dependabot-npm_and_yarn 0.95.82 → 0.95.83
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_parser.rb +30 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a872d462e943cd40480ea3242735c9cc9a95cc833050d30922d7dd5c5b3fe8af
|
4
|
+
data.tar.gz: e37c32ae14918bfd96a7a29d032dcf9e1732f6d2be6dd730554d0bf2f843103f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 443f6b6fb7053a54d9a434c4dbfc7d26f4feca3cf0a8e293c66e17a1e81742a3660b4ac3cceeb1194c88ab07fa7546ff15afe82fb9fe67046ff277dd5f1f4c5f
|
7
|
+
data.tar.gz: 60b7d6668ec95bb4dcc40d015ba91c889fa4f0dd6bf742e4b7fe0487627e7acfe499288b3d039fe8a059ee55d03c412340eaf25b3a9b657ee0e6e2b44a5a1277
|
@@ -8,6 +8,8 @@ require "dependabot/file_parsers/base"
|
|
8
8
|
require "dependabot/shared_helpers"
|
9
9
|
require "dependabot/npm_and_yarn/native_helpers"
|
10
10
|
require "dependabot/npm_and_yarn/version"
|
11
|
+
require "dependabot/git_metadata_fetcher"
|
12
|
+
require "dependabot/git_commit_checker"
|
11
13
|
require "dependabot/errors"
|
12
14
|
|
13
15
|
module Dependabot
|
@@ -151,8 +153,11 @@ module Dependabot
|
|
151
153
|
|
152
154
|
def version_for(name, requirement)
|
153
155
|
if git_url_with_semver?(requirement)
|
154
|
-
semver_version_for(name, requirement)
|
155
|
-
|
156
|
+
semver_version = semver_version_for(name, requirement)
|
157
|
+
return semver_version if semver_version
|
158
|
+
|
159
|
+
git_revision = git_revision_for(name, requirement)
|
160
|
+
version_from_git_revision(requirement, git_revision) || git_revision
|
156
161
|
elsif git_url?(requirement)
|
157
162
|
git_revision_for(name, requirement)
|
158
163
|
else
|
@@ -180,6 +185,29 @@ module Dependabot
|
|
180
185
|
nil
|
181
186
|
end
|
182
187
|
|
188
|
+
def version_from_git_revision(requirement, git_revision)
|
189
|
+
tags =
|
190
|
+
Dependabot::GitMetadataFetcher.new(
|
191
|
+
url: git_source_for(requirement).fetch(:url),
|
192
|
+
credentials: credentials
|
193
|
+
).tags.
|
194
|
+
select { |t| [t.commit_sha, t.tag_sha].include?(git_revision) }
|
195
|
+
|
196
|
+
tags.each do |t|
|
197
|
+
next unless t.name.match?(Dependabot::GitCommitChecker::VERSION_REGEX)
|
198
|
+
|
199
|
+
version = t.name.match(Dependabot::GitCommitChecker::VERSION_REGEX).
|
200
|
+
named_captures.fetch("version")
|
201
|
+
next unless NpmAndYarn::Version.correct?(version)
|
202
|
+
|
203
|
+
return version
|
204
|
+
end
|
205
|
+
|
206
|
+
nil
|
207
|
+
rescue Dependabot::GitDependenciesNotReachable
|
208
|
+
nil
|
209
|
+
end
|
210
|
+
|
183
211
|
def semver_version_for(name, requirement)
|
184
212
|
lock_version = lockfile_parser.lockfile_details(
|
185
213
|
dependency_name: name,
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.95.
|
4
|
+
version: 0.95.83
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.95.
|
19
|
+
version: 0.95.83
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.95.
|
26
|
+
version: 0.95.83
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|