dependabot-npm_and_yarn 0.196.0 → 0.196.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +904 -742
- data/helpers/package.json +3 -3
- data/lib/dependabot/npm_and_yarn/update_checker.rb +15 -9
- metadata +4 -4
data/helpers/package.json
CHANGED
|
@@ -10,16 +10,16 @@
|
|
|
10
10
|
},
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
|
-
"@npmcli/arborist": "^5.2.
|
|
13
|
+
"@npmcli/arborist": "^5.2.3",
|
|
14
14
|
"detect-indent": "^6.1.0",
|
|
15
|
-
"nock": "^13.2.
|
|
15
|
+
"nock": "^13.2.7",
|
|
16
16
|
"npm": "6.14.17",
|
|
17
17
|
"semver": "^7.3.7"
|
|
18
18
|
},
|
|
19
19
|
"devDependencies": {
|
|
20
20
|
"eslint": "^8.18.0",
|
|
21
21
|
"eslint-config-prettier": "^8.5.0",
|
|
22
|
-
"jest": "^28.1.
|
|
22
|
+
"jest": "^28.1.1",
|
|
23
23
|
"prettier": "^2.7.1",
|
|
24
24
|
"rimraf": "^3.0.2"
|
|
25
25
|
}
|
|
@@ -142,18 +142,12 @@ module Dependabot
|
|
|
142
142
|
end
|
|
143
143
|
|
|
144
144
|
def conflicting_updated_dependencies
|
|
145
|
-
top_level_dependencies =
|
|
146
|
-
dependency_files: dependency_files,
|
|
147
|
-
credentials: credentials,
|
|
148
|
-
source: nil
|
|
149
|
-
).parse.select(&:top_level?)
|
|
150
|
-
|
|
151
|
-
top_level_dependency_lookup = top_level_dependencies.map { |dep| [dep.name, dep] }.to_h
|
|
145
|
+
top_level_dependencies = top_level_dependency_lookup
|
|
152
146
|
|
|
153
147
|
updated_deps = []
|
|
154
148
|
vulnerability_audit["fix_updates"].each do |update|
|
|
155
149
|
dependency_name = update["dependency_name"]
|
|
156
|
-
requirements =
|
|
150
|
+
requirements = top_level_dependencies[dependency_name]&.requirements || []
|
|
157
151
|
conflicting_dep = Dependency.new(
|
|
158
152
|
name: dependency_name,
|
|
159
153
|
package_manager: "npm_and_yarn",
|
|
@@ -178,7 +172,19 @@ module Dependabot
|
|
|
178
172
|
)
|
|
179
173
|
end
|
|
180
174
|
|
|
181
|
-
|
|
175
|
+
# Target dependency should be first in the result to support rebases
|
|
176
|
+
updated_deps.select { |dep| dep.name == dependency.name } +
|
|
177
|
+
updated_deps.reject { |dep| dep.name == dependency.name }
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def top_level_dependency_lookup
|
|
181
|
+
top_level_dependencies = FileParser.new(
|
|
182
|
+
dependency_files: dependency_files,
|
|
183
|
+
credentials: credentials,
|
|
184
|
+
source: nil
|
|
185
|
+
).parse.select(&:top_level?)
|
|
186
|
+
|
|
187
|
+
top_level_dependencies.map { |dep| [dep.name, dep] }.to_h
|
|
182
188
|
end
|
|
183
189
|
|
|
184
190
|
def build_updated_dependency(update_details)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.196.
|
|
4
|
+
version: 0.196.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06-
|
|
11
|
+
date: 2022-06-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.196.
|
|
19
|
+
version: 0.196.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.196.
|
|
26
|
+
version: 0.196.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|