dependabot-npm_and_yarn 0.221.0 → 0.223.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7e5c7c9dddbce26c14fb4085256324df19b26bc63c4dd8b78f1457f3d518a6ed
4
- data.tar.gz: d7e6cc580f57b8d073eb5df4c8d5b477d5c6d331b9441efa07928fda6e2df3bb
3
+ metadata.gz: ff55947e0bd3994dacabd209bd8bc2808883174d0f1a64698ac7e1e13323d040
4
+ data.tar.gz: 5109ec4834694edd1e0d6d47e7399a957493e1fb2b2b49ede9ebb9edce6fcc9e
5
5
  SHA512:
6
- metadata.gz: faf0f5096717839eb4cc575baa416a0965ce4a330153cc3f51c3c296ac48d3b2d26124de324a5c75de0107b2a686736c555ece2f6a3c145c0d8d88d820a7334a
7
- data.tar.gz: a1fba258b6f4b3394e9177564496621daa729aef814e3b51f88dc8e401eadeece1b3aa58a7ebb7c0c7e4161b99042008174df7cfa71777085ec8d41f8cb98881
6
+ metadata.gz: e2f094bd80d6d64ffe95c09db9eb3baf1ad17768234f899a01d37cd824b6e5cf4ea56f821f03eda9614a44bfeb5c3b0afe1eaeb2448783c7ca35d9263e1a8318
7
+ data.tar.gz: dded8305ae9227f108d3e444d87273e2b3fa7be748422828bbd80edc9620b860de29f8a89f2525bae639812b2515442c134e3d710d915d21cff8c5828f915a96
@@ -14,7 +14,7 @@ module Dependabot
14
14
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
15
15
  version_pattern = "v?#{NpmAndYarn::Version::VERSION_PATTERN}"
16
16
 
17
- PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
17
+ PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
18
18
  PATTERN = /\A#{PATTERN_RAW}\z/
19
19
 
20
20
  def self.parse(obj)
@@ -79,11 +79,12 @@ module Dependabot
79
79
  /x
80
80
 
81
81
  def initialize(dependency:, credentials:, dependency_files:,
82
- latest_allowable_version:, latest_version_finder:, repo_contents_path:)
82
+ latest_allowable_version:, latest_version_finder:, repo_contents_path:, dependency_group: nil)
83
83
  @dependency = dependency
84
84
  @credentials = credentials
85
85
  @dependency_files = dependency_files
86
86
  @latest_allowable_version = latest_allowable_version
87
+ @dependency_group = dependency_group
87
88
 
88
89
  @latest_version_finder = {}
89
90
  @latest_version_finder[dependency] = latest_version_finder
@@ -153,7 +154,7 @@ module Dependabot
153
154
  private
154
155
 
155
156
  attr_reader :dependency, :credentials, :dependency_files,
156
- :latest_allowable_version, :repo_contents_path
157
+ :latest_allowable_version, :repo_contents_path, :dependency_group
157
158
 
158
159
  def latest_version_finder(dep)
159
160
  @latest_version_finder[dep] ||=
@@ -399,6 +400,17 @@ module Dependabot
399
400
  dep[:requiring_dep_name] == dependency.name
400
401
  end
401
402
 
403
+ unless dependency_group.nil?
404
+ # Ignore unmet peer dependencies that are in the dependency group because
405
+ # the update is also updating those dependencies.
406
+ relevant_unmet_peer_dependencies.reject! do |dep|
407
+ dependency_group.dependencies.any? do |group_dep|
408
+ dep[:requirement_name] == group_dep.name ||
409
+ dep[:requiring_dep_name] == group_dep.name
410
+ end
411
+ end
412
+ end
413
+
402
414
  return [] if relevant_unmet_peer_dependencies.empty?
403
415
 
404
416
  # Prune out any pre-existing warnings
@@ -330,7 +330,8 @@ module Dependabot
330
330
  dependency_files: dependency_files,
331
331
  latest_allowable_version: latest_version,
332
332
  latest_version_finder: latest_version_finder,
333
- repo_contents_path: repo_contents_path
333
+ repo_contents_path: repo_contents_path,
334
+ dependency_group: dependency_group
334
335
  )
335
336
  end
336
337
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.221.0
4
+ version: 0.223.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-13 00:00:00.000000000 Z
11
+ date: 2023-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.221.0
19
+ version: 0.223.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.221.0
26
+ version: 0.223.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -280,7 +280,7 @@ licenses:
280
280
  - Nonstandard
281
281
  metadata:
282
282
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
283
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.221.0
283
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.223.0
284
284
  post_install_message:
285
285
  rdoc_options: []
286
286
  require_paths: