dependabot-npm_and_yarn 0.253.0 → 0.255.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/pnpm/lockfile-parser.js +4 -0
  3. data/helpers/package-lock.json +1244 -482
  4. data/helpers/package.json +5 -5
  5. data/helpers/test/pnpm/fixtures/parser/empty_version/pnpm-lock.yaml +72 -0
  6. data/helpers/test/pnpm/fixtures/parser/no_lockfile_change/pnpm-lock.yaml +2744 -0
  7. data/helpers/test/pnpm/fixtures/parser/only_dev_dependencies/pnpm-lock.yaml +16 -0
  8. data/helpers/test/pnpm/fixtures/parser/peer_disambiguation/pnpm-lock.yaml +855 -0
  9. data/helpers/test/pnpm/lockfile-parser.test.js +62 -0
  10. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +26 -15
  11. data/helpers/test/yarn/fixtures/updater/illegal_character/package.json +8 -0
  12. data/helpers/test/yarn/fixtures/updater/illegal_character/yarn.lock +14 -0
  13. data/helpers/test/yarn/updater.test.js +29 -0
  14. data/lib/dependabot/npm_and_yarn/file_parser.rb +1 -1
  15. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +138 -60
  16. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -0
  17. data/lib/dependabot/npm_and_yarn/package_name.rb +15 -12
  18. data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb +1 -1
  19. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +13 -1
  20. metadata +37 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f9b95439ed1ee9f714fa58d506120f2ca0e5748abe2b269a5dbaf45cda179d87
4
- data.tar.gz: dd1155e4ce28ffadd685e3c2abfd56d8d49f660d197c12eb43ab4a5237567414
3
+ metadata.gz: a04fed155ce40f17248f6051170a2bb4ab8b4227fb6690dac31982ca094776aa
4
+ data.tar.gz: 54c16a0ac69ce2245e8d5d98ddcca86296da1cd5bb83c6b67cd25af6f7f18ff3
5
5
  SHA512:
6
- metadata.gz: 4ebd9eb6cd1bc0cc83e8d306912f34ed062bdb71c14035b7dd8faa419834401a266213db708ff786d630fa157722ea207265bfbb9544141ed99e1866aa0a261e
7
- data.tar.gz: 8c4980ecdf31e87861127409556d2bce3907af4ef57599ae9f5937dfa1d64a61319fddf792a6927b81e7defb26f876853828f6258ef9ec9aa5c0b00a0126e651
6
+ metadata.gz: fb0b22c6ad0e123636ca768a75531cf96140c019ff54511628b17f38cad97b1b35ab2ff55a34c8b4738131d5c704767f8ec2d3e764e1a9b2b9bca644db1d3f95
7
+ data.tar.gz: 28db56354e795dcd6e63aa4b7dbf6ef77b7093ddf94ef15364391cd48e926d0c1ecf9e5fefca65ac28d7842adf5f3d14a0cf11893163f1c9d2094a5600155595
data/helpers/lib/pnpm/lockfile-parser.js CHANGED
@@ -15,6 +15,10 @@ async function parse(directory) {
15
15
  });
16
16
 
17
17
  return Object.entries(lockfile.packages ?? {})
18
+ .filter(([depPath, pkgSnapshot]) => {
19
+ let dp = dependencyPath.parse(depPath);
20
+ return dp && dp.name // null or undefined checked for dependency path (dp) and empty name dps are filtered.
21
+ })
18
22
  .map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
19
23
  }
20
24