package-audit 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 637173ee31a102187a23134942d6df2245d6b7785708747c85029d5fdf2045c0
|
|
4
|
+
data.tar.gz: d30d4aad7dd1ff9a39348db8125fe991e9877a537eec6962883885f788e79438
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 187e2559f65548b13eded61cbcc0679e4ddbf99e46484f7ce3a8ae1ddf71d8c095c224dab43aaf3366cc918105a8df4310a2991b69b1a64a23735bd20308f727
|
|
7
|
+
data.tar.gz: 1b452b5db99d6434d475b04adfa91ac4c49dd934211d160a4a9a4d49dafade42e59b7ac2a2162ba344169bc70f74632ffcd466dcfdef5dc99a7379dace932940
|
|
@@ -22,7 +22,7 @@ module Package
|
|
|
22
22
|
private
|
|
23
23
|
|
|
24
24
|
def fetch_package_block(dep_name, expected_version)
|
|
25
|
-
regex =
|
|
25
|
+
regex = regex_pattern_for_package(dep_name, expected_version)
|
|
26
26
|
blocks = @yarn_lock_file.match(regex)
|
|
27
27
|
if blocks.nil? || blocks[0].nil?
|
|
28
28
|
raise NoMatchingPatternError, "Unable to find \"#{dep_name}\" in #{@yarn_lock_path}"
|
|
@@ -40,6 +40,17 @@ module Package
|
|
|
40
40
|
|
|
41
41
|
version || '0.0.0.0'
|
|
42
42
|
end
|
|
43
|
+
|
|
44
|
+
def regex_pattern_for_package(dep_name, version)
|
|
45
|
+
# assume the package name is prefixed by a space, a quote or be the first thing on the line
|
|
46
|
+
# there can be multiple comma-separated versions on the same line with or without quotes
|
|
47
|
+
# Here are some examples of strings that would be matched:
|
|
48
|
+
# - aria-query@^5.0.0:
|
|
49
|
+
# - lodash@^4.17.15, lodash@^4.17.20:
|
|
50
|
+
# - "@adobe/css-tools@^4.0.1":
|
|
51
|
+
# - "@babel/runtime@^7.23.1", "@babel/runtime@^7.9.2":
|
|
52
|
+
/(?:^|[ "])#{Regexp.escape(dep_name)}@#{Regexp.escape(version)}.*?:.*?(\n\n|\z)/m
|
|
53
|
+
end
|
|
43
54
|
end
|
|
44
55
|
end
|
|
45
56
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: package-audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vadim Kononov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-10-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler-audit
|
|
@@ -148,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
148
148
|
- !ruby/object:Gem::Version
|
|
149
149
|
version: '0'
|
|
150
150
|
requirements: []
|
|
151
|
-
rubygems_version: 3.4.
|
|
151
|
+
rubygems_version: 3.4.17
|
|
152
152
|
signing_key:
|
|
153
153
|
specification_version: 4
|
|
154
154
|
summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
|