dependabot-core 0.90.7 → 0.91.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +33 -0
- data/LICENSE +17 -15
- data/README.md +1 -1
- data/lib/dependabot/dependency_file.rb +7 -1
- data/lib/dependabot/file_fetchers.rb +1 -3
- data/lib/dependabot/file_parsers.rb +1 -3
- data/lib/dependabot/file_updaters.rb +1 -3
- data/lib/dependabot/metadata_finders.rb +1 -3
- data/lib/dependabot/update_checkers.rb +1 -3
- data/lib/dependabot/utils.rb +2 -7
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -56
- data/helpers/npm/.eslintrc +0 -14
- data/helpers/npm/bin/run.js +0 -34
- data/helpers/npm/lib/helpers.js +0 -25
- data/helpers/npm/lib/peer-dependency-checker.js +0 -102
- data/helpers/npm/lib/subdependency-updater.js +0 -48
- data/helpers/npm/lib/updater.js +0 -101
- data/helpers/npm/package-lock.json +0 -8868
- data/helpers/npm/package.json +0 -17
- data/helpers/npm/test/fixtures/npm-left-pad.json +0 -1
- data/helpers/npm/test/fixtures/updater/original/package-lock.json +0 -16
- data/helpers/npm/test/fixtures/updater/original/package.json +0 -9
- data/helpers/npm/test/fixtures/updater/updated/package-lock.json +0 -16
- data/helpers/npm/test/helpers.js +0 -7
- data/helpers/npm/test/updater.test.js +0 -50
- data/helpers/npm/yarn.lock +0 -6176
- data/helpers/yarn/.eslintrc +0 -14
- data/helpers/yarn/bin/run.js +0 -36
- data/helpers/yarn/lib/fix-duplicates.js +0 -78
- data/helpers/yarn/lib/helpers.js +0 -5
- data/helpers/yarn/lib/lockfile-parser.js +0 -21
- data/helpers/yarn/lib/peer-dependency-checker.js +0 -130
- data/helpers/yarn/lib/replace-lockfile-declaration.js +0 -57
- data/helpers/yarn/lib/subdependency-updater.js +0 -69
- data/helpers/yarn/lib/updater.js +0 -266
- data/helpers/yarn/package.json +0 -17
- data/helpers/yarn/test/fixtures/updater/original/package.json +0 -6
- data/helpers/yarn/test/fixtures/updater/original/yarn.lock +0 -11
- data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +0 -12
- data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +0 -5
- data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +0 -13
- data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +0 -1
- data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +0 -1
- data/helpers/yarn/test/helpers.js +0 -7
- data/helpers/yarn/test/updater.test.js +0 -93
- data/helpers/yarn/yarn.lock +0 -4760
- data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +0 -330
- data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +0 -148
- data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +0 -395
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +0 -159
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +0 -534
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +0 -192
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +0 -91
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +0 -220
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +0 -475
- data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +0 -215
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +0 -280
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +0 -342
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +0 -69
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +0 -226
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +0 -198
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +0 -228
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +0 -500
- data/lib/dependabot/utils/java_script/requirement.rb +0 -141
- data/lib/dependabot/utils/java_script/version.rb +0 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: af11b25d9b115415c088f9c77543e4bd51f6ef6b954b49e7b9da9f51d3b4b1a0
|
4
|
+
data.tar.gz: 9bc66fd6c7a5f0f1d28f4a475efe9a90caf58604e6c49b14d81841e30a18c3de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3f0e5292567bb9cfe3ff1950e20de8cea7cff7cc5c9b2657fd4e55b86c19f422189c100b623432fa1b7a0257f738957527070d30bfe09675a61e3df3b26949c4
|
7
|
+
data.tar.gz: 7c859a7345af7998aa474edaff439ff0d969d6bc5d870a11e2c854080acd134cdb01728723cd63019f4a25c94e000b5ebf06e3b1ce63dcdf8a06dff0ecb89ab9
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,36 @@
|
|
1
|
+
## v0.91.0, 17 January 2019
|
2
|
+
|
3
|
+
- Relax Elixir spec
|
4
|
+
- Update paths for JS helpers in config file
|
5
|
+
- Another JS fix
|
6
|
+
- Add back JS installers so linters can be run
|
7
|
+
- Install hex helpers after npm_and_yarn helpers
|
8
|
+
- Fix JS specs
|
9
|
+
- Remove unnecessary install step
|
10
|
+
- Disable problematic spec
|
11
|
+
- Elixir: require fully released version of jason
|
12
|
+
- Merge pull request #911 from dependabot/old-master
|
13
|
+
- Remove possibly redundant check that npm lockfile has changed
|
14
|
+
- Better uniqing of Rust files
|
15
|
+
- More reduction of `type` use
|
16
|
+
- Use DependencyFile#type more sparingly
|
17
|
+
- JS: Add error context when no files where updated
|
18
|
+
- Merge pull request #906 from dependabot/reorg-js
|
19
|
+
- Update and fix the license
|
20
|
+
- Fix MessageBuilder test
|
21
|
+
- Add build script
|
22
|
+
- Merge pull request #908 from bai/typo-fix
|
23
|
+
- Fix README typo
|
24
|
+
- Update CircleCI config
|
25
|
+
- Move fixture files and get specs passing (pending helpers work)
|
26
|
+
- Fix gitignore
|
27
|
+
- Fix require lines
|
28
|
+
- Fix rubocops
|
29
|
+
- Namespace change
|
30
|
+
- Initial move
|
31
|
+
- Initial setup
|
32
|
+
- Dep: Ignore indirect dependencies in latest_resolvable_version_with_no_unlock
|
33
|
+
|
1
34
|
## v0.90.7, 15 January 2019
|
2
35
|
|
3
36
|
- Dep: Ignore indirect dependencies more robustly
|
data/LICENSE
CHANGED
@@ -1,16 +1,17 @@
|
|
1
|
-
The Prosperity Public License
|
1
|
+
The Prosperity Public License 2.0.0
|
2
2
|
|
3
|
-
|
3
|
+
Contributor: Dependabot Ltd
|
4
4
|
|
5
|
-
Source
|
5
|
+
Source Code: https://github.com/dependabot/dependabot-core
|
6
6
|
|
7
7
|
This license lets you use and share this software for free,
|
8
8
|
with a trial-length time limit on commercial use. Specifically:
|
9
9
|
|
10
10
|
If you follow the rules below, you may do everything with this
|
11
|
-
software that would otherwise infringe
|
12
|
-
|
13
|
-
latest
|
11
|
+
software that would otherwise infringe either the contributor's
|
12
|
+
copyright in it, any patent claim the contributor can license
|
13
|
+
that covers this software as of the contributor's latest
|
14
|
+
contribution, or both.
|
14
15
|
|
15
16
|
1. You must limit use of this software in any manner primarily
|
16
17
|
intended for or directed toward commercial advantage or
|
@@ -19,19 +20,20 @@ latest contribution.
|
|
19
20
|
developing feedback, modifications, or extensions that you
|
20
21
|
contribute back to those giving this license.
|
21
22
|
|
22
|
-
2. Ensure everyone who gets a copy of this software from you,
|
23
|
-
|
24
|
-
|
23
|
+
2. Ensure everyone who gets a copy of this software from you, in
|
24
|
+
source code or any other form, gets the text of this license
|
25
|
+
and the contributor and source code lines above.
|
25
26
|
|
26
|
-
3. Do not make any legal claim against anyone for infringing
|
27
|
-
|
28
|
-
|
29
|
-
|
27
|
+
3. Do not make any legal claim against anyone for infringing any
|
28
|
+
patent claim they would infringe by using this software alone,
|
29
|
+
accusing this software, with or without changes, alone or as
|
30
|
+
part of a larger application.
|
30
31
|
|
31
32
|
You are excused for unknowingly breaking rule 1 if you stop
|
32
33
|
doing anything requiring this license within 30 days of
|
33
34
|
learning you broke the rule.
|
34
35
|
|
35
36
|
**This software comes as is, without any warranty at all. As far
|
36
|
-
as the law allows,
|
37
|
-
to this software or this license, for any kind of
|
37
|
+
as the law allows, the contributor will not be liable for any
|
38
|
+
damages related to this software or this license, for any kind of
|
39
|
+
legal claim.**
|
data/README.md
CHANGED
@@ -86,7 +86,7 @@ If you use Dependabot Core then we'd love to hear what you build!
|
|
86
86
|
|
87
87
|
We use the License Zero Prosperity Public License, which essentially enshrines
|
88
88
|
the following:
|
89
|
-
- If you would like to use Dependabot Core for non-
|
89
|
+
- If you would like to use Dependabot Core for non-commercial purposes, such as
|
90
90
|
to host a bot at your workplace, then we give you full permission to do so. In
|
91
91
|
fact, we'd love you to, and will help and support you however we can.
|
92
92
|
- If you would like to add Dependabot's functionality to your for-profit
|
@@ -11,8 +11,14 @@ module Dependabot
|
|
11
11
|
@name = name
|
12
12
|
@content = content
|
13
13
|
@directory = clean_directory(directory)
|
14
|
-
@type = type
|
15
14
|
@support_file = support_file
|
15
|
+
|
16
|
+
# Type is used *very* sparingly. It lets the git_modules updater know that
|
17
|
+
# a "file" is actually a submodule, and lets our Go updaters know which
|
18
|
+
# file represents the main.go.
|
19
|
+
# New use cases should be avoided if at all possible (and use the
|
20
|
+
# support_file flag instead)
|
21
|
+
@type = type
|
16
22
|
end
|
17
23
|
|
18
24
|
def to_h
|
@@ -1,13 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/file_fetchers/ruby/bundler"
|
4
|
-
require "dependabot/file_fetchers/java_script/npm_and_yarn"
|
5
4
|
|
6
5
|
module Dependabot
|
7
6
|
module FileFetchers
|
8
7
|
@file_fetchers = {
|
9
|
-
"bundler" => FileFetchers::Ruby::Bundler
|
10
|
-
"npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn
|
8
|
+
"bundler" => FileFetchers::Ruby::Bundler
|
11
9
|
}
|
12
10
|
|
13
11
|
def self.for_package_manager(package_manager)
|
@@ -1,13 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/file_parsers/ruby/bundler"
|
4
|
-
require "dependabot/file_parsers/java_script/npm_and_yarn"
|
5
4
|
|
6
5
|
module Dependabot
|
7
6
|
module FileParsers
|
8
7
|
@file_parsers = {
|
9
|
-
"bundler" => FileParsers::Ruby::Bundler
|
10
|
-
"npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn
|
8
|
+
"bundler" => FileParsers::Ruby::Bundler
|
11
9
|
}
|
12
10
|
|
13
11
|
def self.for_package_manager(package_manager)
|
@@ -1,13 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/file_updaters/ruby/bundler"
|
4
|
-
require "dependabot/file_updaters/java_script/npm_and_yarn"
|
5
4
|
|
6
5
|
module Dependabot
|
7
6
|
module FileUpdaters
|
8
7
|
@file_updaters = {
|
9
|
-
"bundler" => FileUpdaters::Ruby::Bundler
|
10
|
-
"npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn
|
8
|
+
"bundler" => FileUpdaters::Ruby::Bundler
|
11
9
|
}
|
12
10
|
|
13
11
|
def self.for_package_manager(package_manager)
|
@@ -1,13 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/metadata_finders/ruby/bundler"
|
4
|
-
require "dependabot/metadata_finders/java_script/npm_and_yarn"
|
5
4
|
|
6
5
|
module Dependabot
|
7
6
|
module MetadataFinders
|
8
7
|
@metadata_finders = {
|
9
|
-
"bundler" => MetadataFinders::Ruby::Bundler
|
10
|
-
"npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn
|
8
|
+
