dependabot-npm_and_yarn 0.384.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_parser.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater.rb +3 -3
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +10 -6
- data/lib/dependabot/npm_and_yarn/package/registry_finder.rb +2 -2
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker.rb +3 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4e68f24f2520040b0fb94bb7a0d98af8b36a23bc7a8d27aecf9af8d32830a69d
|
|
4
|
+
data.tar.gz: 5e81bc9fc5e886d2e1a392899d27443f6d32cafdd08a788eb71052b7abe3266f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 618893dff8d6152043cfeab8c89c716f1cf5998f62a6210236df62c726d7c47e4edca330446c10a93c0e4f0704319c3d1ff6be5ddb1a652f5d67e2f51e3e11f5
|
|
7
|
+
data.tar.gz: 5a82b1c15fb5eb39f269f1d14a072796157758b9d9272f09fbcc1462296d10556d598dfb44b5f379097466661dcc0724f6d2d016dc850b8b2ab0727a8a611ff9
|
|
@@ -394,7 +394,7 @@ module Dependabot
|
|
|
394
394
|
|
|
395
395
|
sig { returns(T::Boolean) }
|
|
396
396
|
def dealias_packages?
|
|
397
|
-
options.fetch(:dealias_packages, false)
|
|
397
|
+
options.fetch(:dealias_packages, false) ? true : false
|
|
398
398
|
end
|
|
399
399
|
|
|
400
400
|
# Resolves an aliased manifest entry to its real package name and requirement.
|
|
@@ -443,7 +443,7 @@ module Dependabot
|
|
|
443
443
|
dependency_files: dependency_files,
|
|
444
444
|
repo_contents_path: repo_contents_path,
|
|
445
445
|
credentials: credentials,
|
|
446
|
-
security_updates_only: options.fetch(:security_updates_only, false)
|
|
446
|
+
security_updates_only: options.fetch(:security_updates_only, false) ? true : false
|
|
447
447
|
),
|
|
448
448
|
T.nilable(Dependabot::NpmAndYarn::FileUpdater::YarnLockfileUpdater)
|
|
449
449
|
)
|
|
@@ -457,7 +457,7 @@ module Dependabot
|
|
|
457
457
|
dependency_files: dependency_files,
|
|
458
458
|
repo_contents_path: repo_contents_path,
|
|
459
459
|
credentials: credentials,
|
|
460
|
-
security_updates_only: options.fetch(:security_updates_only, false)
|
|
460
|
+
security_updates_only: options.fetch(:security_updates_only, false) ? true : false
|
|
461
461
|
),
|
|
462
462
|
T.nilable(Dependabot::NpmAndYarn::FileUpdater::PnpmLockfileUpdater)
|
|
463
463
|
)
|
|
@@ -474,7 +474,7 @@ module Dependabot
|
|
|
474
474
|
dependencies: dependencies,
|
|
475
475
|
dependency_files: dependency_files,
|
|
476
476
|
credentials: credentials,
|
|
477
|
-
security_updates_only: options.fetch(:security_updates_only, false)
|
|
477
|
+
security_updates_only: options.fetch(:security_updates_only, false) ? true : false
|
|
478
478
|
)
|
|
479
479
|
end
|
|
480
480
|
|
|
@@ -272,11 +272,14 @@ module Dependabot
|
|
|
272
272
|
@latest_version_listing = T.let({}, T.nilable(T::Hash[String, T.untyped]))
|
|
273
273
|
|
|
274
274
|
response = Dependabot::RegistryClient.get(url: "#{dependency_url}/latest", headers: registry_auth_headers)
|
|
275
|
-
|
|
275
|
+
if response.status == 200
|
|
276
|
+
parsed = JSON.parse(response.body)
|
|
277
|
+
@latest_version_listing = parsed if parsed.is_a?(Hash)
|
|
278
|
+
end
|
|
276
279
|
|
|
277
|
-
@latest_version_listing
|
|
280
|
+
T.must(@latest_version_listing)
|
|
278
281
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
279
|
-
@latest_version_listing
|
|
282
|
+
T.must(@latest_version_listing)
|
|
280
283
|
end
|
|
281
284
|
|
|
282
285
|
sig { returns(T::Array[[String, T::Hash[String, T.untyped]]]) }
|
|
@@ -299,14 +302,15 @@ module Dependabot
|
|
|
299
302
|
return T.must(@npm_listing) if response.status >= 500
|
|
300
303
|
|
|
301
304
|
begin
|
|
302
|
-
|
|
305
|
+
parsed = JSON.parse(response.body)
|
|
306
|
+
@npm_listing = parsed if parsed.is_a?(Hash)
|
|
303
307
|
rescue JSON::ParserError
|
|
304
308
|
raise unless non_standard_registry?
|
|
305
309
|
end
|
|
306
310
|
|
|
307
|
-
@npm_listing
|
|
311
|
+
T.must(@npm_listing)
|
|
308
312
|
rescue Excon::Error::Timeout
|
|
309
|
-
@npm_listing
|
|
313
|
+
T.must(@npm_listing)
|
|
310
314
|
end
|
|
311
315
|
|
|
312
316
|
sig { returns(String) }
|
|
@@ -428,8 +428,8 @@ module Dependabot
|
|
|
428
428
|
return unless yarnrc_yml_file_content
|
|
429
429
|
return @parsed_yarnrc_yml if @parsed_yarnrc_yml
|
|
430
430
|
|
|
431
|
-
|
|
432
|
-
@parsed_yarnrc_yml
|
|
431
|
+
parsed = YAML.safe_load(yarnrc_yml_file_content)
|
|
432
|
+
@parsed_yarnrc_yml = parsed.is_a?(Hash) ? parsed : nil
|
|
433
433
|
end
|
|
434
434
|
|
|
435
435
|
sig { params(url: String).returns(String) }
|
|
@@ -242,7 +242,7 @@ module Dependabot
|
|
|
242
242
|
.sort_by(&:version).reverse
|
|
243
243
|
end
|
|
244
244
|
|
|
245
|
-
sig { returns(T::Array[[Dependabot::Version, T::Hash[String, T.
|
|
245
|
+
sig { returns(T::Array[[Dependabot::Version, T::Hash[String, T.anything]]]) }
|
|
246
246
|
def possible_previous_versions_with_details
|
|
247
247
|
possible_previous_releases.map do |r|
|
|
248
248
|
[r.version, r.details]
|
|
@@ -503,7 +503,7 @@ module Dependabot
|
|
|
503
503
|
# If there was a semver requirement provided or the dependency was
|
|
504
504
|
# pinned to a version, look for the latest tag
|
|
505
505
|
if semver_req || git_commit_checker.pinned_ref_looks_like_version?
|
|
506
|
-
latest_tag = git_commit_checker.local_tag_for_latest_version
|
|
506
|
+
latest_tag = git_commit_checker.local_tag_for_latest_version(update_cooldown)
|
|
507
507
|
return {
|
|
508
508
|
sha: latest_tag&.fetch(:commit_sha),
|
|
509
509
|
version: latest_tag&.fetch(:tag)&.gsub(/^[^\d]*/, "")
|
|
@@ -526,8 +526,8 @@ module Dependabot
|
|
|
526
526
|
|
|
527
527
|
# Update the git tag if updating a pinned version
|
|
528
528
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
529
|
-
!git_commit_checker.local_tag_for_latest_version.nil?
|
|
530
|
-
new_tag = git_commit_checker.local_tag_for_latest_version
|
|
529
|
+
!git_commit_checker.local_tag_for_latest_version(update_cooldown).nil?
|
|
530
|
+
new_tag = git_commit_checker.local_tag_for_latest_version(update_cooldown)
|
|
531
531
|
return dependency_source_details&.merge(ref: new_tag&.fetch(:tag))
|
|
532
532
|
end
|
|
533
533
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -377,7 +377,7 @@ licenses:
|
|
|
377
377
|
- MIT
|
|
378
378
|
metadata:
|
|
379
379
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
380
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
380
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
381
381
|
rdoc_options: []
|
|
382
382
|
require_paths:
|
|
383
383
|
- lib
|