RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.170.2 → 0.171.3 - Mend

dependabot-npm_and_yarn 0.170.2 → 0.171.3

Files changed (11) hide show

data/helpers/package.json CHANGED Viewed

@@ -10,15 +10,15 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.21.1",
-    "@npmcli/arborist": "^4.1.1",
+    "@npmcli/arborist": "^4.2.1",
     "detect-indent": "^6.1.0",
-    "npm": "6.14.14",
+    "npm": "6.14.16",
     "semver": "^7.3.4"
   },
   "devDependencies": {
-    "eslint": "^8.5.0",
+    "eslint": "^8.7.0",
     "eslint-config-prettier": "^8.3.0",
-    "jest": "^27.4.5",
+    "jest": "^27.4.7",
     "prettier": "^2.5.1",
     "rimraf": "^3.0.2"
   }

@@ -10,9 +10,9 @@
       "integrity": "sha512-dbaEZphdPje0ihqSdWg36Sb8S20TuqQomiz2593oIx+enQ9Q4vDZRjIzhnkWltGRKVKqC28kTribkgRLBexWVQ=="
     },
     "extend": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz",
-      "integrity": "sha512-5mYyg57hpD+sFaJmgNL9BidQ5C7dmJE3U5vzlRWbuqG+8dytvYEoxvKs6Tj5cm3LpMsFvRt20qz1ckezmsOUgQ=="
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
     },
     "objnest": {
       "version": "4.1.2",

@@ -366,9 +366,9 @@ is-promise@^2.1:
   integrity sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ==
 lodash@^4.17.14:
-  version "4.17.20"
-  resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52"
-  integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==
+  version "4.17.21"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
 lru-queue@0.1:
   version "0.1.0"

@@ -208,23 +208,7 @@ module Dependabot
         def run_npm_7_subdependency_updater
           dependency_names = sub_dependencies.map(&:name)
-          # NOTE: npm options
-          # - `--force` ignores checks for platform (os, cpu) and engines
-          # - `--dry-run=false` the updater sets a global .npmrc with dry-run: true to
-          #   work around an issue in npm 6, we don't want that here
-          # - `--ignore-scripts` disables prepare and prepack scripts which are run
-          #   when installing git dependencies
-          command = [
-            "npm",
-            "update",
-            *dependency_names,
-            "--force",
-            "--dry-run",
-            "false",
-            "--ignore-scripts",
-            "--package-lock-only"
-          ].join(" ")
-          SharedHelpers.run_shell_command(command)
+          SharedHelpers.run_shell_command(NativeHelpers.npm7_subdependency_update_command(dependency_names))
           { lockfile_basename => File.read(lockfile_basename) }
         end

data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Dependabot
     module Helpers
       def self.npm_version(lockfile_content)
         return "npm7" unless lockfile_content
-        return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] == 2
+        return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] >= 2
         "npm6"
       rescue JSON::ParserError

@@ -13,6 +13,25 @@ module Dependabot
         File.join(__dir__, "../../../helpers")
       end
+      def self.npm7_subdependency_update_command(dependency_names)
+        # NOTE: npm options
+        # - `--force` ignores checks for platform (os, cpu) and engines
+        # - `--dry-run=false` the updater sets a global .npmrc with dry-run: true to
+        #   work around an issue in npm 6, we don't want that here
+        # - `--ignore-scripts` disables prepare and prepack scripts which are run
+        #   when installing git dependencies
+        [
+          "npm",
+          "update",
+          *dependency_names,
+          "--force",
+          "--dry-run",
+          "false",
+          "--ignore-scripts",
+          "--package-lock-only"
+        ].join(" ")
+      end
     end
   end
 end

@@ -114,11 +114,16 @@ module Dependabot
             Dir.chdir(path) do
               npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
-              SharedHelpers.run_helper_subprocess(
-                command: NativeHelpers.helper_path,
-                function: "#{npm_version}:updateSubdependency",
-                args: [Dir.pwd, lockfile_name, [dependency.to_h]]
-              )
+              if npm_version == "npm7"
+                SharedHelpers.run_shell_command(NativeHelpers.npm7_subdependency_update_command([dependency.name]))
+                { lockfile_name => File.read(lockfile_name) }
+              else
+                SharedHelpers.run_helper_subprocess(
+                  command: NativeHelpers.helper_path,
+                  function: "npm6:updateSubdependency",
+                  args: [Dir.pwd, lockfile_name, [dependency.to_h]]
+                )
+              end
             end
           end
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.170.2
+  version: 0.171.3
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-11 00:00:00.000000000 Z
+date: 2022-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.170.2
+        version: 0.171.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.170.2
+        version: 0.171.3
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement