dependabot-npm_and_yarn 0.254.0 → 0.256.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/pnpm/lockfile-parser.js +4 -0
  3. data/helpers/package-lock.json +1420 -1133
  4. data/helpers/package.json +4 -4
  5. data/helpers/test/pnpm/fixtures/parser/empty_version/pnpm-lock.yaml +72 -0
  6. data/helpers/test/pnpm/fixtures/parser/no_lockfile_change/pnpm-lock.yaml +2744 -0
  7. data/helpers/test/pnpm/fixtures/parser/only_dev_dependencies/pnpm-lock.yaml +16 -0
  8. data/helpers/test/pnpm/fixtures/parser/peer_disambiguation/pnpm-lock.yaml +855 -0
  9. data/helpers/test/pnpm/lockfile-parser.test.js +62 -0
  10. data/helpers/test/yarn/fixtures/updater/illegal_character/package.json +8 -0
  11. data/helpers/test/yarn/fixtures/updater/illegal_character/yarn.lock +14 -0
  12. data/helpers/test/yarn/updater.test.js +29 -0
  13. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +138 -60
  14. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -0
  15. data/lib/dependabot/npm_and_yarn/helpers.rb +3 -1
  16. data/lib/dependabot/npm_and_yarn/package_name.rb +15 -12
  17. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +13 -1
  18. metadata +27 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cfa9e96e814861f49dc40bae4d14552559e32d579dfcfd67c723bb7cd899f1e2
4
- data.tar.gz: 3f8e3ab8819bbf3f0908356e674913d6a149f9c57ff665c58d4647e8be9f1df0
3
+ metadata.gz: 717c72ed5bf7c2e1586683dd16f86ecda3e8a7e5408bcc63a287bc6d6bb8e317
4
+ data.tar.gz: 3e704efa1735fab6b107067c2b000ed2b17ca4d1ad15306f3f8d78d9d88d74a4
5
5
  SHA512:
6
- metadata.gz: ec2da69bd620158bd90541467bf2fcaedaa2d6e0bf9b3165503eb8b056dab82aa6f535f11a72aca75f241368ab6007c959237d0a76f03372728a6619f679ea21
7
- data.tar.gz: 4469d8e549e4c45e10f3a7a7c34f55650ebe1985bd71df60e78f413db407956cfe2860f9419cbca24f89894fcee03983fa8e30da1349d820fd2e2dda26dc4c75
6
+ metadata.gz: 23e1c3aca3d958f1b2092c5fb286ec45ababc3eee8cedf7ed5db479df2f670350d096c911066c2e657e9025c2e2b582acfc5ceddf687003cfb7f01237e048903
7
+ data.tar.gz: 39f2dc2f11b91a2a90745e0008c2291e31fc20d333134977babf02aab07011b66a1b241d31188b462cf60d427364cbc9914d16e78ad984f6577cd3bc3caa1e0a
data/helpers/lib/pnpm/lockfile-parser.js CHANGED
@@ -15,6 +15,10 @@ async function parse(directory) {
15
15
  });
16
16
 
17
17
  return Object.entries(lockfile.packages ?? {})
18
+ .filter(([depPath, pkgSnapshot]) => {
19
+ let dp = dependencyPath.parse(depPath);
20
+ return dp && dp.name // null or undefined checked for dependency path (dp) and empty name dps are filtered.
21
+ })
18
22
  .map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
19
23
  }
20
24