dependabot-core 0.76.7 → 0.76.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ad3c731aaf6e231e58e492f66c340298ae97adb594ad378bcc872ef060577228
|
4
|
+
data.tar.gz: 37090c354d45763a163bdc30323532ce953d762c5a0af97496359fae180a15b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9b16a7ee8bb5a809efe74153d7ceded814736f8d0f01579134b8a6284bc7a96bc44f8433dd5181d5778b20ec460c0136f218885097c03b314f514c5523394007
|
7
|
+
data.tar.gz: 17e73ab1ef67a9cc065dd1fcca7e484cefb83b41a54a1e993aba10a8b74e34d6eb76820b2ab47bda550729dcc00adf83ae3dd60fac717448214297fcf9042923
|
data/CHANGELOG.md
CHANGED
@@ -59,10 +59,15 @@ module Dependabot
|
|
59
59
|
if details_from_yarn_lock
|
60
60
|
{
|
61
61
|
name: dependency_name,
|
62
|
-
version: "0.0.1",
|
63
|
-
dependencies:
|
62
|
+
version: details_from_yarn_lock["version"] || "0.0.1",
|
63
|
+
dependencies:
|
64
|
+
replace_yarn_lock_file_paths(
|
65
|
+
details_from_yarn_lock["dependencies"]
|
66
|
+
),
|
64
67
|
optionalDependencies:
|
65
|
-
|
68
|
+
replace_yarn_lock_file_paths(
|
69
|
+
details_from_yarn_lock["optionalDependencies"]
|
70
|
+
)
|
66
71
|
}.compact.to_json
|
67
72
|
else
|
68
73
|
{
|
@@ -73,6 +78,32 @@ module Dependabot
|
|
73
78
|
end
|
74
79
|
end
|
75
80
|
|
81
|
+
# If an unfetchable path dependency itself has path dependencies
|
82
|
+
# then the paths in the yarn.lock for them will be absolute, not
|
83
|
+
# relative. Worse, they may point to the user's local cache.
|
84
|
+
# We work around this by constructing a relative path to the
|
85
|
+
# (second-level) path dependencies.
|
86
|
+
def replace_yarn_lock_file_paths(dependencies_hash)
|
87
|
+
return unless dependencies_hash
|
88
|
+
|
89
|
+
dependencies_hash.each_with_object({}) do |(k, v), obj|
|
90
|
+
obj[k] = v
|
91
|
+
next unless v.start_with?("file:")
|
92
|
+
|
93
|
+
path_from_base =
|
94
|
+
parsed_yarn_lock.to_a.
|
95
|
+
find do |n, _|
|
96
|
+
next false unless n.split(/(?<=\w)\@/).first == k
|
97
|
+
|
98
|
+
n.split(/(?<=\w)\@/).last.start_with?("file:")
|
99
|
+
end&.first&.split(/(?<=\w)\@/)&.last&.gsub("file:", "")
|
100
|
+
|
101
|
+
next unless path_from_base
|
102
|
+
|
103
|
+
obj[k] = "file:" + File.join(inverted_path, path_from_base)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
76
107
|
def parsed_package_lock
|
77
108
|
return {} unless package_lock
|
78
109
|
|
@@ -96,6 +127,16 @@ module Dependabot
|
|
96
127
|
end
|
97
128
|
end
|
98
129
|
|
130
|
+
# The path back to the root lockfile
|
131
|
+
def inverted_path
|
132
|
+
path.split("/").map do |part|
|
133
|
+
next part if part == "."
|
134
|
+
next "tmp" if part == ".."
|
135
|
+
|
136
|
+
".."
|
137
|
+
end.join("/")
|
138
|
+
end
|
139
|
+
|
99
140
|
def yarn_helper_path
|
100
141
|
project_root = File.join(File.dirname(__FILE__), "../../../../..")
|
101
142
|
File.join(project_root, "helpers/yarn/bin/run.js")
|
data/lib/dependabot/version.rb
CHANGED