RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.217.0 → 0.219.0 - Mend

dependabot-npm_and_yarn 0.217.0 → 0.219.0

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a823eeb3c53a01ed5def55c048e922f0d7a0321b3c0e3a5fb72a6d6a00fbf46b
-  data.tar.gz: '086d8ec9bd1a36a0fb1c65f2eba91e8b5f6d6c64a3cf700774a275eeb07f3767'
+  metadata.gz: 52b96c5a1b446a0f40069145f66c08157c4527a46b69d34950682ba6d9314d52
+  data.tar.gz: fd8a27a2f2861e19335b5a22dc7f924db28d012ab13dca6080dbe942274f84d8
 SHA512:
-  metadata.gz: a0d9706d209830b65e374334508f962a93442f48e7fd024f0a0436edb8381e3388e52f08ce1acaef7b39fc4a72a5a1df05813128e03c429a90ab971ef37969a7
-  data.tar.gz: cd710eb25983ce630ddfd87e816ab7c0f99264f78f2251c96393ebc32eba4b6c844a319c4f4b25113e46a1c4b2b48ff65a5f00a3a3f9d9b6601c4b71cb8c8e94
+  metadata.gz: 96d9e21b4e4244ae17342d1c2bd3a8027ace795abb4c464631d37c712cd3c5071bea5ebf1019e5a20bf8ef03029dc67e138a2bb988c5aa95c9950b44a228dbc0
+  data.tar.gz: 65fddbca2e316348df46fff16ccd76030dbb4f41010fbc5470b04cf885113864475619055fb23ef663b7b06b28f13ea9cb05f7ab57419f23e6b5d9a988a617a3

data/helpers/lib/pnpm/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+const lockfileParser = require("./lockfile-parser");
+module.exports = {
+  parseLockfile: lockfileParser.parse,
+};

data/helpers/lib/pnpm/lockfile-parser.js ADDED Viewed

@@ -0,0 +1,77 @@
+/* PNPM-LOCK.YAML PARSER
+ *
+ * Inputs:
+ *  - directory containing a pnpm-lock.yaml file
+ *
+ * Outputs:
+ *  - JSON formatted information of dependencies (name, version, dependency-type)
+ */
+const { readWantedLockfile } = require("@pnpm/lockfile-file");
+const dependencyPath = require("@pnpm/dependency-path");
+async function parse(directory) {
+  const lockfile = await readWantedLockfile(directory, {
+    ignoreIncompatible: true
+  });
+  return Object.entries(lockfile.packages ?? {})
+    .map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
+}
+function nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, projectSnapshots) {
+  let name;
+  let version;
+  if (!pkgSnapshot.name) {
+    const pkgInfo = dependencyPath.parse(depPath);
+    name = pkgInfo.name;
+    version = pkgInfo.version;
+  } else {
+    name = pkgSnapshot.name;
+    version = pkgSnapshot.version;
+  }
+  let specifiers = [];
+  let aliased = false;
+  projectSnapshots.every(projectSnapshot => {
+    const projectSpecifiers = projectSnapshot.specifiers;
+    if (Object.values(projectSpecifiers).some(specifier => specifier.startsWith(`npm:${name}@`) || specifier == `npm:${name}`)) {
+      aliased = true;
+      return false;
+    }
+    currentSpecifier = projectSpecifiers[name];
+    if (!currentSpecifier) {
+      return true;
+    }
+    let specifierVersion = currentSpecifier.version;
+    if (!currentSpecifier.version) {
+      specifierVersion = projectSnapshot.dependencies?.[name] || projectSnapshot.devDependencies?.[name] || projectSnapshot.optionalDependencies?.[name]
+    }
+    if (
+      specifierVersion == version ||
+      specifierVersion.startsWith(`${version}_`) || // lockfileVersion 5.4
+      specifierVersion.startsWith(`${version}(`)    // lockfileVersion 6.0
+    ) {
+      specifiers.push(currentSpecifier.specifier || currentSpecifier);
+    }
+    return true;
+  });
+  return {
+    name: name,
+    version: version,
+    dev: pkgSnapshot.dev,
+    specifiers: specifiers,
+    aliased: aliased
+  }
+}
+module.exports = { parse };