dependabot-npm_and_yarn 0.93.9 → 0.93.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_parser.rb +30 -12
  3. data/lib/dependabot/npm_and_yarn/update_checker.rb +2 -0
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb3b2be074d8c5c9caabf1a5d4654694fbd0dd2c5cec6a0e21dc55edd88cf676
4
- data.tar.gz: c40d57924eba0bdaa92daac8eae1ed949b4a532da8cb2cb202d29175f9b66da0
3
+ metadata.gz: db5ff83a73aad721050e786fc16520a7b680fbf12244c1bac58c4a881582e772
4
+ data.tar.gz: 1f5ff37e03a6f35b68e5ff9cd9f0d5fac57728136331972bc7b1f542d3e5275f
5
5
  SHA512:
6
- metadata.gz: 15aa4efcd8c7699af16f0689a3239986c70da85558eaf3ce1046ecb83f02b983bf12195817d9cd7735c21f263921a876ff6edf08470b16d9947f751b2fc3a722
7
- data.tar.gz: 233995e6648366e94c1be1963005214b3fcc87b7274a30ca96bc5245f88e51806c4f6150742a53a921d3bdc8b1cb45072f315e4fc17325f4ed235aa85efea286
6
+ metadata.gz: 24f34d6d1122cd2f1e4c663bac9d3e898871404c35cc23fa7a598ad7665ba87c013389885e0330ad9fd6d8d452d6cc978bcfb9906be98bcca912e7620b884c6d
7
+ data.tar.gz: 9cb578b1cdc7a066a830b02f6e67541cd0ced8efbba0b754abe07dee3d557592f0969154b37ef0bc905fb1a23717363812b88fcd1119b548acde5357e3c4ebf6
data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED
@@ -197,30 +197,50 @@ module Dependabot
197
197
  requirement.match?(GIT_URL_REGEX)
198
198
  end
199
199
 
200
+ def git_url_with_semver?(requirement)
201
+ return false unless git_url?(requirement)
202
+
203
+ !requirement.match(GIT_URL_REGEX).named_captures.fetch("semver").nil?
204
+ end
205
+
200
206
  def workspace_package_names
201
207
  @workspace_package_names ||=
202
208
  package_files.map { |f| JSON.parse(f.content)["name"] }.compact
203
209
  end
204
210
 
205
- # rubocop:disable Metrics/CyclomaticComplexity
206
- # rubocop:disable Metrics/PerceivedComplexity
207
211
  def version_for(name, requirement)
212
+ if git_url_with_semver?(requirement)
213
+ semver_version_for(name, requirement) ||
214
+ git_revision_for(name, requirement)
215
+ elsif git_url?(requirement)
216
+ git_revision_for(name, requirement)
217
+ else
218
+ semver_version_for(name, requirement)
219
+ end
220
+ end
221
+
222
+ def git_revision_for(name, requirement)
223
+ return unless git_url?(requirement)
224
+
208
225
  lock_version = lockfile_details(name, requirement)&.
209
226
  fetch("version", nil)
210
227
  lock_res = lockfile_details(name, requirement)&.
211
228
  fetch("resolved", nil)
212
229
 
213
- if git_url?(requirement)
214
- return lock_version.split("#").last if lock_version&.include?("#")
215
- return lock_res.split("#").last if lock_res&.include?("#")
230
+ return lock_version.split("#").last if lock_version&.include?("#")
231
+ return lock_res.split("#").last if lock_res&.include?("#")
216
232
 
217
- if lock_res && lock_res.split("/").last.match?(/^[0-9a-f]{40}$/)
218
- return lock_res.split("/").last
219
- end
220
-
221
- return nil
233
+ if lock_res && lock_res.split("/").last.match?(/^[0-9a-f]{40}$/)
234
+ return lock_res.split("/").last
222
235
  end
223
236
 
237
+ nil
238
+ end
239
+
240
+ def semver_version_for(name, requirement)
241
+ lock_version = lockfile_details(name, requirement)&.
242
+ fetch("version", nil)
243
+
224
244
  return unless lock_version
225
245
  return if lock_version.include?("://")
226
246
  return if lock_version.include?("file:")
@@ -229,8 +249,6 @@ module Dependabot
229
249
 
230
250
  lock_version
231
251
  end
232
- # rubocop:enable Metrics/CyclomaticComplexity
233
- # rubocop:enable Metrics/PerceivedComplexity
234
252
 
235
253
  def source_for(name, requirement)
236
254
  return git_source_for(requirement) if git_url?(requirement)
data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED
@@ -137,6 +137,8 @@ module Dependabot
137
137
  # or that the current branch is behind, we switch to that release.
138
138
  if git_branch_or_ref_in_release?(latest_release&.fetch(:version))
139
139
  latest_release.fetch(:version)
140
+ elsif version_class.correct?(dependency.version)
141
+ latest_git_version_details[:version]
140
142
  else
141
143
  latest_git_version_details[:sha]
142
144
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.93.9
4
+ version: 0.93.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.93.9
19
+ version: 0.93.10
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.93.9
26
+ version: 0.93.10
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement