dependabot-npm_and_yarn 0.233.0 → 0.235.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +893 -764
- data/helpers/package.json +2 -2
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +4 -4
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +3 -3
- data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +3 -3
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker.rb +1 -1
- metadata +5 -5
data/helpers/package.json
CHANGED
@@ -247,7 +247,7 @@ module Dependabot
|
|
247
247
|
# Loop through parent directories looking for an yarnrc
|
248
248
|
(1..directory.split("/").count).each do |i|
|
249
249
|
@yarnrc = fetch_file_from_host(("../" * i) + ".yarnrc")
|
250
|
-
|
250
|
+
&.tap { |f| f.support_file = true }
|
251
251
|
break if @yarnrc
|
252
252
|
rescue Dependabot::DependencyFileNotFound
|
253
253
|
# Ignore errors (.yarnrc may not be present)
|
@@ -197,8 +197,8 @@ module Dependabot
|
|
197
197
|
yarnrc_global_registry =
|
198
198
|
yarnrc_file.content
|
199
199
|
.lines.find { |line| line.match?(/^\s*registry\s/) }
|
200
|
-
|
201
|
-
|
200
|
+
&.match(NpmAndYarn::UpdateChecker::RegistryFinder::YARN_GLOBAL_REGISTRY_REGEX)
|
201
|
+
&.named_captures&.fetch("registry")
|
202
202
|
|
203
203
|
return "registry = #{yarnrc_global_registry}\n" if yarnrc_global_registry
|
204
204
|
|
@@ -209,8 +209,8 @@ module Dependabot
|
|
209
209
|
yarnrc_global_registry =
|
210
210
|
yarnrc_file.content
|
211
211
|
.lines.find { |line| line.match?(/^\s*registry\s/) }
|
212
|
-
|
213
|
-
|
212
|
+
&.match(/^\s*registry\s+"(?<registry>[^"]+)"/)
|
213
|
+
&.named_captures&.fetch("registry")
|
214
214
|
|
215
215
|
return "registry \"#{yarnrc_global_registry}\"\n" if yarnrc_global_registry
|
216
216
|
|
@@ -511,9 +511,9 @@ module Dependabot
|
|
511
511
|
yarnrc_global_registry =
|
512
512
|
yarnrc_file.content
|
513
513
|
.lines.find { |line| line.match?(regex) }
|
514
|
-
|
515
|
-
|
516
|
-
|
514
|
+
&.match(regex)
|
515
|
+
&.named_captures
|
516
|
+
&.fetch("registry")
|
517
517
|
|
518
518
|
return false unless yarnrc_global_registry
|
519
519
|
|
@@ -105,9 +105,9 @@ module Dependabot
|
|
105
105
|
yarnrc_global_registry =
|
106
106
|
yarnrc_file.content
|
107
107
|
.lines.find { |line| line.match?(regex) }
|
108
|
-
|
109
|
-
|
110
|
-
|
108
|
+
&.match(regex)
|
109
|
+
&.named_captures
|
110
|
+
&.fetch("registry")
|
111
111
|
|
112
112
|
return false unless yarnrc_global_registry
|
113
113
|
|
@@ -204,7 +204,7 @@ module Dependabot
|
|
204
204
|
# resulting in a bunch of package duplication which is pretty confusing.
|
205
205
|
def bundled_dependency?
|
206
206
|
dependency.subdependency_metadata
|
207
|
-
|
207
|
+
&.any? { |h| h.fetch(:npm_bundled, false) } ||
|
208
208
|
false
|
209
209
|
end
|
210
210
|
end
|
@@ -356,7 +356,7 @@ module Dependabot
|
|
356
356
|
semver_req =
|
357
357
|
dependency.requirements
|
358
358
|
.find { |req| req.dig(:source, :type) == "git" }
|
359
|
-
|
359
|
+
&.fetch(:requirement)
|
360
360
|
|
361
361
|
# If there was a semver requirement provided or the dependency was
|
362
362
|
# pinned to a version, look for the latest tag
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.235.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.235.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.235.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -295,7 +295,7 @@ licenses:
|
|
295
295
|
- Nonstandard
|
296
296
|
metadata:
|
297
297
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
298
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
298
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
|
299
299
|
post_install_message:
|
300
300
|
rdoc_options: []
|
301
301
|
require_paths:
|