RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.125.0 → 0.125.5 - Mend

dependabot-npm_and_yarn 0.125.0 → 0.125.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f93a700a12bf8acc719d2716900e4fc5c17b5227ba84a6c6761b4736426d8a0
-  data.tar.gz: 27df298a59ebf2d6c975b8e6370d21f70bc580fa74bd4134f31a060b152e61d7
+  metadata.gz: 74b4f8a2fdcbfb3b33dc587ee7fff5488bb2328e5d5cb59327520ce52a19e6f0
+  data.tar.gz: f8e09730aec68b7ff4745d58c6873539de25686cac0c10dc41ecff434e1a2435
 SHA512:
-  metadata.gz: 416f6346d2784cce5a0e3d3d8422831b4654db8a7c23678d54599f16cd430ddfc50ad863c7eae1d3715d6bbb2e743d416f218b6b30cda14fb3ba285aca14c98d
-  data.tar.gz: 73dc809d8ef956b018c6973a91b922e8b487aca2d3a2cdde11894d51f94b7a3fc07889035e11c7543ecbafc775ad870652be0e61f01abd0a00449cd93b978915
+  metadata.gz: 8338c4eae0027af367594c67c79befb5603a2c9534adffb0f6bc501e264c40e453643aa423d1cf18d8e7e87c3d9b99b384cbbc494d0548e5f05bc3dd904feb04
+  data.tar.gz: 542f15a0de016dd10b58c128e47f997b76a32cbc411945f6db40e3f5544760c2c683b83104ef5fbe194b5c3008e729bcafc9b6a3b0e47a329adab1bb1d59c49e

data/helpers/README.md ADDED

@@ -0,0 +1,29 @@
+Native JavaScript helpers
+-------------------------
+This directory contains helper functions for npm and yarn, natively written in
+Javascript so that we can utilize the package managers internal APIs and other
+native tooling for these ecosystems.
+These helpers are called from the Ruby code via `run.js`, they are passed
+arguments via stdin and return JSON data to stdout.
+## Testing
+When working on these helpers, it's convenient to write some high level tests in
+JavaScript to make it easier to debug the code.
+You can now run the tests from this directory by running:
+```
+yarn test path/to/test.js
+```
+### Debugging
+In order to run an interactive debugger:
+- `node --inspect-brk node_modules/.bin/jest --runInBand path/to/test/test.js`
+- In Chrome, nativate to chrome://inspect
+- Click `Open dedicated DevTools for Node`
+- You'll now be able to interactively debug using the chrome dev tools.

data/helpers/lib/npm/conflicting-dependency-parser.js ADDED

@@ -0,0 +1,76 @@
+/* Conflicting dependency parser for npm
+ *
+ * Inputs:
+ *  - directory containing a package.json and a yarn.lock
+ *  - dependency name
+ *  - target dependency version
+ *
+ * Outputs:
+ *  - An array of objects with conflicting dependencies
+ */
+const Arborist = require("@npmcli/arborist");
+const semver = require("semver");
+async function findConflictingDependencies(directory, depName, targetVersion) {
+  const arb = new Arborist({
+    path: directory,
+  });
+  return await arb.loadVirtual().then((tree) => {
+    const parents = [];
+    for (const node of tree.inventory.query("name", depName)) {
+      for (const edge of node.edgesIn) {
+        if (!semver.satisfies(targetVersion, edge.spec)) {
+          findTopLevelEdges(edge).forEach((topLevel) => {
+            explanation = buildExplanation(node, edge, topLevel);
+            parents.push({
+              explanation: explanation,
+              name: edge.from.name,
+              version: edge.from.version,
+              requirement: edge.spec,
+            });
+          });
+        }
+      }
+    }
+    return parents;
+  });
+}
+function buildExplanation(node, directEdge, topLevelEdge) {
+  if (directEdge.from === topLevelEdge.to) {
+    // The nodes parent is top-level
+    return `${directEdge.from.name}@${directEdge.from.version} requires ${directEdge.to.name}@${directEdge.spec}`;
+  } else if (topLevelEdge.to.edgesOut.has(directEdge.from.name)) {
+    // The nodes parent is a direct dependency of the top-level dependency
+    return (
+      `${topLevelEdge.to.name}@${topLevelEdge.to.version} requires ${directEdge.to.name}@${directEdge.spec} ` +
+      `via ${directEdge.from.name}@${directEdge.from.version}`
+    );
+  } else {
+    // The nodes parent is a transitive dependency of the top-level dependency
+    return (
+      `${topLevelEdge.to.name}@${topLevelEdge.to.version} requires ${directEdge.to.name}@${directEdge.spec} ` +
+      `via a transitive dependency on ${directEdge.from.name}@${directEdge.from.version}`
+    );
+  }
+}
+function findTopLevelEdges(edge, parents = []) {
+  edge.from.edgesIn.forEach((parent) => {
+    if (parent.from.edgesIn.size === 0) {
+      if (!parents.includes(parent)) {
+        parents.push(parent);
+      }
+    } else {
+      findTopLevelEdges(parent, parents);
+    }
+  });
+  return parents;
+}
+module.exports = { findConflictingDependencies };

data/helpers/lib/npm/index.js CHANGED

@@ -1,9 +1,12 @@
 const updater = require("./updater");
 const peerDependencyChecker = require("./peer-dependency-checker");
 const subdependencyUpdater = require("./subdependency-updater");
+const conflictingDependencyParser = require("./conflicting-dependency-parser");
 module.exports = {
   update: updater.updateDependencyFiles,
   updateSubdependency: subdependencyUpdater.updateDependencyFile,
   checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
+  findConflictingDependencies:
+    conflictingDependencyParser.findConflictingDependencies,
 };

data/helpers/lib/yarn/conflicting-dependency-parser.js ADDED

@@ -0,0 +1,176 @@
+/* Conflicting dependency parser for yarn
+ *
+ * Inputs:
+ *  - directory containing a package.json and a yarn.lock
+ *  - dependency name
+ *  - target dependency version
+ *
+ * Outputs:
+ *  - An array of objects with conflicting dependencies
+ */
+const fs = require("fs");
+const path = require("path");
+const semver = require("semver");
+const { parse } = require("./lockfile-parser");
+const { LOCKFILE_ENTRY_REGEX } = require("./helpers");
+async function findConflictingDependencies(directory, depName, targetVersion) {
+  const lockfileJson = await parse(directory);
+  const packageJson = fs
+    .readFileSync(path.join(directory, "package.json"))
+    .toString();
+  const dependencyTypes = [
+    "dependencies",
+    "devDependencies",
+    "optionalDependencies",
+  ];
+  const topLevelDependencies = dependencyTypes.flatMap((type) => {
+    return Object.entries(JSON.parse(packageJson)[type] || {});
+  });
+  const conflictingParents = topLevelDependencies.flatMap(
+    ([topLevelDepName, topLevelRequirement]) => {
+      const topLevelSpec = {
+        name: topLevelDepName,
+        requirement: topLevelRequirement,
+      };
+      return Array.from(
+        findConflictingParentDependencies(
+          topLevelDepName,
+          topLevelRequirement,
+          depName,
+          targetVersion,
+          topLevelSpec,
+          lockfileJson
+        ).values()
+      );
+    }
+  );
+  return conflictingParents.map((parentSpec) => {
+    const explanation = buildExplanation(parentSpec, depName);
+    return {
+      explanation: explanation,
+      name: parentSpec.name,
+      version: parentSpec.version,
+      requirement: parentSpec.requirement,
+    };
+  });
+}
+function buildExplanation(parentSpec, targetDepName) {
+  if (
+    parentSpec.name === parentSpec.topLevelSpec.name &&
+    parentSpec.version === parentSpec.topLevelSpec.version
+  ) {
+    // The nodes parent is top-level
+    return (
+      `${parentSpec.name}@${parentSpec.version} requires ${targetDepName}` +
+      `@${parentSpec.requirement}`
+    );
+  } else if (
+    parentSpec.transitiveSpec.name === parentSpec.topLevelSpec.name &&
+    parentSpec.transitiveSpec.version === parentSpec.topLevelSpec.version
+  ) {
+    // The nodes parent is a direct dependency of the top-level dependency
+    return (
+      `${parentSpec.topLevelSpec.name}@${parentSpec.topLevelSpec.version} requires ` +
+      `${targetDepName}@${parentSpec.requirement} ` +
+      `via ${parentSpec.name}@${parentSpec.version}`
+    );
+  } else {
+    // The nodes parent is a transitive dependency of the top-level dependency
+    return (
+      `${parentSpec.topLevelSpec.name}@${parentSpec.topLevelSpec.version} requires ` +
+      `${targetDepName}@${parentSpec.requirement} ` +
+      `via a transitive dependency on ${parentSpec.name}@${parentSpec.version}`
+    );
+  }
+}
+function findConflictingParentDependencies(
+  dependency,
+  requirement,
+  targetDep,
+  targetversion,
+  topLevelSpec,
+  lockfileJson,
+  transitiveSpec = {},
+  checkedEntries = new Set(),
+  conflictingParents = new Map()
+) {
+  // Prevent infinte loops for circular dependencies by only checking each
+  // lockfile entry once
+  const checkedEntry = [dependency, requirement].join("@");
+  if (checkedEntries.has(checkedEntry)) {
+    return conflictingParents;
+  }
+  checkedEntries.add(checkedEntry);
+  for (const [entry, pkg] of Object.entries(lockfileJson)) {
+    const [_, parentDepName, parentDepRequirement] = entry.match(
+      LOCKFILE_ENTRY_REGEX
+    );
+    // Decorate the top-level dependency spec with an installed version as we
+    // only have the requirement from the package.json manifest
+    if (
+      topLevelSpec.name == parentDepName &&
+      topLevelSpec.requirement == parentDepRequirement
+    ) {
+      topLevelSpec.version = pkg.version;
+    }
+    if (
+      pkg.dependencies &&
+      dependency == parentDepName &&
+      requirement == parentDepRequirement
+    ) {
+      // Recursive check for sub-dependencies finding dependencies that don't
+      // allow the target version of the vulnerable dependency to be installed
+      for (const [subDepName, spec] of Object.entries(pkg.dependencies)) {
+        if (
+          subDepName === targetDep &&
+          !semver.satisfies(targetversion, spec)
+        ) {
+          // Only add the conflicting parent once per version preventing
+          // duplicate dependencies from circular graphs
+          const key = [parentDepName, pkg.version].join("@");
+          conflictingParents.set(key, {
+            name: parentDepName,
+            version: pkg.version,
+            requirement: spec,
+            transitiveSpec,
+            topLevelSpec,
+          });
+        } else {
+          // Keep track of the parent dependency as a way to check if the
+          // conflicting dependency ends up being a direct dependency of a
+          // top-level dependency
+          transitiveSpec = {
+            name: parentDepName,
+            version: pkg.version,
+            requirement: parentDepRequirement,
+          };
+          findConflictingParentDependencies(
+            subDepName,
+            spec,
+            targetDep,
+            targetversion,
+            topLevelSpec,
+            lockfileJson,
+            transitiveSpec,
+            checkedEntries,
+            conflictingParents
+          );
+        }
+      }
+    }
+  }
+  return conflictingParents;
+}
+module.exports = { findConflictingDependencies };

data/helpers/lib/yarn/fix-duplicates.js CHANGED

@@ -2,6 +2,7 @@ const parse = require("@dependabot/yarn-lib/lib/lockfile/parse").default;
 const stringify = require("@dependabot/yarn-lib/lib/lockfile/stringify")
   .default;
 const semver = require("semver");
+const { LOCKFILE_ENTRY_REGEX } = require("./helpers");
 function flattenIndirectDependencies(packages) {
   return (packages || []).reduce((acc, { pkg }) => {
@@ -24,11 +25,12 @@ module.exports = (data, updatedDependencyName) => {
   const noHeader = !Boolean(data.match(/^# THIS IS AN AU/m));
   const packages = {};
-  const re = /^(.*)@([^@]*?)$/;
   Object.entries(json).forEach(([name, pkg]) => {
-    if (name.match(re)) {
-      const [_, packageName, requestedVersion] = name.match(re);
+    if (name.match(LOCKFILE_ENTRY_REGEX)) {
+      const [_, packageName, requestedVersion] = name.match(
+        LOCKFILE_ENTRY_REGEX
+      );
       packages[packageName] = packages[packageName] || [];
       packages[packageName].push(
         Object.assign({}, { name, pkg, packageName, requestedVersion })

data/helpers/lib/yarn/helpers.js CHANGED

@@ -44,4 +44,11 @@ class LightweightInstall extends Install {
   }
 }
-module.exports = { isString, LightweightAdd, LightweightInstall };
+const LOCKFILE_ENTRY_REGEX = /^(.*)@([^@]*?)$/;
+module.exports = {
+  isString,
+  LightweightAdd,
+  LightweightInstall,
+  LOCKFILE_ENTRY_REGEX,
+};

data/helpers/lib/yarn/index.js CHANGED

@@ -2,10 +2,13 @@ const lockfileParser = require("./lockfile-parser");
 const updater = require("./updater");
 const subdependencyUpdater = require("./subdependency-updater");
 const peerDependencyChecker = require("./peer-dependency-checker");
+const conflictingDependencyParser = require("./conflicting-dependency-parser");
 module.exports = {
   parseLockfile: lockfileParser.parse,
   update: updater.updateDependencyFiles,
   updateSubdependency: subdependencyUpdater.updateDependencyFile,
   checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
+  findConflictingDependencies:
+    conflictingDependencyParser.findConflictingDependencies,
 };

data/helpers/package.json CHANGED

@@ -10,12 +10,13 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.21.1",
+    "@npmcli/arborist": "^1.0.12",
     "detect-indent": "^6.0.0",
-    "npm": "6.14.8",
+    "npm": "6.14.9",
     "semver": "^7.3.2"
   },
   "devDependencies": {
-    "eslint": "^7.12.1",
+    "eslint": "^7.14.0",
     "eslint-plugin-prettier": "^3.1.4",
     "jest": "^26.6.2",
     "prettier": "^2.1.2",

data/helpers/test/npm/conflicting-dependency-parser.test.js ADDED

@@ -0,0 +1,67 @@
+const path = require("path");
+const os = require("os");
+const fs = require("fs");
+const rimraf = require("rimraf");
+const {
+  findConflictingDependencies,
+} = require("../../lib/npm/conflicting-dependency-parser");
+const helpers = require("./helpers");
+describe("findConflictingDependencies", () => {
+  let tempDir;
+  beforeEach(() => {
+    tempDir = fs.mkdtempSync(os.tmpdir() + path.sep);
+  });
+  afterEach(() => rimraf.sync(tempDir));
+  it("finds conflicting dependencies", async () => {
+    helpers.copyDependencies("conflicting-dependency-parser/simple", tempDir);
+    const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
+    expect(result).toEqual([
+      {
+        explanation: "objnest@4.1.2 requires abind@^1.0.0",
+        name: "objnest",
+        version: "4.1.2",
+        requirement: "^1.0.0",
+      },
+    ]);
+  });
+  it("finds the top-level conflicting dependency", async () => {
+    helpers.copyDependencies("conflicting-dependency-parser/nested", tempDir);
+    const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
+    expect(result).toEqual([
+      {
+        explanation: "askconfig@4.0.4 requires abind@^1.0.4 via objnest@5.0.10",
+        name: "objnest",
+        version: "5.0.10",
+        requirement: "^1.0.4",
+      },
+    ]);
+  });
+  it("explains a deeply nested dependency", async () => {
+    helpers.copyDependencies(
+      "conflicting-dependency-parser/deeply-nested",
+      tempDir
+    );
+    const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
+    expect(result).toEqual([
+      {
+        explanation: "apass@1.1.0 requires abind@^1.0.0 via cipherjson@2.1.0",
+        name: "cipherjson",
+        version: "2.1.0",
+        requirement: "^1.0.0",
+      },
+      {
+        explanation: `apass@1.1.0 requires abind@^1.0.0 via a transitive dependency on objnest@3.0.9`,
+        name: "objnest",
+        version: "3.0.9",
+        requirement: "^1.0.0",
+      },
+    ]);
+  });
+});

data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json ADDED

@@ -0,0 +1,565 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "abind": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/abind/-/abind-1.0.5.tgz",
+      "integrity": "sha512-dbaEZphdPje0ihqSdWg36Sb8S20TuqQomiz2593oIx+enQ9Q4vDZRjIzhnkWltGRKVKqC28kTribkgRLBexWVQ=="
+    },
+    "aglob": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/aglob/-/aglob-2.0.1.tgz",
+      "integrity": "sha1-kl7PJC11AkLAcVrNMy+V90kGZhQ=",
+      "requires": {
+        "co": "^4.6.0",
+        "glob": "^7.1.1"
+      }
+    },
+    "ansi-regex": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
+      "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8="
+    },
+    "apass": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/apass/-/apass-1.1.0.tgz",
+      "integrity": "sha1-WNdSImWxQTtctC/2v/CfIaKDVpc=",
+      "requires": {
+        "asfs": "^1.1.1",
+        "askconfig": "^3.0.5",
+        "cipherjson": "^2.1.0",
+        "co": "^4.6.0",
+        "colorprint": "^4.1.0",
+        "commander": "^2.9.0",
+        "execcli": "^4.0.10",
+        "fmtjson": "^3.0.7"
+      }
+    },
+    "argx": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/argx/-/argx-3.0.2.tgz",
+      "integrity": "sha1-G6qI0WCrb1Rrbs4OB1lswrs0JKk=",
+      "requires": {
+        "iftype": "^3.0.0"
+      }
+    },
+    "arrayreduce": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/arrayreduce/-/arrayreduce-2.1.0.tgz",
+      "integrity": "sha1-6lg24whra1S3pWK0eez4BpyU0Qo="
+    },
+    "asfs": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/asfs/-/asfs-1.2.3.tgz",
+      "integrity": "sha1-VnE2PoPEOQjvFaJciBkcYbUICDM=",
+      "requires": {
+        "aglob": "^2.0.1",
+        "co": "^4.6.0",
+        "filecopy": "^3.0.0",
+        "mkdirp": "^0.5.1"
+      }
+    },
+    "askconfig": {
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/askconfig/-/askconfig-3.0.5.tgz",
+      "integrity": "sha1-PwcA078U8w44yAH57QDC2Wgqne0=",
+      "requires": {
+        "argx": "^3.0.0",
+        "cli-color": "^1.1.0",
+        "co": "^4.6.0",
+        "objnest": "^3.0.6"
+      }
+    },
+    "asleep": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/asleep/-/asleep-1.0.3.tgz",
+      "integrity": "sha1-oQTiSsIpVjxCXk6n51tXihnuIY4="
+    },
+    "async": {
+      "version": "2.6.3",
+      "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz",
+      "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==",
+      "requires": {
+        "lodash": "^4.17.14"
+      }
+    },
+    "babel-runtime": {
+      "version": "6.26.0",
+      "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.26.0.tgz",
+      "integrity": "sha1-llxwWGaOgrVde/4E/yM3vItWR/4=",
+      "requires": {
+        "core-js": "^2.4.0",
+        "regenerator-runtime": "^0.11.0"
+      }
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "cipherjson": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cipherjson/-/cipherjson-2.1.0.tgz",
+      "integrity": "sha1-NxWib+PkEKL2W9jQw3jnzdei0eI=",
+      "requires": {
+        "abind": "^1.0.0",
+        "argx": "^3.0.2",
+        "async": "^2.1.4",
+        "objnest": "^3.0.9",
+        "writeout": "^2.1.0"
+      }
+    },
+    "cli-color": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/cli-color/-/cli-color-1.4.0.tgz",
+      "integrity": "sha512-xu6RvQqqrWEo6MPR1eixqGPywhYBHRs653F9jfXB2Hx4jdM/3WxiNE1vppRmxtMIfl16SFYTpYlrnqH/HsK/2w==",
+      "requires": {
+        "ansi-regex": "^2.1.1",
+        "d": "1",
+        "es5-ext": "^0.10.46",
+        "es6-iterator": "^2.0.3",
+        "memoizee": "^0.4.14",
+        "timers-ext": "^0.1.5"
+      }
+    },
+    "co": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
+      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ="
+    },
+    "colorprint": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/colorprint/-/colorprint-4.1.0.tgz",
+      "integrity": "sha1-BSroTEv9Ed7l7xvwfC9iVYT8CYk=",
+      "requires": {
+        "cli-color": "^1.1.0",
+        "commander": "^2.9.0"
+      }
+    },
+    "commander": {
+      "version": "2.20.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+    },
+    "core-js": {
+      "version": "2.6.11",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.11.tgz",
+      "integrity": "sha512-5wjnpaT/3dV+XB4borEsnAYQchn00XSgTAWKDkEqv+K8KevjbzmofK6hfJ9TZIlpj2N0xQpazy7PiRQiWHqzWg=="
+    },
+    "d": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/d/-/d-1.0.1.tgz",
+      "integrity": "sha512-m62ShEObQ39CfralilEQRjH6oAMtNCV1xJyEx5LpRYUVN+EviphDgUc/F3hnYbADmkiNs67Y+3ylmlG7Lnu+FA==",
+      "requires": {
+        "es5-ext": "^0.10.50",
+        "type": "^1.0.1"
+      }
+    },
+    "es5-ext": {
+      "version": "0.10.53",
+      "resolved": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.53.tgz",
+      "integrity": "sha512-Xs2Stw6NiNHWypzRTY1MtaG/uJlwCk8kH81920ma8mvN8Xq1gsfhZvpkImLQArw8AHnv8MT2I45J3c0R8slE+Q==",
+      "requires": {
+        "es6-iterator": "~2.0.3",
+        "es6-symbol": "~3.1.3",
+        "next-tick": "~1.0.0"
+      }
+    },
+    "es6-iterator": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz",
+      "integrity": "sha1-p96IkUGgWpSwhUQDstCg+/qY87c=",
+      "requires": {
+        "d": "1",
+        "es5-ext": "^0.10.35",
+        "es6-symbol": "^3.1.1"
+      }
+    },
+    "es6-symbol": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.3.tgz",
+      "integrity": "sha512-NJ6Yn3FuDinBaBRWl/q5X/s4koRHBrgKAu+yGI6JCBeiu3qrcbJhwT2GeR/EXVfylRk8dpQVJoLEFhK+Mu31NA==",
+      "requires": {
+        "d": "^1.0.1",
+        "ext": "^1.1.2"
+      }
+    },
+    "es6-weak-map": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz",
+      "integrity": "sha512-p5um32HOTO1kP+w7PRnB+5lQ43Z6muuMuIMffvDN8ZB4GcnjLBV6zGStpbASIMk4DCAvEaamhe2zhyCb/QXXsA==",
+      "requires": {
+        "d": "1",
+        "es5-ext": "^0.10.46",
+        "es6-iterator": "^2.0.3",
+        "es6-symbol": "^3.1.1"
+      }
+    },
+    "event-emitter": {
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz",
+      "integrity": "sha1-34xp7vFkeSPHFXuc6DhAYQsCzDk=",
+      "requires": {
+        "d": "1",
+        "es5-ext": "~0.10.14"
+      }
+    },
+    "execcli": {
+      "version": "4.0.11",
+      "resolved": "https://registry.npmjs.org/execcli/-/execcli-4.0.11.tgz",
+      "integrity": "sha1-PbmCCoP6EkK5v7UNEVUdBQWSfUM=",
+      "requires": {
+        "argx": "^3.0.0",
+        "arrayreduce": "^2.1.0",
+        "babel-runtime": "^6.23.0",
+        "findout": "^2.0.1",
+        "hasbin": "^1.2.3",
+        "stringcase": "^3.2.1"
+      }
+    },
+    "ext": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/ext/-/ext-1.4.0.tgz",
+      "integrity": "sha512-Key5NIsUxdqKg3vIsdw9dSuXpPCQ297y6wBjL30edxwPgt2E44WcWBZey/ZvUc6sERLTxKdyCu4gZFmUbk1Q7A==",
+      "requires": {
+        "type": "^2.0.0"
+      },
+      "dependencies": {
+        "type": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/type/-/type-2.1.0.tgz",
+          "integrity": "sha512-G9absDWvhAWCV2gmF1zKud3OyC61nZDwWvBL2DApaVFogI07CprggiQAOOjvp2NRjYWFzPyu7vwtDrQFq8jeSA=="
+        }
+      }
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
+    },
+    "filecopy": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/filecopy/-/filecopy-3.0.1.tgz",
+      "integrity": "sha1-hqX4pylo7K6qW7suPoEKh3zUmWY=",
+      "requires": {
+        "aglob": "^2.0.1",
+        "argx": "^3.0.0",
+        "co": "^4.6.0",
+        "mkdirp": "^0.5.1"
+      }
+    },
+    "filedel": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/filedel/-/filedel-4.1.2.tgz",
+      "integrity": "sha512-GmCi+mLI3DgGFde0W3vsZshRtSBK5BxTkrVLioGLoARBY5Ef42anaXP1PmQTI6AI/TVoM8Mkw5mBisGy5MPlTA==",
+      "requires": {
+        "aglob": "^3.0.2",
+        "argx": "^4.0.4",
+        "asfs": "^2.3.0",
+        "rimraf": "^3.0.2"
+      },
+      "dependencies": {
+        "aglob": {
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/aglob/-/aglob-3.0.2.tgz",
+          "integrity": "sha512-0khk6p36zn0NbYAMtNov7o4VQpWOZChVt+cQHIEb0KSqxNn5hvGU2+pPI5+6vydUhe8W3ZxREMcpkAmMEi8p9Q==",
+          "requires": {
+            "glob": "^7.1.3"
+          }
+        },
+        "argx": {
+          "version": "4.0.4",
+          "resolved": "https://registry.npmjs.org/argx/-/argx-4.0.4.tgz",
+          "integrity": "sha512-XLWeRTNBJRzQkbMweLIxdtnvpE7iYUBraPwrIJX57FjL4D1RHLMJRM1AyEP6KZHgvjW7TSnxF8MpGic7YdTGOA==",
+          "requires": {
+            "iftype": "^4.0.9"
+          }
+        },
+        "asfs": {
+          "version": "2.3.0",
+          "resolved": "https://registry.npmjs.org/asfs/-/asfs-2.3.0.tgz",
+          "integrity": "sha512-mPfLlrZuoDFjR0Cd9ructfhJ4Cq0OH3CNVaO2RjMk+I9Utfb28sxFdnAVPByziTzTh2jgd7wX7Wy+8LIBjz2nw==",
+          "requires": {
+            "aglob": "^3.0.1",
+            "filecopy": "^4.1.0",
+            "mkdirp": "^1.0.3"
+          }
+        },
+        "filecopy": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/filecopy/-/filecopy-4.1.0.tgz",
+          "integrity": "sha512-1K2VHl+WVzODCwcZzmSrNCUIYTM37F4/yny0bI05bN3PdQHZjfszsW2L2yia7/Xb1B854f6XrA3ZTv0KjBmogA==",
+          "requires": {
+            "aglob": "^3.0.2",
+            "argx": "^4.0.4",
+            "mkdirp": "^1.0.3"
+          }
+        },
+        "iftype": {
+          "version": "4.0.9",
+          "resolved": "https://registry.npmjs.org/iftype/-/iftype-4.0.9.tgz",
+          "integrity": "sha512-01Klo+04dkDzY193D1GVfOdQzmpqaYFJTAlZKRztkT/BOaU7sSnvxGimSln+7DMqLUP4tpDTNFgxqVPLYZVypA=="
+        },
+        "mkdirp": {
+          "version": "1.0.4",
+          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
+          "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
+        }
+      }
+    },
+    "findout": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/findout/-/findout-2.1.2.tgz",
+      "integrity": "sha1-eEFc9z7Z4nwC4pqbxETn0ir2AQU=",
+      "requires": {
+        "babel-runtime": "^6.11.6",
+        "co": "^4.6.0"
+      }
+    },
+    "fmtjson": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/fmtjson/-/fmtjson-3.0.7.tgz",
+      "integrity": "sha1-eGM+7hRk33CotIRWfN7rS+j/08w=",
+      "requires": {
+        "aglob": "^1.0.2",
+        "argx": "^3.0.1",
+        "asfs": "^1.0.5",
+        "co": "^4.6.0",
+        "writeout": "^2.0.7"
+      },
+      "dependencies": {
+        "aglob": {
+          "version": "1.1.1",
+          "resolved": "https://registry.npmjs.org/aglob/-/aglob-1.1.1.tgz",
+          "integrity": "sha1-+VJpKq29nVKHdekUtpXgdjH58Io=",
+          "requires": {
+            "babel-runtime": "^6.11.6",
+            "co": "^4.6.0",
+            "glob": "^7.0.5"
+          }
+        }
+      }
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
+    },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "hasbin": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/hasbin/-/hasbin-1.2.3.tgz",
+      "integrity": "sha1-eMWSaJPIAhXCtWiuH9P8q3omlrA=",
+      "requires": {
+        "async": "~1.5"
+      },
+      "dependencies": {
+        "async": {
+          "version": "1.5.2",
+          "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
+          "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
+        }
+      }
+    },
+    "iftype": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/iftype/-/iftype-3.0.2.tgz",
+      "integrity": "sha1-V3EmHmT7NaaA0yDTZox1Kfklq3Q=",
+      "requires": {
+        "babel-runtime": "^6.11.6"
+      }
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "is-promise": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz",
+      "integrity": "sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ=="
+    },
+    "lodash": {
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
+    },
+    "lru-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz",
+      "integrity": "sha1-Jzi9nw089PhEkMVzbEhpmsYyzaM=",
+      "requires": {
+        "es5-ext": "~0.10.2"
+      }
+    },
+    "memoizee": {
+      "version": "0.4.14",
+      "resolved": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.14.tgz",
+      "integrity": "sha512-/SWFvWegAIYAO4NQMpcX+gcra0yEZu4OntmUdrBaWrJncxOqAziGFlHxc7yjKVK2uu3lpPW27P27wkR82wA8mg==",
+      "requires": {
+        "d": "1",
+        "es5-ext": "^0.10.45",
+        "es6-weak-map": "^2.0.2",
+        "event-emitter": "^0.3.5",
+        "is-promise": "^2.1",
+        "lru-queue": "0.1",
+        "next-tick": "1",
+        "timers-ext": "^0.1.5"
+      }
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
+      "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw=="
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "next-tick": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz",
+      "integrity": "sha1-yobR/ogoFpsBICCOPchCS524NCw="
+    },
+    "objnest": {
+      "version": "3.0.9",
+      "resolved": "https://registry.npmjs.org/objnest/-/objnest-3.0.9.tgz",
+      "integrity": "sha1-yBHtOVXPRgO6Ncx+A0j+oZUbk5U=",
+      "requires": {
+        "abind": "^1.0.0",
+        "extend": "^3.0.0"
+      }
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
+    },
+    "regenerator-runtime": {
+      "version": "0.11.1",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz",
+      "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg=="
+    },
+    "rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "requires": {
+        "glob": "^7.1.3"
+      }
+    },
+    "stringcase": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/stringcase/-/stringcase-3.2.1.tgz",
+      "integrity": "sha1-iTRRYwSXZM92q89c4Ctkv7ZHLlY="
+    },
+    "timers-ext": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz",
+      "integrity": "sha512-b85NUNzTSdodShTIbky6ZF02e8STtVVfD+fu4aXXShEELpozH+bCpJLYMPZbsABN2wDH7fJpqIoXxJpzbf0NqQ==",
+      "requires": {
+        "es5-ext": "~0.10.46",
+        "next-tick": "1"
+      }
+    },
+    "type": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/type/-/type-1.2.0.tgz",
+      "integrity": "sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
+    },
+    "writeout": {
+      "version": "2.3.4",
+      "resolved": "https://registry.npmjs.org/writeout/-/writeout-2.3.4.tgz",
+      "integrity": "sha512-8EO+2MdDKvyhVGGA7hXtCOWIyfpzi1PAkmYTFUhq3/duskEDYzcDvZTiYgVV/CectCRSelGdIW++ym58uNOuYw==",
+      "requires": {
+        "argx": "^4.0.4",
+        "asleep": "^1.0.3",
+        "filedel": "^4.1.2",
+        "mkdirp": "^1.0.4"
+      },
+      "dependencies": {
+        "argx": {
+          "version": "4.0.4",
+          "resolved": "https://registry.npmjs.org/argx/-/argx-4.0.4.tgz",
+          "integrity": "sha512-XLWeRTNBJRzQkbMweLIxdtnvpE7iYUBraPwrIJX57FjL4D1RHLMJRM1AyEP6KZHgvjW7TSnxF8MpGic7YdTGOA==",
+          "requires": {
+            "iftype": "^4.0.9"
+          }
+        },
+        "iftype": {
+          "version": "4.0.9",
+          "resolved": "https://registry.npmjs.org/iftype/-/iftype-4.0.9.tgz",
+          "integrity": "sha512-01Klo+04dkDzY193D1GVfOdQzmpqaYFJTAlZKRztkT/BOaU7sSnvxGimSln+7DMqLUP4tpDTNFgxqVPLYZVypA=="
+        },
+        "mkdirp": {
+          "version": "1.0.4",
+          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
+          "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
+        }
+      }
+    }
+  }
+}