dependabot-core 0.85.3 → 0.86.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +12 -16
  4. data/lib/dependabot/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae690b38c7293ceabf4f56d82deb2d613f6da6edea787473ff03f641f2cf49ae
4
- data.tar.gz: d3a0b0143f332c15f332bdf3fb92f624bd01778016fccbf5d2d8b997d0683a94
3
+ metadata.gz: a91ff56ab392d99ee2d12bc39a610bac38f75654da604cddd7fe7dc555f95be2
4
+ data.tar.gz: eda26a03684ef192cd31ab67870a56f62f5c3ea23635fc0214ed8c4c6fadedff
5
5
  SHA512:
6
- metadata.gz: 28ded14ae4261b7609e2c778dcb6c2f81600f2e9e8df19a6b12f40549ba668a06b24cd0fae42d1e2a57c1a8b837521c12a8e6fed08296c7e59ee16f6460e48da
7
- data.tar.gz: 88a74d07d5218c5f2fbbfec86394566b0e06916ef32e65bd53f6906d08803e85a1f209f196868a09c8f051b88763ba10bf4685b16590b2db9cb960166f78b0d6
6
+ metadata.gz: 3eb8df5b9e68360c1f9aecf6d914f9207273a214672c6829b974e7fa6ee6687ca2be350582d35aefae6b3da6fb2eb6a434df0c95d583b8ec57b4914880a67035
7
+ data.tar.gz: c46b7e7883b64844b8ef27aab852810a56685588ea99612752f2c9d40724b0d921fe9e4370a1eb916ec5da4101b3dae7eeb8e686acfc473fe7c80c9f68553b11
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## v0.86.0, 17 December 2018
2
+
3
+ - Npm: Fix issue where the wrong lockfile was updated when using both Lerna and
4
+ npm lockfiles
5
+
1
6
  ## v0.85.3, 17 December 2018
2
7
 
3
8
  - Rust: Ignore aliased dependencies
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb CHANGED
@@ -64,23 +64,14 @@ module Dependabot
64
64
  end
65
65
 
66
66
  def updatable_dependencies(lockfile)
67
- path = Pathname.new(lockfile.name).dirname.to_s
67
+ lockfile_dir = Pathname.new(lockfile.name).dirname.to_s
68
68
  dependencies.reject do |dependency|
69
- top_level_dependency_not_required?(dependency, path) ||
70
- dependency_up_to_date?(lockfile, dependency)
69
+ dependency_up_to_date?(lockfile, dependency) ||
70
+ top_level_dependency_update_not_required?(dependency,
71
+ lockfile_dir)
71
72
  end
72
73
  end
73
74
 
74
- def requirements_for_path(requirements, path)
75
- return requirements if path.to_s == "."
76
-
77
- requirements.map do |r|
78
- next unless r[:file].start_with?("#{path}/")
79
-
80
- r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
81
- end.compact
82
- end
83
-
84
75
  def dependency_up_to_date?(lockfile, dependency)
85
76
  existing_dep = FileParsers::JavaScript::NpmAndYarn.new(
86
77
  dependency_files: [lockfile, *package_files],
@@ -100,9 +91,14 @@ module Dependabot
100
91
  # Prevent changes to the lockfile when the dependency has been
101
92
  # required in a package.json outside the current folder (e.g. lerna
102
93
  # proj)
103
- def top_level_dependency_not_required?(dependency, path)
104
- dependency.top_level? &&
105
- requirements_for_path(dependency.requirements, path).empty?
94
+ def top_level_dependency_update_not_required?(dependency,
95
+ lockfile_dir)
96
+ requirements_for_path = dependency.requirements.select do |req|
97
+ req_dir = Pathname.new(req[:file]).dirname.to_s
98
+ req_dir == lockfile_dir
99
+ end
100
+
101
+ dependency.top_level? && requirements_for_path.empty?
106
102
  end
107
103
 
108
104
  def run_current_npm_update(lockfile_name:)
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.85.3"
4
+ VERSION = "0.86.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.85.3
4
+ version: 0.86.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot