dependabot-npm_and_yarn 0.98.31 → 0.98.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6655cb532c302e030c5ec06c40e4569033f100ace191c95db7d85f285577c3c5
|
|
4
|
+
data.tar.gz: fa4fd1fb4289e2407655c2ce94d263c43770077e81ae3684900e078ff22efaba
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46787e598b4b0aec3ef9b08bd95fafcd269a70e06c1ec2cfa2f6efe7028d651b55a93a71a844de2b292f7d9182eef46f966c2ba0038df34595b9d3468474e05f
|
|
7
|
+
data.tar.gz: d87a529b8f15deb3f740d4aa6667d06a985b0cb2243de9a34378d6dc85328d421c547c51b2184745ef8f22f7f2f997dfef76e110598997eb663d22ed719f675f
|
|
@@ -264,25 +264,26 @@ module Dependabot
|
|
|
264
264
|
elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
|
|
265
265
|
# Sonatype Nexus / Artifactory JFrog format
|
|
266
266
|
resolved_url.split("/#{name}/-/#{name.split('/').last}").first
|
|
267
|
-
elsif (cred_url =
|
|
267
|
+
elsif (cred_url = url_for_relevant_cred(resolved_url)) then cred_url
|
|
268
268
|
else resolved_url.split("/")[0..2].join("/")
|
|
269
269
|
end
|
|
270
270
|
|
|
271
271
|
{ type: "private_registry", url: url }
|
|
272
272
|
end
|
|
273
273
|
|
|
274
|
-
def
|
|
275
|
-
|
|
276
|
-
|
|
274
|
+
def url_for_relevant_cred(resolved_url)
|
|
275
|
+
credential_matching_url =
|
|
276
|
+
credentials.
|
|
277
|
+
select { |cred| cred["type"] == "npm_registry" }.
|
|
278
|
+
sort_by { |cred| cred["registry"].length }.
|
|
279
|
+
find { |details| resolved_url.include?(details["registry"]) }
|
|
277
280
|
|
|
278
|
-
|
|
279
|
-
reg = details["registry"]
|
|
280
|
-
next unless resolved_url.include?(reg)
|
|
281
|
+
return unless credential_matching_url
|
|
281
282
|
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
283
|
+
# Trim the resolved URL so that it ends at the same point as the
|
|
284
|
+
# credential registry
|
|
285
|
+
reg = credential_matching_url["registry"]
|
|
286
|
+
resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
|
|
286
287
|
end
|
|
287
288
|
|
|
288
289
|
def package_files
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.98.
|
|
4
|
+
version: 0.98.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-03-
|
|
11
|
+
date: 2019-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.98.
|
|
19
|
+
version: 0.98.32
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.98.
|
|
26
|
+
version: 0.98.32
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|