RubyGems - licensed - Versions diffs - 3.4.3 → 3.4.4 - Mend

licensed 3.4.3 → 3.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ff397378a053e97414fb762f3d06c41f4217f61d9e63130aa3786456e6f2114
-  data.tar.gz: b197f77bc54c68e5bf9462917351ca2dbda1509813315a8207fd31ed4c611de0
+  metadata.gz: f3f8fc2f5685cca01401bb63373518883d8f3e0cd6d27861a73eb2246d6ab8b5
+  data.tar.gz: fca0431aeb3401f17e78fccff82547315504597b1eab54699c1529c6fbacf2c7
 SHA512:
-  metadata.gz: 68d86169b07dd46f28de9cd31745e705f82e8f49e1968df5d8ff90139d6c60d2b31d861ca79d39657b5af956b3d73540cf492db6f6f84589132dc27ab65e33e5
-  data.tar.gz: '005804bf6877d487434dc74fe9c2fbbe9c57c15bfd7924fc3a3992f7879c878056c871c4f5d7867b5e5254a59751b8839363fb4de60e1d43cdfeb6e2e1ae67f1'
+  metadata.gz: 575c5efa3e3b4c3a8bed98094372f61f4977ae9e5b023d155041cab5fd7a410d043b9fa31df20ea5084525251cd69d70474cc107b5b5f7c6e3bb08135d937187
+  data.tar.gz: e3fdbeced907154eb4b9511aefd263f8cf5b188e8360e039ee419496a5c9372ece14f63c59524638f27164cef0bd636e5ccbccaa196e89e117460f7e5faafaa6

data/CHANGELOG.md CHANGED Viewed

@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
+## 3.4.4
+2022-02-07
+### Fixed
+- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
 ## 3.4.3
 2022-01-31
@@ -563,4 +571,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 Initial release :tada:
-[Unreleased]: https://github.com/github/licensed/compare/3.4.3...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.4.4...HEAD

data/docs/sources/pip.md CHANGED Viewed

@@ -20,5 +20,5 @@ You have to add this setting to your licensed configuration file.
 An example usage of this might look like:
 ```yaml
 python:
-    virtual_env_dir:"/path/to/your/venv_dir"
+    virtual_env_dir: "/path/to/your/venv_dir"
 ```

data/lib/licensed/sources/npm.rb CHANGED Viewed

@@ -147,7 +147,13 @@ module Licensed
       end
       def peer_dependency(parent, name)
-        parent&.dig("peerDependencies", name)
+        return unless parent.is_a?(Hash)
+        peerDependencies = parent["peerDependencies"]
+        # "peerDependencies" could be set to the string "[Circular]"
+        return unless peerDependencies.is_a?(Hash)
+        peerDependencies[name]
       end
       def extract_version(parent, name)

data/lib/licensed/sources/pip.rb CHANGED Viewed

@@ -63,7 +63,10 @@ module Licensed
       def virtual_env_dir
         return @virtual_env_dir if defined?(@virtual_env_dir)
         @virtual_env_dir = begin
-          venv_dir = config.dig("python", "virtual_env_dir")
+          python_config = config["python"]
+          return unless python_config.is_a?(Hash)
+          venv_dir = python_config["virtual_env_dir"]
           File.expand_path(venv_dir, config.root) if venv_dir
         end
       end

data/lib/licensed/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.4.3".freeze
+  VERSION = "3.4.4".freeze
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.4.3
+  version: 3.4.4
 platform: ruby
 authors:
 - GitHub
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee