dependabot-npm_and_yarn 0.130.3 → 0.131.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6a72032ddd9002f5f809306a78b9ef4ed6f162429304bf1028de47e26efe328b
4
- data.tar.gz: f0339e357f2f3d9c06fa762af01563377a97291506475ebec1c0248f055ecf2b
3
+ metadata.gz: 1613e41a007efe3d0026aae84c460c120ded45d8630479b44fd83baf8c267ec3
4
+ data.tar.gz: e94988b12dd70a4a652ff4cc76933fb09dc2153f39db0a8ef4b78cf210db0ab6
5
5
  SHA512:
6
- metadata.gz: 435dd37fd5d06d1840e9d7068f0aecfd5c0c856ff8f182f0ebd28e5d16219c1e871fc1f5e3478374cad730e37d03898d35d2cb74c05a6da531cb8f7e74680f82
7
- data.tar.gz: 12f6c7d18c5581a0b10ab2b6fc92c1882cf7421d3b07b0ab2cb78d78bfcae4ad76bfae15f2cdc20e09ca5e13183c25349963ed69e69280bf4a411c390e3213ff
6
+ metadata.gz: 811b30d07b03bafca27445069568f914381b129c36969ae5b0b5e3ee3efb451ea894f4ce3426a205deab9837c728170216d2017a1458b97c142d2dd1b437dc25
7
+ data.tar.gz: cf664e29456677008b71555e03a1b3acd8fb0b3e7afd9d2e9a9b4c9f51bd210173e15c0c9befe3ef31c4a4a82f48f82ba02699a0827c23daeadb4f52b9d05507
@@ -1,4 +1,5 @@
1
1
  module.exports = {
2
2
  verbose: true,
3
+ rootDir: "test",
3
4
  testEnvironment: "node",
4
5
  };
@@ -0,0 +1,6 @@
1
+ const conflictingDependencyParser = require("./conflicting-dependency-parser");
2
+
3
+ module.exports = {
4
+ findConflictingDependencies:
5
+ conflictingDependencyParser.findConflictingDependencies,
6
+ };
@@ -1,12 +1,9 @@
1
1
  const updater = require("./updater");
2
2
  const peerDependencyChecker = require("./peer-dependency-checker");
3
3
  const subdependencyUpdater = require("./subdependency-updater");
4
- const conflictingDependencyParser = require("./conflicting-dependency-parser");
5
4
 
6
5
  module.exports = {
7
6
  update: updater.updateDependencyFiles,
8
7
  updateSubdependency: subdependencyUpdater.updateDependencyFile,
9
8
  checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
10
- findConflictingDependencies:
11
- conflictingDependencyParser.findConflictingDependencies,
12
9
  };
data/helpers/package.json CHANGED
@@ -10,7 +10,7 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^2.0.6",
13
+ "@npmcli/arborist": "^2.1.1",
14
14
  "detect-indent": "^6.0.0",
15
15
  "npm6": "npm:npm@6.14.11",
16
16
  "npm7": "npm:npm@7.4.0",
@@ -4,7 +4,7 @@ const fs = require("fs");
4
4
  const rimraf = require("rimraf");
5
5
  const {
6
6
  findConflictingDependencies,
7
- } = require("../../lib/npm6/conflicting-dependency-parser");
7
+ } = require("../../lib/npm/conflicting-dependency-parser");
8
8
  const helpers = require("./helpers");
9
9
 
10
10
  describe("findConflictingDependencies", () => {
data/helpers/yarn.lock CHANGED
@@ -543,10 +543,10 @@
543
543
  "@types/yargs" "^15.0.0"
544
544
  chalk "^4.0.0"
545
545
 
546
- "@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3", "@npmcli/arborist@^2.0.6":
547
- version "2.0.6"
548
- resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.0.6.tgz#b1036209455f2048b791915a8e050a4390f99202"
549
- integrity sha512-3VF6rr3TlGABVZHksblQCcG+aXvsND+pdkUc7vKsKyvY5DB1b6QxXUHwJTPTZz7hKvFM5GQPewp8OxMUdMDMRQ==
546
+ "@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3", "@npmcli/arborist@^2.1.1":
547
+ version "2.1.1"
548
+ resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.1.1.tgz#e0ae0ea657662b8b21406528e41545f2d4386fcb"
549
+ integrity sha512-zt+dabNvSuhQMlmJL4H0YV4mGujylxgxeXPWSSjMjMoZI3laniHUB+oGOhJi/k68FVoZ/o/Aevi4rWDClfm5ZQ==
550
550
  dependencies:
551
551
  "@npmcli/installed-package-contents" "^1.0.5"
552
552
  "@npmcli/map-workspaces" "^1.0.1"
@@ -565,7 +565,7 @@
565
565
  npm-package-arg "^8.1.0"
566
566
  npm-pick-manifest "^6.1.0"
567
567
  npm-registry-fetch "^9.0.0"
568
- pacote "^11.2.3"
568
+ pacote "^11.2.4"
569
569
  parse-conflict-json "^1.1.1"
570
570
  promise-all-reject-late "^1.0.0"
571
571
  promise-call-limit "^1.0.1"
@@ -5844,10 +5844,10 @@ package-json@^4.0.0:
5844
5844
  registry-url "^3.0.3"
5845
5845
  semver "^5.1.0"
5846
5846
 
5847
- pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4, pacote@^11.2.3:
5848
- version "11.2.3"
5849
- resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.2.3.tgz#3c9f70d281c62c86ca3dc2e17df4234c63c698f1"
5850
- integrity sha512-Jphxyk1EjGyLzNwa+MkbcQUQeTIqlKcIoPq0t9ekR9ZxsTGjzhRjz/cOoL9PTVkqAW1FH7qBoVbYL4FqQGNNJg==
5847
+ pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4, pacote@^11.2.4:
5848
+ version "11.2.4"
5849
+ resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.2.4.tgz#dc7ca740a573ed86a3bf863511d22c1d413ec82f"
5850
+ integrity sha512-GfTeVQGJ6WyBQbQD4t3ocHbyOmTQLmWjkCKSZPmKiGFKYKNUaM5U2gbLzUW8WG1XmS9yQFnsTFA0k3o1+q4klQ==
5851
5851
  dependencies:
5852
5852
  "@npmcli/git" "^2.0.1"
5853
5853
  "@npmcli/installed-package-contents" "^1.0.5"
@@ -45,13 +45,9 @@ module Dependabot
45
45
  # parser doesn't deal with at the moment.
46
46
  if dependency_files_builder.package_locks.any? ||
47
47
  dependency_files_builder.shrinkwraps.any?
48
- package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
49
- npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
50
- Dependabot.logger.info(npm_version)
51
-
52
48
  SharedHelpers.run_helper_subprocess(
53
49
  command: NativeHelpers.helper_path,
54
- function: "npm6:findConflictingDependencies",
50
+ function: "npm:findConflictingDependencies",
55
51
  args: [Dir.pwd, dependency.name, target_version.to_s]
56
52
  )
57
53
  else
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.130.3
4
+ version: 0.131.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-26 00:00:00.000000000 Z
11
+ date: 2021-02-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.130.3
19
+ version: 0.131.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.130.3
26
+ version: 0.131.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.0
103
+ version: 1.9.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.0
110
+ version: 1.9.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.8.0
131
+ version: 0.9.1
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.8.0
138
+ version: 0.9.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -175,7 +175,8 @@ files:
175
175
  - helpers/README.md
176
176
  - helpers/build
177
177
  - helpers/jest.config.js
178
- - helpers/lib/npm6/conflicting-dependency-parser.js
178
+ - helpers/lib/npm/conflicting-dependency-parser.js
179
+ - helpers/lib/npm/index.js
179
180
  - helpers/lib/npm6/helpers.js
180
181
  - helpers/lib/npm6/index.js
181
182
  - helpers/lib/npm6/peer-dependency-checker.js
@@ -269,7 +270,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
269
270
  - !ruby/object:Gem::Version
270
271
  version: 2.5.0
271
272
  requirements: []
272
- rubygems_version: 3.1.4
273
+ rubygems_version: 3.2.3
273
274
  signing_key:
274
275
  specification_version: 4
275
276
  summary: JS support for dependabot