dependabot-npm_and_yarn 0.141.0 → 0.143.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +22 -22
- data/helpers/package.json +2 -2
- data/lib/dependabot/npm_and_yarn/file_parser.rb +3 -4
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +1 -1
- data/lib/dependabot/npm_and_yarn/requirement.rb +3 -3
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +4 -4
- data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +7 -7
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 27e3f75539fb3d7ef8d9e1611c8953882c98c7a6882721b9bb49938da1ae0490
|
|
4
|
+
data.tar.gz: b3d759d8c36f5b672e8fb5eb118dd9d694576f445a7d26d149e4c18b0774e80d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 12f0d8551da6ff0a2f5d0b81fa8cd8ae73d57039132aafa974ca2f76d6950a0147883298be9f8a42669f81a2809f14d5e0c58a558e9fe61e8f0eca9da0ad33b3
|
|
7
|
+
data.tar.gz: 41e0e76bce54c26eac6debbe62e075700406f4bc00005cf094c4746d8d3ea4b8d4e6436d7aa15cc30a15afefadb5c578d61405e79dd9a70d38d9e7949cec0cfc
|
data/helpers/package-lock.json
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
10
10
|
"@npmcli/arborist": "^2.3.0",
|
|
11
11
|
"detect-indent": "^6.0.0",
|
|
12
|
-
"npm": "6.14.
|
|
12
|
+
"npm": "6.14.13",
|
|
13
13
|
"semver": "^7.3.4"
|
|
14
14
|
},
|
|
15
15
|
"bin": {
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
19
|
"eslint": "^7.24.0",
|
|
20
|
-
"eslint-config-prettier": "^8.
|
|
20
|
+
"eslint-config-prettier": "^8.2.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
22
|
"prettier": "^2.2.1",
|
|
23
23
|
"rimraf": "^3.0.2"
|
|
@@ -3510,9 +3510,9 @@
|
|
|
3510
3510
|
}
|
|
3511
3511
|
},
|
|
3512
3512
|
"node_modules/eslint-config-prettier": {
|
|
3513
|
-
"version": "8.
|
|
3514
|
-
"resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.
|
|
3515
|
-
"integrity": "sha512-
|
|
3513
|
+
"version": "8.2.0",
|
|
3514
|
+
"resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.2.0.tgz",
|
|
3515
|
+
"integrity": "sha512-dWV9EVeSo2qodOPi1iBYU/x6F6diHv8uujxbxr77xExs3zTAlNXvVZKiyLsQGNz7yPV2K49JY5WjPzNIuDc2Bw==",
|
|
3516
3516
|
"dev": true,
|
|
3517
3517
|
"bin": {
|
|
3518
3518
|
"eslint-config-prettier": "bin/cli.js"
|
|
@@ -8069,9 +8069,9 @@
|
|
|
8069
8069
|
}
|
|
8070
8070
|
},
|
|
8071
8071
|
"node_modules/npm": {
|
|
8072
|
-
"version": "6.14.
|
|
8073
|
-
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.
|
|
8074
|
-
"integrity": "sha512-
|
|
8072
|
+
"version": "6.14.13",
|
|
8073
|
+
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.13.tgz",
|
|
8074
|
+
"integrity": "sha512-SRl4jJi0EBHY2xKuu98FLRMo3VhYQSA6otyLnjSEiHoSG/9shXCFNJy9tivpUJvtkN9s6VDdItHa5Rn+fNBzag==",
|
|
8075
8075
|
"bundleDependencies": [
|
|
8076
8076
|
"abbrev",
|
|
8077
8077
|
"ansicolors",
|
|
@@ -8460,7 +8460,7 @@
|
|
|
8460
8460
|
"glob": "^7.1.6",
|
|
8461
8461
|
"graceful-fs": "^4.2.4",
|
|
8462
8462
|
"has-unicode": "~2.0.1",
|
|
8463
|
-
"hosted-git-info": "^2.8.
