dependabot-npm_and_yarn 0.234.0 → 0.236.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +4 -0
  3. data/lib/dependabot/npm_and_yarn/file_parser.rb +24 -17
  4. data/lib/dependabot/npm_and_yarn.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a27bb59e6f310774f64895b924bc5742274ceecbb6abe60cab93cac357411756
4
- data.tar.gz: da0c736d6e7cea385ae0aae3e1e56706dea413275b81e463835ba13d2bd2546f
3
+ metadata.gz: bafddbe8b9f7271bfe627a801e033b06e68322bdc779ec03201219695fadc3d3
4
+ data.tar.gz: 00d80f7d9354519ecffa4eb204ded84b97a504c99dc730f9dcd26b06ed1fbf3a
5
5
  SHA512:
6
- metadata.gz: 00da9575c0a19c4b498a8b67502524bc2c1f6ea43fcc86b109f6030b88b9f69fa4638347b2200d75975bd6996210e048acf721597a930557f5d2dadff7bb076b
7
- data.tar.gz: e554bd4fbe813d7c5cbeebe433b327750e714b92e954b30c48b644a51a9d9550467fe9247a382797d818c855a0a7c94cd3d0bf4beee91694ae7881730c1acab0
6
+ metadata.gz: 4f4ae8c26775b215b5cafc160cd21997a1dd7cf42281108e6648eab93817c3b804948fdcc3e51906d9167aa84cf0f09aaa8085348bc2ef5db3e3a659057fd61f
7
+ data.tar.gz: 965c3fab89f25c9117cbfba819fa80db7c3ffb1c72ef0f1f6a24ff9708465a68f43d9574804a9a6abf81040b46db51fa7a83870e3544892a71a9a9f418971507
data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED
@@ -69,6 +69,10 @@ module Dependabot
69
69
 
70
70
  private
71
71
 
72
+ def recurse_submodules_when_cloning?
73
+ true
74
+ end
75
+
72
76
  def fetch_files
73
77
  fetched_files = []
74
78
  fetched_files << package_json
data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED
@@ -41,11 +41,16 @@ module Dependabot
41
41
 
42
42
  dependencies = Helpers.dependencies_with_all_versions_metadata(dependency_set)
43
43
 
44
- # TODO: Currently, Dependabot can't handle dependencies that have both
45
- # a git source *and* a non-git source. Fix that!
46
44
  dependencies.reject do |dep|
47
- git_reqs =
48
- dep.requirements.select { |r| r.dig(:source, :type) == "git" }
45
+ reqs = dep.requirements
46
+
47
+ # Ignore dependencies defined in support files, since we don't want PRs for those
48
+ support_reqs = reqs.select { |r| support_package_files.any? { |f| f.name == r[:file] } }
49
+ next true if support_reqs.any?
50
+
51
+ # TODO: Currently, Dependabot can't handle dependencies that have both
52
+ # a git source *and* a non-git source. Fix that!
53
+ git_reqs = reqs.select { |r| r.dig(:source, :type) == "git" }
49
54
  next false if git_reqs.none?
50
55
  next true if git_reqs.map { |r| r.fetch(:source) }.uniq.count > 1
51
56
 
@@ -334,21 +339,23 @@ module Dependabot
334
339
  resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
335
340
  end
336
341
 
342
+ def support_package_files
343
+ @support_package_files ||= sub_package_files.select(&:support_file?)
344
+ end
345
+
346
+ def sub_package_files
347
+ @sub_package_files ||=
348
+ dependency_files.select { |f| f.name.end_with?("package.json") }
349
+ .reject { |f| f.name == "package.json" }
350
+ .reject { |f| f.name.include?("node_modules/") }
351
+ end
352
+
337
353
  def package_files
338
354
  @package_files ||=
339
- begin
340
- sub_packages =
341
- dependency_files
342
- .select { |f| f.name.end_with?("package.json") }
343
- .reject { |f| f.name == "package.json" }
344
- .reject { |f| f.name.include?("node_modules/") }
345
- .reject(&:support_file?)
346
-
347
- [
348
- dependency_files.find { |f| f.name == "package.json" },
349
- *sub_packages
350
- ].compact
351
- end
355
+ [
356
+ dependency_files.find { |f| f.name == "package.json" },
357
+ *sub_package_files
358
+ ].compact
352
359
  end
353
360
 
354
361
  def version_class
data/lib/dependabot/npm_and_yarn.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  # These all need to be required so the various classes can be registered in a
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.234.0
4
+ version: 0.236.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-12 00:00:00.000000000 Z
11
+ date: 2023-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.234.0
19
+ version: 0.236.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.234.0
26
+ version: 0.236.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -295,7 +295,7 @@ licenses:
295
295
  - Nonstandard
296
296
  metadata:
297
297
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
298
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.234.0
298
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
299
299
  post_install_message:
300
300
  rdoc_options: []
301
301
  require_paths: