RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.226.0 → 0.227.0 - Mend

dependabot-npm_and_yarn 0.226.0 → 0.227.0

Files changed (7) hide show

checksums.yaml +4 -4
data/helpers/package-lock.json +37 -37
data/helpers/package.json +1 -1
data/lib/dependabot/npm_and_yarn/file_parser.rb +18 -4
data/lib/dependabot/npm_and_yarn/helpers.rb +3 -19
data/lib/dependabot/npm_and_yarn.rb +1 -0
metadata +7 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9dbd8096983e484d7c1a2d74e877509018e8c97fa8123a717c99e360d30f264
-  data.tar.gz: c2b75b65d6b3bd747e4ddc6b8fb9dda6136ad84447fa3fc8890c5806452b4edd
+  metadata.gz: 81b68d0ddb7ae4abf00e9c5b72b13eb11a015c2a1cbe9be62b1ddc7b17f52e63
+  data.tar.gz: a9f71249a72d00112c90fff2cc1969d23c1a05fdb17e02b46f77cf639f606c34
 SHA512:
-  metadata.gz: 902e08cd8076e7c24f591e0a62fe47636e64e68a6daaf5c98901db4a71c8987ea7373ab827d5ef0d69f6aafcde542ea157f81a4293463e5704f778438d074ecc
-  data.tar.gz: 5757b3e920914da8ea2ec99ef106fb5964b1f9f5be36759f7f3464cf2d2563bedc44312d6b3cc8e760949f276c18f3e42b7b31488a063300d44fbc6bb46150c7
+  metadata.gz: ca096f0e4f4b8a3d148c7eb261a91865a070cf7e1b3902150c0da261a8278c8899ad4db2d1ba6f0f75fc8f55dea6e691770f504d5f7113fc1d58d9676b217f5b
+  data.tar.gz: b48aeb7e079ea09c20001bd2da78dd0e31c46e859d4ee4400d5a2253d99ab07f147bbf46c92c98f4357d040f84696e5ac43a6abc8be73bbb74e7c52950b6888f

data/helpers/package-lock.json CHANGED Viewed

@@ -19,7 +19,7 @@
         "helper": "run.js"
       },
       "devDependencies": {
-        "eslint": "^8.46.0",
+        "eslint": "^8.47.0",
         "eslint-config-prettier": "^9.0.0",
         "jest": "^29.6.2",
         "prettier": "^3.0.1"
@@ -732,9 +732,9 @@
       }
     },
     "node_modules/@eslint/eslintrc": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.1.tgz",
-      "integrity": "sha512-9t7ZA7NGGK8ckelF0PQCfcxIUzs1Md5rrO6U/c+FIQNanea5UZC0wqKXH4vHBccmu4ZJgZ2idtPeW7+Q2npOEA==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
+      "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
       "dev": true,
       "dependencies": {
         "ajv": "^6.12.4",
@@ -796,9 +796,9 @@
       "dev": true
     },
     "node_modules/@eslint/js": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.46.0.tgz",
-      "integrity": "sha512-a8TLtmPi8xzPkCbp/OGFUo5yhRkHM2Ko9kOWP4znJr0WAhWyThaw3PnwX4vOTWOAMsV2uRt32PPDcEz63esSaA==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.47.0.tgz",
+      "integrity": "sha512-P6omY1zv5MItm93kLM8s2vr1HICJH8v0dvddDhysbIuZ+vcjOHg5Zbkf1mTkcmi2JA9oBG2anOkRnW8WJTS8Og==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -4156,15 +4156,15 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.46.0.tgz",
-      "integrity": "sha512-cIO74PvbW0qU8e0mIvk5IV3ToWdCq5FYG6gWPHHkx6gNdjlbAYvtfHmlCMXxjcoVaIdwy/IAt3+mDkZkfvb2Dg==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.47.0.tgz",
+      "integrity": "sha512-spUQWrdPt+pRVP1TTJLmfRNJJHHZryFmptzcafwSvHsceV81djHOdnEeDmkdotZyLNjDhrOasNK8nikkoG1O8Q==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.6.1",
-        "@eslint/eslintrc": "^2.1.1",
-        "@eslint/js": "^8.46.0",
+        "@eslint/eslintrc": "^2.1.2",
+        "@eslint/js": "^8.47.0",
         "@humanwhocodes/config-array": "^0.11.10",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -4175,7 +4175,7 @@
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
         "eslint-scope": "^7.2.2",
-        "eslint-visitor-keys": "^3.4.2",
+        "eslint-visitor-keys": "^3.4.3",
         "espree": "^9.6.1",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
@@ -4238,9 +4238,9 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.2.tgz",
-      "integrity": "sha512-8drBzUEyZ2llkpCA67iYrgEssKDUu68V8ChqqOfFupIaG/LCVPUT+CoGJpT77zJprs4T/W7p07LP7zAIMuweVw==",
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -5037,9 +5037,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "13.20.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
-      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "version": "13.21.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
+      "integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
       "dev": true,
       "dependencies": {
         "type-fest": "^0.20.2"
@@ -16280,9 +16280,9 @@
       "dev": true
     },
     "@eslint/eslintrc": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.1.tgz",
-      "integrity": "sha512-9t7ZA7NGGK8ckelF0PQCfcxIUzs1Md5rrO6U/c+FIQNanea5UZC0wqKXH4vHBccmu4ZJgZ2idtPeW7+Q2npOEA==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
+      "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
       "dev": true,
       "requires": {
         "ajv": "^6.12.4",
@@ -16329,9 +16329,9 @@
       }
     },
     "@eslint/js": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.46.0.tgz",
-      "integrity": "sha512-a8TLtmPi8xzPkCbp/OGFUo5yhRkHM2Ko9kOWP4znJr0WAhWyThaw3PnwX4vOTWOAMsV2uRt32PPDcEz63esSaA==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.47.0.tgz",
+      "integrity": "sha512-P6omY1zv5MItm93kLM8s2vr1HICJH8v0dvddDhysbIuZ+vcjOHg5Zbkf1mTkcmi2JA9oBG2anOkRnW8WJTS8Og==",
       "dev": true
     },
     "@gar/promisify": {
@@ -18862,15 +18862,15 @@
       "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
     },
     "eslint": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.46.0.tgz",
-      "integrity": "sha512-cIO74PvbW0qU8e0mIvk5IV3ToWdCq5FYG6gWPHHkx6gNdjlbAYvtfHmlCMXxjcoVaIdwy/IAt3+mDkZkfvb2Dg==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.47.0.tgz",
+      "integrity": "sha512-spUQWrdPt+pRVP1TTJLmfRNJJHHZryFmptzcafwSvHsceV81djHOdnEeDmkdotZyLNjDhrOasNK8nikkoG1O8Q==",
       "dev": true,
       "requires": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.6.1",
-        "@eslint/eslintrc": "^2.1.1",
-        "@eslint/js": "^8.46.0",
+        "@eslint/eslintrc": "^2.1.2",
+        "@eslint/js": "^8.47.0",
         "@humanwhocodes/config-array": "^0.11.10",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -18881,7 +18881,7 @@
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
         "eslint-scope": "^7.2.2",
-        "eslint-visitor-keys": "^3.4.2",
+        "eslint-visitor-keys": "^3.4.3",
         "espree": "^9.6.1",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
@@ -19048,9 +19048,9 @@
       }
     },
     "eslint-visitor-keys": {
-      "version": "3.4.2",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.2.tgz",
-      "integrity": "sha512-8drBzUEyZ2llkpCA67iYrgEssKDUu68V8ChqqOfFupIaG/LCVPUT+CoGJpT77zJprs4T/W7p07LP7zAIMuweVw==",
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
       "dev": true
     },
     "espree": {
@@ -19507,9 +19507,9 @@
       }
     },
     "globals": {
-      "version": "13.20.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
-      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "version": "13.21.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
+      "integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
       "dev": true,
       "requires": {
         "type-fest": "^0.20.2"

data/helpers/package.json CHANGED Viewed

@@ -19,7 +19,7 @@
     "semver": "^7.4.0"
   },
   "devDependencies": {
-    "eslint": "^8.46.0",
+    "eslint": "^8.47.0",
     "eslint-config-prettier": "^9.0.0",
     "jest": "^29.6.2",
     "prettier": "^3.0.1"

data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED Viewed

@@ -9,6 +9,7 @@ require "dependabot/shared_helpers"
 require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
 require "dependabot/npm_and_yarn/version"
+require "dependabot/npm_and_yarn/requirement"
 require "dependabot/git_metadata_fetcher"
 require "dependabot/git_commit_checker"
 require "dependabot/errors"
@@ -167,15 +168,20 @@ module Dependabot
       def version_for(requirement, lockfile_details)
         if git_url_with_semver?(requirement)
-          semver_version = semver_version_for(lockfile_details)
+          semver_version = lockfile_version_for(lockfile_details)
           return semver_version if semver_version
           git_revision = git_revision_for(lockfile_details)
           version_from_git_revision(requirement, git_revision) || git_revision
         elsif git_url?(requirement)
           git_revision_for(lockfile_details)
+        elsif lockfile_details
+          lockfile_version_for(lockfile_details)
         else
-          semver_version_for(lockfile_details)
+          req = requirement_class.new(requirement)
+          return unless req.exact?
+          semver_version_for(req.requirements.first.last.to_s)
         end
       end
@@ -216,8 +222,12 @@ module Dependabot
         nil
       end
-      def semver_version_for(lockfile_details)
-        version_class.semver_for(lockfile_details&.fetch("version", ""))
+      def lockfile_version_for(lockfile_details)
+        semver_version_for(lockfile_details&.fetch("version", ""))
+      end
+      def semver_version_for(version)
+        version_class.semver_for(version)
       end
       def source_for(name, requirement, lockfile_details)
@@ -334,6 +344,10 @@ module Dependabot
       def version_class
         NpmAndYarn::Version
       end
+      def requirement_class
+        NpmAndYarn::Requirement
+      end
     end
   end
 end

data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED Viewed

@@ -122,26 +122,10 @@ module Dependabot
       end
       def self.dependencies_with_all_versions_metadata(dependency_set)
-        working_set = Dependabot::NpmAndYarn::FileParser::DependencySet.new
-        dependencies = []
-        names = dependency_set.dependencies.map(&:name)
-        names.each do |name|
-          all_versions = dependency_set.all_versions_for_name(name)
-          all_versions.each do |dep|
-            metadata_versions = dep.metadata.fetch(:all_versions, [])
-            if metadata_versions.any?
-              metadata_versions.each { |a| working_set << a }
-            else
-              working_set << dep
-            end
-          end
-          dependency = working_set.dependency_for_name(name)
-          dependency.metadata[:all_versions] = working_set.all_versions_for_name(name)
-          dependencies << dependency
+        dependency_set.dependencies.map do |dependency|
+          dependency.metadata[:all_versions] = dependency_set.all_versions_for_name(dependency.name)
+          dependency
         end
-        dependencies
       end
     end
   end

data/lib/dependabot/npm_and_yarn.rb CHANGED Viewed

@@ -25,4 +25,5 @@ Dependabot::Dependency.register_production_check(
   end
 )
+require "dependabot/utils"
 Dependabot::Utils.register_always_clone("npm_and_yarn")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.226.0
+  version: 0.227.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-11 00:00:00.000000000 Z
+date: 2023-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.226.0
+        version: 0.227.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.226.0
+        version: 0.227.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.19.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.19.0
 - !ruby/object:Gem::Dependency
   name: stackprof
   requirement: !ruby/object:Gem::Requirement
@@ -280,7 +280,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
 post_install_message:
 rdoc_options: []
 require_paths: