licensed 3.4.3 → 3.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ff397378a053e97414fb762f3d06c41f4217f61d9e63130aa3786456e6f2114
-  data.tar.gz: b197f77bc54c68e5bf9462917351ca2dbda1509813315a8207fd31ed4c611de0
+  metadata.gz: f3f8fc2f5685cca01401bb63373518883d8f3e0cd6d27861a73eb2246d6ab8b5
+  data.tar.gz: fca0431aeb3401f17e78fccff82547315504597b1eab54699c1529c6fbacf2c7
 SHA512:
-  metadata.gz: 68d86169b07dd46f28de9cd31745e705f82e8f49e1968df5d8ff90139d6c60d2b31d861ca79d39657b5af956b3d73540cf492db6f6f84589132dc27ab65e33e5
-  data.tar.gz: '005804bf6877d487434dc74fe9c2fbbe9c57c15bfd7924fc3a3992f7879c878056c871c4f5d7867b5e5254a59751b8839363fb4de60e1d43cdfeb6e2e1ae67f1'
+  metadata.gz: 575c5efa3e3b4c3a8bed98094372f61f4977ae9e5b023d155041cab5fd7a410d043b9fa31df20ea5084525251cd69d70474cc107b5b5f7c6e3bb08135d937187
+  data.tar.gz: e3fdbeced907154eb4b9511aefd263f8cf5b188e8360e039ee419496a5c9372ece14f63c59524638f27164cef0bd636e5ccbccaa196e89e117460f7e5faafaa6

data/CHANGELOG.md

@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.4.4
+
+2022-02-07
+
+### Fixed
+
+- The npm and pip sources have better protection from strings causing crashes in `Hash#dig` (https://github.com/github/licensed/pull/450)
+
 ## 3.4.3
 
 2022-01-31
@@ -563,4 +571,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.4.3...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.4.4...HEAD

data/docs/sources/pip.md

@@ -20,5 +20,5 @@ You have to add this setting to your licensed configuration file.
 An example usage of this might look like:
 ```yaml
 python:
-    virtual_env_dir:"/path/to/your/venv_dir"
+    virtual_env_dir: "/path/to/your/venv_dir"
 ```

data/lib/licensed/sources/npm.rb

@@ -147,7 +147,13 @@ module Licensed
       end
 
       def peer_dependency(parent, name)
-        parent&.dig("peerDependencies", name)
+        return unless parent.is_a?(Hash)
+
+        peerDependencies = parent["peerDependencies"]
+        # "peerDependencies" could be set to the string "[Circular]"
+        return unless peerDependencies.is_a?(Hash)
+
+        peerDependencies[name]
       end
 
       def extract_version(parent, name)

data/lib/licensed/sources/pip.rb

@@ -63,7 +63,10 @@ module Licensed
       def virtual_env_dir
         return @virtual_env_dir if defined?(@virtual_env_dir)
         @virtual_env_dir = begin
-          venv_dir = config.dig("python", "virtual_env_dir")
+          python_config = config["python"]
+          return unless python_config.is_a?(Hash)
+
+          venv_dir = python_config["virtual_env_dir"]
           File.expand_path(venv_dir, config.root) if venv_dir
         end
       end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.4.3".freeze
+  VERSION = "3.4.4".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.4.3
+  version: 3.4.4
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee