dependabot-core 0.76.7 → 0.76.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ad3c731aaf6e231e58e492f66c340298ae97adb594ad378bcc872ef060577228
|
|
4
|
+
data.tar.gz: 37090c354d45763a163bdc30323532ce953d762c5a0af97496359fae180a15b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9b16a7ee8bb5a809efe74153d7ceded814736f8d0f01579134b8a6284bc7a96bc44f8433dd5181d5778b20ec460c0136f218885097c03b314f514c5523394007
|
|
7
|
+
data.tar.gz: 17e73ab1ef67a9cc065dd1fcca7e484cefb83b41a54a1e993aba10a8b74e34d6eb76820b2ab47bda550729dcc00adf83ae3dd60fac717448214297fcf9042923
|
data/CHANGELOG.md
CHANGED
|
@@ -59,10 +59,15 @@ module Dependabot
|
|
|
59
59
|
if details_from_yarn_lock
|
|
60
60
|
{
|
|
61
61
|
name: dependency_name,
|
|
62
|
-
version: "0.0.1",
|
|
63
|
-
dependencies:
|
|
62
|
+
version: details_from_yarn_lock["version"] || "0.0.1",
|
|
63
|
+
dependencies:
|
|
64
|
+
replace_yarn_lock_file_paths(
|
|
65
|
+
details_from_yarn_lock["dependencies"]
|
|
66
|
+
),
|
|
64
67
|
optionalDependencies:
|
|
65
|
-
|
|
68
|
+
replace_yarn_lock_file_paths(
|
|
69
|
+
details_from_yarn_lock["optionalDependencies"]
|
|
70
|
+
)
|
|
66
71
|
}.compact.to_json
|
|
67
72
|
else
|
|
68
73
|
{
|
|
@@ -73,6 +78,32 @@ module Dependabot
|
|
|
73
78
|
end
|
|
74
79
|
end
|
|
75
80
|
|
|
81
|
+
# If an unfetchable path dependency itself has path dependencies
|
|
82
|
+
# then the paths in the yarn.lock for them will be absolute, not
|
|
83
|
+
# relative. Worse, they may point to the user's local cache.
|
|
84
|
+
# We work around this by constructing a relative path to the
|
|
85
|
+
# (second-level) path dependencies.
|
|
86
|
+
def replace_yarn_lock_file_paths(dependencies_hash)
|
|
87
|
+
return unless dependencies_hash
|
|
88
|
+
|
|
89
|
+
dependencies_hash.each_with_object({}) do |(k, v), obj|
|
|
90
|
+
obj[k] = v
|
|
91
|
+
next unless v.start_with?("file:")
|
|
92
|
+
|
|
93
|
+
path_from_base =
|
|
94
|
+
parsed_yarn_lock.to_a.
|
|
95
|
+
find do |n, _|
|
|
96
|
+
next false unless n.split(/(?<=\w)\@/).first == k
|
|
97
|
+
|
|
98
|
+
n.split(/(?<=\w)\@/).last.start_with?("file:")
|
|
99
|
+
end&.first&.split(/(?<=\w)\@/)&.last&.gsub("file:", "")
|
|
100
|
+
|
|
101
|
+
next unless path_from_base
|
|
102
|
+
|
|
103
|
+
obj[k] = "file:" + File.join(inverted_path, path_from_base)
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
|
|
76
107
|
def parsed_package_lock
|
|
77
108
|
return {} unless package_lock
|
|
78
109
|
|
|
@@ -96,6 +127,16 @@ module Dependabot
|
|
|
96
127
|
end
|
|
97
128
|
end
|
|
98
129
|
|
|
130
|
+
# The path back to the root lockfile
|
|
131
|
+
def inverted_path
|
|
132
|
+
path.split("/").map do |part|
|
|
133
|
+
next part if part == "."
|
|
134
|
+
next "tmp" if part == ".."
|
|
135
|
+
|
|
136
|
+
".."
|
|
137
|
+
end.join("/")
|
|
138
|
+
end
|
|
139
|
+
|
|
99
140
|
def yarn_helper_path
|
|
100
141
|
project_root = File.join(File.dirname(__FILE__), "../../../../..")
|
|
101
142
|
File.join(project_root, "helpers/yarn/bin/run.js")
|
data/lib/dependabot/version.rb
CHANGED