dependabot-npm_and_yarn 0.234.0 → 0.236.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bafddbe8b9f7271bfe627a801e033b06e68322bdc779ec03201219695fadc3d3
|
4
|
+
data.tar.gz: 00d80f7d9354519ecffa4eb204ded84b97a504c99dc730f9dcd26b06ed1fbf3a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4f4ae8c26775b215b5cafc160cd21997a1dd7cf42281108e6648eab93817c3b804948fdcc3e51906d9167aa84cf0f09aaa8085348bc2ef5db3e3a659057fd61f
|
7
|
+
data.tar.gz: 965c3fab89f25c9117cbfba819fa80db7c3ffb1c72ef0f1f6a24ff9708465a68f43d9574804a9a6abf81040b46db51fa7a83870e3544892a71a9a9f418971507
|
@@ -41,11 +41,16 @@ module Dependabot
|
|
41
41
|
|
42
42
|
dependencies = Helpers.dependencies_with_all_versions_metadata(dependency_set)
|
43
43
|
|
44
|
-
# TODO: Currently, Dependabot can't handle dependencies that have both
|
45
|
-
# a git source *and* a non-git source. Fix that!
|
46
44
|
dependencies.reject do |dep|
|
47
|
-
|
48
|
-
|
45
|
+
reqs = dep.requirements
|
46
|
+
|
47
|
+
# Ignore dependencies defined in support files, since we don't want PRs for those
|
48
|
+
support_reqs = reqs.select { |r| support_package_files.any? { |f| f.name == r[:file] } }
|
49
|
+
next true if support_reqs.any?
|
50
|
+
|
51
|
+
# TODO: Currently, Dependabot can't handle dependencies that have both
|
52
|
+
# a git source *and* a non-git source. Fix that!
|
53
|
+
git_reqs = reqs.select { |r| r.dig(:source, :type) == "git" }
|
49
54
|
next false if git_reqs.none?
|
50
55
|
next true if git_reqs.map { |r| r.fetch(:source) }.uniq.count > 1
|
51
56
|
|
@@ -334,21 +339,23 @@ module Dependabot
|
|
334
339
|
resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
|
335
340
|
end
|
336
341
|
|
342
|
+
def support_package_files
|
343
|
+
@support_package_files ||= sub_package_files.select(&:support_file?)
|
344
|
+
end
|
345
|
+
|
346
|
+
def sub_package_files
|
347
|
+
@sub_package_files ||=
|
348
|
+
dependency_files.select { |f| f.name.end_with?("package.json") }
|
349
|
+
.reject { |f| f.name == "package.json" }
|
350
|
+
.reject { |f| f.name.include?("node_modules/") }
|
351
|
+
end
|
352
|
+
|
337
353
|
def package_files
|
338
354
|
@package_files ||=
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
.reject { |f| f.name == "package.json" }
|
344
|
-
.reject { |f| f.name.include?("node_modules/") }
|
345
|
-
.reject(&:support_file?)
|
346
|
-
|
347
|
-
[
|
348
|
-
dependency_files.find { |f| f.name == "package.json" },
|
349
|
-
*sub_packages
|
350
|
-
].compact
|
351
|
-
end
|
355
|
+
[
|
356
|
+
dependency_files.find { |f| f.name == "package.json" },
|
357
|
+
*sub_package_files
|
358
|
+
].compact
|
352
359
|
end
|
353
360
|
|
354
361
|
def version_class
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.236.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.236.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.236.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -295,7 +295,7 @@ licenses:
|
|
295
295
|
- Nonstandard
|
296
296
|
metadata:
|
297
297
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
298
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
298
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
|
299
299
|
post_install_message:
|
300
300
|
rdoc_options: []
|
301
301
|
require_paths:
|