dependabot-npm_and_yarn 0.146.1 → 0.148.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +37 -37
- data/helpers/package.json +3 -3
- data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +5 -4
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0934c52ae2134457fb26aa2e441bf7c5b5f107edfaa28d411f4ceabca11e7025'
|
|
4
|
+
data.tar.gz: fc29a3b01a901d5043f2e19c3fa9898eb3f34dab5f79dafc5e867d09e5a1619e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 76d46b06ec8ec0debf85956c988067a1faeab79679c5f3247a7aeb0c87b1cfaf32b7ccc140ec6a81f1dce0afe0ff4181c8ee4c310c537c8744be68713a691d55
|
|
7
|
+
data.tar.gz: 636eab52435577682ec8db9f80691e7d713e9a5e73e2f57b3e1069d45401b69952e44c0b0bf1d543e90a481fd9cda9b4479b2eaa216598da7f2cc665120b7def
|
data/helpers/package-lock.json
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"name": "@dependabot/helper",
|
|
8
8
|
"dependencies": {
|
|
9
9
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
10
|
-
"@npmcli/arborist": "^2.
|
|
10
|
+
"@npmcli/arborist": "^2.5.0",
|
|
11
11
|
"detect-indent": "^6.0.0",
|
|
12
12
|
"npm": "6.14.13",
|
|
13
13
|
"semver": "^7.3.4"
|
|
@@ -16,10 +16,10 @@
|
|
|
16
16
|
"helper": "run.js"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"eslint": "^7.
|
|
19
|
+
"eslint": "^7.26.0",
|
|
20
20
|
"eslint-config-prettier": "^8.3.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
|
-
"prettier": "^2.
|
|
22
|
+
"prettier": "^2.3.0",
|
|
23
23
|
"rimraf": "^3.0.2"
|
|
24
24
|
}
|
|
25
25
|
},
|
|
@@ -649,9 +649,9 @@
|
|
|
649
649
|
}
|
|
650
650
|
},
|
|
651
651
|
"node_modules/@eslint/eslintrc": {
|
|
652
|
-
"version": "0.4.
|
|
653
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.
|
|
654
|
-
"integrity": "sha512-
|
|
652
|
+
"version": "0.4.1",
|
|
653
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.1.tgz",
|
|
654
|
+
"integrity": "sha512-5v7TDE9plVhvxQeWLXDTvFvJBdH6pEsdnl2g/dAptmuFEPedQ4Erq5rsDsX+mvAM610IhNaO2W5V1dOOnDKxkQ==",
|
|
655
655
|
"dev": true,
|
|
656
656
|
"dependencies": {
|
|
657
657
|
"ajv": "^6.12.4",
|
|
@@ -1425,9 +1425,9 @@
|
|
|
1425
1425
|
}
|
|
1426
1426
|
},
|
|
1427
1427
|
"node_modules/@npmcli/arborist": {
|
|
1428
|
-
"version": "2.
|
|
1429
|
-
"resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.
|
|
1430
|
-
"integrity": "sha512-
|
|
1428
|
+
"version": "2.5.0",
|
|
1429
|
+
"resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.5.0.tgz",
|
|
1430
|
+
"integrity": "sha512-YPSkV/8vofpbAJyeu52J12YnC5VTkYIcfcNkRoSW6qjfQG+QybgbJtCbcdx+M0YxfdzDKS6iDTjpNMoETZ8HOA==",
|
|
1431
1431
|
"dependencies": {
|
|
1432
1432
|
"@npmcli/installed-package-contents": "^1.0.7",
|
|
1433
1433
|
"@npmcli/map-workspaces": "^1.0.2",
|
|
@@ -1440,7 +1440,7 @@
|
|
|
1440
1440
|
"cacache": "^15.0.3",
|
|
1441
1441
|
"common-ancestor-path": "^1.0.1",
|
|
1442
1442
|
"json-parse-even-better-errors": "^2.3.1",
|
|
1443
|
-
"json-stringify-nice": "^1.1.
|
|
1443
|
+
"json-stringify-nice": "^1.1.4",
|
|
1444
1444
|
"mkdirp-infer-owner": "^2.0.0",
|
|
1445
1445
|
"npm-install-checks": "^4.0.0",
|
|
1446
1446
|
"npm-package-arg": "^8.1.0",
|
|
@@ -3473,13 +3473,13 @@
|
|
|
3473
3473
|
}
|
|
3474
3474
|
},
|
|
3475
3475
|
"node_modules/eslint": {
|
|
3476
|
-
"version": "7.
|
|
3477
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.
|
|
3478
|
-
"integrity": "sha512-
|
|
3476
|
+
"version": "7.26.0",
|
|
3477
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.26.0.tgz",
|
|
3478
|
+
"integrity": "sha512-4R1ieRf52/izcZE7AlLy56uIHHDLT74Yzz2Iv2l6kDaYvEu9x+wMB5dZArVL8SYGXSYV2YAg70FcW5Y5nGGNIg==",
|
|
3479
3479
|
"dev": true,
|
|
3480
3480
|
"dependencies": {
|
|
3481
3481
|
"@babel/code-frame": "7.12.11",
|
|
3482
|
-
"@eslint/eslintrc": "^0.4.
|
|
3482
|
+
"@eslint/eslintrc": "^0.4.1",
|
|
3483
3483
|
"ajv": "^6.10.0",
|
|
3484
3484
|
"chalk": "^4.0.0",
|
|
3485
3485
|
"cross-spawn": "^7.0.2",
|
|
@@ -7305,9 +7305,9 @@
|
|
|
7305
7305
|
"dev": true
|
|
7306
7306
|
},
|
|
7307
7307
|
"node_modules/json-stringify-nice": {
|
|
7308
|
-
"version": "1.1.
|
|
7309
|
-
"resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.
|
|
7310
|
-
"integrity": "sha512-
|
|
7308
|
+
"version": "1.1.4",
|
|
7309
|
+
"resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.4.tgz",
|
|
7310
|
+
"integrity": "sha512-5Z5RFW63yxReJ7vANgW6eZFGWaQvnPE3WNmZoOJrSkGju2etKA2L5rrOa1sm877TVTFt57A80BH1bArcmlLfPw==",
|
|
7311
7311
|
"funding": {
|
|
7312
7312
|
"url": "https://github.com/sponsors/isaacs"
|
|
7313
7313
|
}
|
|
@@ -13199,9 +13199,9 @@
|
|
|
13199
13199
|
}
|
|
13200
13200
|
},
|
|
13201
13201
|
"node_modules/prettier": {
|
|
13202
|
-
"version": "2.
|
|
13203
|
-
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.
|
|
13204
|
-
"integrity": "sha512-
|
|
13202
|
+
"version": "2.3.0",
|
|
13203
|
+
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.0.tgz",
|
|
13204
|
+
"integrity": "sha512-kXtO4s0Lz/DW/IJ9QdWhAf7/NmPWQXkFr/r/WkR3vyI+0v8amTDxiaQSLzs8NBlytfLWX/7uQUMIW677yLKl4w==",
|
|
13205
13205
|
"dev": true,
|
|
13206
13206
|
"bin": {
|
|
13207
13207
|
"prettier": "bin-prettier.js"
|
|
@@ -16663,9 +16663,9 @@
|
|
|
16663
16663
|
}
|
|
16664
16664
|
},
|
|
16665
16665
|
"@eslint/eslintrc": {
|
|
16666
|
-
"version": "0.4.
|
|
16667
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.
|
|
16668
|
-
"integrity": "sha512-
|
|
16666
|
+
"version": "0.4.1",
|
|
16667
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.1.tgz",
|
|
16668
|
+
"integrity": "sha512-5v7TDE9plVhvxQeWLXDTvFvJBdH6pEsdnl2g/dAptmuFEPedQ4Erq5rsDsX+mvAM610IhNaO2W5V1dOOnDKxkQ==",
|
|
16669
16669
|
"dev": true,
|
|
16670
16670
|
"requires": {
|
|
16671
16671
|
"ajv": "^6.12.4",
|
|
@@ -17257,9 +17257,9 @@
|
|
|
17257
17257
|
}
|
|
17258
17258
|
},
|
|
17259
17259
|
"@npmcli/arborist": {
|
|
17260
|
-
"version": "2.
|
|
17261
|
-
"resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.
|
|
17262
|
-
"integrity": "sha512-
|
|
17260
|
+
"version": "2.5.0",
|
|
17261
|
+
"resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.5.0.tgz",
|
|
17262
|
+
"integrity": "sha512-YPSkV/8vofpbAJyeu52J12YnC5VTkYIcfcNkRoSW6qjfQG+QybgbJtCbcdx+M0YxfdzDKS6iDTjpNMoETZ8HOA==",
|
|
17263
17263
|
"requires": {
|
|
17264
17264
|
"@npmcli/installed-package-contents": "^1.0.7",
|
|
17265
17265
|
"@npmcli/map-workspaces": "^1.0.2",
|
|
@@ -17272,7 +17272,7 @@
|
|
|
17272
17272
|
"cacache": "^15.0.3",
|
|
17273
17273
|
"common-ancestor-path": "^1.0.1",
|
|
17274
17274
|
"json-parse-even-better-errors": "^2.3.1",
|
|
17275
|
-
"json-stringify-nice": "^1.1.
|
|
17275
|
+
"json-stringify-nice": "^1.1.4",
|
|
17276
17276
|
"mkdirp-infer-owner": "^2.0.0",
|
|
17277
17277
|
"npm-install-checks": "^4.0.0",
|
|
17278
17278
|
"npm-package-arg": "^8.1.0",
|
|
@@ -18924,13 +18924,13 @@
|
|
|
18924
18924
|
}
|
|
18925
18925
|
},
|
|
18926
18926
|
"eslint": {
|
|
18927
|
-
"version": "7.
|
|
18928
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.
|
|
18929
|
-
"integrity": "sha512-
|
|
18927
|
+
"version": "7.26.0",
|
|
18928
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-7.26.0.tgz",
|
|
18929
|
+
"integrity": "sha512-4R1ieRf52/izcZE7AlLy56uIHHDLT74Yzz2Iv2l6kDaYvEu9x+wMB5dZArVL8SYGXSYV2YAg70FcW5Y5nGGNIg==",
|
|
18930
18930
|
"dev": true,
|
|
18931
18931
|
"requires": {
|
|
18932
18932
|
"@babel/code-frame": "7.12.11",
|
|
18933
|
-
"@eslint/eslintrc": "^0.4.
|
|
18933
|
+
"@eslint/eslintrc": "^0.4.1",
|
|
18934
18934
|
"ajv": "^6.10.0",
|
|
18935
18935
|
"chalk": "^4.0.0",
|
|
18936
18936
|
"cross-spawn": "^7.0.2",
|
|
@@ -21833,9 +21833,9 @@
|
|
|
21833
21833
|
"dev": true
|
|
21834
21834
|
},
|
|
21835
21835
|
"json-stringify-nice": {
|
|
21836
|
-
"version": "1.1.
|
|
21837
|
-
"resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.
|
|
21838
|
-
"integrity": "sha512-
|
|
21836
|
+
"version": "1.1.4",
|
|
21837
|
+
"resolved": "https://registry.npmjs.org/json-stringify-nice/-/json-stringify-nice-1.1.4.tgz",
|
|
21838
|
+
"integrity": "sha512-5Z5RFW63yxReJ7vANgW6eZFGWaQvnPE3WNmZoOJrSkGju2etKA2L5rrOa1sm877TVTFt57A80BH1bArcmlLfPw=="
|
|
21839
21839
|
},
|
|
21840
21840
|
"json-stringify-safe": {
|
|
21841
21841
|
"version": "5.0.1",
|
|
@@ -26077,9 +26077,9 @@
|
|
|
26077
26077
|
"integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
|
|
26078
26078
|
},
|
|
26079
26079
|
"prettier": {
|
|
26080
|
-
"version": "2.
|
|
26081
|
-
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.
|
|
26082
|
-
"integrity": "sha512-
|
|
26080
|
+
"version": "2.3.0",
|
|
26081
|
+
"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.3.0.tgz",
|
|
26082
|
+
"integrity": "sha512-kXtO4s0Lz/DW/IJ9QdWhAf7/NmPWQXkFr/r/WkR3vyI+0v8amTDxiaQSLzs8NBlytfLWX/7uQUMIW677yLKl4w==",
|
|
26083
26083
|
"dev": true
|
|
26084
26084
|
},
|
|
26085
26085
|
"pretty-format": {
|
data/helpers/package.json
CHANGED
|
@@ -10,16 +10,16 @@
|
|
|
10
10
|
},
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
|
-
"@npmcli/arborist": "^2.
|
|
13
|
+
"@npmcli/arborist": "^2.5.0",
|
|
14
14
|
"detect-indent": "^6.0.0",
|
|
15
15
|
"npm": "6.14.13",
|
|
16
16
|
"semver": "^7.3.4"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"eslint": "^7.
|
|
19
|
+
"eslint": "^7.26.0",
|
|
20
20
|
"eslint-config-prettier": "^8.3.0",
|
|
21
21
|
"jest": "^26.6.3",
|
|
22
|
-
"prettier": "^2.
|
|
22
|
+
"prettier": "^2.3.0",
|
|
23
23
|
"rimraf": "^3.0.2"
|
|
24
24
|
}
|
|
25
25
|
}
|
|
@@ -56,10 +56,11 @@ module Dependabot
|
|
|
56
56
|
parsed_lockfile = parse_package_lock(lockfile)
|
|
57
57
|
|
|
58
58
|
if Helpers.npm_version(lockfile.content) == "npm7"
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
59
|
+
# NOTE: npm 7 sometimes doesn't install workspace dependencies in the
|
|
60
|
+
# workspace folder so we need to fallback to checking top-level
|
|
61
|
+
nested_details = parsed_lockfile.dig("packages", node_modules_path(manifest_name, dependency_name))
|
|
62
|
+
details = nested_details || parsed_lockfile.dig("packages", "node_modules/#{dependency_name}")
|
|
63
|
+
details&.slice("version", "resolved", "integrity", "dev")
|
|
63
64
|
else
|
|
64
65
|
parsed_lockfile.dig("dependencies", dependency_name)
|
|
65
66
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.148.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.148.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.148.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.15.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.15.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|