dependabot-npm_and_yarn 0.214.0 → 0.216.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (27) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/lib/yarn/subdependency-updater.js +15 -44
  4. data/helpers/package-lock.json +2584 -1559
  5. data/helpers/package.json +7 -8
  6. data/helpers/test/npm6/conflicting-dependency-parser.test.js +1 -2
  7. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +3 -3
  8. data/helpers/test/npm6/updater.test.js +1 -2
  9. data/helpers/test/yarn/conflicting-dependency-parser.test.js +1 -2
  10. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +3 -3
  11. data/helpers/test/yarn/updater.test.js +1 -2
  12. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +26 -38
  13. data/lib/dependabot/npm_and_yarn/file_parser/json_lock.rb +86 -0
  14. data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +21 -183
  15. data/lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb +80 -0
  16. data/lib/dependabot/npm_and_yarn/file_parser.rb +23 -36
  17. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +58 -31
  18. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +43 -16
  19. data/lib/dependabot/npm_and_yarn/file_updater.rb +1 -4
  20. data/lib/dependabot/npm_and_yarn/helpers.rb +17 -4
  21. data/lib/dependabot/npm_and_yarn/native_helpers.rb +15 -2
  22. data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +6 -0
  23. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +5 -4
  24. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +20 -13
  25. data/lib/dependabot/npm_and_yarn/update_checker.rb +7 -24
  26. data/lib/dependabot/npm_and_yarn/version.rb +13 -2
  27. metadata +37 -32
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.214.0
4
+ version: 0.216.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-01 00:00:00.000000000 Z
11
+ date: 2023-04-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.214.0
19
+ version: 0.216.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.214.0
26
+ version: 0.216.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ">="
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.0.0
33
+ version: 1.7.1
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ">="
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.0.0
40
+ version: 1.7.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: gpgme
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 4.0.0
61
+ version: 4.2.0
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 4.0.0
68
+ version: 4.2.0
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -86,70 +86,70 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.8'
89
+ version: '3.12'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.8'
96
+ version: '3.12'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rspec-its
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '1.2'
103
+ version: '1.3'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '1.2'
110
+ version: '1.3'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.39.0
117
+ version: 1.48.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.39.0
124
+ version: 1.48.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.15.0
131
+ version: 1.17.1
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.15.0
138
+ version: 1.17.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 0.21.0
145
+ version: 0.22.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 0.21.0
152
+ version: 0.22.0
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: simplecov-console
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -182,33 +182,34 @@ dependencies:
182
182
  name: vcr
183
183
  requirement: !ruby/object:Gem::Requirement
184
184
  requirements:
185
- - - '='
185
+ - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: 6.1.0
187
+ version: '6.1'
188
188
  type: :development
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
- - - '='
192
+ - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: 6.1.0
194
+ version: '6.1'
195
195
  - !ruby/object:Gem::Dependency
196
196
  name: webmock
197
197
  requirement: !ruby/object:Gem::Requirement
198
198
  requirements:
199
199
  - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: '3.4'
201
+ version: '3.18'
202
202
  type: :development
203
203
  prerelease: false
204
204
  version_requirements: !ruby/object:Gem::Requirement
205
205
  requirements:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
- version: '3.4'
209
- description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
210
- Rust, Java, .NET, Elm and Go
211
- email: support@dependabot.com
208
+ version: '3.18'
209
+ description: Dependabot-NPM_And_Yarn provides support for bumping Javascript (npm
210
+ and yarn) libraries via Dependabot. If you want support for multiple package managers,
211
+ you probably want the meta-gem dependabot-omnibus.
212
+ email: opensource@github.com
212
213
  executables: []
213
214
  extensions: []
214
215
  extra_rdoc_files: []
@@ -271,7 +272,9 @@ files:
271
272
  - lib/dependabot/npm_and_yarn/file_fetcher.rb
272
273
  - lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb
273
274
  - lib/dependabot/npm_and_yarn/file_parser.rb
275
+ - lib/dependabot/npm_and_yarn/file_parser/json_lock.rb
274
276
  - lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb
277
+ - lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb
275
278
  - lib/dependabot/npm_and_yarn/file_updater.rb
276
279
  - lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
277
280
  - lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb
@@ -298,7 +301,9 @@ files:
298
301
  homepage: https://github.com/dependabot/dependabot-core
299
302
  licenses:
300
303
  - Nonstandard
301
- metadata: {}
304
+ metadata:
305
+ issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
306
+ changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
302
307
  post_install_message:
303
308
  rdoc_options: []
304
309
  require_paths:
@@ -314,8 +319,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
314
319
  - !ruby/object:Gem::Version
315
320
  version: 3.1.0
316
321
  requirements: []
317
- rubygems_version: 3.3.7
322
+ rubygems_version: 3.3.26
318
323
  signing_key:
319
324
  specification_version: 4
320
- summary: JS support for dependabot
325
+ summary: Provides Dependabot support for Javascript (npm and yarn)
321
326
  test_files: []