"bundler" => MetadataFinders::Ruby::Bundler
|
11
9
|
}
|
12
10
|
|
13
11
|
def self.for_package_manager(package_manager)
|
@@ -1,13 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "dependabot/update_checkers/ruby/bundler"
|
4
|
-
require "dependabot/update_checkers/java_script/npm_and_yarn"
|
5
4
|
|
6
5
|
module Dependabot
|
7
6
|
module UpdateCheckers
|
8
7
|
@update_checkers = {
|
9
|
-
"bundler" => UpdateCheckers::Ruby::Bundler
|
10
|
-
"npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn
|
8
|
+
"bundler" => UpdateCheckers::Ruby::Bundler
|
11
9
|
}
|
12
10
|
|
13
11
|
def self.for_package_manager(package_manager)
|
data/lib/dependabot/utils.rb
CHANGED
@@ -1,8 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/utils/java_script/version"
|
4
|
-
|
5
|
-
require "dependabot/utils/java_script/requirement"
|
6
3
|
require "dependabot/utils/ruby/requirement"
|
7
4
|
|
8
5
|
# TODO: in due course, these "registries" should live in a wrapper gem, not
|
@@ -12,8 +9,7 @@ module Dependabot
|
|
12
9
|
@version_classes = {
|
13
10
|
"bundler" => Gem::Version,
|
14
11
|
"submodules" => Gem::Version,
|
15
|
-
"docker" => Gem::Version
|
16
|
-
"npm_and_yarn" => Utils::JavaScript::Version
|
12
|
+
"docker" => Gem::Version
|
17
13
|
}
|
18
14
|
|
19
15
|
def self.version_class_for_package_manager(package_manager)
|
@@ -30,8 +26,7 @@ module Dependabot
|
|
30
26
|
@requirement_classes = {
|
31
27
|
"bundler" => Utils::Ruby::Requirement,
|
32
28
|
"submodules" => Utils::Ruby::Requirement,
|
33
|
-
"docker" => Utils::Ruby::Requirement
|
34
|
-
"npm_and_yarn" => Utils::JavaScript::Requirement
|
29
|
+
"docker" => Utils::Ruby::Requirement
|
35
30
|
}
|
36
31
|
|
37
32
|
def self.requirement_class_for_package_manager(package_manager)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.91.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-ecr
|
@@ -298,43 +298,8 @@ files:
|
|
298
298
|
- CHANGELOG.md
|
299
299
|
- LICENSE
|
300
300
|
- README.md
|
301
|
-
- helpers/npm/.eslintrc
|
302
|
-
- helpers/npm/bin/run.js
|
303
|
-
- helpers/npm/lib/helpers.js
|
304
|
-
- helpers/npm/lib/peer-dependency-checker.js
|
305
|
-
- helpers/npm/lib/subdependency-updater.js
|
306
|
-
- helpers/npm/lib/updater.js
|
307
|
-
- helpers/npm/package-lock.json
|
308
|
-
- helpers/npm/package.json
|
309
|
-
- helpers/npm/test/fixtures/npm-left-pad.json
|
310
|
-
- helpers/npm/test/fixtures/updater/original/package-lock.json
|
311
|
-
- helpers/npm/test/fixtures/updater/original/package.json
|
312
|
-
- helpers/npm/test/fixtures/updater/updated/package-lock.json
|
313
|
-
- helpers/npm/test/helpers.js
|
314
|
-
- helpers/npm/test/updater.test.js
|
315
|
-
- helpers/npm/yarn.lock
|
316
301
|
- helpers/test/run.rb
|
317
302
|
- helpers/utils/git-credential-store-immutable
|
318
|
-
- helpers/yarn/.eslintrc
|
319
|
-
- helpers/yarn/bin/run.js
|
320
|
-
- helpers/yarn/lib/fix-duplicates.js
|
321
|
-
- helpers/yarn/lib/helpers.js
|
322
|
-
- helpers/yarn/lib/lockfile-parser.js
|
323
|
-
- helpers/yarn/lib/peer-dependency-checker.js
|
324
|
-
- helpers/yarn/lib/replace-lockfile-declaration.js
|
325
|
-
- helpers/yarn/lib/subdependency-updater.js
|
326
|
-
- helpers/yarn/lib/updater.js
|
327
|
-
- helpers/yarn/package.json
|
328
|
-
- helpers/yarn/test/fixtures/updater/original/package.json
|
329
|
-
- helpers/yarn/test/fixtures/updater/original/yarn.lock
|
330
|
-
- helpers/yarn/test/fixtures/updater/updated/yarn.lock
|
331
|
-
- helpers/yarn/test/fixtures/updater/with-version-comments/package.json
|
332
|
-
- helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock
|
333
|
-
- helpers/yarn/test/fixtures/yarnpkg-is-positive.json
|
334
|
-
- helpers/yarn/test/fixtures/yarnpkg-left-pad.json
|
335
|
-
- helpers/yarn/test/helpers.js
|
336
|
-
- helpers/yarn/test/updater.test.js
|
337
|
-
- helpers/yarn/yarn.lock
|
338
303
|
- lib/bundler_definition_bundler_version_patch.rb
|
339
304
|
- lib/bundler_definition_ruby_version_patch.rb
|
340
305
|
- lib/bundler_git_source_patch.rb
|
@@ -348,8 +313,6 @@ files:
|
|
348
313
|
- lib/dependabot/file_fetchers.rb
|
349
314
|
- lib/dependabot/file_fetchers/README.md
|
350
315
|
- lib/dependabot/file_fetchers/base.rb
|
351
|
-
- lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb
|
352
|
-
- lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb
|
353
316
|
- lib/dependabot/file_fetchers/ruby/bundler.rb
|
354
317
|
- lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
|
355
318
|
- lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb
|
@@ -359,19 +322,12 @@ files:
|
|
359
322
|
- lib/dependabot/file_parsers/README.md
|
360
323
|
- lib/dependabot/file_parsers/base.rb
|
361
324
|
- lib/dependabot/file_parsers/base/dependency_set.rb
|
362
|
-
- lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
|
363
325
|
- lib/dependabot/file_parsers/ruby/bundler.rb
|
364
326
|
- lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
|
365
327
|
- lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
|
366
328
|
- lib/dependabot/file_updaters.rb
|
367
329
|
- lib/dependabot/file_updaters/README.md
|
368
330
|
- lib/dependabot/file_updaters/base.rb
|
369
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn.rb
|
370
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb
|
371
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb
|
372
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb
|
373
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb
|
374
|
-
- lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb
|
375
331
|
- lib/dependabot/file_updaters/ruby/bundler.rb
|
376
332
|
- lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
|
377
333
|
- lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
|
@@ -389,7 +345,6 @@ files:
|
|
389
345
|
- lib/dependabot/metadata_finders/base/changelog_pruner.rb
|
390
346
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
391
347
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
392
|
-
- lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb
|
393
348
|
- lib/dependabot/metadata_finders/ruby/bundler.rb
|
394
349
|
- lib/dependabot/pull_request_creator.rb
|
395
350
|
- lib/dependabot/pull_request_creator/branch_namer.rb
|
@@ -405,13 +360,6 @@ files:
|
|
405
360
|
- lib/dependabot/update_checkers.rb
|
406
361
|
- lib/dependabot/update_checkers/README.md
|
407
362
|
- lib/dependabot/update_checkers/base.rb
|
408
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn.rb
|
409
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb
|
410
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb
|
411
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb
|
412
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb
|
413
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb
|
414
|
-
- lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb
|
415
363
|
- lib/dependabot/update_checkers/ruby/bundler.rb
|
416
364
|
- lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
|
417
365
|
- lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
|
@@ -421,8 +369,6 @@ files:
|
|
421
369
|
- lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb
|
422
370
|
- lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb
|
423
371
|
- lib/dependabot/utils.rb
|
424
|
-
- lib/dependabot/utils/java_script/requirement.rb
|
425
|
-
- lib/dependabot/utils/java_script/version.rb
|
426
372
|
- lib/dependabot/utils/ruby/requirement.rb
|
427
373
|
- lib/dependabot/version.rb
|
428
374
|
- lib/rubygems_version_patch.rb
|
data/helpers/npm/.eslintrc
DELETED
data/helpers/npm/bin/run.js
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
const updater = require("../lib/updater");
|
2
|
-
const peerDependencyChecker = require("../lib/peer-dependency-checker");
|
3
|
-
const subdependencyUpdater = require("../lib/subdependency-updater");
|
4
|
-
|
5
|
-
const functionMap = {
|
6
|
-
update: updater.updateDependencyFiles,
|
7
|
-
updateSubdependency: subdependencyUpdater.updateDependencyFile,
|
8
|
-
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies
|
9
|
-
};
|
10
|
-
|
11
|
-
function output(obj) {
|
12
|
-
process.stdout.write(JSON.stringify(obj));
|
13
|
-
}
|
14
|
-
|
15
|
-
const input = [];
|
16
|
-
process.stdin.on("data", data => input.push(data));
|
17
|
-
process.stdin.on("end", () => {
|
18
|
-
const request = JSON.parse(input.join(""));
|
19
|
-
const func = functionMap[request.function];
|
20
|
-
if (!func) {
|
21
|
-
output({ error: `Invalid function ${request.function}` });
|
22
|
-
process.exit(1);
|
23
|
-
}
|
24
|
-
|
25
|
-
func
|
26
|
-
.apply(null, request.args)
|
27
|
-
.then(result => {
|
28
|
-
output({ result: result });
|
29
|
-
})
|
30
|
-
.catch(error => {
|
31
|
-
output({ error: error.message });
|
32
|
-
process.exit(1);
|
33
|
-
});
|
34
|
-
});
|
data/helpers/npm/lib/helpers.js
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
function runAsync(obj, method, args) {
|
2
|
-
return new Promise((resolve, reject) => {
|
3
|
-
const cb = (err, ...returnValues) => {
|
4
|
-
if (err) {
|
5
|
-
reject(err);
|
6
|
-
} else {
|
7
|
-
resolve(returnValues);
|
8
|
-
}
|
9
|
-
};
|
10
|
-
method.apply(obj, [...args, cb]);
|
11
|
-
});
|
12
|
-
}
|
13
|
-
|
14
|
-
function muteStderr() {
|
15
|
-
const original = process.stderr.write;
|
16
|
-
process.stderr.write = () => {};
|
17
|
-
return () => {
|
18
|
-
process.stderr.write = original;
|
19
|
-
};
|
20
|
-
}
|
21
|
-
|
22
|
-
module.exports = {
|
23
|
-
runAsync,
|
24
|
-
muteStderr
|
25
|
-
};
|
@@ -1,102 +0,0 @@
|
|
1
|
-
/* PEER DEPENDENCY CHECKER
|
2
|
-
*
|
3
|
-
* Inputs:
|
4
|
-
* - directory containing a package.json and a yarn.lock
|
5
|
-
* - dependency name
|
6
|
-
* - new dependency version
|
7
|
-
* - requirements for this dependency
|
8
|
-
*
|
9
|
-
* Outputs:
|
10
|
-
* - successful completion, or an error if there are peer dependency warnings
|
11
|
-
*/
|
12
|
-
|
13
|
-
const npm = require("npm");
|
14
|
-
const installer = require("npm/lib/install");
|
15
|
-
const { muteStderr, runAsync } = require("./helpers.js");
|
16
|
-
|
17
|
-
function installArgsWithVersion(depName, desiredVersion, requirements) {
|
18
|
-
const source = (requirements.find(req => req.source) || {}).source;
|
19
|
-
|
20
|
-
if (source && source.type === "git") {
|
21
|
-
return [`${depName}@${source.url}#${desiredVersion}`];
|
22
|
-
} else {
|
23
|
-
return [`${depName}@${desiredVersion}`];
|
24
|
-
}
|
25
|
-
}
|
26
|
-
|
27
|
-
async function checkPeerDependencies(
|
28
|
-
directory,
|
29
|
-
depName,
|
30
|
-
desiredVersion,
|
31
|
-
requirements,
|
32
|
-
topLevelDependencies
|
33
|
-
) {
|
34
|
-
// `force: true` ignores checks for platform (os, cpu) and engines
|
35
|
-
// in npm/lib/install/validate-args.js
|
36
|
-
// Platform is checked and raised from (EBADPLATFORM):
|
37
|
-
// https://github.com/npm/npm-install-checks
|
38
|
-
await runAsync(npm, npm.load, [{ loglevel: "silent", force: true }]);
|
39
|
-
|
40
|
-
const dryRun = true;
|
41
|
-
|
42
|
-
// Returns dep name and version for npm install, example: ["react@16.6.0"]
|
43
|
-
let args = installArgsWithVersion(depName, desiredVersion, requirements);
|
44
|
-
|
45
|
-
// To check peer dependencies requirements in all top level dependencies we
|
46
|
-
// need to explicitly tell npm to fetch all manifests by specifying the
|
47
|
-
// existing dependency name and version in npm install
|
48
|
-
|
49
|
-
// For exampele, if we have "react@15.6.2" and "react-dom@15.6.2" installed
|
50
|
-
// and we want to install react@16.6.0, we need get the existing version of
|
51
|
-
// react-dom and pass this to npm install along with the new version react,
|
52
|
-
// this way npm fetches the manifest for react-dom and determines that we
|
53
|
-
// can't install react@16.6.0 due to the peer dependency requirement in
|
54
|
-
// react-dom
|
55
|
-
|
56
|
-
// If we only pass the new dep@version to npm install, e.g. "react@16.6.0" npm
|
57
|
-
// will only fetch the manifest for react and not know that react-dom enforces
|
58
|
-
// a peerDependency on react
|
59
|
-
|
60
|
-
// Returns dep name and version for npm install, example: ["react-dom@15.6.2"]
|
61
|
-
// - given react and react-dom in top level deps
|
62
|
-
const otherDeps = (topLevelDependencies || [])
|
63
|
-
.filter(dep => dep.name !== depName && dep.version)
|
64
|
-
.map(dep => installArgsWithVersion(dep.name, dep.version, dep.requirements))
|
65
|
-
.reduce((acc, dep) => acc.concat(dep), []);
|
66
|
-
|
67
|
-
args = args.concat(otherDeps);
|
68
|
-
|
69
|
-
const initialInstaller = new installer.Installer(directory, dryRun, args, {
|
70
|
-
packageLockOnly: true
|
71
|
-
});
|
72
|
-
|
73
|
-
// A bug in npm means the initial install will remove any git dependencies
|
74
|
-
// from the lockfile. A subsequent install with no arguments fixes this.
|
75
|
-
const cleanupInstaller = new installer.Installer(directory, dryRun, [], {
|
76
|
-
packageLockOnly: true
|
77
|
-
});
|
78
|
-
|
79
|
-
// Skip printing the success message
|
80
|
-
initialInstaller.printInstalled = cb => cb();
|
81
|
-
cleanupInstaller.printInstalled = cb => cb();
|
82
|
-
|
83
|
-
// There are some hard-to-prevent bits of output.
|
84
|
-
// This is horrible, but works.
|
85
|
-
const unmute = muteStderr();
|
86
|
-
try {
|
87
|
-
await runAsync(initialInstaller, initialInstaller.run, []);
|
88
|
-
await runAsync(cleanupInstaller, cleanupInstaller.run, []);
|
89
|
-
} finally {
|
90
|
-
unmute();
|
91
|
-
}
|
92
|
-
|
93
|
-
const peerDependencyWarnings = initialInstaller.idealTree.warnings
|
94
|
-
.filter(warning => warning.code === "EPEERINVALID")
|
95
|
-
.map(warning => warning.message);
|
96
|
-
|
97
|
-
if (peerDependencyWarnings.length) {
|
98
|
-
throw new Error(peerDependencyWarnings.join("\n"));
|
99
|
-
}
|
100
|
-
}
|
101
|
-
|
102
|
-
module.exports = { checkPeerDependencies };
|