RubyGems - dependabot-core - Versions diffs - 0.85.3 → 0.86.0 - Mend

dependabot-core 0.85.3 → 0.86.0

Files changed (5) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +12 -16
data/lib/dependabot/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae690b38c7293ceabf4f56d82deb2d613f6da6edea787473ff03f641f2cf49ae
-  data.tar.gz: d3a0b0143f332c15f332bdf3fb92f624bd01778016fccbf5d2d8b997d0683a94
+  metadata.gz: a91ff56ab392d99ee2d12bc39a610bac38f75654da604cddd7fe7dc555f95be2
+  data.tar.gz: eda26a03684ef192cd31ab67870a56f62f5c3ea23635fc0214ed8c4c6fadedff
 SHA512:
-  metadata.gz: 28ded14ae4261b7609e2c778dcb6c2f81600f2e9e8df19a6b12f40549ba668a06b24cd0fae42d1e2a57c1a8b837521c12a8e6fed08296c7e59ee16f6460e48da
-  data.tar.gz: 88a74d07d5218c5f2fbbfec86394566b0e06916ef32e65bd53f6906d08803e85a1f209f196868a09c8f051b88763ba10bf4685b16590b2db9cb960166f78b0d6
+  metadata.gz: 3eb8df5b9e68360c1f9aecf6d914f9207273a214672c6829b974e7fa6ee6687ca2be350582d35aefae6b3da6fb2eb6a434df0c95d583b8ec57b4914880a67035
+  data.tar.gz: c46b7e7883b64844b8ef27aab852810a56685588ea99612752f2c9d40724b0d921fe9e4370a1eb916ec5da4101b3dae7eeb8e686acfc473fe7c80c9f68553b11

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+## v0.86.0, 17 December 2018
+- Npm: Fix issue where the wrong lockfile was updated when using both Lerna and
+  npm lockfiles
 ## v0.85.3, 17 December 2018
 - Rust: Ignore aliased dependencies

data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb CHANGED Viewed

@@ -64,23 +64,14 @@ module Dependabot
           end
           def updatable_dependencies(lockfile)
-            path = Pathname.new(lockfile.name).dirname.to_s
+            lockfile_dir = Pathname.new(lockfile.name).dirname.to_s
             dependencies.reject do |dependency|
-              top_level_dependency_not_required?(dependency, path) ||
-                dependency_up_to_date?(lockfile, dependency)
+              dependency_up_to_date?(lockfile, dependency) ||
+                top_level_dependency_update_not_required?(dependency,
+                                                          lockfile_dir)
             end
           end
-          def requirements_for_path(requirements, path)
-            return requirements if path.to_s == "."
-            requirements.map do |r|
-              next unless r[:file].start_with?("#{path}/")
-              r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
-            end.compact
-          end
           def dependency_up_to_date?(lockfile, dependency)
             existing_dep = FileParsers::JavaScript::NpmAndYarn.new(
               dependency_files: [lockfile, *package_files],
@@ -100,9 +91,14 @@ module Dependabot
           # Prevent changes to the lockfile when the dependency has been
           # required in a package.json outside the current folder (e.g. lerna
           # proj)
-          def top_level_dependency_not_required?(dependency, path)
-            dependency.top_level? &&
-              requirements_for_path(dependency.requirements, path).empty?
+          def top_level_dependency_update_not_required?(dependency,
+                                                        lockfile_dir)
+            requirements_for_path = dependency.requirements.select do |req|
+              req_dir = Pathname.new(req[:file]).dirname.to_s
+              req_dir == lockfile_dir
+            end
+            dependency.top_level? && requirements_for_path.empty?
           end
           def run_current_npm_update(lockfile_name:)

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.85.3"
+  VERSION = "0.86.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.85.3
+  version: 0.86.0
 platform: ruby
 authors:
 - Dependabot