dependabot-npm_and_yarn 0.196.2 → 0.197.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/npm/conflicting-dependency-parser.js +2 -0
- data/helpers/lib/npm/vulnerability-auditor.js +1 -0
- data/helpers/package-lock.json +950 -918
- data/helpers/package.json +3 -3
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +3 -13
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +19 -27
- data/lib/dependabot/npm_and_yarn/update_checker/library_detector.rb +1 -6
- data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +4 -8
- data/lib/dependabot/npm_and_yarn/update_checker/vulnerability_auditor.rb +2 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 866b96901b075a70bbd36550219418d1b1e0e8c0f6cfb237785bebd8076f3b61
|
4
|
+
data.tar.gz: ba5e0030c5f9122c7607bc4462040519b287184cba1d1002821f7dd9a392b070
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3ce4c3daf6f9395f650e76955a9d71ed9f5747273880dede7f46afe21c4c3f24aacb24fa6a77ce932d0008fa9d8c9fde8584fdf78e272006d912bc73868e32ca
|
7
|
+
data.tar.gz: a4eff1acb0059fbbad93339b04768a48d85a9e3de5cc5b6958faaee93c7d2693657cfc33c7bf65f3ac573f0824cdb6b087d7c7cda8c50b8f0aeac3d34a839164
|
@@ -15,6 +15,8 @@ const semver = require("semver");
|
|
15
15
|
async function findConflictingDependencies(directory, depName, targetVersion) {
|
16
16
|
const arb = new Arborist({
|
17
17
|
path: directory,
|
18
|
+
dryRun: true,
|
19
|
+
ignoreScripts: true,
|
18
20
|
});
|
19
21
|
|
20
22
|
return await arb.loadVirtual().then((tree) => {
|