dependabot-npm_and_yarn 0.138.6 → 0.140.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 84916236c990d2af54694bb0aa0ec3da1a3363d0c1a7eb508569d2ed083fca98
-  data.tar.gz: 26b05fc417840eb81cc06663637c95002605c9e8419fe3a847017aa4a752e6f4
+  metadata.gz: f6752e0d6caf1ee510219ab72f2961b60b266c9c9b338a388e078e99ec851142
+  data.tar.gz: 39ae9014b6e1e30fee084f64b7594c1f27a3eb4effacea3c39f0f4861d4a7e40
 SHA512:
-  metadata.gz: 44c451612fe14f3e2fbd9d8172f6000a09b17c29e238550d115a1200058dd1a50b7b979bb0c248bd129c702aaa62065bab1f4bacadbc92ec1a5f9e1d49edfae8
-  data.tar.gz: 1c5ca6fc36c28e86538beacdc3ff0c8253c18d0708469799dce7b5c10ca18b4d043bcfc6e2e04b927dcbd02ead64172016de5dfb5a9639fe53053df2d8bfa807
+  metadata.gz: 6af9cde9d3f3930dfb0d2c70d959c6f06a0342b91140732e416892953a3298799beb37af779729ed8acd7d6e8f1fd2ebb8783ebb3c23ec6c643b77a7a77c8505
+  data.tar.gz: 49013312b100c974994abc4a6a9316220c410ccc54df3b2722658722f9d80c57166714fa77d5aefbf8a40052af41cdcc0733b6925630a8d8b2670e5f11fa2ad4

data/helpers/package-lock.json

@@ -7,7 +7,7 @@
       "name": "@dependabot/helper",
       "dependencies": {
         "@dependabot/yarn-lib": "^1.21.1",
-        "@npmcli/arborist": "^2.2.9",
+        "@npmcli/arborist": "^2.3.0",
         "detect-indent": "^6.0.0",
         "npm": "6.14.12",
         "semver": "^7.3.4"
@@ -16,7 +16,7 @@
         "helper": "run.js"
       },
       "devDependencies": {
-        "eslint": "^7.22.0",
+        "eslint": "^7.23.0",
         "eslint-config-prettier": "^8.1.0",
         "jest": "^26.6.3",
         "prettier": "^2.2.1",
@@ -1425,9 +1425,9 @@
       }
     },
     "node_modules/@npmcli/arborist": {
-      "version": "2.2.9",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.9.tgz",
-      "integrity": "sha512-ddC/CCAEHh28XYtgSAOudchdphNXcgErdYxwsEiykc2YbRA9Z+4XjI0BdBdXvv22DvkpO7zotUSxlVTcJmdURw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.3.0.tgz",
+      "integrity": "sha512-4z8x8jImp/Clwol4sgmR6qdntLQZDxNFabBSbyr9EB11cyWHyqhRvBKip/1sBTcQAScIwuFT64MOu/HI4a5Nkw==",
       "dependencies": {
         "@npmcli/installed-package-contents": "^1.0.7",
         "@npmcli/map-workspaces": "^1.0.2",
@@ -1440,7 +1440,7 @@
         "cacache": "^15.0.3",
         "common-ancestor-path": "^1.0.1",
         "json-parse-even-better-errors": "^2.3.1",
-        "json-stringify-nice": "^1.1.1",
+        "json-stringify-nice": "^1.1.2",
         "mkdirp-infer-owner": "^2.0.0",
         "npm-install-checks": "^4.0.0",
         "npm-package-arg": "^8.1.0",
@@ -3456,9 +3456,9 @@
       }
     },
     "node_modules/eslint": {
-      "version": "7.22.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.22.0.tgz",
-      "integrity": "sha512-3VawOtjSJUQiiqac8MQc+w457iGLfuNGLFn8JmF051tTKbh5/x/0vlcEj8OgDCaw7Ysa2Jn8paGshV7x2abKXg==",
+      "version": "7.23.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.23.0.tgz",
+      "integrity": "sha512-kqvNVbdkjzpFy0XOszNwjkKzZ+6TcwCQ/h+ozlcIWwaimBBuhlQ4nN6kbiM2L+OjDcznkTJxzYfRFH92sx4a0Q==",
       "dev": true,
       "dependencies": {
         "@babel/code-frame": "7.12.11",
@@ -7288,9 +7288,9 @@
       "dev": true
     },
     "node_modules/json-stringify-nice": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.1.tgz",
-      "integrity": "sha512-aHOgcSoOLvmFZQMvZ27rFw68r4e9OlQtH7YEcF2u5amVYbF/D3cKBXKCvl5EGhQz2NwJZ6RPfgRX6yNQ+UBKJw==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.3.tgz",
+      "integrity": "sha512-w8+cZZFgcPtFkZTmkA1UpRH0GXXfpeuc/cClNkQjLt9JoQd8cBFSyB8J1WWjJrthIYViHobwnh3jA4z5X2LdGA==",
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
       }
@@ -8195,7 +8195,239 @@
         "validate-npm-package-name",
         "which",
         "worker-farm",
-        "write-file-atomic"
+        "write-file-atomic",
+        "agent-base",
+        "agentkeepalive",
+        "ansi-align",
+        "ansi-regex",
+        "ansi-styles",
+        "are-we-there-yet",
+        "asap",
+        "asn1",
+        "assert-plus",
+        "asynckit",
+        "aws-sign2",
+        "aws4",
+        "balanced-match",
+        "bcrypt-pbkdf",
+        "boxen",
+        "brace-expansion",
+        "buffer-from",
+        "builtins",
+        "byline",
+        "camelcase",
+        "capture-stack-trace",
+        "caseless",
+        "chalk",
+        "cidr-regex",
+        "cli-boxes",
+        "cliui",
+        "clone",
+        "code-point-at",
+        "color-convert",
+        "color-name",
+        "colors",
+        "combined-stream",
+        "concat-map",
+        "concat-stream",
+        "configstore",
+        "console-control-strings",
+        "copy-concurrently",
+        "core-util-is",
+        "create-error-class",
+        "cross-spawn",
+        "crypto-random-string",
+        "cyclist",
+        "dashdash",
+        "debug",
+        "decamelize",
+        "decode-uri-component",
+        "deep-extend",
+        "defaults",
+        "define-properties",
+        "delayed-stream",
+        "delegates",
+        "dot-prop",
+        "dotenv",
+        "duplexer3",
+        "duplexify",
+        "ecc-jsbn",
+        "emoji-regex",
+        "encoding",
+        "end-of-stream",
+        "env-paths",
+        "err-code",
+        "errno",
+        "es-abstract",
+        "es-to-primitive",
+        "es6-promise",
+        "es6-promisify",
+        "escape-string-regexp",
+        "execa",
+        "extend",
+        "extsprintf",
+        "fast-json-stable-stringify",
+        "flush-write-stream",
+        "forever-agent",
+        "form-data",
+        "from2",
+        "fs-minipass",
+        "fs.realpath",
+        "function-bind",
+        "gauge",
+        "genfun",
+        "get-caller-file",
+        "get-stream",
+        "getpass",
+        "global-dirs",
+        "got",
+        "har-schema",
+        "har-validator",
+        "has",
+        "has-flag",
+        "has-symbols",
+        "http-cache-semantics",
+        "http-proxy-agent",
+        "http-signature",
+        "https-proxy-agent",
+        "humanize-ms",
+        "iconv-lite",
+        "ignore-walk",
+        "import-lazy",
+        "ip",
+        "ip-regex",
+        "is-callable",
+        "is-ci",
+        "is-date-object",
+        "is-fullwidth-code-point",
+        "is-installed-globally",
+        "is-npm",
+        "is-obj",
+        "is-path-inside",
+        "is-redirect",
+        "is-regex",
+        "is-retry-allowed",
+        "is-stream",
+        "is-symbol",
+        "is-typedarray",
+        "isarray",
+        "isexe",
+        "isstream",
+        "jsbn",
+        "json-schema",
+        "json-stringify-safe",
+        "jsonparse",
+        "jsprim",
+        "latest-version",
+        "libnpmconfig",
+        "libnpmpublish",
+        "lodash._createset",
+        "lodash._root",
+        "lowercase-keys",
+        "make-dir",
+        "make-fetch-happen",
+        "mime-db",
+        "mime-types",
+        "minimatch",
+        "minimist",
+        "minizlib",
+        "ms",
+        "mute-stream",
+        "node-fetch-npm",
+        "npm-bundled",
+        "npm-logical-tree",
+        "npm-normalize-package-bin",
+        "npm-run-path",
+        "number-is-nan",
+        "oauth-sign",
+        "object-assign",
+        "object-keys",
+        "object.getownpropertydescriptors",
+        "os-homedir",
+        "os-tmpdir",
+        "p-finally",
+        "package-json",
+        "parallel-transform",
+        "path-exists",
+        "path-is-absolute",
+        "path-key",
+        "path-parse",
+        "performance-now",
+        "pify",
+        "prepend-http",
+        "process-nextick-args",
+        "promise-retry",
+        "promzard",
+        "proto-list",
+        "protoduck",
+        "prr",
+        "pseudomap",
+        "psl",
+        "pump",
+        "pumpify",
+        "punycode",
+        "qs",
+        "rc",
+        "registry-auth-token",
+        "registry-url",
+        "require-directory",
+        "require-main-filename",
+        "resolve-from",
+        "run-queue",
+        "safer-buffer",
+        "semver-diff",
+        "set-blocking",
+        "shebang-command",
+        "shebang-regex",
+        "signal-exit",
+        "smart-buffer",
+        "socks",
+        "socks-proxy-agent",
+        "spdx-correct",
+        "spdx-exceptions",
+        "spdx-expression-parse",
+        "spdx-license-ids",
+        "split-on-first",
+        "sshpk",
+        "stream-each",
+        "stream-iterate",
+        "stream-shift",
+        "strict-uri-encode",
+        "string_decoder",
+        "string-width",
+        "strip-ansi",
+        "strip-eof",
+        "strip-json-comments",
+        "supports-color",
+        "term-size",
+        "through",
+        "through2",
+        "timed-out",
+        "tough-cookie",
+        "tunnel-agent",
+        "tweetnacl",
+        "typedarray",
+        "unique-slug",
+        "unique-string",
+        "unzip-response",
+        "uri-js",
+        "url-parse-lax",
+        "util-deprecate",
+        "util-extend",
+        "util-promisify",
+        "verror",
+        "wcwidth",
+        "which-module",
+        "wide-align",
+        "widest-line",
+        "wrap-ansi",
+        "wrappy",
+        "xdg-basedir",
+        "xtend",
+        "y18n",
+        "yallist",
+        "yargs",
+        "yargs-parser"
       ],
       "dependencies": {
         "abbrev": "~1.1.1",
@@ -17008,9 +17240,9 @@
       }
     },
     "@npmcli/arborist": {
-      "version": "2.2.9",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.2.9.tgz",
-      "integrity": "sha512-ddC/CCAEHh28XYtgSAOudchdphNXcgErdYxwsEiykc2YbRA9Z+4XjI0BdBdXvv22DvkpO7zotUSxlVTcJmdURw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.3.0.tgz",
+      "integrity": "sha512-4z8x8jImp/Clwol4sgmR6qdntLQZDxNFabBSbyr9EB11cyWHyqhRvBKip/1sBTcQAScIwuFT64MOu/HI4a5Nkw==",
       "requires": {
         "@npmcli/installed-package-contents": "^1.0.7",
         "@npmcli/map-workspaces": "^1.0.2",
@@ -17023,7 +17255,7 @@
         "cacache": "^15.0.3",
         "common-ancestor-path": "^1.0.1",
         "json-parse-even-better-errors": "^2.3.1",
-        "json-stringify-nice": "^1.1.1",
+        "json-stringify-nice": "^1.1.2",
         "mkdirp-infer-owner": "^2.0.0",
         "npm-install-checks": "^4.0.0",
         "npm-package-arg": "^8.1.0",
@@ -18659,9 +18891,9 @@
       }
     },
     "eslint": {
-      "version": "7.22.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.22.0.tgz",
-      "integrity": "sha512-3VawOtjSJUQiiqac8MQc+w457iGLfuNGLFn8JmF051tTKbh5/x/0vlcEj8OgDCaw7Ysa2Jn8paGshV7x2abKXg==",
+      "version": "7.23.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.23.0.tgz",
+      "integrity": "sha512-kqvNVbdkjzpFy0XOszNwjkKzZ+6TcwCQ/h+ozlcIWwaimBBuhlQ4nN6kbiM2L+OjDcznkTJxzYfRFH92sx4a0Q==",
       "dev": true,
       "requires": {
         "@babel/code-frame": "7.12.11",
@@ -21568,9 +21800,9 @@
       "dev": true
     },
     "json-stringify-nice": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.1.tgz",
-      "integrity": "sha512-aHOgcSoOLvmFZQMvZ27rFw68r4e9OlQtH7YEcF2u5amVYbF/D3cKBXKCvl5EGhQz2NwJZ6RPfgRX6yNQ+UBKJw=="
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.3.tgz",
+      "integrity": "sha512-w8+cZZFgcPtFkZTmkA1UpRH0GXXfpeuc/cClNkQjLt9JoQd8cBFSyB8J1WWjJrthIYViHobwnh3jA4z5X2LdGA=="
     },
     "json-stringify-safe": {
       "version": "5.0.1",

data/helpers/package.json

@@ -10,13 +10,13 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.21.1",
-    "@npmcli/arborist": "^2.2.9",
+    "@npmcli/arborist": "^2.3.0",
     "detect-indent": "^6.0.0",
     "npm": "6.14.12",
     "semver": "^7.3.4"
   },
   "devDependencies": {
-    "eslint": "^7.22.0",
+    "eslint": "^7.23.0",
     "eslint-config-prettier": "^8.1.0",
     "jest": "^26.6.3",
     "prettier": "^2.2.1",

data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb

@@ -16,12 +16,10 @@ module Dependabot
 
       def files_requiring_update
         @files_requiring_update ||=
-          begin
-            dependency_files.select do |file|
-              package_files_requiring_update.include?(file) ||
-                package_required_lockfile?(file) ||
-                workspaces_lockfile?(file)
-            end
+          dependency_files.select do |file|
+            package_files_requiring_update.include?(file) ||
+              package_required_lockfile?(file) ||
+              workspaces_lockfile?(file)
           end
       end
 

data/lib/dependabot/npm_and_yarn/file_updater.rb

@@ -60,18 +60,16 @@ module Dependabot
 
       def filtered_dependency_files
         @filtered_dependency_files ||=
-          begin
-            if dependencies.select(&:top_level?).any?
-              DependencyFilesFilterer.new(
-                dependency_files: dependency_files,
-                updated_dependencies: dependencies
-              ).files_requiring_update
-            else
-              SubDependencyFilesFilterer.new(
-                dependency_files: dependency_files,
-                updated_dependencies: dependencies
-              ).files_requiring_update
-            end
+          if dependencies.select(&:top_level?).any?
+            DependencyFilesFilterer.new(
+              dependency_files: dependency_files,
+              updated_dependencies: dependencies
+            ).files_requiring_update
+          else
+            SubDependencyFilesFilterer.new(
+              dependency_files: dependency_files,
+              updated_dependencies: dependencies
+            ).files_requiring_update
           end
       end
 

data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb

@@ -18,15 +18,13 @@ module Dependabot
 
       def files_requiring_update
         @files_requiring_update ||=
-          begin
-            lockfiles.select do |lockfile|
-              lockfile_dependencies(lockfile).any? do |sub_dep|
-                updated_dependencies.any? do |updated_dep|
-                  next false unless sub_dep.name == updated_dep.name
+          lockfiles.select do |lockfile|
+            lockfile_dependencies(lockfile).any? do |sub_dep|
+              updated_dependencies.any? do |updated_dep|
+                next false unless sub_dep.name == updated_dep.name
 
-                  version_class.new(updated_dep.version) >
-                    version_class.new(sub_dep.version)
-                end
+                version_class.new(updated_dep.version) >
+                  version_class.new(sub_dep.version)
               end
             end
           end

data/lib/dependabot/npm_and_yarn/update_checker.rb

@@ -165,17 +165,13 @@ module Dependabot
 
       def latest_version_for_git_dependency
         @latest_version_for_git_dependency ||=
-          begin
-            # If there's been a release that includes the current pinned ref
-            # or that the current branch is behind, we switch to that release.
-            if git_branch_or_ref_in_latest_release?
-              latest_released_version
-            elsif version_class.correct?(dependency.version)
-              latest_git_version_details[:version] &&
-                version_class.new(latest_git_version_details[:version])
-            else
-              latest_git_version_details[:sha]
-            end
+          if git_branch_or_ref_in_latest_release?
+            latest_released_version
+          elsif version_class.correct?(dependency.version)
+            latest_git_version_details[:version] &&
+              version_class.new(latest_git_version_details[:version])
+          else
+            latest_git_version_details[:sha]
           end
       end
 

data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

@@ -75,12 +75,10 @@ module Dependabot
         end
 
         def possible_previous_versions_with_details
-          @possible_previous_versions_with_details ||= begin
-            npm_details.fetch("versions", {}).
-              transform_keys { |k| version_class.new(k) }.
-              reject { |v, _| v.prerelease? && !related_to_current_pre?(v) }.
-              sort_by(&:first).reverse
-          end
+          @possible_previous_versions_with_details ||= npm_details.fetch("versions", {}).
+                                                       transform_keys { |k| version_class.new(k) }.
+                                                       reject { |v, _| v.prerelease? && !related_to_current_pre?(v) }.
+                                                       sort_by(&:first).reverse
         end
 
         def possible_versions_with_details(filter_ignored: true)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.138.6
+  version: 0.140.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-29 00:00:00.000000000 Z
+date: 2021-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.6
+        version: 0.140.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.6
+        version: 0.140.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement