dependabot-npm_and_yarn 0.148.3 → 0.148.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +10 -7
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/update_checker.rb +2 -3
  5. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -0
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b40cff952bef4f82021885dda1255e523fe13f1f178fc20cb458f240bc9a782
4
- data.tar.gz: 6feac5795b74ef7e7370a8fc611aee70ac880d9134b476517f34fe3115facf2e
3
+ metadata.gz: 97f9d901d8e99a25a383d25cd1ec4a81c6a7445a1c37c5b795f9766fc500f1ef
4
+ data.tar.gz: 78de543263d0eb696315476230dd01db572804a556f374c346c89393e0d65955
5
5
  SHA512:
6
- metadata.gz: 34964357c3f0f42fae7a66d1a548546b13beaa1d325960fae1784384e411359547f866238a13f2fe0d1b852e532a6c85a5a0f81511f87d300cbadfd6208ee06d
7
- data.tar.gz: 661f53b8ecadb665fa2ce903a671c42b38ace02423a97301d460ed0830eaa71836325344a2bc3845e19711f49632a4c80124afb6bdecb92b8896673911163c53
6
+ metadata.gz: 34a24cfd618cfe4486c4f3e6f065f2150f178c6df529c952fca808fb0433cb8418422e4fb4dcc409b200bad6cc51c9cab9420405e9788582071a0803e027ff66
7
+ data.tar.gz: 61e69b09fea35ee2aa1cd8cc4caf4f8624b882a316785f0e049eea3d615d176c92cdcba6a2d7fffa77722912960647015d2e11d3e4510b969bcc979ee85c34e0
data/helpers/package-lock.json CHANGED
@@ -7,7 +7,7 @@
7
7
  "name": "@dependabot/helper",
8
8
  "dependencies": {
9
9
  "@dependabot/yarn-lib": "^1.21.1",
10
- "@npmcli/arborist": "^2.5.0",
10
+ "@npmcli/arborist": "^2.6.0",
11
11
  "detect-indent": "^6.0.0",
12
12
  "npm": "6.14.13",
13
13
  "semver": "^7.3.4"
@@ -1425,9 +1425,9 @@
1425
1425
  }
1426
1426
  },
1427
1427
  "node_modules/@npmcli/arborist": {
1428
- "version": "2.5.0",
1429
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.5.0.tgz",
1430
- "integrity": "sha512-YPSkV/8vofpbAJyeu52J12YnC5VTkYIcfcNkRoSW6qjfQG+QybgbJtCbcdx+M0YxfdzDKS6iDTjpNMoETZ8HOA==",
1428
+ "version": "2.6.0",
1429
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.0.tgz",
1430
+ "integrity": "sha512-6njRVuPMgGRvQUmsXwGdp1ItZtJuSdt5ouoQe4AeFTTZoMufKWLeXFDOlWj7qbMAzqw+guNEAZwBiwm04J7T2g==",
1431
1431
  "dependencies": {
1432
1432
  "@npmcli/installed-package-contents": "^1.0.7",
1433
1433
  "@npmcli/map-workspaces": "^1.0.2",
@@ -1459,6 +1459,9 @@
1459
1459
  },
1460
1460
  "bin": {
1461
1461
  "arborist": "bin/index.js"
1462
+ },
1463
+ "engines": {
1464
+ "node": ">= 10"
1462
1465
  }
1463
1466
  },
1464
1467
  "node_modules/@npmcli/arborist/node_modules/npm-registry-fetch": {
@@ -17257,9 +17260,9 @@
17257
17260
  }
17258
17261
  },
17259
17262
  "@npmcli/arborist": {
17260
- "version": "2.5.0",
17261
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.5.0.tgz",
17262
- "integrity": "sha512-YPSkV/8vofpbAJyeu52J12YnC5VTkYIcfcNkRoSW6qjfQG+QybgbJtCbcdx+M0YxfdzDKS6iDTjpNMoETZ8HOA==",
17263
+ "version": "2.6.0",
17264
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.0.tgz",
17265
+ "integrity": "sha512-6njRVuPMgGRvQUmsXwGdp1ItZtJuSdt5ouoQe4AeFTTZoMufKWLeXFDOlWj7qbMAzqw+guNEAZwBiwm04J7T2g==",
17263
17266
  "requires": {
17264
17267
  "@npmcli/installed-package-contents": "^1.0.7",
17265
17268
  "@npmcli/map-workspaces": "^1.0.2",
data/helpers/package.json CHANGED
@@ -10,7 +10,7 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^2.5.0",
13
+ "@npmcli/arborist": "^2.6.0",
14
14
  "detect-indent": "^6.0.0",
15
15
  "npm": "6.14.13",
16
16
  "semver": "^7.3.4"
data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED
@@ -297,9 +297,8 @@ module Dependabot
297
297
 
298
298
  def dependency_source_details
299
299
  sources =
300
- dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
301
-
302
- raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
300
+ dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact.
301
+ sort_by { |source| RegistryFinder.central_registry?(source[:url]) ? 1 : 0 }
303
302
 
304
303
  sources.first
305
304
  end
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -138,6 +138,8 @@ module Dependabot
138
138
  end
139
139
 
140
140
  def filter_lower_versions(versions_array)
141
+ return versions_array unless dependency.version
142
+
141
143
  versions_array.
142
144
  select { |version, _| version > version_class.new(dependency.version) }
143
145
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.148.3
4
+ version: 0.148.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-19 00:00:00.000000000 Z
11
+ date: 2021-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.148.3
19
+ version: 0.148.8
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.148.3
26
+ version: 0.148.8
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement