dependabot-npm_and_yarn 0.213.0 → 0.215.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.213.0
+  version: 0.215.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-31 00:00:00.000000000 Z
+date: 2022-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.213.0
+        version: 0.215.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.213.0
+        version: 0.215.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.13.0
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.13.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.37.1
+        version: 1.39.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.37.1
+        version: 1.39.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,6 @@ files:
 - lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb
 - lib/dependabot/npm_and_yarn/file_parser.rb
 - lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb
-- lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb
 - lib/dependabot/npm_and_yarn/file_updater.rb
 - lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
 - lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

data/lib/dependabot/npm_and_yarn/file_parser/yarn_lockfile_parser.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/dependency_file"
-require "dependabot/npm_and_yarn/file_parser"
-
-module Dependabot
-  module NpmAndYarn
-    class FileParser
-      class YarnLockfileParser
-        def initialize(lockfile:)
-          @content = lockfile.content
-        end
-
-        # This is *extremely* crude, but saves us from having to shell out
-        # to Yarn, which may not be safe
-        def parse
-          yaml = convert_to_yaml
-          lockfile_object = parse_as_yaml(yaml)
-          expand_lockfile_requirements(lockfile_object)
-        end
-
-        private
-
-        attr_reader :content
-
-        # Transform lockfile to parseable YAML by wrapping requirements in
-        # quotes, e.g. ("pkg@1.0.0":) and adding colon to nested
-        # properties (version: "1.0.0")
-        def convert_to_yaml
-          sanitize_requirement = lambda do |line|
-            return line unless line.match?(/^[\w"]/)
-
-            "\"#{line.gsub(/\"|:\n$/, '')}\":\n"
-          end
-          add_missing_colon = ->(l) { l.sub(/(?<=\w|")\s(?=\w|")/, ": ") }
-
-          content.lines.map(&sanitize_requirement).map(&add_missing_colon).join
-        end
-
-        def parse_as_yaml(yaml)
-          YAML.safe_load(yaml)
-        rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
-          {}
-        end
-
-        # Split all comma separated keys and duplicate the lockfile entry
-        # so we get one entry per version requirement, this is needed when
-        # one of the requirements specifies a file: requirement, e.g.
-        # "pkga@file:./pkg, pkgb@1.0.0 and we want to check this in
-        # `details_from_yarn_lock`
-        def expand_lockfile_requirements(lockfile_object)
-          lockfile_object.to_a.each_with_object({}) do |(names, val), res|
-            names.split(", ").each { |name| res[name] = val }
-          end
-        end
-      end
-    end
-  end
-end