|
|
8463
|
+
"hosted-git-info": "^2.8.9",
|
|
8464
8464
|
"iferr": "^1.0.2",
|
|
8465
8465
|
"imurmurhash": "*",
|
|
8466
8466
|
"infer-owner": "^1.0.4",
|
|
@@ -8537,7 +8537,7 @@
|
|
|
8537
8537
|
"slide": "~1.1.6",
|
|
8538
8538
|
"sorted-object": "~2.0.1",
|
|
8539
8539
|
"sorted-union-stream": "~2.1.3",
|
|
8540
|
-
"ssri": "^6.0.
|
|
8540
|
+
"ssri": "^6.0.2",
|
|
8541
8541
|
"stringify-package": "^1.0.1",
|
|
8542
8542
|
"tar": "^4.4.13",
|
|
8543
8543
|
"text-table": "~0.2.0",
|
|
@@ -9994,7 +9994,7 @@
|
|
|
9994
9994
|
"license": "ISC"
|
|
9995
9995
|
},
|
|
9996
9996
|
"node_modules/npm/node_modules/hosted-git-info": {
|
|
9997
|
-
"version": "2.8.
|
|
9997
|
+
"version": "2.8.9",
|
|
9998
9998
|
"inBundle": true,
|
|
9999
9999
|
"license": "ISC"
|
|
10000
10000
|
},
|
|
@@ -11853,7 +11853,7 @@
|
|
|
11853
11853
|
}
|
|
11854
11854
|
},
|
|
11855
11855
|
"node_modules/npm/node_modules/ssri": {
|
|
11856
|
-
"version": "6.0.
|
|
11856
|
+
"version": "6.0.2",
|
|
11857
11857
|
"inBundle": true,
|
|
11858
11858
|
"license": "ISC",
|
|
11859
11859
|
"dependencies": {
|
|
@@ -19026,9 +19026,9 @@
|
|
|
19026
19026
|
}
|
|
19027
19027
|
},
|
|
19028
19028
|
"eslint-config-prettier": {
|
|
19029
|
-
"version": "8.
|
|
19030
|
-
"resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.
|
|
19031
|
-
"integrity": "sha512-
|
|
19029
|
+
"version": "8.2.0",
|
|
19030
|
+
"resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.2.0.tgz",
|
|
19031
|
+
"integrity": "sha512-dWV9EVeSo2qodOPi1iBYU/x6F6diHv8uujxbxr77xExs3zTAlNXvVZKiyLsQGNz7yPV2K49JY5WjPzNIuDc2Bw==",
|
|
19032
19032
|
"dev": true,
|
|
19033
19033
|
"requires": {}
|
|
19034
19034
|
},
|
|
@@ -22425,9 +22425,9 @@
|
|
|
22425
22425
|
}
|
|
22426
22426
|
},
|
|
22427
22427
|
"npm": {
|
|
22428
|
-
"version": "6.14.
|
|
22429
|
-
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.
|
|
22430
|
-
"integrity": "sha512-
|
|
22428
|
+
"version": "6.14.13",
|
|
22429
|
+
"resolved": "https://registry.npmjs.org/npm/-/npm-6.14.13.tgz",
|
|
22430
|
+
"integrity": "sha512-SRl4jJi0EBHY2xKuu98FLRMo3VhYQSA6otyLnjSEiHoSG/9shXCFNJy9tivpUJvtkN9s6VDdItHa5Rn+fNBzag==",
|
|
22431
22431
|
"requires": {
|
|
22432
22432
|
"abbrev": "~1.1.1",
|
|
22433
22433
|
"ansicolors": "~0.3.2",
|
|
@@ -22459,7 +22459,7 @@
|
|
|
22459
22459
|
"glob": "^7.1.6",
|
|
22460
22460
|
"graceful-fs": "^4.2.4",
|
|
22461
22461
|
"has-unicode": "~2.0.1",
|
|
22462
|
-
"hosted-git-info": "^2.8.
|
|
22462
|
+
"hosted-git-info": "^2.8.9",
|
|
22463
22463
|
"iferr": "^1.0.2",
|
|
22464
22464
|
"imurmurhash": "*",
|
|
22465
22465
|
"infer-owner": "^1.0.4",
|
|
@@ -22536,7 +22536,7 @@
|
|
|
22536
22536
|
"slide": "~1.1.6",
|
|
22537
22537
|
"sorted-object": "~2.0.1",
|
|
22538
22538
|
"sorted-union-stream": "~2.1.3",
|
|
22539
|
-
"ssri": "^6.0.
|
|
22539
|
+
"ssri": "^6.0.2",
|
|
22540
22540
|
"stringify-package": "^1.0.1",
|
|
22541
22541
|
"tar": "^4.4.13",
|
|
22542
22542
|
"text-table": "~0.2.0",
|
|
@@ -23576,7 +23576,7 @@
|
|
|
23576
23576
|
"bundled": true
|
|
23577
23577
|
},
|
|
23578
23578
|
"hosted-git-info": {
|
|
23579
|
-
"version": "2.8.
|
|
23579
|
+
"version": "2.8.9",
|
|
23580
23580
|
"bundled": true
|
|
23581
23581
|
},
|
|
23582
23582
|
"http-cache-semantics": {
|
|
@@ -24980,7 +24980,7 @@
|
|
|
24980
24980
|
}
|
|
24981
24981
|
},
|
|
24982
24982
|
"ssri": {
|
|
24983
|
-
"version": "6.0.
|
|
24983
|
+
"version": "6.0.2",
|
|
24984
24984
|
"bundled": true,
|
|
24985
24985
|
"requires": {
|
|
24986
24986
|
"figgy-pudding": "^3.5.1"
|
data/helpers/package.json
CHANGED
|
@@ -12,12 +12,12 @@
|
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
13
|
"@npmcli/arborist": "^2.3.0",
|
|
14
14
|
"detect-indent": "^6.0.0",
|
|
15
|
-
"npm": "6.14.
|
|
15
|
+
"npm": "6.14.13",
|
|
16
16
|
"semver": "^7.3.4"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
19
|
"eslint": "^7.24.0",
|
|
20
|
-
"eslint-config-prettier": "^8.
|
|
20
|
+
"eslint-config-prettier": "^8.2.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
22
|
"prettier": "^2.2.1",
|
|
23
23
|
"rimraf": "^3.0.2"
|
|
@@ -252,10 +252,9 @@ module Dependabot
|
|
|
252
252
|
|
|
253
253
|
return unless resolved_url
|
|
254
254
|
return unless resolved_url.start_with?("http")
|
|
255
|
-
return if CENTRAL_REGISTRIES.any? { |u| resolved_url.start_with?(u) }
|
|
256
255
|
return if resolved_url.match?(/(?<!pkg\.)github/)
|
|
257
256
|
|
|
258
|
-
|
|
257
|
+
registry_source_for(resolved_url, name)
|
|
259
258
|
end
|
|
260
259
|
|
|
261
260
|
def requirement_for(requirement)
|
|
@@ -287,7 +286,7 @@ module Dependabot
|
|
|
287
286
|
}
|
|
288
287
|
end
|
|
289
288
|
|
|
290
|
-
def
|
|
289
|
+
def registry_source_for(resolved_url, name)
|
|
291
290
|
url =
|
|
292
291
|
if resolved_url.include?("/~/")
|
|
293
292
|
# Gemfury format
|
|
@@ -305,7 +304,7 @@ module Dependabot
|
|
|
305
304
|
else resolved_url.split("/")[0..2].join("/")
|
|
306
305
|
end
|
|
307
306
|
|
|
308
|
-
{ type: "
|
|
307
|
+
{ type: "registry", url: url }
|
|
309
308
|
end
|
|
310
309
|
|
|
311
310
|
def url_for_relevant_cred(resolved_url)
|
|
@@ -39,7 +39,7 @@ module Dependabot
|
|
|
39
39
|
|
|
40
40
|
case source_type
|
|
41
41
|
when "git" then find_source_from_git_url
|
|
42
|
-
when "
|
|
42
|
+
when "registry" then find_source_from_registry
|
|
43
43
|
else raise "Unexpected source type: #{source_type}"
|
|
44
44
|
end
|
|
45
45
|
end
|
|
@@ -45,9 +45,9 @@ module Dependabot
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def initialize(*requirements)
|
|
48
|
-
requirements = requirements.flatten.
|
|
49
|
-
|
|
50
|
-
|
|
48
|
+
requirements = requirements.flatten.
|
|
49
|
+
flat_map { |req_string| req_string.split(",").map(&:strip) }.
|
|
50
|
+
flat_map { |req_string| convert_js_constraint_to_ruby_constraint(req_string) }
|
|
51
51
|
|
|
52
52
|
super(requirements)
|
|
53
53
|
end
|
|
@@ -106,7 +106,7 @@ module Dependabot
|
|
|
106
106
|
|
|
107
107
|
def filter_ignored_versions(versions_array)
|
|
108
108
|
filtered = versions_array.reject do |v, _|
|
|
109
|
-
|
|
109
|
+
ignore_requirements.any? { |r| r.satisfied_by?(v) }
|
|
110
110
|
end
|
|
111
111
|
|
|
112
112
|
raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
@@ -201,7 +201,7 @@ module Dependabot
|
|
|
201
201
|
return false if related_to_current_pre?(ver) ^ ver.prerelease?
|
|
202
202
|
return false if current_version_greater_than?(ver)
|
|
203
203
|
return false if current_requirement_greater_than?(ver)
|
|
204
|
-
return false if
|
|
204
|
+
return false if ignore_requirements.any? { |r| r.satisfied_by?(ver) }
|
|
205
205
|
return false if yanked?(ver)
|
|
206
206
|
|
|
207
207
|
true
|
|
@@ -388,8 +388,8 @@ module Dependabot
|
|
|
388
388
|
)
|
|
389
389
|
end
|
|
390
390
|
|
|
391
|
-
def
|
|
392
|
-
ignored_versions.
|
|
391
|
+
def ignore_requirements
|
|
392
|
+
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
|
393
393
|
end
|
|
394
394
|
|
|
395
395
|
def version_class
|
|
@@ -62,8 +62,8 @@ module Dependabot
|
|
|
62
62
|
|
|
63
63
|
def registry_url
|
|
64
64
|
protocol =
|
|
65
|
-
if
|
|
66
|
-
|
|
65
|
+
if registry_source_url
|
|
66
|
+
registry_source_url.split("://").first
|
|
67
67
|
else
|
|
68
68
|
"https"
|
|
69
69
|
end
|
|
@@ -92,10 +92,10 @@ module Dependabot
|
|
|
92
92
|
end
|
|
93
93
|
|
|
94
94
|
def locked_registry
|
|
95
|
-
return unless
|
|
95
|
+
return unless registry_source_url
|
|
96
96
|
|
|
97
97
|
lockfile_registry =
|
|
98
|
-
|
|
98
|
+
registry_source_url.
|
|
99
99
|
gsub("https://", "").
|
|
100
100
|
gsub("http://", "")
|
|
101
101
|
detailed_registry =
|
|
@@ -210,7 +210,7 @@ module Dependabot
|
|
|
210
210
|
dependency.name.gsub("/", "%2F")
|
|
211
211
|
end
|
|
212
212
|
|
|
213
|
-
def
|
|
213
|
+
def registry_source_url
|
|
214
214
|
sources = dependency.requirements.
|
|
215
215
|
map { |r| r.fetch(:source) }.uniq.compact
|
|
216
216
|
|
|
@@ -218,8 +218,8 @@ module Dependabot
|
|
|
218
218
|
# it's unclear how we should proceed
|
|
219
219
|
raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| [s[:type], s[:url]] }.uniq.count > 1
|
|
220
220
|
|
|
221
|
-
# Otherwise we just take the URL of the first
|
|
222
|
-
sources.find { |s| s[:type] == "
|
|
221
|
+
# Otherwise we just take the URL of the first registry
|
|
222
|
+
sources.find { |s| s[:type] == "registry" }&.fetch(:url)
|
|
223
223
|
end
|
|
224
224
|
end
|
|
225
225
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.143.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.143.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.143.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.13.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.13.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
284
284
|
- !ruby/object:Gem::Version
|
|
285
285
|
version: 2.5.0
|
|
286
286
|
requirements: []
|
|
287
|
-
rubygems_version: 3.2.
|
|
287
|
+
rubygems_version: 3.2.15
|
|
288
288
|
signing_key:
|
|
289
289
|
specification_version: 4
|
|
290
290
|
summary: JS support for dependabot
|