dependabot-npm_and_yarn 0.142.0 → 0.143.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +42 -9
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/requirement.rb +3 -3
  5. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +4 -4
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ea62a721fe672274b33494ff43706de21a0eff920e95eeb7dc44cb6fbf6f9b75
4
- data.tar.gz: 6213f8e96bb04fc9a8a76a58eda1ff89a30dd2717c034bf7e7a7c05f963c8769
3
+ metadata.gz: 25465636745fe0aeb1885afde2086cdc2f02197b3b1ef890810334d934799f07
4
+ data.tar.gz: 1d696d12bd4ed935d9ada29984f39f5ae13b4adbc2d25534fb542d3e4417d356
5
5
  SHA512:
6
- metadata.gz: 8d5e671c116c8df2d56208ba130dc70662ceeab23b396aefdf537a4af6915bffdda67ee3ec91d9814ed7b57d3e2056c4a9cd99d91a61075661b5148b0c95ecfa
7
- data.tar.gz: e9b916ef43b19571ebe4c22b782f498127bfd19e3d46e8fd01ccd1512d4bf7e688cb493bd9e0e05745b04e3cbb042bb5fb4c2be00bf6899493b4ab37598ac9d1
6
+ metadata.gz: b832e67241b7ebc0075e24c02d839828b4b82d9e1ccd3d6d15675501d82665632e2c8bd91c0e01e6a65939051565b0c2d680564ce049619253b33981d23b2fb2
7
+ data.tar.gz: 12d01262d1e96570e3f73aea5aeb4525225f02fc0ed380f69363220e0ca983f4f8d9f0ac06d784f28d523eafc32cb5e72875292ee70db54b8402faf742af186a
data/helpers/package-lock.json CHANGED
@@ -7,7 +7,7 @@
7
7
  "name": "@dependabot/helper",
8
8
  "dependencies": {
9
9
  "@dependabot/yarn-lib": "^1.21.1",
10
- "@npmcli/arborist": "^2.3.0",
10
+ "@npmcli/arborist": "^2.4.0",
11
11
  "detect-indent": "^6.0.0",
12
12
  "npm": "6.14.13",
13
13
  "semver": "^7.3.4"
@@ -1425,9 +1425,9 @@
1425
1425
  }
1426
1426
  },
1427
1427
  "node_modules/@npmcli/arborist": {
1428
- "version": "2.3.0",
1429
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.3.0.tgz",
1430
- "integrity": "sha512-4z8x8jImp/Clwol4sgmR6qdntLQZDxNFabBSbyr9EB11cyWHyqhRvBKip/1sBTcQAScIwuFT64MOu/HI4a5Nkw==",
1428
+ "version": "2.4.0",
1429
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.4.0.tgz",
1430
+ "integrity": "sha512-rCoRrUSmXdBDBBgL/O0oehIR53ey99Pds8dId7gztARZmx6/NBoeiUOu9RnvXSe15XZLc3JSz9sHPcbQ9NQ53Q==",
1431
1431
  "dependencies": {
1432
1432
  "@npmcli/installed-package-contents": "^1.0.7",
1433
1433
  "@npmcli/map-workspaces": "^1.0.2",
@@ -1445,7 +1445,7 @@
1445
1445
  "npm-install-checks": "^4.0.0",
1446
1446
  "npm-package-arg": "^8.1.0",
1447
1447
  "npm-pick-manifest": "^6.1.0",
1448
- "npm-registry-fetch": "^9.0.0",
1448
+ "npm-registry-fetch": "^10.0.0",
1449
1449
  "pacote": "^11.2.6",
1450
1450
  "parse-conflict-json": "^1.1.1",
1451
1451
  "promise-all-reject-late": "^1.0.0",
@@ -1461,6 +1461,23 @@
1461
1461
  "arborist": "bin/index.js"
1462
1462
  }
1463
1463
  },
1464
+ "node_modules/@npmcli/arborist/node_modules/npm-registry-fetch": {
1465
+ "version": "10.1.0",
1466
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz",
1467
+ "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==",
1468
+ "dependencies": {
1469
+ "lru-cache": "^6.0.0",
1470
+ "make-fetch-happen": "^8.0.9",
1471
+ "minipass": "^3.1.3",
1472
+ "minipass-fetch": "^1.3.0",
1473
+ "minipass-json-stream": "^1.0.1",
1474
+ "minizlib": "^2.0.0",
1475
+ "npm-package-arg": "^8.0.0"
1476
+ },
1477
+ "engines": {
1478
+ "node": ">=10"
1479
+ }
1480
+ },
1464
1481
  "node_modules/@npmcli/ci-detect": {
1465
1482
  "version": "1.3.0",
1466
1483
  "resolved": "https://registry.npmjs.org/@npmcli/ci-detect/-/ci-detect-1.3.0.tgz",
@@ -17240,9 +17257,9 @@
17240
17257
  }
17241
17258
  },
17242
17259
  "@npmcli/arborist": {
17243
- "version": "2.3.0",
17244
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.3.0.tgz",
17245
- "integrity": "sha512-4z8x8jImp/Clwol4sgmR6qdntLQZDxNFabBSbyr9EB11cyWHyqhRvBKip/1sBTcQAScIwuFT64MOu/HI4a5Nkw==",
17260
+ "version": "2.4.0",
17261
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.4.0.tgz",
17262
+ "integrity": "sha512-rCoRrUSmXdBDBBgL/O0oehIR53ey99Pds8dId7gztARZmx6/NBoeiUOu9RnvXSe15XZLc3JSz9sHPcbQ9NQ53Q==",
17246
17263
  "requires": {
17247
17264
  "@npmcli/installed-package-contents": "^1.0.7",
17248
17265
  "@npmcli/map-workspaces": "^1.0.2",
@@ -17260,7 +17277,7 @@
17260
17277
  "npm-install-checks": "^4.0.0",
17261
17278
  "npm-package-arg": "^8.1.0",
17262
17279
  "npm-pick-manifest": "^6.1.0",
17263
- "npm-registry-fetch": "^9.0.0",
17280
+ "npm-registry-fetch": "^10.0.0",
17264
17281
  "pacote": "^11.2.6",
17265
17282
  "parse-conflict-json": "^1.1.1",
17266
17283
  "promise-all-reject-late": "^1.0.0",
@@ -17271,6 +17288,22 @@
17271
17288
  "tar": "^6.1.0",
17272
17289
  "treeverse": "^1.0.4",
17273
17290
  "walk-up-path": "^1.0.0"
17291
+ },
17292
+ "dependencies": {
17293
+ "npm-registry-fetch": {
17294
+ "version": "10.1.0",
17295
+ "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-10.1.0.tgz",
17296
+ "integrity": "sha512-XcKu0h6OuRTB7HO5uv8htavPQJ1dYTLAXLE5AMs4GFQ1LbY+LlHiNoqIbVshE3rk0vLk+nKxpA/4WJm1kE7eqg==",
17297
+ "requires": {
17298
+ "lru-cache": "^6.0.0",
17299
+ "make-fetch-happen": "^8.0.9",
17300
+ "minipass": "^3.1.3",
17301
+ "minipass-fetch": "^1.3.0",
17302
+ "minipass-json-stream": "^1.0.1",
17303
+ "minizlib": "^2.0.0",
17304
+ "npm-package-arg": "^8.0.0"
17305
+ }
17306
+ }
17274
17307
  }
17275
17308
  },
17276
17309
  "@npmcli/ci-detect": {
data/helpers/package.json CHANGED
@@ -10,7 +10,7 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^2.3.0",
13
+ "@npmcli/arborist": "^2.4.0",
14
14
  "detect-indent": "^6.0.0",
15
15
  "npm": "6.14.13",
16
16
  "semver": "^7.3.4"
data/lib/dependabot/npm_and_yarn/requirement.rb CHANGED
@@ -45,9 +45,9 @@ module Dependabot
45
45
  end
46
46
 
47
47
  def initialize(*requirements)
48
- requirements = requirements.flatten.flat_map do |req_string|
49
- convert_js_constraint_to_ruby_constraint(req_string)
50
- end
48
+ requirements = requirements.flatten.
49
+ flat_map { |req_string| req_string.split(",").map(&:strip) }.
50
+ flat_map { |req_string| convert_js_constraint_to_ruby_constraint(req_string) }
51
51
 
52
52
  super(requirements)
53
53
  end
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -106,7 +106,7 @@ module Dependabot
106
106
 
107
107
  def filter_ignored_versions(versions_array)
108
108
  filtered = versions_array.reject do |v, _|
109
- ignore_reqs.any? { |r| r.satisfied_by?(v) }
109
+ ignore_requirements.any? { |r| r.satisfied_by?(v) }
110
110
  end
111
111
 
112
112
  raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
@@ -201,7 +201,7 @@ module Dependabot
201
201
  return false if related_to_current_pre?(ver) ^ ver.prerelease?
202
202
  return false if current_version_greater_than?(ver)
203
203
  return false if current_requirement_greater_than?(ver)
204
- return false if ignore_reqs.any? { |r| r.satisfied_by?(ver) }
204
+ return false if ignore_requirements.any? { |r| r.satisfied_by?(ver) }
205
205
  return false if yanked?(ver)
206
206
 
207
207
  true
@@ -388,8 +388,8 @@ module Dependabot
388
388
  )
389
389
  end
390
390
 
391
- def ignore_reqs
392
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
391
+ def ignore_requirements
392
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
393
393
  end
394
394
 
395
395
  def version_class
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.142.0
4
+ version: 0.143.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-15 00:00:00.000000000 Z
11
+ date: 2021-04-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.142.0
19
+ version: 0.143.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.142.0
26
+ version: 0.143.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.12.0
103
+ version: 1.13.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.12.0
110
+ version: 1.13.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement