dependabot-npm_and_yarn 0.95.33 → 0.95.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +28 -12
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a54605a5d3ad8d33e4aeeb52b5b0a715fdf7ac656d70820cf46b64b6897d5bfa
4
- data.tar.gz: 753e5edd7c5e394cae94c53956829567fd1ea45447ea44d9f08ecc593b272b2d
3
+ metadata.gz: 74643b3d4abfbba5f5d8a78a0f13dae2a65fd190564325c138ae1ee0e9807d02
4
+ data.tar.gz: ab79d1130f72465c8952001c7e0d7800162ab4710d0a0e59616d60771de8d9d0
5
5
  SHA512:
6
- metadata.gz: 331554696050713a3510bd9ef6e830fb2da079151af89bd2935bdecd6af9de2ca2dd3a29646b72601209d82c8890d754c5862deb15919fbc2125f7a63c71a773
7
- data.tar.gz: 4a5f90be4634a806ae2d2e7ff86aee14cd328c8ac975b6f9c22363a1985055cebbd01cd63eec2b0b87597256cfe5d20105647e3f190584902cc757acb3319ea4
6
+ metadata.gz: aa6099cb99a700715169c8a04b3b491aa5b416e996338df94a1d0aff365602238cc957a29d2947166617e5182c0ac60185c6cb1879a2ae9825d65cd943d3fb43
7
+ data.tar.gz: f7dda297d8365ea72edbcb90c64d5b42610acdc397a9755ff43551285894a133bcdd467956b49b4dfeae7d3badf671d2f370e1719db4ab5b90a3f770e8b4f1f3
data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED
@@ -71,27 +71,25 @@ module Dependabot
71
71
  def find_source_from_registry
72
72
  # Attempt to use version_listing first, as fetching the entire listing
73
73
  # array can be slow (if it's large)
74
- potential_source_urls =
74
+ potential_sources =
75
75
  [
76
- get_url(latest_version_listing["repository"]),
77
- get_url(latest_version_listing["homepage"]),
78
- get_url(latest_version_listing["bugs"])
76
+ get_source(latest_version_listing["repository"]),
77
+ get_source(latest_version_listing["homepage"]),
78
+ get_source(latest_version_listing["bugs"])
79
79
  ].compact
80
80
 
81
- source_url = potential_source_urls.find { |url| Source.from_url(url) }
82
- return Source.from_url(source_url) if Source.from_url(source_url)
81
+ return potential_sources.first if potential_sources.any?
83
82
 
84
- potential_source_urls =
83
+ potential_sources =
85
84
  all_version_listings.flat_map do |_, listing|
86
85
  [
87
- get_url(listing["repository"]),
88
- get_url(listing["homepage"]),
89
- get_url(listing["bugs"])
86
+ get_source(listing["repository"]),
87
+ get_source(listing["homepage"]),
88
+ get_source(listing["bugs"])
90
89
  ]
91
90
  end.compact
92
91
 
93
- source_url = potential_source_urls.find { |url| Source.from_url(url) }
94
- Source.from_url(source_url)
92
+ potential_sources.first
95
93
  end
96
94
 
97
95
  def new_source
@@ -103,6 +101,17 @@ module Dependabot
103
101
  sources.first
104
102
  end
105
103
 
104
+ def get_source(details)
105
+ potential_url = get_url(details)
106
+ return unless potential_url
107
+
108
+ potential_source = Source.from_url(potential_url)
109
+ return unless potential_source
110
+
111
+ potential_source.directory = get_directory(details)
112
+ potential_source
113
+ end
114
+
106
115
  def get_url(details)
107
116
  case details
108
117
  when String then details
@@ -110,6 +119,13 @@ module Dependabot
110
119
  end
111
120
  end
112
121
 
122
+ def get_directory(details)
123
+ # Only return a directory if it is explicitly specified
124
+ return unless details.is_a?(Hash)
125
+
126
+ details.fetch("directory", nil)
127
+ end
128
+
113
129
  def find_source_from_git_url
114
130
  url = new_source[:url] || new_source.fetch("url")
115
131
  Source.from_url(url)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.33
4
+ version: 0.95.34
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-16 00:00:00.000000000 Z
11
+ date: 2019-02-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.95.33
19
+ version: 0.95.34
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.95.33
26
+ version: 0.95.34
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement