
207
|
ignored_versions: ignored_versions,
|
208
|
+
raise_on_ignored: raise_on_ignored,
|
208
209
|
security_advisories: security_advisories
|
209
210
|
)
|
210
211
|
end
|
@@ -306,7 +307,9 @@ module Dependabot
|
|
306
307
|
@git_commit_checker ||=
|
307
308
|
GitCommitChecker.new(
|
308
309
|
dependency: dependency,
|
309
|
-
credentials: credentials
|
310
|
+
credentials: credentials,
|
311
|
+
ignored_versions: ignored_versions,
|
312
|
+
raise_on_ignored: raise_on_ignored
|
310
313
|
)
|
311
314
|
end
|
312
315
|
end
|
@@ -21,11 +21,13 @@ module Dependabot
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def initialize(dependency:, credentials:, dependency_files:,
|
24
|
-
ignored_versions:, security_advisories
|
24
|
+
ignored_versions:, security_advisories:,
|
25
|
+
raise_on_ignored: false)
|
25
26
|
@dependency = dependency
|
26
27
|
@credentials = credentials
|
27
28
|
@dependency_files = dependency_files
|
28
29
|
@ignored_versions = ignored_versions
|
30
|
+
@raise_on_ignored = raise_on_ignored
|
29
31
|
@security_advisories = security_advisories
|
30
32
|
end
|
31
33
|
|
@@ -59,10 +61,11 @@ module Dependabot
|
|
59
61
|
versions_array =
|
60
62
|
if specified_dist_tag_requirement?
|
61
63
|
[version_from_dist_tags].compact
|
62
|
-
else possible_versions
|
64
|
+
else possible_versions(filter_ignored: false)
|
63
65
|
end
|
64
66
|
|
65
67
|
secure_versions = filter_vulnerable_versions(versions_array)
|
68
|
+
secure_versions = filter_ignored_versions(secure_versions)
|
66
69
|
secure_versions = filter_lower_versions(secure_versions)
|
67
70
|
secure_versions.reverse.find { |version| !yanked?(version) }
|
68
71
|
rescue Excon::Error::Socket, Excon::Error::Timeout
|
@@ -80,14 +83,18 @@ module Dependabot
|
|
80
83
|
end
|
81
84
|
end
|
82
85
|
|
83
|
-
def possible_versions_with_details
|
84
|
-
possible_previous_versions_with_details.
|
85
|
-
|
86
|
-
|
86
|
+
def possible_versions_with_details(filter_ignored: true)
|
87
|
+
versions = possible_previous_versions_with_details.
|
88
|
+
reject { |_, details| details["deprecated"] }
|
89
|
+
|
90
|
+
return filter_ignored_versions(versions) if filter_ignored
|
91
|
+
|
92
|
+
versions
|
87
93
|
end
|
88
94
|
|
89
|
-
def possible_versions
|
90
|
-
possible_versions_with_details
|
95
|
+
def possible_versions(filter_ignored: true)
|
96
|
+
possible_versions_with_details(filter_ignored: filter_ignored).
|
97
|
+
map(&:first)
|
91
98
|
end
|
92
99
|
|
93
100
|
private
|
@@ -99,6 +106,18 @@ module Dependabot
|
|
99
106
|
!npm_details&.fetch("dist-tags", nil).nil?
|
100
107
|
end
|
101
108
|
|
109
|
+
def filter_ignored_versions(versions_array)
|
110
|
+
filtered = versions_array.reject do |v, _|
|
111
|
+
ignore_reqs.any? { |r| r.satisfied_by?(v) }
|
112
|
+
end
|
113
|
+
|
114
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
115
|
+
raise AllVersionsIgnored
|
116
|
+
end
|
117
|
+
|
118
|
+
filtered
|
119
|
+
end
|
120
|
+
|
102
121
|
def filter_out_of_range_versions(versions_array)
|
103
122
|
reqs = dependency.requirements.map do |r|
|
104
123
|
NpmAndYarn::Requirement.requirements_array(r.fetch(:requirement))
|
@@ -397,6 +416,7 @@ module Dependabot
|
|
397
416
|
|
398
417
|
# TODO: Remove need for me
|
399
418
|
def git_dependency?
|
419
|
+
# ignored_version/raise_on_ignored are irrelevant.
|
400
420
|
GitCommitChecker.new(
|
401
421
|
dependency: dependency,
|
402
422
|
credentials: credentials
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.118.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.118.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.118.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 0.
|
117
|
+
version: 0.83.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 0.
|
124
|
+
version: 0.83.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: vcr
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|