dependabot-core 0.85.3 → 0.86.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae690b38c7293ceabf4f56d82deb2d613f6da6edea787473ff03f641f2cf49ae
4
- data.tar.gz: d3a0b0143f332c15f332bdf3fb92f624bd01778016fccbf5d2d8b997d0683a94
3
+ metadata.gz: a91ff56ab392d99ee2d12bc39a610bac38f75654da604cddd7fe7dc555f95be2
4
+ data.tar.gz: eda26a03684ef192cd31ab67870a56f62f5c3ea23635fc0214ed8c4c6fadedff
5
5
  SHA512:
6
- metadata.gz: 28ded14ae4261b7609e2c778dcb6c2f81600f2e9e8df19a6b12f40549ba668a06b24cd0fae42d1e2a57c1a8b837521c12a8e6fed08296c7e59ee16f6460e48da
7
- data.tar.gz: 88a74d07d5218c5f2fbbfec86394566b0e06916ef32e65bd53f6906d08803e85a1f209f196868a09c8f051b88763ba10bf4685b16590b2db9cb960166f78b0d6
6
+ metadata.gz: 3eb8df5b9e68360c1f9aecf6d914f9207273a214672c6829b974e7fa6ee6687ca2be350582d35aefae6b3da6fb2eb6a434df0c95d583b8ec57b4914880a67035
7
+ data.tar.gz: c46b7e7883b64844b8ef27aab852810a56685588ea99612752f2c9d40724b0d921fe9e4370a1eb916ec5da4101b3dae7eeb8e686acfc473fe7c80c9f68553b11
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## v0.86.0, 17 December 2018
2
+
3
+ - Npm: Fix issue where the wrong lockfile was updated when using both Lerna and
4
+ npm lockfiles
5
+
1
6
  ## v0.85.3, 17 December 2018
2
7
 
3
8
  - Rust: Ignore aliased dependencies
@@ -64,23 +64,14 @@ module Dependabot
64
64
  end
65
65
 
66
66
  def updatable_dependencies(lockfile)
67
- path = Pathname.new(lockfile.name).dirname.to_s
67
+ lockfile_dir = Pathname.new(lockfile.name).dirname.to_s
68
68
  dependencies.reject do |dependency|
69
- top_level_dependency_not_required?(dependency, path) ||
70
- dependency_up_to_date?(lockfile, dependency)
69
+ dependency_up_to_date?(lockfile, dependency) ||
70
+ top_level_dependency_update_not_required?(dependency,
71
+ lockfile_dir)
71
72
  end
72
73
  end
73
74
 
74
- def requirements_for_path(requirements, path)
75
- return requirements if path.to_s == "."
76
-
77
- requirements.map do |r|
78
- next unless r[:file].start_with?("#{path}/")
79
-
80
- r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
81
- end.compact
82
- end
83
-
84
75
  def dependency_up_to_date?(lockfile, dependency)
85
76
  existing_dep = FileParsers::JavaScript::NpmAndYarn.new(
86
77
  dependency_files: [lockfile, *package_files],
@@ -100,9 +91,14 @@ module Dependabot
100
91
  # Prevent changes to the lockfile when the dependency has been
101
92
  # required in a package.json outside the current folder (e.g. lerna
102
93
  # proj)
103
- def top_level_dependency_not_required?(dependency, path)
104
- dependency.top_level? &&
105
- requirements_for_path(dependency.requirements, path).empty?
94
+ def top_level_dependency_update_not_required?(dependency,
95
+ lockfile_dir)
96
+ requirements_for_path = dependency.requirements.select do |req|
97
+ req_dir = Pathname.new(req[:file]).dirname.to_s
98
+ req_dir == lockfile_dir
99
+ end
100
+
101
+ dependency.top_level? && requirements_for_path.empty?
106
102
  end
107
103
 
108
104
  def run_current_npm_update(lockfile_name:)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.85.3"
4
+ VERSION = "0.86.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.85.3
4
+ version: 0.86.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot