dependabot-npm_and_yarn 0.95.11 → 0.95.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +16 -4
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 07d9ffe242e9f2497fe08847df477f6c7b2169c3dfabe65037d3f9bb97662d29
4
- data.tar.gz: '09161e95d9b168bf6e1771a25c57b9222b576b67af6610e57444c5ccd62dc841'
3
+ metadata.gz: a001c33a482d4088b713df21683d7bba6c9975c0071651d420f4d3ba119e64d9
4
+ data.tar.gz: 998a8aa86bf1fc06aa970a6f4f4829479ab3e7bf66ece05c2907beaad7e9b3ba
5
5
  SHA512:
6
- metadata.gz: 3776c5aeb1b42c11c4189afd3b87cc20be1e2b23af329623b18ac6a26b1952f42e9e578a9836763f3f247de0b9070599437bd65840a2372a0b314a0f74a6ce95
7
- data.tar.gz: 4d06cfe8ad1ae3e1a4ac6e8e8a9bd036991663180d30cb48a7099c9275e6408d3342c6fcbf4e8efd7ce1b65f25914980e5e370ddbf148d282ef7cda5d3f4385a
6
+ metadata.gz: 8b4787f9c1908ded9df93f6cf1f2b384aca2fdb640ff56175f4ae2e27f991fab25bfd9e30a614eb09e80fcc9428a3e12d0bab5ba5e350da76fd22a0cbcd835b0
7
+ data.tar.gz: ccb27ae7cd2782d53ada779a9af85c917c73d3ac6865f6362b29721de6bfcc27b0af1cc2908be4d4c0f0c0843f73479f823df55136497c3d4e1f98d9e9ec37a5
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -175,14 +175,26 @@ module Dependabot
175
175
 
176
176
  @yanked[version] =
177
177
  begin
178
- version_not_found =
179
- Excon.get(
180
- dependency_url + "/#{version}",
178
+ status = Excon.get(
179
+ dependency_url + "/#{version}",
180
+ SharedHelpers.excon_defaults.merge(
181
+ headers: registry_auth_headers,
182
+ idempotent: true
183
+ )
184
+ ).status
185
+
186
+ if status == 404 && dependency_registry != "registry.npmjs.org"
187
+ # Some registries don't handle escaped package names properly
188
+ status = Excon.get(
189
+ dependency_url.gsub("%2F", "/") + "/#{version}",
181
190
  SharedHelpers.excon_defaults.merge(
182
191
  headers: registry_auth_headers,
183
192
  idempotent: true
184
193
  )
185
- ).status == 404
194
+ ).status
195
+ end
196
+
197
+ version_not_found = status == 404
186
198
  version_not_found && version_endpoint_working?
187
199
  rescue Excon::Error::Timeout
188
200
  # Give the benefit of the doubt if the registry is playing up
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.11
4
+ version: 0.95.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.95.11
19
+ version: 0.95.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.95.11
26
+ version: 0.95.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement