dependabot-npm_and_yarn 0.278.0 → 0.279.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fc1831a7fd0ce199df4dd0a3cf181a9f98a77bc9afdbef011edcf39d6ebabc32
|
4
|
+
data.tar.gz: 2c674ec57330ef559f09cd3f9dff509f326b9da9e48f4af535a19a1e9841e236
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e3658b8c3d8168dcd7728e95b6642bc415c54905bc540fa54ce77c0d6081c90a4236b88dbf05fcf52ffbacc476120ea68a9b99953ca6fb71e8dbdd9176103f1a
|
7
|
+
data.tar.gz: 1d7ce4d6a12e28747b5781c7a87c9396de229da85ff57b3a2af340d495aa396b67de27be1f09eec99452db931d756767cf745202bcf019443f88c6b83e7314f6
|
@@ -23,31 +23,24 @@ module Dependabot
|
|
23
23
|
# i.e. if { engines : "pnpm" : "6" } and { packageManager: "pnpm@6.0.2" },
|
24
24
|
# we go for the specificity mentioned in packageManager (6.0.2)
|
25
25
|
|
26
|
-
|
26
|
+
unless @package_manager&.start_with?("#{name}@") || (@package_manager&.==name.to_s) || @package_manager.nil?
|
27
|
+
return
|
28
|
+
end
|
27
29
|
|
28
|
-
|
29
|
-
|
30
|
-
|
30
|
+
if @engines && @package_manager.nil?
|
31
|
+
# if "packageManager" doesn't exists in manifest file,
|
32
|
+
# we check if we can extract "engines" information
|
33
|
+
version = check_engine_version(name)
|
31
34
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\"")
|
42
|
-
version = check_engine_version(name) if @engines
|
43
|
-
|
44
|
-
elsif @package_manager&.start_with?("#{name}@")
|
45
|
-
# if "packageManager" info has version specification i.e. yarn@3.3.1
|
46
|
-
# we go with the version in "packageManager"
|
47
|
-
Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
|
48
|
-
end
|
49
|
-
else
|
50
|
-
return unless @package_manager.nil? || @package_manager&.start_with?("#{name}@")
|
35
|
+
elsif @package_manager&.==name.to_s
|
36
|
+
# if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
|
37
|
+
# we check if we can get "engines" info to override default version
|
38
|
+
version = check_engine_version(name) if @engines
|
39
|
+
|
40
|
+
elsif @package_manager&.start_with?("#{name}@")
|
41
|
+
# if "packageManager" info has version specification i.e. yarn@3.3.1
|
42
|
+
# we go with the version in "packageManager"
|
43
|
+
Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
|
51
44
|
end
|
52
45
|
|
53
46
|
version ||= requested_version(name)
|
@@ -103,7 +96,6 @@ module Dependabot
|
|
103
96
|
lockfile = @lockfiles[name.to_sym]
|
104
97
|
return unless lockfile
|
105
98
|
|
106
|
-
Dependabot.logger.info("Estimating version")
|
107
99
|
Helpers.send(:"#{name}_version_numeric", lockfile)
|
108
100
|
end
|
109
101
|
|
@@ -112,10 +104,7 @@ module Dependabot
|
|
112
104
|
version_selector = VersionSelector.new
|
113
105
|
engine_versions = version_selector.setup(@package_json, name)
|
114
106
|
|
115
|
-
if engine_versions.empty?
|
116
|
-
Dependabot.logger.info("No relevant (engines) info for \"#{name}\"")
|
117
|
-
return
|
118
|
-
end
|
107
|
+
return if engine_versions.empty?
|
119
108
|
|
120
109
|
version = engine_versions[name]
|
121
110
|
Dependabot.logger.info("Returned (engines) info \"#{name}\" : \"#{version}\"")
|
@@ -17,16 +17,7 @@ module Dependabot
|
|
17
17
|
def setup(manifest_json, name)
|
18
18
|
engine_versions = manifest_json["engines"]
|
19
19
|
|
20
|
-
if engine_versions.nil?
|
21
|
-
Dependabot.logger.info("No info (engines) found")
|
22
|
-
return {}
|
23
|
-
end
|
24
|
-
|
25
|
-
# logs entries for analysis purposes
|
26
|
-
log = engine_versions.select do |engine, _value|
|
27
|
-
engine.to_s.match(name)
|
28
|
-
end
|
29
|
-
Dependabot.logger.info("Found engine info #{log}") unless log.empty?
|
20
|
+
return {} if engine_versions.nil?
|
30
21
|
|
31
22
|
# Only keep matching specs versions i.e. "20.21.2", "7.1.2",
|
32
23
|
# Additional specs can be added later
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.279.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-10-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.279.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.279.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -346,7 +346,7 @@ licenses:
|
|
346
346
|
- MIT
|
347
347
|
metadata:
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
|
350
350
|
post_install_message:
|
351
351
|
rdoc_options: []
|
352
352
|
require_paths:
|