dependabot-npm_and_yarn 0.130.3 → 0.132.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/jest.config.js +1 -0
- data/helpers/lib/{npm6 → npm}/conflicting-dependency-parser.js +0 -0
- data/helpers/lib/npm/index.js +6 -0
- data/helpers/lib/npm6/index.js +0 -3
- data/helpers/lib/npm6/updater.js +1 -0
- data/helpers/lib/npm7/index.js +5 -0
- data/helpers/lib/npm7/peer-dependency-checker.js +77 -0
- data/helpers/package.json +1 -1
- data/helpers/test/npm6/conflicting-dependency-parser.test.js +1 -1
- data/helpers/test/npm7/conflicting-dependency-parser.test.js +67 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +1291 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/nested/package-lock.json +411 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/simple/package-lock.json +64 -0
- data/helpers/test/npm7/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
- data/helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency/package-lock.json +290 -0
- data/helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency/package.json +23 -0
- data/helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency_multiple/package-lock.json +965 -0
- data/helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency_multiple/package.json +10 -0
- data/helpers/test/npm7/helpers.js +21 -0
- data/helpers/test/npm7/peer-dependency-checker.test.js +107 -0
- data/helpers/yarn.lock +1207 -1241
- data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb +3 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +252 -53
- data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +1 -5
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +1 -2
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +1 -2
- metadata +26 -10
|
@@ -45,13 +45,9 @@ module Dependabot
|
|
|
45
45
|
# parser doesn't deal with at the moment.
|
|
46
46
|
if dependency_files_builder.package_locks.any? ||
|
|
47
47
|
dependency_files_builder.shrinkwraps.any?
|
|
48
|
-
package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
|
|
49
|
-
npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
|
|
50
|
-
Dependabot.logger.info(npm_version)
|
|
51
|
-
|
|
52
48
|
SharedHelpers.run_helper_subprocess(
|
|
53
49
|
command: NativeHelpers.helper_path,
|
|
54
|
-
function: "
|
|
50
|
+
function: "npm:findConflictingDependencies",
|
|
55
51
|
args: [Dir.pwd, dependency.name, target_version.to_s]
|
|
56
52
|
)
|
|
57
53
|
else
|
|
@@ -113,11 +113,10 @@ module Dependabot
|
|
|
113
113
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
114
114
|
Dir.chdir(path) do
|
|
115
115
|
npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
|
|
116
|
-
Dependabot.logger.info(npm_version)
|
|
117
116
|
|
|
118
117
|
SharedHelpers.run_helper_subprocess(
|
|
119
118
|
command: NativeHelpers.helper_path,
|
|
120
|
-
function: "
|
|
119
|
+
function: "#{npm_version}:updateSubdependency",
|
|
121
120
|
args: [Dir.pwd, lockfile_name, [dependency.to_h]]
|
|
122
121
|
)
|
|
123
122
|
end
|
|
@@ -420,11 +420,10 @@ module Dependabot
|
|
|
420
420
|
f.name == [path, "package-lock.json"].join("/").sub(%r{\A.?\/}, "")
|
|
421
421
|
end
|
|
422
422
|
npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
|
|
423
|
-
Dependabot.logger.info(npm_version)
|
|
424
423
|
|
|
425
424
|
SharedHelpers.run_helper_subprocess(
|
|
426
425
|
command: NativeHelpers.helper_path,
|
|
427
|
-
function: "
|
|
426
|
+
function: "#{npm_version}:checkPeerDependencies",
|
|
428
427
|
args: [
|
|
429
428
|
Dir.pwd,
|
|
430
429
|
dependency.name,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.132.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-02-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.132.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.132.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.9.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.9.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.9.1
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.9.1
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: vcr
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -175,13 +175,16 @@ files:
|
|
|
175
175
|
- helpers/README.md
|
|
176
176
|
- helpers/build
|
|
177
177
|
- helpers/jest.config.js
|
|
178
|
-
- helpers/lib/
|
|
178
|
+
- helpers/lib/npm/conflicting-dependency-parser.js
|
|
179
|
+
- helpers/lib/npm/index.js
|
|
179
180
|
- helpers/lib/npm6/helpers.js
|
|
180
181
|
- helpers/lib/npm6/index.js
|
|
181
182
|
- helpers/lib/npm6/peer-dependency-checker.js
|
|
182
183
|
- helpers/lib/npm6/remove-dependencies-from-lockfile.js
|
|
183
184
|
- helpers/lib/npm6/subdependency-updater.js
|
|
184
185
|
- helpers/lib/npm6/updater.js
|
|
186
|
+
- helpers/lib/npm7/index.js
|
|
187
|
+
- helpers/lib/npm7/peer-dependency-checker.js
|
|
185
188
|
- helpers/lib/yarn/conflicting-dependency-parser.js
|
|
186
189
|
- helpers/lib/yarn/fix-duplicates.js
|
|
187
190
|
- helpers/lib/yarn/helpers.js
|
|
@@ -205,6 +208,19 @@ files:
|
|
|
205
208
|
- helpers/test/npm6/fixtures/updater/updated/package-lock.json
|
|
206
209
|
- helpers/test/npm6/helpers.js
|
|
207
210
|
- helpers/test/npm6/updater.test.js
|
|
211
|
+
- helpers/test/npm7/conflicting-dependency-parser.test.js
|
|
212
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
|
|
213
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
|
214
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/nested/package-lock.json
|
|
215
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/nested/package.json
|
|
216
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/simple/package-lock.json
|
|
217
|
+
- helpers/test/npm7/fixtures/conflicting-dependency-parser/simple/package.json
|
|
218
|
+
- helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency/package-lock.json
|
|
219
|
+
- helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency/package.json
|
|
220
|
+
- helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency_multiple/package-lock.json
|
|
221
|
+
- helpers/test/npm7/fixtures/peer-dependency-checker/peer_dependency_multiple/package.json
|
|
222
|
+
- helpers/test/npm7/helpers.js
|
|
223
|
+
- helpers/test/npm7/peer-dependency-checker.test.js
|
|
208
224
|
- helpers/test/yarn/conflicting-dependency-parser.test.js
|
|
209
225
|
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
|
210
226
|
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
|
|
@@ -269,7 +285,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
269
285
|
- !ruby/object:Gem::Version
|
|
270
286
|
version: 2.5.0
|
|
271
287
|
requirements: []
|
|
272
|
-
rubygems_version: 3.
|
|
288
|
+
rubygems_version: 3.2.3
|
|
273
289
|
signing_key:
|
|
274
290
|
specification_version: 4
|
|
275
291
|
summary: JS support for dependabot
|