dependabot-npm_and_yarn 0.119.2 → 0.120.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 21dcf4e9588a35e51c8c4ad734d2dce14164cb4368d8dd955f094002d7c4a91c
4
- data.tar.gz: 7d759bdc6cd9478f6048ae23f43e6c67ed05c2a2769fe7c6e14d65f849d6bece
3
+ metadata.gz: d7c4fdf0e48da39cd53f87827ac9d95e26512775b7820b59137cfd2afaa810a3
4
+ data.tar.gz: 756e6ae27455ebb0ad30426e224524487cc6550e73a403c5c0df71cdbd94d47c
5
5
  SHA512:
6
- metadata.gz: d5d8ded8d17c85f8236c462febc0fa53ce8d46276607eb01f991c4e93989cbddfd568859af54b3159b63c788948d290235f9ee1dcfa132ff04ca42b9eb6a8d35
7
- data.tar.gz: b3597e829035077b0c1b2497b8f3ba79a270747b936ed4f5ed0d403f083b8a75c8ffdf43fe9b368f90e768e442b2ad81e09c05d1df714e5297c57853eb9af57c
6
+ metadata.gz: e2e335687cbd4d9018d9cad1ea12e732d1ea383dff220ce667f89c9ceac6d0121622936e454aa5a70aa5c2ab6882793e042ab421265638a34e61780790262c6e
7
+ data.tar.gz: c73d3bf55f0315020c231fc243e09f2e25044dfbb60d92d36499ea405b4c26f83b642628e89d15a6667a919ec92bebf580302784194ca3c10d003ec557b7614c
@@ -15,10 +15,10 @@
15
15
  "semver": "^7.3.2"
16
16
  },
17
17
  "devDependencies": {
18
- "eslint": "^7.7.0",
18
+ "eslint": "^7.9.0",
19
19
  "eslint-plugin-prettier": "^3.1.4",
20
20
  "jest": "^26.4.2",
21
- "prettier": "^2.0.5",
21
+ "prettier": "^2.1.2",
22
22
  "rimraf": "^3.0.2"
23
23
  }
24
24
  }
@@ -358,6 +358,22 @@
358
358
  validate-npm-package-license "^3.0.4"
359
359
  yn "^2.0.0"
360
360
 
361
+ "@eslint/eslintrc@^0.1.3":
362
+ version "0.1.3"
363
+ resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.1.3.tgz#7d1a2b2358552cc04834c0979bd4275362e37085"
364
+ integrity sha512-4YVwPkANLeNtRjMekzux1ci8hIaH5eGKktGqR0d3LWsKNn5B2X/1Z6Trxy7jQXl9EBGE6Yj02O+t09FMeRllaA==
365
+ dependencies:
366
+ ajv "^6.12.4"
367
+ debug "^4.1.1"
368
+ espree "^7.3.0"
369
+ globals "^12.1.0"
370
+ ignore "^4.0.6"
371
+ import-fresh "^3.2.1"
372
+ js-yaml "^3.13.1"
373
+ lodash "^4.17.19"
374
+ minimatch "^3.0.4"
375
+ strip-json-comments "^3.1.1"
376
+
361
377
  "@iarna/cli@^1.2.0":
362
378
  version "1.2.0"
363
379
  resolved "https://registry.npmjs.org/@iarna/cli/-/cli-1.2.0.tgz#0f7af5e851afe895104583c4ca07377a8094d641"
@@ -719,11 +735,16 @@ acorn-walk@^7.1.1:
719
735
  resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-7.2.0.tgz#0de889a601203909b0fbe07b8938dc21d2e967bc"
720
736
  integrity sha512-OPdCF6GsMIP+Az+aWfAAOEt2/+iVDKE7oy6lJ098aoe59oAmK76qV6Gw60SbZ8jHuG2wH058GF4pLFbYamYrVA==
721
737
 
722
- acorn@^7.1.1, acorn@^7.3.1:
738
+ acorn@^7.1.1:
723
739
  version "7.3.1"
724
740
  resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.3.1.tgz#85010754db53c3fbaf3b9ea3e083aa5c5d147ffd"
725
741
  integrity sha512-tLc0wSnatxAQHVHUapaHdz72pi9KUyHjq5KyHjGg9Y8Ifdc79pTh2XvI6I1/chZbnM7QtNKzh66ooDogPZSleA==
726
742
 
743
+ acorn@^7.4.0:
744
+ version "7.4.0"
745
+ resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.0.tgz#e1ad486e6c54501634c6c397c5c121daa383607c"
746
+ integrity sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==
747
+
727
748
  agent-base@4, agent-base@^4.3.0:
728
749
  version "4.3.0"
729
750
  resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-4.3.0.tgz#8165f01c436009bccad0b1d122f05ed770efc6ee"
@@ -745,10 +766,10 @@ agentkeepalive@^3.4.1:
745
766
  dependencies:
746
767
  humanize-ms "^1.2.1"
747
768
 
748
- ajv@^6.10.0, ajv@^6.10.2, ajv@^6.5.5:
749
- version "6.12.2"
750
- resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz#c629c5eced17baf314437918d2da88c99d5958cd"
751
- integrity sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==
769
+ ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.4, ajv@^6.5.5:
770
+ version "6.12.4"
771
+ resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.4.tgz#0614facc4522127fa713445c6bfd3ebd376e2234"
772
+ integrity sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==
752
773
  dependencies:
753
774
  fast-deep-equal "^3.1.1"
754
775
  fast-json-stable-stringify "^2.0.0"
@@ -2043,12 +2064,13 @@ eslint-visitor-keys@^1.1.0, eslint-visitor-keys@^1.3.0:
2043
2064
  resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz#30ebd1ef7c2fdff01c3a4f151044af25fab0523e"
2044
2065
  integrity sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==
2045
2066
 
2046
- eslint@^7.7.0:
2047
- version "7.7.0"
2048
- resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.7.0.tgz#18beba51411927c4b64da0a8ceadefe4030d6073"
2049
- integrity sha512-1KUxLzos0ZVsyL81PnRN335nDtQ8/vZUD6uMtWbF+5zDtjKcsklIi78XoE0MVL93QvWTu+E5y44VyyCsOMBrIg==
2067
+ eslint@^7.9.0:
2068
+ version "7.9.0"
2069
+ resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.9.0.tgz#522aeccc5c3a19017cf0cb46ebfd660a79acf337"
2070
+ integrity sha512-V6QyhX21+uXp4T+3nrNfI3hQNBDa/P8ga7LoQOenwrlEFXrEnUEE+ok1dMtaS3b6rmLXhT1TkTIsG75HMLbknA==
2050
2071
  dependencies:
2051
2072
  "@babel/code-frame" "^7.0.0"
2073
+ "@eslint/eslintrc" "^0.1.3"
2052
2074
  ajv "^6.10.0"
2053
2075
  chalk "^4.0.0"
2054
2076
  cross-spawn "^7.0.2"
@@ -2058,7 +2080,7 @@ eslint@^7.7.0:
2058
2080
  eslint-scope "^5.1.0"
2059
2081
  eslint-utils "^2.1.0"
2060
2082
  eslint-visitor-keys "^1.3.0"
2061
- espree "^7.2.0"
2083
+ espree "^7.3.0"
2062
2084
  esquery "^1.2.0"
2063
2085
  esutils "^2.0.2"
2064
2086
  file-entry-cache "^5.0.1"
@@ -2085,12 +2107,12 @@ eslint@^7.7.0:
2085
2107
  text-table "^0.2.0"
2086
2108
  v8-compile-cache "^2.0.3"
2087
2109
 
2088
- espree@^7.2.0:
2089
- version "7.2.0"
2090
- resolved "https://registry.yarnpkg.com/espree/-/espree-7.2.0.tgz#1c263d5b513dbad0ac30c4991b93ac354e948d69"
2091
- integrity sha512-H+cQ3+3JYRMEIOl87e7QdHX70ocly5iW4+dttuR8iYSPr/hXKFb+7dBsZ7+u1adC4VrnPlTkv0+OwuPnDop19g==
2110
+ espree@^7.3.0:
2111
+ version "7.3.0"
2112
+ resolved "https://registry.yarnpkg.com/espree/-/espree-7.3.0.tgz#dc30437cf67947cf576121ebd780f15eeac72348"
2113
+ integrity sha512-dksIWsvKCixn1yrEXO8UosNSxaDoSYpq9reEjZSbHLpT5hpaCAKTLBwq0RHtLrIr+c0ByiYzWT8KTMRzoRCNlw==
2092
2114
  dependencies:
2093
- acorn "^7.3.1"
2115
+ acorn "^7.4.0"
2094
2116
  acorn-jsx "^5.2.0"
2095
2117
  eslint-visitor-keys "^1.3.0"
2096
2118
 
@@ -2884,7 +2906,7 @@ ignore@^4.0.6:
2884
2906
  resolved "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc"
2885
2907
  integrity sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==
2886
2908
 
2887
- import-fresh@^3.0.0:
2909
+ import-fresh@^3.0.0, import-fresh@^3.2.1:
2888
2910
  version "3.2.1"
2889
2911
  resolved "https://registry.npmjs.org/import-fresh/-/import-fresh-3.2.1.tgz#633ff618506e793af5ac91bf48b72677e15cbe66"
2890
2912
  integrity sha512-6e1q1cnWP2RXD9/keSkxHScg508CdXqXWgWBaETNhyuBFz+kUZlKboh+ISK+bU++DmbHimVBrOz/zzPe0sZ3sQ==
@@ -5371,10 +5393,10 @@ prettier-linter-helpers@^1.0.0:
5371
5393
  dependencies:
5372
5394
  fast-diff "^1.1.2"
5373
5395
 
5374
- prettier@^2.0.5:
5375
- version "2.0.5"
5376
- resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.0.5.tgz#d6d56282455243f2f92cc1716692c08aa31522d4"
5377
- integrity sha512-7PtVymN48hGcO4fGjybyBSIWDsLU4H4XlvOHfq91pz9kkGlonzwTfYkaIEwiRg/dAJF9YlbsduBAgtYLi+8cFg==
5396
+ prettier@^2.1.2:
5397
+ version "2.1.2"
5398
+ resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.1.2.tgz#3050700dae2e4c8b67c4c3f666cdb8af405e1ce5"
5399
+ integrity sha512-16c7K+x4qVlJg9rEbXl7HEGmQyZlG4R9AgP+oHKRMsMsuk8s+ATStlf1NpDqyBI1HpVyfjLOeMhH2LvuNvV5Vg==
5378
5400
 
5379
5401
  pretty-format@^26.4.2:
5380
5402
  version "26.4.2"
@@ -6458,10 +6480,10 @@ strip-final-newline@^2.0.0:
6458
6480
  resolved "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz#89b852fb2fcbe936f6f4b3187afb0a12c1ab58ad"
6459
6481
  integrity sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==
6460
6482
 
6461
- strip-json-comments@^3.1.0:
6462
- version "3.1.0"
6463
- resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.0.tgz#7638d31422129ecf4457440009fba03f9f9ac180"
6464
- integrity sha512-e6/d0eBu7gHtdCqFt0xJr642LdToM5/cN4Qb9DbHjVx1CP5RyeM+zH7pbecEmDv/lBqb0QH+6Uqq75rxFPkM0w==
6483
+ strip-json-comments@^3.1.0, strip-json-comments@^3.1.1:
6484
+ version "3.1.1"
6485
+ resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
6486
+ integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
6465
6487
 
6466
6488
  strip-json-comments@~2.0.1:
6467
6489
  version "2.0.1"
@@ -31,7 +31,6 @@ module Dependabot
31
31
 
32
32
  private
33
33
 
34
- # rubocop:disable Metrics/PerceivedComplexity
35
34
  def fetch_files
36
35
  fetched_files = []
37
36
  fetched_files << package_json
@@ -48,8 +47,6 @@ module Dependabot
48
47
  fetched_files.uniq
49
48
  end
50
49
 
51
- # rubocop:enable Metrics/PerceivedComplexity
52
-
53
50
  def package_json
54
51
  @package_json ||= fetch_file_from_host("package.json")
55
52
  end
@@ -173,6 +170,7 @@ module Dependabot
173
170
  ].uniq
174
171
  end
175
172
 
173
+ # rubocop:disable Metrics/PerceivedComplexity
176
174
  # rubocop:disable Metrics/AbcSize
177
175
  def path_dependency_details_from_manifest(file)
178
176
  return [] unless file.name.end_with?("package.json")
@@ -208,6 +206,7 @@ module Dependabot
208
206
  raise Dependabot::DependencyFileNotParseable, file.path
209
207
  end
210
208
  # rubocop:enable Metrics/AbcSize
209
+ # rubocop:enable Metrics/PerceivedComplexity
211
210
 
212
211
  def path_dependency_details_from_npm_lockfile(parsed_lockfile)
213
212
  path_starts = NPM_PATH_DEPENDENCY_STARTS
@@ -127,7 +127,6 @@ module Dependabot
127
127
  build_npmrc_content_from_lockfile
128
128
  end
129
129
 
130
- # rubocop:disable Metrics/PerceivedComplexity
131
130
  def credential_lines_for_npmrc
132
131
  lines = []
133
132
  registry_credentials.each do |cred|
@@ -154,8 +153,8 @@ module Dependabot
154
153
  # Work around a suspected yarn bug
155
154
  ["always-auth = true"] + lines
156
155
  end
157
- # rubocop:enable Metrics/PerceivedComplexity
158
156
 
157
+ # rubocop:disable Metrics/PerceivedComplexity
159
158
  def registry_scopes(registry)
160
159
  # Central registries don't just apply to scopes
161
160
  return if CENTRAL_REGISTRIES.include?(registry)
@@ -182,6 +181,7 @@ module Dependabot
182
181
 
183
182
  scopes.map { |scope| "@#{scope}:registry=https://#{registry}" }
184
183
  end
184
+ # rubocop:enable Metrics/PerceivedComplexity
185
185
 
186
186
  def registry_credentials
187
187
  credentials.select { |cred| cred.fetch("type") == "npm_registry" }
@@ -171,7 +171,7 @@ module Dependabot
171
171
  # Local path error: When installing a git dependency which
172
172
  # is using local file paths for sub-dependencies (e.g. unbuilt yarn
173
173
  # workspace project)
174
- sub_dep_local_path_err = "Package \"\" refers to a non-existing file"
174
+ sub_dep_local_path_err = 'Package "" refers to a non-existing file'
175
175
  if error_message.match?(INVALID_PACKAGE) ||
176
176
  error_message.start_with?(sub_dep_local_path_err)
177
177
  raise_resolvability_error(error_message, yarn_lock)
@@ -56,7 +56,6 @@ module Dependabot
56
56
 
57
57
  private
58
58
 
59
- # rubocop:disable Metrics/PerceivedComplexity
60
59
  def convert_js_constraint_to_ruby_constraint(req_string)
61
60
  return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
62
61
 
@@ -72,7 +71,6 @@ module Dependabot
72
71
  else ruby_range(req_string)
73
72
  end
74
73
  end
75
- # rubocop:enable Metrics/PerceivedComplexity
76
74
 
77
75
  def convert_tilde_req(req_string)
78
76
  version = req_string.gsub(/^~\>?[\s=]*/, "")
@@ -112,11 +110,10 @@ module Dependabot
112
110
  "~> #{parts.join('.')}"
113
111
  end
114
112
 
115
- # rubocop:disable Metrics/PerceivedComplexity
116
113
  def convert_caret_req(req_string)
117
114
  version = req_string.gsub(/^\^[\s=]*/, "")
118
115
  parts = version.split(".")
119
- parts = parts.fill("x", parts.length...3)
116
+ parts.fill("x", parts.length...3)
120
117
  first_non_zero = parts.find { |d| d != "0" }
121
118
  first_non_zero_index =
122
119
  first_non_zero ? parts.index(first_non_zero) : parts.count - 1
@@ -133,7 +130,6 @@ module Dependabot
133
130
 
134
131
  [">= #{version}", "< #{upper_bound}"]
135
132
  end
136
- # rubocop:enable Metrics/PerceivedComplexity
137
133
  end
138
134
  end
139
135
  end
@@ -167,6 +167,7 @@ module Dependabot
167
167
  wants_latest_dist_tag?(latest) ? latest : nil
168
168
  end
169
169
 
170
+ # rubocop:disable Metrics/PerceivedComplexity
170
171
  def related_to_current_pre?(version)
171
172
  current_version = dependency.version
172
173
  if current_version &&
@@ -188,6 +189,7 @@ module Dependabot
188
189
  false
189
190
  end
190
191
  end
192
+ # rubocop:enable Metrics/PerceivedComplexity
191
193
 
192
194
  def specified_dist_tag_requirement?
193
195
  dependency.requirements.any? do |req|
@@ -82,7 +82,6 @@ module Dependabot
82
82
  version_class.new(updated_version)
83
83
  end
84
84
 
85
- # rubocop:disable Metrics/PerceivedComplexity
86
85
  def run_yarn_updater(path, lockfile_name)
87
86
  SharedHelpers.with_git_configured(credentials: credentials) do
88
87
  Dir.chdir(path) do
@@ -107,8 +106,6 @@ module Dependabot
107
106
  sleep(rand(3.0..10.0)) && retry
108
107
  end
109
108
 
110
- # rubocop:enable Metrics/PerceivedComplexity
111
-
112
109
  def run_npm_updater(path, lockfile_name)
113
110
  SharedHelpers.with_git_configured(credentials: credentials) do
114
111
  Dir.chdir(path) do
@@ -130,6 +130,7 @@ module Dependabot
130
130
  )
131
131
  end
132
132
 
133
+ # rubocop:disable Metrics/PerceivedComplexity
133
134
  def resolve_latest_previous_version(dep, updated_version)
134
135
  return dep.version if dep.version
135
136
 
@@ -160,6 +161,7 @@ module Dependabot
160
161
  latest_previous_version
161
162
  end
162
163
  end
164
+ # rubocop:enable Metrics/PerceivedComplexity
163
165
 
164
166
  def part_of_tightly_locked_monorepo?
165
167
  monorepo_dep_names =
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.119.2
4
+ version: 0.120.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-02 00:00:00.000000000 Z
11
+ date: 2020-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.119.2
19
+ version: 0.120.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.119.2
26
+ version: 0.120.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.88.0
103
+ version: 0.91.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.88.0
110
+ version: 0.91.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: vcr
113
113
  requirement: !ruby/object:Gem::Requirement