dependabot-npm_and_yarn 0.226.0 → 0.227.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +37 -37
- data/helpers/package.json +1 -1
- data/lib/dependabot/npm_and_yarn/file_parser.rb +18 -4
- data/lib/dependabot/npm_and_yarn/helpers.rb +3 -19
- data/lib/dependabot/npm_and_yarn.rb +1 -0
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81b68d0ddb7ae4abf00e9c5b72b13eb11a015c2a1cbe9be62b1ddc7b17f52e63
|
4
|
+
data.tar.gz: a9f71249a72d00112c90fff2cc1969d23c1a05fdb17e02b46f77cf639f606c34
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ca096f0e4f4b8a3d148c7eb261a91865a070cf7e1b3902150c0da261a8278c8899ad4db2d1ba6f0f75fc8f55dea6e691770f504d5f7113fc1d58d9676b217f5b
|
7
|
+
data.tar.gz: b48aeb7e079ea09c20001bd2da78dd0e31c46e859d4ee4400d5a2253d99ab07f147bbf46c92c98f4357d040f84696e5ac43a6abc8be73bbb74e7c52950b6888f
|
data/helpers/package-lock.json
CHANGED
@@ -19,7 +19,7 @@
|
|
19
19
|
"helper": "run.js"
|
20
20
|
},
|
21
21
|
"devDependencies": {
|
22
|
-
"eslint": "^8.
|
22
|
+
"eslint": "^8.47.0",
|
23
23
|
"eslint-config-prettier": "^9.0.0",
|
24
24
|
"jest": "^29.6.2",
|
25
25
|
"prettier": "^3.0.1"
|
@@ -732,9 +732,9 @@
|
|
732
732
|
}
|
733
733
|
},
|
734
734
|
"node_modules/@eslint/eslintrc": {
|
735
|
-
"version": "2.1.
|
736
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.
|
737
|
-
"integrity": "sha512
|
735
|
+
"version": "2.1.2",
|
736
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
|
737
|
+
"integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
|
738
738
|
"dev": true,
|
739
739
|
"dependencies": {
|
740
740
|
"ajv": "^6.12.4",
|
@@ -796,9 +796,9 @@
|
|
796
796
|
"dev": true
|
797
797
|
},
|
798
798
|
"node_modules/@eslint/js": {
|
799
|
-
"version": "8.
|
800
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.
|
801
|
-
"integrity": "sha512-
|
799
|
+
"version": "8.47.0",
|
800
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.47.0.tgz",
|
801
|
+
"integrity": "sha512-P6omY1zv5MItm93kLM8s2vr1HICJH8v0dvddDhysbIuZ+vcjOHg5Zbkf1mTkcmi2JA9oBG2anOkRnW8WJTS8Og==",
|
802
802
|
"dev": true,
|
803
803
|
"engines": {
|
804
804
|
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
|
@@ -4156,15 +4156,15 @@
|
|
4156
4156
|
}
|
4157
4157
|
},
|
4158
4158
|
"node_modules/eslint": {
|
4159
|
-
"version": "8.
|
4160
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.
|
4161
|
-
"integrity": "sha512-
|
4159
|
+
"version": "8.47.0",
|
4160
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.47.0.tgz",
|
4161
|
+
"integrity": "sha512-spUQWrdPt+pRVP1TTJLmfRNJJHHZryFmptzcafwSvHsceV81djHOdnEeDmkdotZyLNjDhrOasNK8nikkoG1O8Q==",
|
4162
4162
|
"dev": true,
|
4163
4163
|
"dependencies": {
|
4164
4164
|
"@eslint-community/eslint-utils": "^4.2.0",
|
4165
4165
|
"@eslint-community/regexpp": "^4.6.1",
|
4166
|
-
"@eslint/eslintrc": "^2.1.
|
4167
|
-
"@eslint/js": "^8.
|
4166
|
+
"@eslint/eslintrc": "^2.1.2",
|
4167
|
+
"@eslint/js": "^8.47.0",
|
4168
4168
|
"@humanwhocodes/config-array": "^0.11.10",
|
4169
4169
|
"@humanwhocodes/module-importer": "^1.0.1",
|
4170
4170
|
"@nodelib/fs.walk": "^1.2.8",
|
@@ -4175,7 +4175,7 @@
|
|
4175
4175
|
"doctrine": "^3.0.0",
|
4176
4176
|
"escape-string-regexp": "^4.0.0",
|
4177
4177
|
"eslint-scope": "^7.2.2",
|
4178
|
-
"eslint-visitor-keys": "^3.4.
|
4178
|
+
"eslint-visitor-keys": "^3.4.3",
|
4179
4179
|
"espree": "^9.6.1",
|
4180
4180
|
"esquery": "^1.4.2",
|
4181
4181
|
"esutils": "^2.0.2",
|
@@ -4238,9 +4238,9 @@
|
|
4238
4238
|
}
|
4239
4239
|
},
|
4240
4240
|
"node_modules/eslint-visitor-keys": {
|
4241
|
-
"version": "3.4.
|
4242
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.
|
4243
|
-
"integrity": "sha512-
|
4241
|
+
"version": "3.4.3",
|
4242
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
|
4243
|
+
"integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
|
4244
4244
|
"dev": true,
|
4245
4245
|
"engines": {
|
4246
4246
|
"node": "^12.22.0 || ^14.17.0 || >=16.0.0"
|
@@ -5037,9 +5037,9 @@
|
|
5037
5037
|
}
|
5038
5038
|
},
|
5039
5039
|
"node_modules/globals": {
|
5040
|
-
"version": "13.
|
5041
|
-
"resolved": "https://registry.npmjs.org/globals/-/globals-13.
|
5042
|
-
"integrity": "sha512-
|
5040
|
+
"version": "13.21.0",
|
5041
|
+
"resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
|
5042
|
+
"integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
|
5043
5043
|
"dev": true,
|
5044
5044
|
"dependencies": {
|
5045
5045
|
"type-fest": "^0.20.2"
|
@@ -16280,9 +16280,9 @@
|
|
16280
16280
|
"dev": true
|
16281
16281
|
},
|
16282
16282
|
"@eslint/eslintrc": {
|
16283
|
-
"version": "2.1.
|
16284
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.
|
16285
|
-
"integrity": "sha512
|
16283
|
+
"version": "2.1.2",
|
16284
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
|
16285
|
+
"integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
|
16286
16286
|
"dev": true,
|
16287
16287
|
"requires": {
|
16288
16288
|
"ajv": "^6.12.4",
|
@@ -16329,9 +16329,9 @@
|
|
16329
16329
|
}
|
16330
16330
|
},
|
16331
16331
|
"@eslint/js": {
|
16332
|
-
"version": "8.
|
16333
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.
|
16334
|
-
"integrity": "sha512-
|
16332
|
+
"version": "8.47.0",
|
16333
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.47.0.tgz",
|
16334
|
+
"integrity": "sha512-P6omY1zv5MItm93kLM8s2vr1HICJH8v0dvddDhysbIuZ+vcjOHg5Zbkf1mTkcmi2JA9oBG2anOkRnW8WJTS8Og==",
|
16335
16335
|
"dev": true
|
16336
16336
|
},
|
16337
16337
|
"@gar/promisify": {
|
@@ -18862,15 +18862,15 @@
|
|
18862
18862
|
"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
|
18863
18863
|
},
|
18864
18864
|
"eslint": {
|
18865
|
-
"version": "8.
|
18866
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.
|
18867
|
-
"integrity": "sha512-
|
18865
|
+
"version": "8.47.0",
|
18866
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-8.47.0.tgz",
|
18867
|
+
"integrity": "sha512-spUQWrdPt+pRVP1TTJLmfRNJJHHZryFmptzcafwSvHsceV81djHOdnEeDmkdotZyLNjDhrOasNK8nikkoG1O8Q==",
|
18868
18868
|
"dev": true,
|
18869
18869
|
"requires": {
|
18870
18870
|
"@eslint-community/eslint-utils": "^4.2.0",
|
18871
18871
|
"@eslint-community/regexpp": "^4.6.1",
|
18872
|
-
"@eslint/eslintrc": "^2.1.
|
18873
|
-
"@eslint/js": "^8.
|
18872
|
+
"@eslint/eslintrc": "^2.1.2",
|
18873
|
+
"@eslint/js": "^8.47.0",
|
18874
18874
|
"@humanwhocodes/config-array": "^0.11.10",
|
18875
18875
|
"@humanwhocodes/module-importer": "^1.0.1",
|
18876
18876
|
"@nodelib/fs.walk": "^1.2.8",
|
@@ -18881,7 +18881,7 @@
|
|
18881
18881
|
"doctrine": "^3.0.0",
|
18882
18882
|
"escape-string-regexp": "^4.0.0",
|
18883
18883
|
"eslint-scope": "^7.2.2",
|
18884
|
-
"eslint-visitor-keys": "^3.4.
|
18884
|
+
"eslint-visitor-keys": "^3.4.3",
|
18885
18885
|
"espree": "^9.6.1",
|
18886
18886
|
"esquery": "^1.4.2",
|
18887
18887
|
"esutils": "^2.0.2",
|
@@ -19048,9 +19048,9 @@
|
|
19048
19048
|
}
|
19049
19049
|
},
|
19050
19050
|
"eslint-visitor-keys": {
|
19051
|
-
"version": "3.4.
|
19052
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.
|
19053
|
-
"integrity": "sha512-
|
19051
|
+
"version": "3.4.3",
|
19052
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
|
19053
|
+
"integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
|
19054
19054
|
"dev": true
|
19055
19055
|
},
|
19056
19056
|
"espree": {
|
@@ -19507,9 +19507,9 @@
|
|
19507
19507
|
}
|
19508
19508
|
},
|
19509
19509
|
"globals": {
|
19510
|
-
"version": "13.
|
19511
|
-
"resolved": "https://registry.npmjs.org/globals/-/globals-13.
|
19512
|
-
"integrity": "sha512-
|
19510
|
+
"version": "13.21.0",
|
19511
|
+
"resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
|
19512
|
+
"integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
|
19513
19513
|
"dev": true,
|
19514
19514
|
"requires": {
|
19515
19515
|
"type-fest": "^0.20.2"
|
data/helpers/package.json
CHANGED
@@ -9,6 +9,7 @@ require "dependabot/shared_helpers"
|
|
9
9
|
require "dependabot/npm_and_yarn/helpers"
|
10
10
|
require "dependabot/npm_and_yarn/native_helpers"
|
11
11
|
require "dependabot/npm_and_yarn/version"
|
12
|
+
require "dependabot/npm_and_yarn/requirement"
|
12
13
|
require "dependabot/git_metadata_fetcher"
|
13
14
|
require "dependabot/git_commit_checker"
|
14
15
|
require "dependabot/errors"
|
@@ -167,15 +168,20 @@ module Dependabot
|
|
167
168
|
|
168
169
|
def version_for(requirement, lockfile_details)
|
169
170
|
if git_url_with_semver?(requirement)
|
170
|
-
semver_version =
|
171
|
+
semver_version = lockfile_version_for(lockfile_details)
|
171
172
|
return semver_version if semver_version
|
172
173
|
|
173
174
|
git_revision = git_revision_for(lockfile_details)
|
174
175
|
version_from_git_revision(requirement, git_revision) || git_revision
|
175
176
|
elsif git_url?(requirement)
|
176
177
|
git_revision_for(lockfile_details)
|
178
|
+
elsif lockfile_details
|
179
|
+
lockfile_version_for(lockfile_details)
|
177
180
|
else
|
178
|
-
|
181
|
+
req = requirement_class.new(requirement)
|
182
|
+
return unless req.exact?
|
183
|
+
|
184
|
+
semver_version_for(req.requirements.first.last.to_s)
|
179
185
|
end
|
180
186
|
end
|
181
187
|
|
@@ -216,8 +222,12 @@ module Dependabot
|
|
216
222
|
nil
|
217
223
|
end
|
218
224
|
|
219
|
-
def
|
220
|
-
|
225
|
+
def lockfile_version_for(lockfile_details)
|
226
|
+
semver_version_for(lockfile_details&.fetch("version", ""))
|
227
|
+
end
|
228
|
+
|
229
|
+
def semver_version_for(version)
|
230
|
+
version_class.semver_for(version)
|
221
231
|
end
|
222
232
|
|
223
233
|
def source_for(name, requirement, lockfile_details)
|
@@ -334,6 +344,10 @@ module Dependabot
|
|
334
344
|
def version_class
|
335
345
|
NpmAndYarn::Version
|
336
346
|
end
|
347
|
+
|
348
|
+
def requirement_class
|
349
|
+
NpmAndYarn::Requirement
|
350
|
+
end
|
337
351
|
end
|
338
352
|
end
|
339
353
|
end
|
@@ -122,26 +122,10 @@ module Dependabot
|
|
122
122
|
end
|
123
123
|
|
124
124
|
def self.dependencies_with_all_versions_metadata(dependency_set)
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
names = dependency_set.dependencies.map(&:name)
|
129
|
-
names.each do |name|
|
130
|
-
all_versions = dependency_set.all_versions_for_name(name)
|
131
|
-
all_versions.each do |dep|
|
132
|
-
metadata_versions = dep.metadata.fetch(:all_versions, [])
|
133
|
-
if metadata_versions.any?
|
134
|
-
metadata_versions.each { |a| working_set << a }
|
135
|
-
else
|
136
|
-
working_set << dep
|
137
|
-
end
|
138
|
-
end
|
139
|
-
dependency = working_set.dependency_for_name(name)
|
140
|
-
dependency.metadata[:all_versions] = working_set.all_versions_for_name(name)
|
141
|
-
dependencies << dependency
|
125
|
+
dependency_set.dependencies.map do |dependency|
|
126
|
+
dependency.metadata[:all_versions] = dependency_set.all_versions_for_name(dependency.name)
|
127
|
+
dependency
|
142
128
|
end
|
143
|
-
|
144
|
-
dependencies
|
145
129
|
end
|
146
130
|
end
|
147
131
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.227.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.227.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.227.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.19.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.19.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: stackprof
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -280,7 +280,7 @@ licenses:
|
|
280
280
|
- Nonstandard
|
281
281
|
metadata:
|
282
282
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
283
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
|
284
284
|
post_install_message:
|
285
285
|
rdoc_options: []
|
286
286
|
require_paths:
|