dependabot-npm_and_yarn 0.104.3 → 0.104.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +9 -3
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 136099b7abe41212c774a19ed14a983e1f658562b926e7c78974946fe07c1efe
4
- data.tar.gz: c211ea58e27e5b36dd153460e127b2cc18f5f1f7f2b9b0219af0d5ff1d27f0c0
3
+ metadata.gz: a6e04e1dd9a259df10f21e16a1974c90976c2e9fa99d9e0eebb5863d48dc2792
4
+ data.tar.gz: 28177893988b1d64b290532fc3b28b40a57013c8204cb21ca4d8d88b7c9cda51
5
5
  SHA512:
6
- metadata.gz: f7c45f7d6e145a815e4745c9ef35b71eeaa82b89ff40a331c3ec25c7b78ebdcf70f563622c889cae56af1332bc452c26354127bbb9ea47b3f32bf19e3df8ddfb
7
- data.tar.gz: 6634d29cb307cd286a0d283195507172786e27efe547709d49972bf02a0328701f9ded0dfd13f6f5bb92c3a5206994a0d1e14f6d89b82a3320f1c0a507c6c4f2
6
+ metadata.gz: 5d0ff54be1004d0c429590e796e6edc712f3841f7207c7f7948b877ccc0be7a494cf856c1701bb6b634cda38ebb387fdc0aa405c5fb870175f56f84e8b672432
7
+ data.tar.gz: 7078ad4ca1cc3b3ea97979c901e6d6617ddb158279449b4b013d32ea8ff856f295cf12fc3dbcf70367ec1ca971c57415dae8ceedbf7dfab282d8e5053491a55a
data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED
@@ -169,9 +169,15 @@ module Dependabot
169
169
  current_dir = nil if current_dir == ""
170
170
  path_dep_starts = %w(file: / ./ ../ ~/ link:.)
171
171
 
172
- JSON.parse(file.content).
173
- values_at(*NpmAndYarn::FileParser::DEPENDENCY_TYPES).
174
- compact.flat_map(&:to_a).
172
+ dependency_objects =
173
+ JSON.parse(file.content).
174
+ values_at(*NpmAndYarn::FileParser::DEPENDENCY_TYPES).compact
175
+
176
+ unless dependency_objects.all? { |o| o.is_a?(Hash) }
177
+ raise Dependabot::DependencyFileNotParseable, file.path
178
+ end
179
+
180
+ dependency_objects.flat_map(&:to_a).
175
181
  select { |_, v| v.start_with?(*path_dep_starts) }.
176
182
  map do |name, path|
177
183
  path = path.sub(/^file:/, "").sub(/^link:/, "")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.104.3
4
+ version: 0.104.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.104.3
19
+ version: 0.104.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.104.3
26
+ version: 0.104.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement