dependabot-npm_and_yarn 0.138.3 → 0.139.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +1 -1
- data/helpers/package-lock.json +16 -16
- data/helpers/package.json +2 -2
- data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb +4 -6
- data/lib/dependabot/npm_and_yarn/file_updater.rb +10 -12
- data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb +6 -8
- data/lib/dependabot/npm_and_yarn/update_checker.rb +7 -11
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +4 -6
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c34935888655fe6a89e342a80d6e0a65c588bf8034940c33698f3529f990027
|
|
4
|
+
data.tar.gz: 0773260e327ae3aad9a99832130ab3e2b761b193541df15ca472dfc43a5fbb5d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3f0312e183844468b2e6752f50d89312aee5dab83ca0787d447e234912a6f2cdb3bf1b09338aee38a3ea8ca8e92c8ffc907672fece2f41271ab87f30825de9cb
|
|
7
|
+
data.tar.gz: fd9793c0f4563e0fd56d1104a5f7e350e60cf3ec87a3f30e22b0837da0cbeb5e23148495047c1a6872331f6dc9a6a6276d69113fdbb7b134d449dbf376e37496
|
data/helpers/build
CHANGED
data/helpers/package-lock.json
CHANGED
|
@@ -9,14 +9,14 @@
|
|
|
9
9
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
10
10
|
"@npmcli/arborist": "^2.2.9",
|
|
11
11
|
"detect-indent": "^6.0.0",
|
|
12
|
-
"npm": "6.14.
|
|
12
|
+
"npm": "6.14.12",
|
|
13
13
|
"semver": "^7.3.4"
|
|
14
14
|
},
|
|
15
15
|
"bin": {
|
|
16
16
|
"helper": "run.js"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"eslint": "^7.
|
|
19
|
+
"eslint": "^7.23.0",
|
|
20
20
|
"eslint-config-prettier": "^8.1.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
22
|
"prettier": "^2.2.1",
|
|
@@ -3456,9 +3456,9 @@
|
|
|
3456
3456
|
}
|
|
3457
3457
|
},
|
|
3458
3458
|
"node_modules/eslint": {
|
|
3459
|
-
"version": "7.
|
|
3460
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.
|
|
3461
|
-
"integrity": "sha512-
|
|
3459
|
+
"version": "7.23.0",
|
|
3460
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.23.0.tgz",
|
|
3461
|
+
"integrity": "sha512-kqvNVbdkjzpFy0XOszNwjkKzZ+6TcwCQ/h+ozlcIWwaimBBuhlQ4nN6kbiM2L+OjDcznkTJxzYfRFH92sx4a0Q==",
|
|
3462
3462
|
"dev": true,
|
|
3463
3463
|
"dependencies": {
|
|
3464
3464
|
"@babel/code-frame": "7.12.11",
|
|
@@ -8069,9 +8069,9 @@
|
|
|
8069
8069
|
}
|
|
8070
8070
|
},
|
|
8071
8071
|
"node_modules/npm": {
|
|
8072
|
-
"version": "6.14.
|
|
8073
|
-
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.
|
|
8074
|
-
"integrity": "sha512-
|
|
8072
|
+
"version": "6.14.12",
|
|
8073
|
+
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.12.tgz",
|
|
8074
|
+
"integrity": "sha512-La0TNNm1TLYaSeOyit+p3xGTRYYRsHae6/RG69MVXurZsWna9jccPP7FOi/u7V9WdiCV5OOojrfMD+WstO5MZQ==",
|
|
8075
8075
|
"bundleDependencies": [
|
|
8076
8076
|
"abbrev",
|
|
8077
8077
|
"ansicolors",
|
|
@@ -12441,7 +12441,7 @@
|
|
|
12441
12441
|
}
|
|
12442
12442
|
},
|
|
12443
12443
|
"node_modules/npm/node_modules/y18n": {
|
|
12444
|
-
"version": "4.0.
|
|
12444
|
+
"version": "4.0.1",
|
|
12445
12445
|
"inBundle": true,
|
|
12446
12446
|
"license": "ISC"
|
|
12447
12447
|
},
|
|
@@ -18891,9 +18891,9 @@
|
|
|
18891
18891
|
}
|
|
18892
18892
|
},
|
|
18893
18893
|
"eslint": {
|
|
18894
|
-
"version": "7.
|
|
18895
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.
|
|
18896
|
-
"integrity": "sha512-
|
|
18894
|
+
"version": "7.23.0",
|
|
18895
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.23.0.tgz",
|
|
18896
|
+
"integrity": "sha512-kqvNVbdkjzpFy0XOszNwjkKzZ+6TcwCQ/h+ozlcIWwaimBBuhlQ4nN6kbiM2L+OjDcznkTJxzYfRFH92sx4a0Q==",
|
|
18897
18897
|
"dev": true,
|
|
18898
18898
|
"requires": {
|
|
18899
18899
|
"@babel/code-frame": "7.12.11",
|
|
@@ -22425,9 +22425,9 @@
|
|
|
22425
22425
|
}
|
|
22426
22426
|
},
|
|
22427
22427
|
"npm": {
|
|
22428
|
-
"version": "6.14.
|
|
22429
|
-
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.
|
|
22430
|
-
"integrity": "sha512-
|
|
22428
|
+
"version": "6.14.12",
|
|
22429
|
+
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.12.tgz",
|
|
22430
|
+
"integrity": "sha512-La0TNNm1TLYaSeOyit+p3xGTRYYRsHae6/RG69MVXurZsWna9jccPP7FOi/u7V9WdiCV5OOojrfMD+WstO5MZQ==",
|
|
22431
22431
|
"requires": {
|
|
22432
22432
|
"abbrev": "~1.1.1",
|
|
22433
22433
|
"ansicolors": "~0.3.2",
|
|
@@ -25419,7 +25419,7 @@
|
|
|
25419
25419
|
"bundled": true
|
|
25420
25420
|
},
|
|
25421
25421
|
"y18n": {
|
|
25422
|
-
"version": "4.0.
|
|
25422
|
+
"version": "4.0.1",
|
|
25423
25423
|
"bundled": true
|
|
25424
25424
|
},
|
|
25425
25425
|
"yallist": {
|
data/helpers/package.json
CHANGED
|
@@ -12,11 +12,11 @@
|
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
13
|
"@npmcli/arborist": "^2.2.9",
|
|
14
14
|
"detect-indent": "^6.0.0",
|
|
15
|
-
"npm": "6.14.
|
|
15
|
+
"npm": "6.14.12",
|
|
16
16
|
"semver": "^7.3.4"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"eslint": "^7.
|
|
19
|
+
"eslint": "^7.23.0",
|
|
20
20
|
"eslint-config-prettier": "^8.1.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
22
|
"prettier": "^2.2.1",
|
|
@@ -16,12 +16,10 @@ module Dependabot
|
|
|
16
16
|
|
|
17
17
|
def files_requiring_update
|
|
18
18
|
@files_requiring_update ||=
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
workspaces_lockfile?(file)
|
|
24
|
-
end
|
|
19
|
+
dependency_files.select do |file|
|
|
20
|
+
package_files_requiring_update.include?(file) ||
|
|
21
|
+
package_required_lockfile?(file) ||
|
|
22
|
+
workspaces_lockfile?(file)
|
|
25
23
|
end
|
|
26
24
|
end
|
|
27
25
|
|
|
@@ -60,18 +60,16 @@ module Dependabot
|
|
|
60
60
|
|
|
61
61
|
def filtered_dependency_files
|
|
62
62
|
@filtered_dependency_files ||=
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
).files_requiring_update
|
|
74
|
-
end
|
|
63
|
+
if dependencies.select(&:top_level?).any?
|
|
64
|
+
DependencyFilesFilterer.new(
|
|
65
|
+
dependency_files: dependency_files,
|
|
66
|
+
updated_dependencies: dependencies
|
|
67
|
+
).files_requiring_update
|
|
68
|
+
else
|
|
69
|
+
SubDependencyFilesFilterer.new(
|
|
70
|
+
dependency_files: dependency_files,
|
|
71
|
+
updated_dependencies: dependencies
|
|
72
|
+
).files_requiring_update
|
|
75
73
|
end
|
|
76
74
|
end
|
|
77
75
|
|
|
@@ -18,15 +18,13 @@ module Dependabot
|
|
|
18
18
|
|
|
19
19
|
def files_requiring_update
|
|
20
20
|
@files_requiring_update ||=
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
next false unless sub_dep.name == updated_dep.name
|
|
21
|
+
lockfiles.select do |lockfile|
|
|
22
|
+
lockfile_dependencies(lockfile).any? do |sub_dep|
|
|
23
|
+
updated_dependencies.any? do |updated_dep|
|
|
24
|
+
next false unless sub_dep.name == updated_dep.name
|
|
26
25
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
end
|
|
26
|
+
version_class.new(updated_dep.version) >
|
|
27
|
+
version_class.new(sub_dep.version)
|
|
30
28
|
end
|
|
31
29
|
end
|
|
32
30
|
end
|
|
@@ -165,17 +165,13 @@ module Dependabot
|
|
|
165
165
|
|
|
166
166
|
def latest_version_for_git_dependency
|
|
167
167
|
@latest_version_for_git_dependency ||=
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
version_class.new(latest_git_version_details[:version])
|
|
176
|
-
else
|
|
177
|
-
latest_git_version_details[:sha]
|
|
178
|
-
end
|
|
168
|
+
if git_branch_or_ref_in_latest_release?
|
|
169
|
+
latest_released_version
|
|
170
|
+
elsif version_class.correct?(dependency.version)
|
|
171
|
+
latest_git_version_details[:version] &&
|
|
172
|
+
version_class.new(latest_git_version_details[:version])
|
|
173
|
+
else
|
|
174
|
+
latest_git_version_details[:sha]
|
|
179
175
|
end
|
|
180
176
|
end
|
|
181
177
|
|
|
@@ -75,12 +75,10 @@ module Dependabot
|
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def possible_previous_versions_with_details
|
|
78
|
-
@possible_previous_versions_with_details ||=
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
sort_by(&:first).reverse
|
|
83
|
-
end
|
|
78
|
+
@possible_previous_versions_with_details ||= npm_details.fetch("versions", {}).
|
|
79
|
+
transform_keys { |k| version_class.new(k) }.
|
|
80
|
+
reject { |v, _| v.prerelease? && !related_to_current_pre?(v) }.
|
|
81
|
+
sort_by(&:first).reverse
|
|
84
82
|
end
|
|
85
83
|
|
|
86
84
|
def possible_versions_with_details(filter_ignored: true)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.139.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.139.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.139.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.12.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.12.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|