dependabot-npm_and_yarn 0.227.0 → 0.229.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +2 -1
- data/helpers/package-lock.json +1305 -803
- data/helpers/package.json +6 -4
- data/helpers/patches/npm++pacote+9.5.12.patch +14 -0
- data/lib/dependabot/npm_and_yarn/file_parser.rb +12 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/library_detector.rb +1 -1
- metadata +8 -7
data/helpers/package.json
CHANGED
@@ -6,7 +6,8 @@
|
|
6
6
|
},
|
7
7
|
"scripts": {
|
8
8
|
"lint": "eslint .",
|
9
|
-
"test": "jest"
|
9
|
+
"test": "jest",
|
10
|
+
"postinstall": "patch-package"
|
10
11
|
},
|
11
12
|
"dependencies": {
|
12
13
|
"@dependabot/yarn-lib": "^1.22.19",
|
@@ -16,12 +17,13 @@
|
|
16
17
|
"npm": "6.14.18",
|
17
18
|
"@pnpm/lockfile-file": "^8.1.2",
|
18
19
|
"@pnpm/dependency-path": "^2.1.1",
|
19
|
-
"semver": "^7.4.0"
|
20
|
+
"semver": "^7.4.0",
|
21
|
+
"patch-package": "^8.0.0"
|
20
22
|
},
|
21
23
|
"devDependencies": {
|
22
24
|
"eslint": "^8.47.0",
|
23
25
|
"eslint-config-prettier": "^9.0.0",
|
24
|
-
"jest": "^29.6.
|
25
|
-
"prettier": "^3.0.
|
26
|
+
"jest": "^29.6.3",
|
27
|
+
"prettier": "^3.0.2"
|
26
28
|
}
|
27
29
|
}
|
@@ -0,0 +1,14 @@
|
|
1
|
+
diff --git a/node_modules/npm/node_modules/pacote/lib/util/git.js b/node_modules/npm/node_modules/pacote/lib/util/git.js
|
2
|
+
index 7642eb2..7bb3324 100644
|
3
|
+
--- a/node_modules/npm/node_modules/pacote/lib/util/git.js
|
4
|
+
+++ b/node_modules/npm/node_modules/pacote/lib/util/git.js
|
5
|
+
@@ -25,7 +25,8 @@ const GOOD_ENV_VARS = new Set([
|
6
|
+
'GIT_SSH',
|
7
|
+
'GIT_SSH_COMMAND',
|
8
|
+
'GIT_SSL_CAINFO',
|
9
|
+
- 'GIT_SSL_NO_VERIFY'
|
10
|
+
+ 'GIT_SSL_NO_VERIFY',
|
11
|
+
+ 'GIT_CONFIG_GLOBAL'
|
12
|
+
])
|
13
|
+
|
14
|
+
const GIT_TRANSIENT_ERRORS = [
|
@@ -178,10 +178,10 @@ module Dependabot
|
|
178
178
|
elsif lockfile_details
|
179
179
|
lockfile_version_for(lockfile_details)
|
180
180
|
else
|
181
|
-
|
182
|
-
return unless
|
181
|
+
exact_version = exact_version_for(requirement)
|
182
|
+
return unless exact_version
|
183
183
|
|
184
|
-
semver_version_for(
|
184
|
+
semver_version_for(exact_version)
|
185
185
|
end
|
186
186
|
end
|
187
187
|
|
@@ -230,6 +230,15 @@ module Dependabot
|
|
230
230
|
version_class.semver_for(version)
|
231
231
|
end
|
232
232
|
|
233
|
+
def exact_version_for(requirement)
|
234
|
+
req = requirement_class.new(requirement)
|
235
|
+
return unless req.exact?
|
236
|
+
|
237
|
+
req.requirements.first.last.to_s
|
238
|
+
rescue Gem::Requirement::BadRequirementError
|
239
|
+
# If it doesn't parse, it's definitely not exact
|
240
|
+
end
|
241
|
+
|
233
242
|
def source_for(name, requirement, lockfile_details)
|
234
243
|
return git_source_for(requirement) if git_url?(requirement)
|
235
244
|
|
@@ -552,7 +552,7 @@ module Dependabot
|
|
552
552
|
return "" if indentation.nil? # let npm set the default if we can't detect any indentation
|
553
553
|
|
554
554
|
indentation_size = indentation.length
|
555
|
-
indentation_type = indentation.scan(
|
555
|
+
indentation_type = indentation.scan("\t").any? ? "\t" : " "
|
556
556
|
|
557
557
|
indentation_type * indentation_size
|
558
558
|
end
|
@@ -214,7 +214,7 @@ module Dependabot
|
|
214
214
|
#
|
215
215
|
# TODO: Move this logic to the UpdateChecker (and parse peer deps)
|
216
216
|
sections += ["peerDependencies"]
|
217
|
-
sections_regex = /#{sections.join(
|
217
|
+
sections_regex = /#{sections.join('|')}/
|
218
218
|
|
219
219
|
declaration_blocks = []
|
220
220
|
|
@@ -111,7 +111,7 @@ module Dependabot
|
|
111
111
|
|
112
112
|
def filtered_dependency_files
|
113
113
|
@filtered_dependency_files ||=
|
114
|
-
if dependencies.
|
114
|
+
if dependencies.any?(&:top_level?)
|
115
115
|
DependencyFilesFilterer.new(
|
116
116
|
dependency_files: dependency_files,
|
117
117
|
updated_dependencies: dependencies
|
@@ -42,7 +42,7 @@ module Dependabot
|
|
42
42
|
@project_npm_response ||= Dependabot::RegistryClient.get(url: url)
|
43
43
|
return false unless @project_npm_response.status == 200
|
44
44
|
|
45
|
-
@project_npm_response.body.force_encoding("UTF-8").encode.
|
45
|
+
@project_npm_response.body.dup.force_encoding("UTF-8").encode.
|
46
46
|
include?(project_description)
|
47
47
|
rescue Excon::Error::Socket, Excon::Error::Timeout, URI::InvalidURIError
|
48
48
|
false
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.229.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.229.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.229.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.56.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.56.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -212,6 +212,7 @@ files:
|
|
212
212
|
- helpers/lib/yarn/updater.js
|
213
213
|
- helpers/package-lock.json
|
214
214
|
- helpers/package.json
|
215
|
+
- helpers/patches/npm++pacote+9.5.12.patch
|
215
216
|
- helpers/run.js
|
216
217
|
- helpers/test/npm6/conflicting-dependency-parser.test.js
|
217
218
|
- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
|
@@ -280,7 +281,7 @@ licenses:
|
|
280
281
|
- Nonstandard
|
281
282
|
metadata:
|
282
283
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
284
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.229.0
|
284
285
|
post_install_message:
|
285
286
|
rdoc_options: []
|
286
287
|
require_paths:
|