dependabot-npm_and_yarn 0.119.2 → 0.120.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package.json +2 -2
- data/helpers/yarn.lock +46 -24
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +2 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -2
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/requirement.rb +1 -5
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -0
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +0 -3
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -0
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d7c4fdf0e48da39cd53f87827ac9d95e26512775b7820b59137cfd2afaa810a3
|
4
|
+
data.tar.gz: 756e6ae27455ebb0ad30426e224524487cc6550e73a403c5c0df71cdbd94d47c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e2e335687cbd4d9018d9cad1ea12e732d1ea383dff220ce667f89c9ceac6d0121622936e454aa5a70aa5c2ab6882793e042ab421265638a34e61780790262c6e
|
7
|
+
data.tar.gz: c73d3bf55f0315020c231fc243e09f2e25044dfbb60d92d36499ea405b4c26f83b642628e89d15a6667a919ec92bebf580302784194ca3c10d003ec557b7614c
|
data/helpers/package.json
CHANGED
data/helpers/yarn.lock
CHANGED
@@ -358,6 +358,22 @@
|
|
358
358
|
validate-npm-package-license "^3.0.4"
|
359
359
|
yn "^2.0.0"
|
360
360
|
|
361
|
+
"@eslint/eslintrc@^0.1.3":
|
362
|
+
version "0.1.3"
|
363
|
+
resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.1.3.tgz#7d1a2b2358552cc04834c0979bd4275362e37085"
|
364
|
+
integrity sha512-4YVwPkANLeNtRjMekzux1ci8hIaH5eGKktGqR0d3LWsKNn5B2X/1Z6Trxy7jQXl9EBGE6Yj02O+t09FMeRllaA==
|
365
|
+
dependencies:
|
366
|
+
ajv "^6.12.4"
|
367
|
+
debug "^4.1.1"
|
368
|
+
espree "^7.3.0"
|
369
|
+
globals "^12.1.0"
|
370
|
+
ignore "^4.0.6"
|
371
|
+
import-fresh "^3.2.1"
|
372
|
+
js-yaml "^3.13.1"
|
373
|
+
lodash "^4.17.19"
|
374
|
+
minimatch "^3.0.4"
|
375
|
+
strip-json-comments "^3.1.1"
|
376
|
+
|
361
377
|
"@iarna/cli@^1.2.0":
|
362
378
|
version "1.2.0"
|
363
379
|
resolved "https://registry.npmjs.org/@iarna/cli/-/cli-1.2.0.tgz#0f7af5e851afe895104583c4ca07377a8094d641"
|
@@ -719,11 +735,16 @@ acorn-walk@^7.1.1:
|
|
719
735
|
resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-7.2.0.tgz#0de889a601203909b0fbe07b8938dc21d2e967bc"
|
720
736
|
integrity sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==
|
721
737
|
|
722
|
-
acorn@^7.1.1
|
738
|
+
acorn@^7.1.1:
|
723
739
|
version "7.3.1"
|
724
740
|
resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.3.1.tgz#85010754db53c3fbaf3b9ea3e083aa5c5d147ffd"
|
725
741
|
integrity sha512-tLc0wSnatxAQHVHUapaHdz72pi9KUyHjq5KyHjGg9Y8Ifdc79pTh2XvI6I1/chZbnM7QtNKzh66ooDogPZSleA==
|
726
742
|
|
743
|
+
acorn@^7.4.0:
|
744
|
+
version "7.4.0"
|
745
|
+
resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
|
746
|
+
integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==
|
747
|
+
|
727
748
|
agent-base@4, agent-base@^4.3.0:
|
728
749
|
version "4.3.0"
|
729
750
|
resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-4.3.0.tgz#8165f01c436009bccad0b1d122f05ed770efc6ee"
|
@@ -745,10 +766,10 @@ agentkeepalive@^3.4.1:
|
|
745
766
|
dependencies:
|
746
767
|
humanize-ms "^1.2.1"
|
747
768
|
|
748
|
-
ajv@^6.10.0, ajv@^6.10.2, ajv@^6.5.5:
|
749
|
-
version "6.12.
|
750
|
-
resolved "https://registry.
|
751
|
-
integrity sha512-
|
769
|
+
ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.4, ajv@^6.5.5:
|
770
|
+
version "6.12.4"
|
771
|
+
resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.4.tgz#0614facc4522127fa713445c6bfd3ebd376e2234"
|
772
|
+
integrity sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==
|
752
773
|
dependencies:
|
753
774
|
fast-deep-equal "^3.1.1"
|
754
775
|
fast-json-stable-stringify "^2.0.0"
|
@@ -2043,12 +2064,13 @@ eslint-visitor-keys@^1.1.0, eslint-visitor-keys@^1.3.0:
|
|
2043
2064
|
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz#30ebd1ef7c2fdff01c3a4f151044af25fab0523e"
|
2044
2065
|
integrity sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==
|
2045
2066
|
|
2046
|
-
eslint@^7.
|
2047
|
-
version "7.
|
2048
|
-
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.
|
2049
|
-
integrity sha512-
|
2067
|
+
eslint@^7.9.0:
|
2068
|
+
version "7.9.0"
|
2069
|
+
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.9.0.tgz#522aeccc5c3a19017cf0cb46ebfd660a79acf337"
|
2070
|
+
integrity sha512-V6QyhX21+uXp4T+3nrNfI3hQNBDa/P8ga7LoQOenwrlEFXrEnUEE+ok1dMtaS3b6rmLXhT1TkTIsG75HMLbknA==
|
2050
2071
|
dependencies:
|
2051
2072
|
"@babel/code-frame" "^7.0.0"
|
2073
|
+
"@eslint/eslintrc" "^0.1.3"
|
2052
2074
|
ajv "^6.10.0"
|
2053
2075
|
chalk "^4.0.0"
|
2054
2076
|
cross-spawn "^7.0.2"
|
@@ -2058,7 +2080,7 @@ eslint@^7.7.0:
|
|
2058
2080
|
eslint-scope "^5.1.0"
|
2059
2081
|
eslint-utils "^2.1.0"
|
2060
2082
|
eslint-visitor-keys "^1.3.0"
|
2061
|
-
espree "^7.
|
2083
|
+
espree "^7.3.0"
|
2062
2084
|
esquery "^1.2.0"
|
2063
2085
|
esutils "^2.0.2"
|
2064
2086
|
file-entry-cache "^5.0.1"
|
@@ -2085,12 +2107,12 @@ eslint@^7.7.0:
|
|
2085
2107
|
text-table "^0.2.0"
|
2086
2108
|
v8-compile-cache "^2.0.3"
|
2087
2109
|
|
2088
|
-
espree@^7.
|
2089
|
-
version "7.
|
2090
|
-
resolved "https://registry.yarnpkg.com/espree/-/espree-7.
|
2091
|
-
integrity sha512-
|
2110
|
+
espree@^7.3.0:
|
2111
|
+
version "7.3.0"
|
2112
|
+
resolved "https://registry.yarnpkg.com/espree/-/espree-7.3.0.tgz#dc30437cf67947cf576121ebd780f15eeac72348"
|
2113
|
+
integrity sha512-dksIWsvKCixn1yrEXO8UosNSxaDoSYpq9reEjZSbHLpT5hpaCAKTLBwq0RHtLrIr+c0ByiYzWT8KTMRzoRCNlw==
|
2092
2114
|
dependencies:
|
2093
|
-
acorn "^7.
|
2115
|
+
acorn "^7.4.0"
|
2094
2116
|
acorn-jsx "^5.2.0"
|
2095
2117
|
eslint-visitor-keys "^1.3.0"
|
2096
2118
|
|
@@ -2884,7 +2906,7 @@ ignore@^4.0.6:
|
|
2884
2906
|
resolved "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc"
|
2885
2907
|
integrity sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==
|
2886
2908
|
|
2887
|
-
import-fresh@^3.0.0:
|
2909
|
+
import-fresh@^3.0.0, import-fresh@^3.2.1:
|
2888
2910
|
version "3.2.1"
|
2889
2911
|
resolved "https://registry.npmjs.org/import-fresh/-/import-fresh-3.2.1.tgz#633ff618506e793af5ac91bf48b72677e15cbe66"
|
2890
2912
|
integrity sha512-6e1q1cnWP2RXD9/keSkxHScg508CdXqXWgWBaETNhyuBFz+kUZlKboh+ISK+bU++DmbHimVBrOz/zzPe0sZ3sQ==
|
@@ -5371,10 +5393,10 @@ prettier-linter-helpers@^1.0.0:
|
|
5371
5393
|
dependencies:
|
5372
5394
|
fast-diff "^1.1.2"
|
5373
5395
|
|
5374
|
-
prettier@^2.
|
5375
|
-
version "2.
|
5376
|
-
resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.
|
5377
|
-
integrity sha512-
|
5396
|
+
prettier@^2.1.2:
|
5397
|
+
version "2.1.2"
|
5398
|
+
resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.1.2.tgz#3050700dae2e4c8b67c4c3f666cdb8af405e1ce5"
|
5399
|
+
integrity sha512-16c7K+x4qVlJg9rEbXl7HEGmQyZlG4R9AgP+oHKRMsMsuk8s+ATStlf1NpDqyBI1HpVyfjLOeMhH2LvuNvV5Vg==
|
5378
5400
|
|
5379
5401
|
pretty-format@^26.4.2:
|
5380
5402
|
version "26.4.2"
|
@@ -6458,10 +6480,10 @@ strip-final-newline@^2.0.0:
|
|
6458
6480
|
resolved "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz#89b852fb2fcbe936f6f4b3187afb0a12c1ab58ad"
|
6459
6481
|
integrity sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==
|
6460
6482
|
|
6461
|
-
strip-json-comments@^3.1.0:
|
6462
|
-
version "3.1.
|
6463
|
-
resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.
|
6464
|
-
integrity sha512-
|
6483
|
+
strip-json-comments@^3.1.0, strip-json-comments@^3.1.1:
|
6484
|
+
version "3.1.1"
|
6485
|
+
resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
|
6486
|
+
integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
|
6465
6487
|
|
6466
6488
|
strip-json-comments@~2.0.1:
|
6467
6489
|
version "2.0.1"
|
@@ -31,7 +31,6 @@ module Dependabot
|
|
31
31
|
|
32
32
|
private
|
33
33
|
|
34
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
35
34
|
def fetch_files
|
36
35
|
fetched_files = []
|
37
36
|
fetched_files << package_json
|
@@ -48,8 +47,6 @@ module Dependabot
|
|
48
47
|
fetched_files.uniq
|
49
48
|
end
|
50
49
|
|
51
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
52
|
-
|
53
50
|
def package_json
|
54
51
|
@package_json ||= fetch_file_from_host("package.json")
|
55
52
|
end
|
@@ -173,6 +170,7 @@ module Dependabot
|
|
173
170
|
].uniq
|
174
171
|
end
|
175
172
|
|
173
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
176
174
|
# rubocop:disable Metrics/AbcSize
|
177
175
|
def path_dependency_details_from_manifest(file)
|
178
176
|
return [] unless file.name.end_with?("package.json")
|
@@ -208,6 +206,7 @@ module Dependabot
|
|
208
206
|
raise Dependabot::DependencyFileNotParseable, file.path
|
209
207
|
end
|
210
208
|
# rubocop:enable Metrics/AbcSize
|
209
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
211
210
|
|
212
211
|
def path_dependency_details_from_npm_lockfile(parsed_lockfile)
|
213
212
|
path_starts = NPM_PATH_DEPENDENCY_STARTS
|
@@ -127,7 +127,6 @@ module Dependabot
|
|
127
127
|
build_npmrc_content_from_lockfile
|
128
128
|
end
|
129
129
|
|
130
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
131
130
|
def credential_lines_for_npmrc
|
132
131
|
lines = []
|
133
132
|
registry_credentials.each do |cred|
|
@@ -154,8 +153,8 @@ module Dependabot
|
|
154
153
|
# Work around a suspected yarn bug
|
155
154
|
["always-auth = true"] + lines
|
156
155
|
end
|
157
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
158
156
|
|
157
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
159
158
|
def registry_scopes(registry)
|
160
159
|
# Central registries don't just apply to scopes
|
161
160
|
return if CENTRAL_REGISTRIES.include?(registry)
|
@@ -182,6 +181,7 @@ module Dependabot
|
|
182
181
|
|
183
182
|
scopes.map { |scope| "@#{scope}:registry=https://#{registry}" }
|
184
183
|
end
|
184
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
185
185
|
|
186
186
|
def registry_credentials
|
187
187
|
credentials.select { |cred| cred.fetch("type") == "npm_registry" }
|
@@ -171,7 +171,7 @@ module Dependabot
|
|
171
171
|
# Local path error: When installing a git dependency which
|
172
172
|
# is using local file paths for sub-dependencies (e.g. unbuilt yarn
|
173
173
|
# workspace project)
|
174
|
-
sub_dep_local_path_err =
|
174
|
+
sub_dep_local_path_err = 'Package "" refers to a non-existing file'
|
175
175
|
if error_message.match?(INVALID_PACKAGE) ||
|
176
176
|
error_message.start_with?(sub_dep_local_path_err)
|
177
177
|
raise_resolvability_error(error_message, yarn_lock)
|
@@ -56,7 +56,6 @@ module Dependabot
|
|
56
56
|
|
57
57
|
private
|
58
58
|
|
59
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
60
59
|
def convert_js_constraint_to_ruby_constraint(req_string)
|
61
60
|
return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
|
62
61
|
|
@@ -72,7 +71,6 @@ module Dependabot
|
|
72
71
|
else ruby_range(req_string)
|
73
72
|
end
|
74
73
|
end
|
75
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
76
74
|
|
77
75
|
def convert_tilde_req(req_string)
|
78
76
|
version = req_string.gsub(/^~\>?[\s=]*/, "")
|
@@ -112,11 +110,10 @@ module Dependabot
|
|
112
110
|
"~> #{parts.join('.')}"
|
113
111
|
end
|
114
112
|
|
115
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
116
113
|
def convert_caret_req(req_string)
|
117
114
|
version = req_string.gsub(/^\^[\s=]*/, "")
|
118
115
|
parts = version.split(".")
|
119
|
-
parts
|
116
|
+
parts.fill("x", parts.length...3)
|
120
117
|
first_non_zero = parts.find { |d| d != "0" }
|
121
118
|
first_non_zero_index =
|
122
119
|
first_non_zero ? parts.index(first_non_zero) : parts.count - 1
|
@@ -133,7 +130,6 @@ module Dependabot
|
|
133
130
|
|
134
131
|
[">= #{version}", "< #{upper_bound}"]
|
135
132
|
end
|
136
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
137
133
|
end
|
138
134
|
end
|
139
135
|
end
|
@@ -167,6 +167,7 @@ module Dependabot
|
|
167
167
|
wants_latest_dist_tag?(latest) ? latest : nil
|
168
168
|
end
|
169
169
|
|
170
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
170
171
|
def related_to_current_pre?(version)
|
171
172
|
current_version = dependency.version
|
172
173
|
if current_version &&
|
@@ -188,6 +189,7 @@ module Dependabot
|
|
188
189
|
false
|
189
190
|
end
|
190
191
|
end
|
192
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
191
193
|
|
192
194
|
def specified_dist_tag_requirement?
|
193
195
|
dependency.requirements.any? do |req|
|
@@ -82,7 +82,6 @@ module Dependabot
|
|
82
82
|
version_class.new(updated_version)
|
83
83
|
end
|
84
84
|
|
85
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
86
85
|
def run_yarn_updater(path, lockfile_name)
|
87
86
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
88
87
|
Dir.chdir(path) do
|
@@ -107,8 +106,6 @@ module Dependabot
|
|
107
106
|
sleep(rand(3.0..10.0)) && retry
|
108
107
|
end
|
109
108
|
|
110
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
111
|
-
|
112
109
|
def run_npm_updater(path, lockfile_name)
|
113
110
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
114
111
|
Dir.chdir(path) do
|
@@ -130,6 +130,7 @@ module Dependabot
|
|
130
130
|
)
|
131
131
|
end
|
132
132
|
|
133
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
133
134
|
def resolve_latest_previous_version(dep, updated_version)
|
134
135
|
return dep.version if dep.version
|
135
136
|
|
@@ -160,6 +161,7 @@ module Dependabot
|
|
160
161
|
latest_previous_version
|
161
162
|
end
|
162
163
|
end
|
164
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
163
165
|
|
164
166
|
def part_of_tightly_locked_monorepo?
|
165
167
|
monorepo_dep_names =
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.120.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.120.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.120.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 0.
|
103
|
+
version: 0.91.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 0.
|
110
|
+
version: 0.91.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: vcr
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|