dependabot-npm_and_yarn 0.238.0 → 0.239.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +1 -1
- data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb +3 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +9 -3
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb +1 -1
- data/lib/dependabot/npm_and_yarn/requirement.rb +7 -1
- data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +2 -2
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a56edd19122fd01bf494ccd5c3e4f9641f32289ebabf6bb08915d869ee58f2b
|
4
|
+
data.tar.gz: 0c9883cde9e28dc7a60056db9766eb1ada8a8b5f3890bba671423571d2164697
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d74b8568ea273f503b4168667f33fade47048e3364236560a409a9399676b4ed3e5c344435b982f1112ca8340deecb0141d60ca842c080fc0a054c4b49d0b5b0
|
7
|
+
data.tar.gz: 02af05f027efc8e1e5e429e4485d36d29f1bf636cfb05ae61025e3ce2ef8a77e09292c09e279bf9ab457da0a6533f4faa7c7e7219c2256094cdb28a81fc71ab8
|
data/helpers/build
CHANGED
@@ -64,11 +64,11 @@ module Dependabot
|
|
64
64
|
name: dependency_name,
|
65
65
|
version: details_from_yarn_lock["version"] || "0.0.1",
|
66
66
|
dependencies:
|
67
|
-
|
67
|
+
replace_yarn_lockfile_paths(
|
68
68
|
details_from_yarn_lock["dependencies"]
|
69
69
|
),
|
70
70
|
optionalDependencies:
|
71
|
-
|
71
|
+
replace_yarn_lockfile_paths(
|
72
72
|
details_from_yarn_lock["optionalDependencies"]
|
73
73
|
)
|
74
74
|
}.compact.to_json
|
@@ -86,7 +86,7 @@ module Dependabot
|
|
86
86
|
# relative. Worse, they may point to the user's local cache.
|
87
87
|
# We work around this by constructing a relative path to the
|
88
88
|
# (second-level) path dependencies.
|
89
|
-
def
|
89
|
+
def replace_yarn_lockfile_paths(dependencies_hash)
|
90
90
|
return unless dependencies_hash
|
91
91
|
|
92
92
|
dependencies_hash.each_with_object({}) do |(name, value), obj|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
64
64
|
attr_reader :dependency_files, :credentials, :dependencies
|
65
65
|
|
66
66
|
def build_npmrc_content_from_lockfile
|
67
|
-
return unless yarn_lock || package_lock
|
67
|
+
return unless yarn_lock || package_lock || shrinkwrap
|
68
68
|
return unless global_registry
|
69
69
|
|
70
70
|
registry = global_registry["registry"]
|
@@ -149,9 +149,10 @@ module Dependabot
|
|
149
149
|
return @dependency_urls
|
150
150
|
end
|
151
151
|
|
152
|
-
|
152
|
+
npm_lockfile = package_lock || shrinkwrap
|
153
|
+
if npm_lockfile
|
153
154
|
@dependency_urls +=
|
154
|
-
|
155
|
+
npm_lockfile.content.scan(/"resolved"\s*:\s*"(.*)"/)
|
155
156
|
.flatten
|
156
157
|
.select { |url| url.is_a?(String) }
|
157
158
|
.reject { |url| url.start_with?("git") }
|
@@ -334,6 +335,11 @@ module Dependabot
|
|
334
335
|
@package_lock ||=
|
335
336
|
dependency_files.find { |f| f.name == "package-lock.json" }
|
336
337
|
end
|
338
|
+
|
339
|
+
def shrinkwrap
|
340
|
+
@shrinkwrap ||=
|
341
|
+
dependency_files.find { |f| f.name == "npm-shrinkwrap.json" }
|
342
|
+
end
|
337
343
|
end
|
338
344
|
end
|
339
345
|
end
|
@@ -56,7 +56,7 @@ module Dependabot
|
|
56
56
|
content
|
57
57
|
.gsub(/\{\{[^\}]*?\}\}/, "something") # {{ nm }} syntax not allowed
|
58
58
|
.gsub(/(?<!\\)\\ /, " ") # escaped whitespace not allowed
|
59
|
-
.gsub(%r{^\s*//.*}, " ")
|
59
|
+
.gsub(%r{^\s*//.*}, " ") # comments are not allowed
|
60
60
|
end
|
61
61
|
|
62
62
|
def swapped_ssh_requirements
|
@@ -1,12 +1,17 @@
|
|
1
1
|
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
6
|
+
require "dependabot/requirement"
|
4
7
|
require "dependabot/utils"
|
5
8
|
require "dependabot/npm_and_yarn/version"
|
6
9
|
|
7
10
|
module Dependabot
|
8
11
|
module NpmAndYarn
|
9
|
-
class Requirement <
|
12
|
+
class Requirement < Dependabot::Requirement
|
13
|
+
extend T::Sig
|
14
|
+
|
10
15
|
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
|
11
16
|
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/
|
12
17
|
LATEST_REQUIREMENT = "latest"
|
@@ -34,6 +39,7 @@ module Dependabot
|
|
34
39
|
|
35
40
|
# Returns an array of requirements. At least one requirement from the
|
36
41
|
# returned array must be satisfied for a version to be valid.
|
42
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
37
43
|
def self.requirements_array(requirement_string)
|
38
44
|
return [new(nil)] if requirement_string.nil?
|
39
45
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def write_temporary_dependency_files
|
18
|
-
|
18
|
+
write_lockfiles
|
19
19
|
|
20
20
|
if Helpers.yarn_berry?(yarn_locks.first)
|
21
21
|
File.write(".yarnrc.yml", yarnrc_yml_content) if yarnrc_yml_file
|
@@ -81,7 +81,7 @@ module Dependabot
|
|
81
81
|
|
82
82
|
attr_reader :dependency, :dependency_files, :credentials
|
83
83
|
|
84
|
-
def
|
84
|
+
def write_lockfiles
|
85
85
|
yarn_locks.each do |f|
|
86
86
|
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
87
87
|
File.write(f.name, prepared_yarn_lockfile_content(f.content))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.239.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-12-
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.239.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.239.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.58.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.58.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -310,7 +310,7 @@ licenses:
|
|
310
310
|
- Nonstandard
|
311
311
|
metadata:
|
312
312
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
313
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
313
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
314
314
|
post_install_message:
|
315
315
|
rdoc_options: []
|
316
316
|
require_paths:
|