dependabot-npm_and_yarn 0.93.9 → 0.93.10
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: db5ff83a73aad721050e786fc16520a7b680fbf12244c1bac58c4a881582e772
|
4
|
+
data.tar.gz: 1f5ff37e03a6f35b68e5ff9cd9f0d5fac57728136331972bc7b1f542d3e5275f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 24f34d6d1122cd2f1e4c663bac9d3e898871404c35cc23fa7a598ad7665ba87c013389885e0330ad9fd6d8d452d6cc978bcfb9906be98bcca912e7620b884c6d
|
7
|
+
data.tar.gz: 9cb578b1cdc7a066a830b02f6e67541cd0ced8efbba0b754abe07dee3d557592f0969154b37ef0bc905fb1a23717363812b88fcd1119b548acde5357e3c4ebf6
|
@@ -197,30 +197,50 @@ module Dependabot
|
|
197
197
|
requirement.match?(GIT_URL_REGEX)
|
198
198
|
end
|
199
199
|
|
200
|
+
def git_url_with_semver?(requirement)
|
201
|
+
return false unless git_url?(requirement)
|
202
|
+
|
203
|
+
!requirement.match(GIT_URL_REGEX).named_captures.fetch("semver").nil?
|
204
|
+
end
|
205
|
+
|
200
206
|
def workspace_package_names
|
201
207
|
@workspace_package_names ||=
|
202
208
|
package_files.map { |f| JSON.parse(f.content)["name"] }.compact
|
203
209
|
end
|
204
210
|
|
205
|
-
# rubocop:disable Metrics/CyclomaticComplexity
|
206
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
207
211
|
def version_for(name, requirement)
|
212
|
+
if git_url_with_semver?(requirement)
|
213
|
+
semver_version_for(name, requirement) ||
|
214
|
+
git_revision_for(name, requirement)
|
215
|
+
elsif git_url?(requirement)
|
216
|
+
git_revision_for(name, requirement)
|
217
|
+
else
|
218
|
+
semver_version_for(name, requirement)
|
219
|
+
end
|
220
|
+
end
|
221
|
+
|
222
|
+
def git_revision_for(name, requirement)
|
223
|
+
return unless git_url?(requirement)
|
224
|
+
|
208
225
|
lock_version = lockfile_details(name, requirement)&.
|
209
226
|
fetch("version", nil)
|
210
227
|
lock_res = lockfile_details(name, requirement)&.
|
211
228
|
fetch("resolved", nil)
|
212
229
|
|
213
|
-
if
|
214
|
-
|
215
|
-
return lock_res.split("#").last if lock_res&.include?("#")
|
230
|
+
return lock_version.split("#").last if lock_version&.include?("#")
|
231
|
+
return lock_res.split("#").last if lock_res&.include?("#")
|
216
232
|
|
217
|
-
|
218
|
-
|
219
|
-
end
|
220
|
-
|
221
|
-
return nil
|
233
|
+
if lock_res && lock_res.split("/").last.match?(/^[0-9a-f]{40}$/)
|
234
|
+
return lock_res.split("/").last
|
222
235
|
end
|
223
236
|
|
237
|
+
nil
|
238
|
+
end
|
239
|
+
|
240
|
+
def semver_version_for(name, requirement)
|
241
|
+
lock_version = lockfile_details(name, requirement)&.
|
242
|
+
fetch("version", nil)
|
243
|
+
|
224
244
|
return unless lock_version
|
225
245
|
return if lock_version.include?("://")
|
226
246
|
return if lock_version.include?("file:")
|
@@ -229,8 +249,6 @@ module Dependabot
|
|
229
249
|
|
230
250
|
lock_version
|
231
251
|
end
|
232
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
233
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
234
252
|
|
235
253
|
def source_for(name, requirement)
|
236
254
|
return git_source_for(requirement) if git_url?(requirement)
|
@@ -137,6 +137,8 @@ module Dependabot
|
|
137
137
|
# or that the current branch is behind, we switch to that release.
|
138
138
|
if git_branch_or_ref_in_release?(latest_release&.fetch(:version))
|
139
139
|
latest_release.fetch(:version)
|
140
|
+
elsif version_class.correct?(dependency.version)
|
141
|
+
latest_git_version_details[:version]
|
140
142
|
else
|
141
143
|
latest_git_version_details[:sha]
|
142
144
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.93.
|
4
|
+
version: 0.93.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.93.
|
19
|
+
version: 0.93.10
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.93.
|
26
|
+
version: 0.93.10
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|