dependabot-npm_and_yarn 0.130.1 → 0.131.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/.eslintrc +1 -4
- data/helpers/build +1 -0
- data/helpers/jest.config.js +5 -0
- data/helpers/lib/{npm6 → npm}/conflicting-dependency-parser.js +0 -0
- data/helpers/lib/npm/index.js +6 -0
- data/helpers/lib/npm6/index.js +0 -3
- data/helpers/package.json +3 -3
- data/helpers/test/npm6/conflicting-dependency-parser.test.js +1 -1
- data/helpers/yarn.lock +36 -48
- data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +1 -5
- metadata +11 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d85e7d34c67ebb5edba7f0f724d1f8542570623bed0a8338db3b57eb14a1443c
|
|
4
|
+
data.tar.gz: 95d2ad726d20106f3ebe52685b43daa06d0ee8dd8bda39bcf8a3e1234a78dd17
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 77e05a760c14f8e4b5205750d8156e9e54e05b59ed10c624c73e5c4b9c2e43ccce6e9a5b3a6c1fbdf8737208a4ab7e9278c0ab8a0370ac726d42dbc3dffa677b
|
|
7
|
+
data.tar.gz: 42a1ca0f69ffba75089c96df2347e5fdaa37e9fc2f7f86527fe47520f876a5cdc8f92df92bd697a81f8cdf81def600258c07d5905066b31ae14b79ee1de9b893
|
data/helpers/.eslintrc
CHANGED
data/helpers/build
CHANGED
|
File without changes
|
data/helpers/lib/npm6/index.js
CHANGED
|
@@ -1,12 +1,9 @@
|
|
|
1
1
|
const updater = require("./updater");
|
|
2
2
|
const peerDependencyChecker = require("./peer-dependency-checker");
|
|
3
3
|
const subdependencyUpdater = require("./subdependency-updater");
|
|
4
|
-
const conflictingDependencyParser = require("./conflicting-dependency-parser");
|
|
5
4
|
|
|
6
5
|
module.exports = {
|
|
7
6
|
update: updater.updateDependencyFiles,
|
|
8
7
|
updateSubdependency: subdependencyUpdater.updateDependencyFile,
|
|
9
8
|
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
|
|
10
|
-
findConflictingDependencies:
|
|
11
|
-
conflictingDependencyParser.findConflictingDependencies,
|
|
12
9
|
};
|
data/helpers/package.json
CHANGED
|
@@ -10,15 +10,15 @@
|
|
|
10
10
|
},
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
|
-
"@npmcli/arborist": "^2.0
|
|
13
|
+
"@npmcli/arborist": "^2.2.0",
|
|
14
14
|
"detect-indent": "^6.0.0",
|
|
15
15
|
"npm6": "npm:npm@6.14.11",
|
|
16
16
|
"npm7": "npm:npm@7.4.0",
|
|
17
17
|
"semver": "^7.3.4"
|
|
18
18
|
},
|
|
19
19
|
"devDependencies": {
|
|
20
|
-
"eslint": "^7.
|
|
21
|
-
"eslint-
|
|
20
|
+
"eslint": "^7.18.0",
|
|
21
|
+
"eslint-config-prettier": "^7.2.0",
|
|
22
22
|
"jest": "^26.6.3",
|
|
23
23
|
"prettier": "^2.2.1",
|
|
24
24
|
"rimraf": "^3.0.2"
|
|
@@ -4,7 +4,7 @@ const fs = require("fs");
|
|
|
4
4
|
const rimraf = require("rimraf");
|
|
5
5
|
const {
|
|
6
6
|
findConflictingDependencies,
|
|
7
|
-
} = require("../../lib/
|
|
7
|
+
} = require("../../lib/npm/conflicting-dependency-parser");
|
|
8
8
|
const helpers = require("./helpers");
|
|
9
9
|
|
|
10
10
|
describe("findConflictingDependencies", () => {
|
data/helpers/yarn.lock
CHANGED
|
@@ -331,10 +331,10 @@
|
|
|
331
331
|
validate-npm-package-license "^3.0.4"
|
|
332
332
|
yn "^2.0.0"
|
|
333
333
|
|
|
334
|
-
"@eslint/eslintrc@^0.
|
|
335
|
-
version "0.
|
|
336
|
-
resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.
|
|
337
|
-
integrity sha512-
|
|
334
|
+
"@eslint/eslintrc@^0.3.0":
|
|
335
|
+
version "0.3.0"
|
|
336
|
+
resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.3.0.tgz#d736d6963d7003b6514e6324bec9c602ac340318"
|
|
337
|
+
integrity sha512-1JTKgrOKAHVivSvOYw+sJOunkBjUOvjqWk1DPja7ZFhIS2mX/4EgTT8M7eTK9jrKhL/FvXXEbQwIs3pg1xp3dg==
|
|
338
338
|
dependencies:
|
|
339
339
|
ajv "^6.12.4"
|
|
340
340
|
debug "^4.1.1"
|
|
@@ -343,7 +343,7 @@
|
|
|
343
343
|
ignore "^4.0.6"
|
|
344
344
|
import-fresh "^3.2.1"
|
|
345
345
|
js-yaml "^3.13.1"
|
|
346
|
-
lodash "^4.17.
|
|
346
|
+
lodash "^4.17.20"
|
|
347
347
|
minimatch "^3.0.4"
|
|
348
348
|
strip-json-comments "^3.1.1"
|
|
349
349
|
|
|
@@ -543,15 +543,15 @@
|
|
|
543
543
|
"@types/yargs" "^15.0.0"
|
|
544
544
|
chalk "^4.0.0"
|
|
545
545
|
|
|
546
|
-
"@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3":
|
|
547
|
-
version "2.0
|
|
548
|
-
resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.0.
|
|
549
|
-
integrity sha512-
|
|
546
|
+
"@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3", "@npmcli/arborist@^2.2.0":
|
|
547
|
+
version "2.2.0"
|
|
548
|
+
resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.2.0.tgz#4cd64abd0d6993382631c4064a8bef2c6c680232"
|
|
549
|
+
integrity sha512-bnQccUyKUz6Id7GgMnQiTA4E4U6LK5FolkWtVahk29JXiJYXWrRDItnjvcBbzjGAG9mAEK3LxsO3oWDvGVjw0A==
|
|
550
550
|
dependencies:
|
|
551
551
|
"@npmcli/installed-package-contents" "^1.0.5"
|
|
552
552
|
"@npmcli/map-workspaces" "^1.0.1"
|
|
553
|
-
"@npmcli/metavuln-calculator" "^1.0.
|
|
554
|
-
"@npmcli/move-file" "^1.0
|
|
553
|
+
"@npmcli/metavuln-calculator" "^1.0.1"
|
|
554
|
+
"@npmcli/move-file" "^1.1.0"
|
|
555
555
|
"@npmcli/name-from-folder" "^1.0.1"
|
|
556
556
|
"@npmcli/node-gyp" "^1.0.1"
|
|
557
557
|
"@npmcli/run-script" "^1.8.1"
|
|
@@ -564,7 +564,8 @@
|
|
|
564
564
|
npm-install-checks "^4.0.0"
|
|
565
565
|
npm-package-arg "^8.1.0"
|
|
566
566
|
npm-pick-manifest "^6.1.0"
|
|
567
|
-
|
|
567
|
+
npm-registry-fetch "^9.0.0"
|
|
568
|
+
pacote "^11.2.5"
|
|
568
569
|
parse-conflict-json "^1.1.1"
|
|
569
570
|
promise-all-reject-late "^1.0.0"
|
|
570
571
|
promise-call-limit "^1.0.1"
|
|
@@ -626,21 +627,22 @@
|
|
|
626
627
|
minimatch "^3.0.4"
|
|
627
628
|
read-package-json-fast "^1.2.1"
|
|
628
629
|
|
|
629
|
-
"@npmcli/metavuln-calculator@^1.0.
|
|
630
|
-
version "1.0.
|
|
631
|
-
resolved "https://registry.yarnpkg.com/@npmcli/metavuln-calculator/-/metavuln-calculator-1.0.
|
|
632
|
-
integrity sha512-
|
|
630
|
+
"@npmcli/metavuln-calculator@^1.0.1":
|
|
631
|
+
version "1.0.1"
|
|
632
|
+
resolved "https://registry.yarnpkg.com/@npmcli/metavuln-calculator/-/metavuln-calculator-1.0.1.tgz#2f8bfcd7b7ad4a2a95adb78dd7a7d0896015f14e"
|
|
633
|
+
integrity sha512-ezAi4lvICICG613CPvavqCn76jjkiQS+Hag8qMQInLitEjIyzVBud6ATfYIhDcH3d8RnxtMXe3kvKs6+JqTnJA==
|
|
633
634
|
dependencies:
|
|
634
635
|
cacache "^15.0.5"
|
|
635
636
|
pacote "^11.1.11"
|
|
636
637
|
semver "^7.3.2"
|
|
637
638
|
|
|
638
|
-
"@npmcli/move-file@^1.0.1":
|
|
639
|
-
version "1.0
|
|
640
|
-
resolved "https://registry.yarnpkg.com/@npmcli/move-file/-/move-file-1.0.
|
|
641
|
-
integrity sha512-
|
|
639
|
+
"@npmcli/move-file@^1.0.1", "@npmcli/move-file@^1.1.0":
|
|
640
|
+
version "1.1.0"
|
|
641
|
+
resolved "https://registry.yarnpkg.com/@npmcli/move-file/-/move-file-1.1.0.tgz#4ef8a53d727b9e43facf35404caf55ebf92cfec8"
|
|
642
|
+
integrity sha512-Iv2iq0JuyYjKeFkSR4LPaCdDZwlGK9X2cP/01nJcp3yMJ1FjNd9vpiEYvLUgzBxKPg2SFmaOhizoQsPc0LWeOQ==
|
|
642
643
|
dependencies:
|
|
643
644
|
mkdirp "^1.0.4"
|
|
645
|
+
rimraf "^2.7.1"
|
|
644
646
|
|
|
645
647
|
"@npmcli/name-from-folder@^1.0.1":
|
|
646
648
|
version "1.0.1"
|
|
@@ -2261,12 +2263,10 @@ escodegen@^1.14.1:
|
|
|
2261
2263
|
optionalDependencies:
|
|
2262
2264
|
source-map "~0.6.1"
|
|
2263
2265
|
|
|
2264
|
-
eslint-
|
|
2265
|
-
version "
|
|
2266
|
-
resolved "https://registry.yarnpkg.com/eslint-
|
|
2267
|
-
integrity sha512-
|
|
2268
|
-
dependencies:
|
|
2269
|
-
prettier-linter-helpers "^1.0.0"
|
|
2266
|
+
eslint-config-prettier@^7.2.0:
|
|
2267
|
+
version "7.2.0"
|
|
2268
|
+
resolved "https://registry.yarnpkg.com/eslint-config-prettier/-/eslint-config-prettier-7.2.0.tgz#f4a4bd2832e810e8cc7c1411ec85b3e85c0c53f9"
|
|
2269
|
+
integrity sha512-rV4Qu0C3nfJKPOAhFujFxB7RMP+URFyQqqOZW9DMRD7ZDTFyjaIlETU3xzHELt++4ugC0+Jm084HQYkkJe+Ivg==
|
|
2270
2270
|
|
|
2271
2271
|
eslint-scope@^5.1.1:
|
|
2272
2272
|
version "5.1.1"
|
|
@@ -2293,13 +2293,13 @@ eslint-visitor-keys@^2.0.0:
|
|
|
2293
2293
|
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-2.0.0.tgz#21fdc8fbcd9c795cc0321f0563702095751511a8"
|
|
2294
2294
|
integrity sha512-QudtT6av5WXels9WjIM7qz1XD1cWGvX4gGXvp/zBn9nXG02D0utdU3Em2m/QjTnrsk6bBjmCygl3rmj118msQQ==
|
|
2295
2295
|
|
|
2296
|
-
eslint@^7.
|
|
2297
|
-
version "7.
|
|
2298
|
-
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.
|
|
2299
|
-
integrity sha512-
|
|
2296
|
+
eslint@^7.18.0:
|
|
2297
|
+
version "7.18.0"
|
|
2298
|
+
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.18.0.tgz#7fdcd2f3715a41fe6295a16234bd69aed2c75e67"
|
|
2299
|
+
integrity sha512-fbgTiE8BfUJZuBeq2Yi7J3RB3WGUQ9PNuNbmgi6jt9Iv8qrkxfy19Ds3OpL1Pm7zg3BtTVhvcUZbIRQ0wmSjAQ==
|
|
2300
2300
|
dependencies:
|
|
2301
2301
|
"@babel/code-frame" "^7.0.0"
|
|
2302
|
-
"@eslint/eslintrc" "^0.
|
|
2302
|
+
"@eslint/eslintrc" "^0.3.0"
|
|
2303
2303
|
ajv "^6.10.0"
|
|
2304
2304
|
chalk "^4.0.0"
|
|
2305
2305
|
cross-spawn "^7.0.2"
|
|
@@ -2323,7 +2323,7 @@ eslint@^7.17.0:
|
|
|
2323
2323
|
js-yaml "^3.13.1"
|
|
2324
2324
|
json-stable-stringify-without-jsonify "^1.0.1"
|
|
2325
2325
|
levn "^0.4.1"
|
|
2326
|
-
lodash "^4.17.
|
|
2326
|
+
lodash "^4.17.20"
|
|
2327
2327
|
minimatch "^3.0.4"
|
|
2328
2328
|
natural-compare "^1.4.0"
|
|
2329
2329
|
optionator "^0.9.1"
|
|
@@ -2534,11 +2534,6 @@ fast-deep-equal@^3.1.1:
|
|
|
2534
2534
|
resolved "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525"
|
|
2535
2535
|
integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
|
|
2536
2536
|
|
|
2537
|
-
fast-diff@^1.1.2:
|
|
2538
|
-
version "1.2.0"
|
|
2539
|
-
resolved "https://registry.npmjs.org/fast-diff/-/fast-diff-1.2.0.tgz#73ee11982d86caaf7959828d519cfe927fac5f03"
|
|
2540
|
-
integrity sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w==
|
|
2541
|
-
|
|
2542
2537
|
fast-json-stable-stringify@^2.0.0:
|
|
2543
2538
|
version "2.1.0"
|
|
2544
2539
|
resolved "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
|
|
@@ -5849,10 +5844,10 @@ package-json@^4.0.0:
|
|
|
5849
5844
|
registry-url "^3.0.3"
|
|
5850
5845
|
semver "^5.1.0"
|
|
5851
5846
|
|
|
5852
|
-
pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4:
|
|
5853
|
-
version "11.
|
|
5854
|
-
resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.
|
|
5855
|
-
integrity sha512-
|
|
5847
|
+
pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4, pacote@^11.2.5:
|
|
5848
|
+
version "11.2.5"
|
|
5849
|
+
resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.2.5.tgz#7a1ecc7ac78237b54dcbc99f42ae6cc215d6e64e"
|
|
5850
|
+
integrity sha512-KgVY3Rh3xJnhnRCirmsXW8kIdbslrFTnYeTtdzyvObPgj/Tc5VqdmazxsvdXGdIgRB/Km92mBKfuWcGGqgu7UQ==
|
|
5856
5851
|
dependencies:
|
|
5857
5852
|
"@npmcli/git" "^2.0.1"
|
|
5858
5853
|
"@npmcli/installed-package-contents" "^1.0.5"
|
|
@@ -6104,13 +6099,6 @@ preserve@^0.2.0:
|
|
|
6104
6099
|
resolved "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz#815ed1f6ebc65926f865b310c0713bcb3315ce4b"
|
|
6105
6100
|
integrity sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks=
|
|
6106
6101
|
|
|
6107
|
-
prettier-linter-helpers@^1.0.0:
|
|
6108
|
-
version "1.0.0"
|
|
6109
|
-
resolved "https://registry.npmjs.org/prettier-linter-helpers/-/prettier-linter-helpers-1.0.0.tgz#d23d41fe1375646de2d0104d3454a3008802cf7b"
|
|
6110
|
-
integrity sha512-GbK2cP9nraSSUF9N2XwUwqfzlAFlMNYYl+ShE/V+H8a9uNl/oUqB1w2EL54Jh0OlyRSd8RfWYJ3coVS4TROP2w==
|
|
6111
|
-
dependencies:
|
|
6112
|
-
fast-diff "^1.1.2"
|
|
6113
|
-
|
|
6114
6102
|
prettier@^2.2.1:
|
|
6115
6103
|
version "2.2.1"
|
|
6116
6104
|
resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.2.1.tgz#795a1a78dd52f073da0cd42b21f9c91381923ff5"
|
|
@@ -45,13 +45,9 @@ module Dependabot
|
|
|
45
45
|
# parser doesn't deal with at the moment.
|
|
46
46
|
if dependency_files_builder.package_locks.any? ||
|
|
47
47
|
dependency_files_builder.shrinkwraps.any?
|
|
48
|
-
package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
|
|
49
|
-
npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
|
|
50
|
-
Dependabot.logger.info(npm_version)
|
|
51
|
-
|
|
52
48
|
SharedHelpers.run_helper_subprocess(
|
|
53
49
|
command: NativeHelpers.helper_path,
|
|
54
|
-
function: "
|
|
50
|
+
function: "npm:findConflictingDependencies",
|
|
55
51
|
args: [Dir.pwd, dependency.name, target_version.to_s]
|
|
56
52
|
)
|
|
57
53
|
else
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.131.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-02-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.131.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.131.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.9.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.9.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.9.1
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.9.1
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: vcr
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -174,7 +174,9 @@ files:
|
|
|
174
174
|
- helpers/.eslintrc
|
|
175
175
|
- helpers/README.md
|
|
176
176
|
- helpers/build
|
|
177
|
-
- helpers/
|
|
177
|
+
- helpers/jest.config.js
|
|
178
|
+
- helpers/lib/npm/conflicting-dependency-parser.js
|
|
179
|
+
- helpers/lib/npm/index.js
|
|
178
180
|
- helpers/lib/npm6/helpers.js
|
|
179
181
|
- helpers/lib/npm6/index.js
|
|
180
182
|
- helpers/lib/npm6/peer-dependency-checker.js
|