RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.106.3 → 0.106.4 - Mend

dependabot-npm_and_yarn 0.106.3 → 0.106.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +5 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bca8202e13c4c5772559de24a6c185294db81223109db4e90e71a1c26a0dafd4
-  data.tar.gz: 9a2a919429801075b4fc861d827fbfc1b5c71a5b6f7ec74908544cec2d73fce5
+  metadata.gz: edcd98e2a1935764c142c3b298ab356dcc2c6f217d1b6e8fe3d899ceb6e1523e
+  data.tar.gz: 9d6c81d05c5431b82c0c1a30b6758a319051a3f09704c3e58f54edb1e414e33a
 SHA512:
-  metadata.gz: f5a8ddd9bfacc1ec4ef31f66fd18c9be3f4ad2ccd1345c275df76ca9992cd1e4b60a3f8547c3c00e01235ec2f70e68d1a6a0d6269aa8a188690d8b6ccf137bd2
-  data.tar.gz: 8e557ffd27afd56cec3596fb26cbc96edf63ea7ec763d4310b59a4b44ed88ec5c7f1243fba374c8d169e0dc2230cca6e098790617a7deb45b95d51fac59b927a
+  metadata.gz: 27b4be4a3e70d7d1a7f6260b99765449cd7dde590004c0dca37a6313cbbbe76640d7bcd0dec9d7d94e3a03fe44f356cdb1d249b7da47f292d383021e5ba70de7
+  data.tar.gz: 58a7177ee3913e6438f37868968c7db67606d558888209c568f39b9159d2c86531f89d97aed5af535064b1d4dfe8a43cfaaf2390982b141a8b594f34123b747b

data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb CHANGED Viewed

@@ -71,6 +71,7 @@ module Dependabot
           yarn_locks.each do |yarn_lock|
             parse_yarn_lock(yarn_lock).each do |req, details|
               next unless semver_version_for(details["version"])
+              next if alias_package?(req)
               # Note: The DependencySet will de-dupe our dependencies, so they
               # end up unique by name. That's not a perfect representation of
@@ -151,6 +152,10 @@ module Dependabot
           version_string
         end
+        def alias_package?(requirement)
+          requirement.include?("@npm:")
+        end
         def parse_package_lock(package_lock)
           @parse_package_lock ||= {}
           @parse_package_lock[package_lock.name] ||=

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.106.3
+  version: 0.106.4
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.106.3
+        version: 0.106.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.106.3
+        version: 0.106.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement