dependabot-npm_and_yarn 0.226.0 → 0.228.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +2 -1
- data/helpers/package-lock.json +1342 -840
- data/helpers/package.json +7 -5
- data/helpers/patches/npm++pacote+9.5.12.patch +14 -0
- data/lib/dependabot/npm_and_yarn/file_parser.rb +27 -4
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/helpers.rb +3 -19
- data/lib/dependabot/npm_and_yarn.rb +1 -0
- metadata +10 -9
data/helpers/package.json
CHANGED
|
@@ -6,7 +6,8 @@
|
|
|
6
6
|
},
|
|
7
7
|
"scripts": {
|
|
8
8
|
"lint": "eslint .",
|
|
9
|
-
"test": "jest"
|
|
9
|
+
"test": "jest",
|
|
10
|
+
"postinstall": "patch-package"
|
|
10
11
|
},
|
|
11
12
|
"dependencies": {
|
|
12
13
|
"@dependabot/yarn-lib": "^1.22.19",
|
|
@@ -16,12 +17,13 @@
|
|
|
16
17
|
"npm": "6.14.18",
|
|
17
18
|
"@pnpm/lockfile-file": "^8.1.2",
|
|
18
19
|
"@pnpm/dependency-path": "^2.1.1",
|
|
19
|
-
"semver": "^7.4.0"
|
|
20
|
+
"semver": "^7.4.0",
|
|
21
|
+
"patch-package": "^8.0.0"
|
|
20
22
|
},
|
|
21
23
|
"devDependencies": {
|
|
22
|
-
"eslint": "^8.
|
|
24
|
+
"eslint": "^8.47.0",
|
|
23
25
|
"eslint-config-prettier": "^9.0.0",
|
|
24
|
-
"jest": "^29.6.
|
|
25
|
-
"prettier": "^3.0.
|
|
26
|
+
"jest": "^29.6.3",
|
|
27
|
+
"prettier": "^3.0.2"
|
|
26
28
|
}
|
|
27
29
|
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
diff --git a/node_modules/npm/node_modules/pacote/lib/util/git.js b/node_modules/npm/node_modules/pacote/lib/util/git.js
|
|
2
|
+
index 7642eb2..7bb3324 100644
|
|
3
|
+
--- a/node_modules/npm/node_modules/pacote/lib/util/git.js
|
|
4
|
+
+++ b/node_modules/npm/node_modules/pacote/lib/util/git.js
|
|
5
|
+
@@ -25,7 +25,8 @@ const GOOD_ENV_VARS = new Set([
|
|
6
|
+
'GIT_SSH',
|
|
7
|
+
'GIT_SSH_COMMAND',
|
|
8
|
+
'GIT_SSL_CAINFO',
|
|
9
|
+
- 'GIT_SSL_NO_VERIFY'
|
|
10
|
+
+ 'GIT_SSL_NO_VERIFY',
|
|
11
|
+
+ 'GIT_CONFIG_GLOBAL'
|
|
12
|
+
])
|
|
13
|
+
|
|
14
|
+
const GIT_TRANSIENT_ERRORS = [
|
|
@@ -9,6 +9,7 @@ require "dependabot/shared_helpers"
|
|
|
9
9
|
require "dependabot/npm_and_yarn/helpers"
|
|
10
10
|
require "dependabot/npm_and_yarn/native_helpers"
|
|
11
11
|
require "dependabot/npm_and_yarn/version"
|
|
12
|
+
require "dependabot/npm_and_yarn/requirement"
|
|
12
13
|
require "dependabot/git_metadata_fetcher"
|
|
13
14
|
require "dependabot/git_commit_checker"
|
|
14
15
|
require "dependabot/errors"
|
|
@@ -167,15 +168,20 @@ module Dependabot
|
|
|
167
168
|
|
|
168
169
|
def version_for(requirement, lockfile_details)
|
|
169
170
|
if git_url_with_semver?(requirement)
|
|
170
|
-
semver_version =
|
|
171
|
+
semver_version = lockfile_version_for(lockfile_details)
|
|
171
172
|
return semver_version if semver_version
|
|
172
173
|
|
|
173
174
|
git_revision = git_revision_for(lockfile_details)
|
|
174
175
|
version_from_git_revision(requirement, git_revision) || git_revision
|
|
175
176
|
elsif git_url?(requirement)
|
|
176
177
|
git_revision_for(lockfile_details)
|
|
178
|
+
elsif lockfile_details
|
|
179
|
+
lockfile_version_for(lockfile_details)
|
|
177
180
|
else
|
|
178
|
-
|
|
181
|
+
exact_version = exact_version_for(requirement)
|
|
182
|
+
return unless exact_version
|
|
183
|
+
|
|
184
|
+
semver_version_for(exact_version)
|
|
179
185
|
end
|
|
180
186
|
end
|
|
181
187
|
|
|
@@ -216,8 +222,21 @@ module Dependabot
|
|
|
216
222
|
nil
|
|
217
223
|
end
|
|
218
224
|
|
|
219
|
-
def
|
|
220
|
-
|
|
225
|
+
def lockfile_version_for(lockfile_details)
|
|
226
|
+
semver_version_for(lockfile_details&.fetch("version", ""))
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
def semver_version_for(version)
|
|
230
|
+
version_class.semver_for(version)
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def exact_version_for(requirement)
|
|
234
|
+
req = requirement_class.new(requirement)
|
|
235
|
+
return unless req.exact?
|
|
236
|
+
|
|
237
|
+
req.requirements.first.last.to_s
|
|
238
|
+
rescue Gem::Requirement::BadRequirementError
|
|
239
|
+
# If it doesn't parse, it's definitely not exact
|
|
221
240
|
end
|
|
222
241
|
|
|
223
242
|
def source_for(name, requirement, lockfile_details)
|
|
@@ -334,6 +353,10 @@ module Dependabot
|
|
|
334
353
|
def version_class
|
|
335
354
|
NpmAndYarn::Version
|
|
336
355
|
end
|
|
356
|
+
|
|
357
|
+
def requirement_class
|
|
358
|
+
NpmAndYarn::Requirement
|
|
359
|
+
end
|
|
337
360
|
end
|
|
338
361
|
end
|
|
339
362
|
end
|
|
@@ -552,7 +552,7 @@ module Dependabot
|
|
|
552
552
|
return "" if indentation.nil? # let npm set the default if we can't detect any indentation
|
|
553
553
|
|
|
554
554
|
indentation_size = indentation.length
|
|
555
|
-
indentation_type = indentation.scan(
|
|
555
|
+
indentation_type = indentation.scan("\t").any? ? "\t" : " "
|
|
556
556
|
|
|
557
557
|
indentation_type * indentation_size
|
|
558
558
|
end
|
|
@@ -214,7 +214,7 @@ module Dependabot
|
|
|
214
214
|
#
|
|
215
215
|
# TODO: Move this logic to the UpdateChecker (and parse peer deps)
|
|
216
216
|
sections += ["peerDependencies"]
|
|
217
|
-
sections_regex = /#{sections.join(
|
|
217
|
+
sections_regex = /#{sections.join('|')}/
|
|
218
218
|
|
|
219
219
|
declaration_blocks = []
|
|
220
220
|
|
|
@@ -111,7 +111,7 @@ module Dependabot
|
|
|
111
111
|
|
|
112
112
|
def filtered_dependency_files
|
|
113
113
|
@filtered_dependency_files ||=
|
|
114
|
-
if dependencies.
|
|
114
|
+
if dependencies.any?(&:top_level?)
|
|
115
115
|
DependencyFilesFilterer.new(
|
|
116
116
|
dependency_files: dependency_files,
|
|
117
117
|
updated_dependencies: dependencies
|
|
@@ -122,26 +122,10 @@ module Dependabot
|
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
def self.dependencies_with_all_versions_metadata(dependency_set)
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
names = dependency_set.dependencies.map(&:name)
|
|
129
|
-
names.each do |name|
|
|
130
|
-
all_versions = dependency_set.all_versions_for_name(name)
|
|
131
|
-
all_versions.each do |dep|
|
|
132
|
-
metadata_versions = dep.metadata.fetch(:all_versions, [])
|
|
133
|
-
if metadata_versions.any?
|
|
134
|
-
metadata_versions.each { |a| working_set << a }
|
|
135
|
-
else
|
|
136
|
-
working_set << dep
|
|
137
|
-
end
|
|
138
|
-
end
|
|
139
|
-
dependency = working_set.dependency_for_name(name)
|
|
140
|
-
dependency.metadata[:all_versions] = working_set.all_versions_for_name(name)
|
|
141
|
-
dependencies << dependency
|
|
125
|
+
dependency_set.dependencies.map do |dependency|
|
|
126
|
+
dependency.metadata[:all_versions] = dependency_set.all_versions_for_name(dependency.name)
|
|
127
|
+
dependency
|
|
142
128
|
end
|
|
143
|
-
|
|
144
|
-
dependencies
|
|
145
129
|
end
|
|
146
130
|
end
|
|
147
131
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.228.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-08-
|
|
11
|
+
date: 2023-08-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.228.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.228.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.56.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.56.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rubocop-performance
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.19.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.19.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: stackprof
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -212,6 +212,7 @@ files:
|
|
|
212
212
|
- helpers/lib/yarn/updater.js
|
|
213
213
|
- helpers/package-lock.json
|
|
214
214
|
- helpers/package.json
|
|
215
|
+
- helpers/patches/npm++pacote+9.5.12.patch
|
|
215
216
|
- helpers/run.js
|
|
216
217
|
- helpers/test/npm6/conflicting-dependency-parser.test.js
|
|
217
218
|
- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
|
|
@@ -280,7 +281,7 @@ licenses:
|
|
|
280
281
|
- Nonstandard
|
|
281
282
|
metadata:
|
|
282
283
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
284
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.228.0
|
|
284
285
|
post_install_message:
|
|
285
286
|
rdoc_options: []
|
|
286
287
|
require_paths:
|