dependabot-npm_and_yarn 0.148.0 → 0.148.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +5 -4
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 205bd66b38e559ec6496b5e2d61b040e51ea8f1774704d969bb0c8802c9c1db1
4
- data.tar.gz: 3b121f2b5cd2501bf0b1ad1641119cb9765668b7ace34f93d3845e70d390fa5a
3
+ metadata.gz: 9d3fe3be7bc4c116c6261c990c35a5bb395a6137d1fedc5c56ac24444d62a8a6
4
+ data.tar.gz: 48800df1055aac9e356518cad2b75331be82fa6e445cbe89e079d6d4a7429950
5
5
  SHA512:
6
- metadata.gz: 8156fefdb9e41bbf8ad6d26f7e79813c1d6f17f8281601e57fe80d6f3f8329fa585a00d9cb7e696683416c256f65291b59530b9a8b5edca84e41f50a33fb6700
7
- data.tar.gz: d5e82f76e5c778639161c3c155102ae190d1fbd5ff349bb970b6ea3f7b7b7424b3a81b4d1edff44643acdfad317754a98dfd9c61edf35100222623c823998e58
6
+ metadata.gz: 5ac988ec6109ed828b57aacfe34fb2aff085699f23a987f52b31e83b305593cc1a52f65277dda3b29e7e5834e4539d892246993f7492d513ee414cc95e3f289d
7
+ data.tar.gz: 1a9491a0360c02021c099d9df66e5f40590742f9f442a96dbaf9e3d5f2fd098e501088d4cc496bb04620dcf1ed5e7f9ff71424143afc42bb5a20a719cb0fa052
data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb CHANGED
@@ -56,10 +56,11 @@ module Dependabot
56
56
  parsed_lockfile = parse_package_lock(lockfile)
57
57
 
58
58
  if Helpers.npm_version(lockfile.content) == "npm7"
59
- parsed_lockfile.dig(
60
- "packages",
61
- node_modules_path(manifest_name, dependency_name)
62
- )&.slice("version", "resolved", "integrity", "dev")
59
+ # NOTE: npm 7 sometimes doesn't install workspace dependencies in the
60
+ # workspace folder so we need to fallback to checking top-level
61
+ nested_details = parsed_lockfile.dig("packages", node_modules_path(manifest_name, dependency_name))
62
+ details = nested_details || parsed_lockfile.dig("packages", "node_modules/#{dependency_name}")
63
+ details&.slice("version", "resolved", "integrity", "dev")
63
64
  else
64
65
  parsed_lockfile.dig("dependencies", dependency_name)
65
66
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.148.0
4
+ version: 0.148.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.148.0
19
+ version: 0.148.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.148.0
26
+ version: 0.148.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement