dependabot-npm_and_yarn 0.95.33 → 0.95.34
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +28 -12
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 74643b3d4abfbba5f5d8a78a0f13dae2a65fd190564325c138ae1ee0e9807d02
|
4
|
+
data.tar.gz: ab79d1130f72465c8952001c7e0d7800162ab4710d0a0e59616d60771de8d9d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aa6099cb99a700715169c8a04b3b491aa5b416e996338df94a1d0aff365602238cc957a29d2947166617e5182c0ac60185c6cb1879a2ae9825d65cd943d3fb43
|
7
|
+
data.tar.gz: f7dda297d8365ea72edbcb90c64d5b42610acdc397a9755ff43551285894a133bcdd467956b49b4dfeae7d3badf671d2f370e1719db4ab5b90a3f770e8b4f1f3
|
@@ -71,27 +71,25 @@ module Dependabot
|
|
71
71
|
def find_source_from_registry
|
72
72
|
# Attempt to use version_listing first, as fetching the entire listing
|
73
73
|
# array can be slow (if it's large)
|
74
|
-
|
74
|
+
potential_sources =
|
75
75
|
[
|
76
|
-
|
77
|
-
|
78
|
-
|
76
|
+
get_source(latest_version_listing["repository"]),
|
77
|
+
get_source(latest_version_listing["homepage"]),
|
78
|
+
get_source(latest_version_listing["bugs"])
|
79
79
|
].compact
|
80
80
|
|
81
|
-
|
82
|
-
return Source.from_url(source_url) if Source.from_url(source_url)
|
81
|
+
return potential_sources.first if potential_sources.any?
|
83
82
|
|
84
|
-
|
83
|
+
potential_sources =
|
85
84
|
all_version_listings.flat_map do |_, listing|
|
86
85
|
[
|
87
|
-
|
88
|
-
|
89
|
-
|
86
|
+
get_source(listing["repository"]),
|
87
|
+
get_source(listing["homepage"]),
|
88
|
+
get_source(listing["bugs"])
|
90
89
|
]
|
91
90
|
end.compact
|
92
91
|
|
93
|
-
|
94
|
-
Source.from_url(source_url)
|
92
|
+
potential_sources.first
|
95
93
|
end
|
96
94
|
|
97
95
|
def new_source
|
@@ -103,6 +101,17 @@ module Dependabot
|
|
103
101
|
sources.first
|
104
102
|
end
|
105
103
|
|
104
|
+
def get_source(details)
|
105
|
+
potential_url = get_url(details)
|
106
|
+
return unless potential_url
|
107
|
+
|
108
|
+
potential_source = Source.from_url(potential_url)
|
109
|
+
return unless potential_source
|
110
|
+
|
111
|
+
potential_source.directory = get_directory(details)
|
112
|
+
potential_source
|
113
|
+
end
|
114
|
+
|
106
115
|
def get_url(details)
|
107
116
|
case details
|
108
117
|
when String then details
|
@@ -110,6 +119,13 @@ module Dependabot
|
|
110
119
|
end
|
111
120
|
end
|
112
121
|
|
122
|
+
def get_directory(details)
|
123
|
+
# Only return a directory if it is explicitly specified
|
124
|
+
return unless details.is_a?(Hash)
|
125
|
+
|
126
|
+
details.fetch("directory", nil)
|
127
|
+
end
|
128
|
+
|
113
129
|
def find_source_from_git_url
|
114
130
|
url = new_source[:url] || new_source.fetch("url")
|
115
131
|
Source.from_url(url)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.95.
|
4
|
+
version: 0.95.34
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-02-
|
11
|
+
date: 2019-02-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.95.
|
19
|
+
version: 0.95.34
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.95.
|
26
|
+
version: 0.95.34
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|