dependabot-npm_and_yarn 0.171.1 → 0.171.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +969 -1004
- data/helpers/package.json +4 -4
- data/helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json +3 -3
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +3 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -17
- data/lib/dependabot/npm_and_yarn/helpers.rb +1 -1
- data/lib/dependabot/npm_and_yarn/native_helpers.rb +19 -0
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +10 -5
- metadata +4 -4
data/helpers/package.json
CHANGED
@@ -10,15 +10,15 @@
|
|
10
10
|
},
|
11
11
|
"dependencies": {
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
13
|
-
"@npmcli/arborist": "^4.
|
13
|
+
"@npmcli/arborist": "^4.2.1",
|
14
14
|
"detect-indent": "^6.1.0",
|
15
|
-
"npm": "6.14.
|
15
|
+
"npm": "6.14.16",
|
16
16
|
"semver": "^7.3.4"
|
17
17
|
},
|
18
18
|
"devDependencies": {
|
19
|
-
"eslint": "^8.
|
19
|
+
"eslint": "^8.7.0",
|
20
20
|
"eslint-config-prettier": "^8.3.0",
|
21
|
-
"jest": "^27.4.
|
21
|
+
"jest": "^27.4.7",
|
22
22
|
"prettier": "^2.5.1",
|
23
23
|
"rimraf": "^3.0.2"
|
24
24
|
}
|
@@ -10,9 +10,9 @@
|
|
10
10
|
"integrity": "sha512-dbaEZphdPje0ihqSdWg36Sb8S20TuqQomiz2593oIx+enQ9Q4vDZRjIzhnkWltGRKVKqC28kTribkgRLBexWVQ=="
|
11
11
|
},
|
12
12
|
"extend": {
|
13
|
-
"version": "3.0.
|
14
|
-
"resolved": "https://registry.npmjs.org/extend/-/extend-3.0.
|
15
|
-
"integrity": "sha512-
|
13
|
+
"version": "3.0.2",
|
14
|
+
"resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
|
15
|
+
"integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
|
16
16
|
},
|
17
17
|
"objnest": {
|
18
18
|
"version": "4.1.2",
|
@@ -366,9 +366,9 @@ is-promise@^2.1:
|
|
366
366
|
integrity sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ==
|
367
367
|
|
368
368
|
lodash@^4.17.14:
|
369
|
-
version "4.17.
|
370
|
-
resolved "https://registry.
|
371
|
-
integrity sha512-
|
369
|
+
version "4.17.21"
|
370
|
+
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
|
371
|
+
integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
|
372
372
|
|
373
373
|
lru-queue@0.1:
|
374
374
|
version "0.1.0"
|
@@ -208,23 +208,7 @@ module Dependabot
|
|
208
208
|
|
209
209
|
def run_npm_7_subdependency_updater
|
210
210
|
dependency_names = sub_dependencies.map(&:name)
|
211
|
-
|
212
|
-
# - `--force` ignores checks for platform (os, cpu) and engines
|
213
|
-
# - `--dry-run=false` the updater sets a global .npmrc with dry-run: true to
|
214
|
-
# work around an issue in npm 6, we don't want that here
|
215
|
-
# - `--ignore-scripts` disables prepare and prepack scripts which are run
|
216
|
-
# when installing git dependencies
|
217
|
-
command = [
|
218
|
-
"npm",
|
219
|
-
"update",
|
220
|
-
*dependency_names,
|
221
|
-
"--force",
|
222
|
-
"--dry-run",
|
223
|
-
"false",
|
224
|
-
"--ignore-scripts",
|
225
|
-
"--package-lock-only"
|
226
|
-
].join(" ")
|
227
|
-
SharedHelpers.run_shell_command(command)
|
211
|
+
SharedHelpers.run_shell_command(NativeHelpers.npm7_subdependency_update_command(dependency_names))
|
228
212
|
{ lockfile_basename => File.read(lockfile_basename) }
|
229
213
|
end
|
230
214
|
|
@@ -5,7 +5,7 @@ module Dependabot
|
|
5
5
|
module Helpers
|
6
6
|
def self.npm_version(lockfile_content)
|
7
7
|
return "npm7" unless lockfile_content
|
8
|
-
return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"]
|
8
|
+
return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] >= 2
|
9
9
|
|
10
10
|
"npm6"
|
11
11
|
rescue JSON::ParserError
|
@@ -13,6 +13,25 @@ module Dependabot
|
|
13
13
|
|
14
14
|
File.join(__dir__, "../../../helpers")
|
15
15
|
end
|
16
|
+
|
17
|
+
def self.npm7_subdependency_update_command(dependency_names)
|
18
|
+
# NOTE: npm options
|
19
|
+
# - `--force` ignores checks for platform (os, cpu) and engines
|
20
|
+
# - `--dry-run=false` the updater sets a global .npmrc with dry-run: true to
|
21
|
+
# work around an issue in npm 6, we don't want that here
|
22
|
+
# - `--ignore-scripts` disables prepare and prepack scripts which are run
|
23
|
+
# when installing git dependencies
|
24
|
+
[
|
25
|
+
"npm",
|
26
|
+
"update",
|
27
|
+
*dependency_names,
|
28
|
+
"--force",
|
29
|
+
"--dry-run",
|
30
|
+
"false",
|
31
|
+
"--ignore-scripts",
|
32
|
+
"--package-lock-only"
|
33
|
+
].join(" ")
|
34
|
+
end
|
16
35
|
end
|
17
36
|
end
|
18
37
|
end
|
@@ -114,11 +114,16 @@ module Dependabot
|
|
114
114
|
Dir.chdir(path) do
|
115
115
|
npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
|
116
116
|
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
117
|
+
if npm_version == "npm7"
|
118
|
+
SharedHelpers.run_shell_command(NativeHelpers.npm7_subdependency_update_command([dependency.name]))
|
119
|
+
{ lockfile_name => File.read(lockfile_name) }
|
120
|
+
else
|
121
|
+
SharedHelpers.run_helper_subprocess(
|
122
|
+
command: NativeHelpers.helper_path,
|
123
|
+
function: "npm6:updateSubdependency",
|
124
|
+
args: [Dir.pwd, lockfile_name, [dependency.to_h]]
|
125
|
+
)
|
126
|
+
end
|
122
127
|
end
|
123
128
|
end
|
124
129
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.171.
|
4
|
+
version: 0.171.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-02-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.171.
|
19
|
+
version: 0.171.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.171.
|
26
|
+
version: 0.171.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|