dependabot-npm_and_yarn 0.99.7 → 0.100.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/update_checker.rb +12 -4
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cfb8071b3a5a216d144e90e681a3ee636059d5d84246a9edb576f03916323f52
|
4
|
+
data.tar.gz: ee9c9bc5598b783dafd7d791ec1d6f5607f28cfc7c856b10648f67dc7c141e26
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d90e5642fb69f2aff90e036b087d7a2a4ca9bdca0c6b884207037c93d52bc098d174f6b67032a704f4f9378b9caa6ce7b046898a8f09f7ae30ff465750b34a2c
|
7
|
+
data.tar.gz: 19f0dea2fa8155a9dedf12810efe660f5ca0a5e28dbfe862eeab8f82396954ad63d254bf3685248e50eddfd23095104a8c5232e3d36123c49ea0de5739ca7486
|
@@ -36,6 +36,13 @@ module Dependabot
|
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
+
def lowest_resolvable_security_fix_version
|
40
|
+
raise "Dependency not vulnerable!" unless vulnerable?
|
41
|
+
|
42
|
+
# TODO: Implement this properly!
|
43
|
+
latest_resolvable_version
|
44
|
+
end
|
45
|
+
|
39
46
|
def latest_resolvable_version_with_no_unlock
|
40
47
|
return latest_resolvable_version unless dependency.top_level?
|
41
48
|
|
@@ -48,11 +55,12 @@ module Dependabot
|
|
48
55
|
|
49
56
|
def updated_requirements
|
50
57
|
resolvable_version =
|
51
|
-
if
|
52
|
-
|
53
|
-
elsif latest_resolvable_version.nil?
|
54
|
-
nil
|
58
|
+
if [version_class, NilClass].include?(preferred_resolvable_version)
|
59
|
+
preferred_resolvable_version&.to_s
|
55
60
|
else
|
61
|
+
# If the preferred_resolvable_version came back as anything other
|
62
|
+
# than a version class or `nil` it must be because this is a git
|
63
|
+
# dependency, for which we don't check resolvability.
|
56
64
|
latest_version_details&.fetch(:version, nil)&.to_s
|
57
65
|
end
|
58
66
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.100.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.100.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.100.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|