package-audit 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/npm/yarn_lock_parser.rb +12 -1
  3. data/lib/package/audit/version.rb +1 -1
  4. data/sig/package/audit/npm/yarn_lock_parser.rbs +2 -0
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d30d08ba36373c75427371f922cb0a5819a021868bf82001428e0541571df9f8
4
- data.tar.gz: ac4dce54e3905dd56de9b137a62101de7267262c1f6b0310e4697c8f016a36b8
3
+ metadata.gz: 637173ee31a102187a23134942d6df2245d6b7785708747c85029d5fdf2045c0
4
+ data.tar.gz: d30d4aad7dd1ff9a39348db8125fe991e9877a537eec6962883885f788e79438
5
5
  SHA512:
6
- metadata.gz: 00be4151f4f124614d117a739a558f9f2816f0f72095f222ddadf5101a6d089b40bdc5369c4a68c9b096b1547932561394f1fee5ca58712e13a4909c4a8c9558
7
- data.tar.gz: f224c2c2fe2ff39586d20989ef6999d7b2a52acd2276dcdd9895441105ccaebc5991523676b88545a5afa96d4ffcac10291ab76dfab735b65d42aabc4598d7e4
6
+ metadata.gz: 187e2559f65548b13eded61cbcc0679e4ddbf99e46484f7ce3a8ae1ddf71d8c095c224dab43aaf3366cc918105a8df4310a2991b69b1a64a23735bd20308f727
7
+ data.tar.gz: 1b452b5db99d6434d475b04adfa91ac4c49dd934211d160a4a9a4d49dafade42e59b7ac2a2162ba344169bc70f74632ffcd466dcfdef5dc99a7379dace932940
data/lib/package/audit/npm/yarn_lock_parser.rb CHANGED
@@ -22,7 +22,7 @@ module Package
22
22
  private
23
23
 
24
24
  def fetch_package_block(dep_name, expected_version)
25
- regex = /#{Regexp.escape(dep_name)}@#{Regexp.escape(expected_version)}.*?:.*?(\n\n|\z)/m
25
+ regex = regex_pattern_for_package(dep_name, expected_version)
26
26
  blocks = @yarn_lock_file.match(regex)
27
27
  if blocks.nil? || blocks[0].nil?
28
28
  raise NoMatchingPatternError, "Unable to find \"#{dep_name}\" in #{@yarn_lock_path}"
@@ -40,6 +40,17 @@ module Package
40
40
 
41
41
  version || '0.0.0.0'
42
42
  end
43
+
44
+ def regex_pattern_for_package(dep_name, version)
45
+ # assume the package name is prefixed by a space, a quote or be the first thing on the line
46
+ # there can be multiple comma-separated versions on the same line with or without quotes
47
+ # Here are some examples of strings that would be matched:
48
+ # - aria-query@^5.0.0:
49
+ # - lodash@^4.17.15, lodash@^4.17.20:
50
+ # - "@adobe/css-tools@^4.0.1":
51
+ # - "@babel/runtime@^7.23.1", "@babel/runtime@^7.9.2":
52
+ /(?:^|[ "])#{Regexp.escape(dep_name)}@#{Regexp.escape(version)}.*?:.*?(\n\n|\z)/m
53
+ end
43
54
  end
44
55
  end
45
56
  end
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.4.0'
3
+ VERSION = '0.4.1'
4
4
  end
5
5
  end
data/sig/package/audit/npm/yarn_lock_parser.rbs CHANGED
@@ -14,6 +14,8 @@ module Package
14
14
  def fetch_package_block: (Symbol, String) -> String
15
15
 
16
16
  def fetch_package_version: (Symbol, String) -> String
17
+
18
+ def regex_pattern_for_package: (Symbol, String) -> Regexp
17
19
  end
18
20
  end
19
21
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vadim Kononov
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-07-11 00:00:00.000000000 Z
11
+ date: 2023-10-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -148,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
148
148
  - !ruby/object:Gem::Version
149
149
  version: '0'
150
150
  requirements: []
151
- rubygems_version: 3.4.12
151
+ rubygems_version: 3.4.17
152
152
  signing_key:
153
153
  specification_version: 4
154
154
  summary: A helper tool to find outdated, deprecated and vulnerable dependencies.