dependabot-npm_and_yarn 0.95.82 → 0.95.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_parser.rb +30 -2
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a872d462e943cd40480ea3242735c9cc9a95cc833050d30922d7dd5c5b3fe8af
|
|
4
|
+
data.tar.gz: e37c32ae14918bfd96a7a29d032dcf9e1732f6d2be6dd730554d0bf2f843103f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 443f6b6fb7053a54d9a434c4dbfc7d26f4feca3cf0a8e293c66e17a1e81742a3660b4ac3cceeb1194c88ab07fa7546ff15afe82fb9fe67046ff277dd5f1f4c5f
|
|
7
|
+
data.tar.gz: 60b7d6668ec95bb4dcc40d015ba91c889fa4f0dd6bf742e4b7fe0487627e7acfe499288b3d039fe8a059ee55d03c412340eaf25b3a9b657ee0e6e2b44a5a1277
|
|
@@ -8,6 +8,8 @@ require "dependabot/file_parsers/base"
|
|
|
8
8
|
require "dependabot/shared_helpers"
|
|
9
9
|
require "dependabot/npm_and_yarn/native_helpers"
|
|
10
10
|
require "dependabot/npm_and_yarn/version"
|
|
11
|
+
require "dependabot/git_metadata_fetcher"
|
|
12
|
+
require "dependabot/git_commit_checker"
|
|
11
13
|
require "dependabot/errors"
|
|
12
14
|
|
|
13
15
|
module Dependabot
|
|
@@ -151,8 +153,11 @@ module Dependabot
|
|
|
151
153
|
|
|
152
154
|
def version_for(name, requirement)
|
|
153
155
|
if git_url_with_semver?(requirement)
|
|
154
|
-
semver_version_for(name, requirement)
|
|
155
|
-
|
|
156
|
+
semver_version = semver_version_for(name, requirement)
|
|
157
|
+
return semver_version if semver_version
|
|
158
|
+
|
|
159
|
+
git_revision = git_revision_for(name, requirement)
|
|
160
|
+
version_from_git_revision(requirement, git_revision) || git_revision
|
|
156
161
|
elsif git_url?(requirement)
|
|
157
162
|
git_revision_for(name, requirement)
|
|
158
163
|
else
|
|
@@ -180,6 +185,29 @@ module Dependabot
|
|
|
180
185
|
nil
|
|
181
186
|
end
|
|
182
187
|
|
|
188
|
+
def version_from_git_revision(requirement, git_revision)
|
|
189
|
+
tags =
|
|
190
|
+
Dependabot::GitMetadataFetcher.new(
|
|
191
|
+
url: git_source_for(requirement).fetch(:url),
|
|
192
|
+
credentials: credentials
|
|
193
|
+
).tags.
|
|
194
|
+
select { |t| [t.commit_sha, t.tag_sha].include?(git_revision) }
|
|
195
|
+
|
|
196
|
+
tags.each do |t|
|
|
197
|
+
next unless t.name.match?(Dependabot::GitCommitChecker::VERSION_REGEX)
|
|
198
|
+
|
|
199
|
+
version = t.name.match(Dependabot::GitCommitChecker::VERSION_REGEX).
|
|
200
|
+
named_captures.fetch("version")
|
|
201
|
+
next unless NpmAndYarn::Version.correct?(version)
|
|
202
|
+
|
|
203
|
+
return version
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
nil
|
|
207
|
+
rescue Dependabot::GitDependenciesNotReachable
|
|
208
|
+
nil
|
|
209
|
+
end
|
|
210
|
+
|
|
183
211
|
def semver_version_for(name, requirement)
|
|
184
212
|
lock_version = lockfile_parser.lockfile_details(
|
|
185
213
|
dependency_name: name,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.83
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.95.
|
|
19
|
+
version: 0.95.83
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.95.
|
|
26
|
+
version: 0.95.83
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|