dependabot-npm_and_yarn 0.107.26 → 0.107.27
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 85826e9a4d1f98c35f49861c9d488714aa5a4e2e8edb026de72adea9bed4b3cf
|
4
|
+
data.tar.gz: 575880a02774b327ce37b37b027b09ff896663a63b664172c2d961062fb7371c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b158bc0d2b804f952ff535edd62781407f119dd598fdff5df5e474fc7d15f2c4c3b45ed48d7d4344d98722bdc995443e375b8a86350fba083f67ffe610a52cdd
|
7
|
+
data.tar.gz: f626bd7d3d3e88966210f37fddfc514041efa9335f6628c5534bb1c4ee76462827ec262451f43e8087570b7fde9fb340264e9b95a0caab5eabe4fa96c02e5d6b
|
@@ -178,7 +178,7 @@ module Dependabot
|
|
178
178
|
end
|
179
179
|
|
180
180
|
dependency_objects.flat_map(&:to_a).
|
181
|
-
select { |_, v| v.start_with?(*path_dep_starts) }.
|
181
|
+
select { |_, v| v.is_a?(String) && v.start_with?(*path_dep_starts) }.
|
182
182
|
map do |name, path|
|
183
183
|
path = path.sub(/^file:/, "").sub(/^link:/, "")
|
184
184
|
path = File.join(current_dir, path) unless current_dir.nil?
|
@@ -68,6 +68,8 @@ module Dependabot
|
|
68
68
|
DEPENDENCY_TYPES.each do |type|
|
69
69
|
deps = JSON.parse(file.content)[type] || {}
|
70
70
|
deps.each do |name, requirement|
|
71
|
+
next unless requirement.is_a?(String)
|
72
|
+
|
71
73
|
requirement = "*" if requirement == ""
|
72
74
|
dep = build_dependency(
|
73
75
|
file: file, type: type, name: name, requirement: requirement
|
@@ -403,10 +403,8 @@ module Dependabot
|
|
403
403
|
def lock_git_deps(content)
|
404
404
|
return content if git_dependencies_to_lock.empty?
|
405
405
|
|
406
|
-
types = NpmAndYarn::FileParser::DEPENDENCY_TYPES
|
407
|
-
|
408
406
|
json = JSON.parse(content)
|
409
|
-
|
407
|
+
NpmAndYarn::FileParser::DEPENDENCY_TYPES.each do |type|
|
410
408
|
json.fetch(type, {}).each do |nm, _|
|
411
409
|
updated_version = git_dependencies_to_lock.dig(nm, :version)
|
412
410
|
next unless updated_version
|
@@ -460,6 +458,7 @@ module Dependabot
|
|
460
458
|
package_files.each do |file|
|
461
459
|
NpmAndYarn::FileParser::DEPENDENCY_TYPES.each do |t|
|
462
460
|
JSON.parse(file.content).fetch(t, {}).each do |_, requirement|
|
461
|
+
next unless requirement.is_a?(String)
|
463
462
|
next unless requirement.start_with?("git+ssh:")
|
464
463
|
|
465
464
|
req = requirement.split("#").first
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.107.
|
4
|
+
version: 0.107.27
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-05-
|
11
|
+
date: 2019-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.107.
|
19
|
+
version: 0.107.27
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.107.
|
26
|
+
version: 0.107.27
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|