dependabot-npm_and_yarn 0.283.0 → 0.285.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +108 -87
- data/helpers/package.json +1 -1
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +53 -28
- data/lib/dependabot/npm_and_yarn/file_parser.rb +85 -8
- data/lib/dependabot/npm_and_yarn/helpers.rb +22 -9
- data/lib/dependabot/npm_and_yarn/package_manager.rb +237 -14
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bf3271285f39bf1e7f91fad3995676126cf0b580184e741e1fe10b5d295a5f4e
|
|
4
|
+
data.tar.gz: 91d70c4bb5a9454ffb50e38fdcb92957649a8211a1a27349b023d9a2a104ac26
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3f3efeb4f22bfaad116b86ec6dcede6dfd378c2e669e9293f521ff9d285b54b7a072ce888c2eb0d44ef64605f144d9deb5f5ce9b723ee44c00366147f065474
|
|
7
|
+
data.tar.gz: 9426fe3a37b2b6af1c86dc79e7f596406a59329a0bc0429065387d7fe3a6cff987b69865f49c21df3bf90c8e46687dd291fc2a1a12f65fe8621487c7e8e56433
|
data/helpers/package-lock.json
CHANGED
|
@@ -21,7 +21,7 @@
|
|
|
21
21
|
"helper": "run.js"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
|
-
"eslint": "^9.
|
|
24
|
+
"eslint": "^9.14.0",
|
|
25
25
|
"eslint-config-prettier": "^9.1.0",
|
|
26
26
|
"jest": "^29.7.0",
|
|
27
27
|
"prettier": "^3.3.3"
|
|
@@ -723,9 +723,9 @@
|
|
|
723
723
|
}
|
|
724
724
|
},
|
|
725
725
|
"node_modules/@eslint-community/regexpp": {
|
|
726
|
-
"version": "4.
|
|
727
|
-
"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.
|
|
728
|
-
"integrity": "sha512-
|
|
726
|
+
"version": "4.12.1",
|
|
727
|
+
"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
|
|
728
|
+
"integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
|
|
729
729
|
"dev": true,
|
|
730
730
|
"engines": {
|
|
731
731
|
"node": "^12.0.0 || ^14.0.0 || >=16.0.0"
|
|
@@ -836,9 +836,9 @@
|
|
|
836
836
|
"dev": true
|
|
837
837
|
},
|
|
838
838
|
"node_modules/@eslint/js": {
|
|
839
|
-
"version": "9.
|
|
840
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.
|
|
841
|
-
"integrity": "sha512-
|
|
839
|
+
"version": "9.14.0",
|
|
840
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.14.0.tgz",
|
|
841
|
+
"integrity": "sha512-pFoEtFWCPyDOl+C6Ift+wC7Ro89otjigCf5vcuWqWgqNSQbRrpjSvdeE6ofLz4dHmyxD5f7gIdGT4+p36L6Twg==",
|
|
842
842
|
"dev": true,
|
|
843
843
|
"engines": {
|
|
844
844
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
@@ -866,27 +866,40 @@
|
|
|
866
866
|
}
|
|
867
867
|
},
|
|
868
868
|
"node_modules/@humanfs/core": {
|
|
869
|
-
"version": "0.19.
|
|
870
|
-
"resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.
|
|
871
|
-
"integrity": "sha512-
|
|
869
|
+
"version": "0.19.1",
|
|
870
|
+
"resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz",
|
|
871
|
+
"integrity": "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==",
|
|
872
872
|
"dev": true,
|
|
873
873
|
"engines": {
|
|
874
874
|
"node": ">=18.18.0"
|
|
875
875
|
}
|
|
876
876
|
},
|
|
877
877
|
"node_modules/@humanfs/node": {
|
|
878
|
-
"version": "0.16.
|
|
879
|
-
"resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.
|
|
880
|
-
"integrity": "sha512-
|
|
878
|
+
"version": "0.16.6",
|
|
879
|
+
"resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.6.tgz",
|
|
880
|
+
"integrity": "sha512-YuI2ZHQL78Q5HbhDiBA1X4LmYdXCKCMQIfw0pw7piHJwyREFebJUvrQN4cMssyES6x+vfUbx1CIpaQUKYdQZOw==",
|
|
881
881
|
"dev": true,
|
|
882
882
|
"dependencies": {
|
|
883
|
-
"@humanfs/core": "^0.19.
|
|
883
|
+
"@humanfs/core": "^0.19.1",
|
|
884
884
|
"@humanwhocodes/retry": "^0.3.0"
|
|
885
885
|
},
|
|
886
886
|
"engines": {
|
|
887
887
|
"node": ">=18.18.0"
|
|
888
888
|
}
|
|
889
889
|
},
|
|
890
|
+
"node_modules/@humanfs/node/node_modules/@humanwhocodes/retry": {
|
|
891
|
+
"version": "0.3.1",
|
|
892
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.3.1.tgz",
|
|
893
|
+
"integrity": "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA==",
|
|
894
|
+
"dev": true,
|
|
895
|
+
"engines": {
|
|
896
|
+
"node": ">=18.18"
|
|
897
|
+
},
|
|
898
|
+
"funding": {
|
|
899
|
+
"type": "github",
|
|
900
|
+
"url": "https://github.com/sponsors/nzakas"
|
|
901
|
+
}
|
|
902
|
+
},
|
|
890
903
|
"node_modules/@humanwhocodes/module-importer": {
|
|
891
904
|
"version": "1.0.1",
|
|
892
905
|
"resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz",
|
|
@@ -901,9 +914,9 @@
|
|
|
901
914
|
}
|
|
902
915
|
},
|
|
903
916
|
"node_modules/@humanwhocodes/retry": {
|
|
904
|
-
"version": "0.
|
|
905
|
-
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.
|
|
906
|
-
"integrity": "sha512-
|
|
917
|
+
"version": "0.4.0",
|
|
918
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.0.tgz",
|
|
919
|
+
"integrity": "sha512-xnRgu9DxZbkWak/te3fcytNyp8MTbuiZIaueg2rgEvBuN55n04nwLYLU9TX/VVlusc9L2ZNXi99nUFNkHXtr5g==",
|
|
907
920
|
"dev": true,
|
|
908
921
|
"engines": {
|
|
909
922
|
"node": ">=18.18"
|
|
@@ -3159,9 +3172,9 @@
|
|
|
3159
3172
|
}
|
|
3160
3173
|
},
|
|
3161
3174
|
"node_modules/acorn": {
|
|
3162
|
-
"version": "8.
|
|
3163
|
-
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.
|
|
3164
|
-
"integrity": "sha512-
|
|
3175
|
+
"version": "8.14.0",
|
|
3176
|
+
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
|
|
3177
|
+
"integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
|
|
3165
3178
|
"dev": true,
|
|
3166
3179
|
"bin": {
|
|
3167
3180
|
"acorn": "bin/acorn"
|
|
@@ -4579,21 +4592,21 @@
|
|
|
4579
4592
|
}
|
|
4580
4593
|
},
|
|
4581
4594
|
"node_modules/eslint": {
|
|
4582
|
-
"version": "9.
|
|
4583
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.
|
|
4584
|
-
"integrity": "sha512-
|
|
4595
|
+
"version": "9.14.0",
|
|
4596
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.14.0.tgz",
|
|
4597
|
+
"integrity": "sha512-c2FHsVBr87lnUtjP4Yhvk4yEhKrQavGafRA/Se1ouse8PfbfC/Qh9Mxa00yWsZRlqeUB9raXip0aiiUZkgnr9g==",
|
|
4585
4598
|
"dev": true,
|
|
4586
4599
|
"dependencies": {
|
|
4587
4600
|
"@eslint-community/eslint-utils": "^4.2.0",
|
|
4588
|
-
"@eslint-community/regexpp": "^4.
|
|
4601
|
+
"@eslint-community/regexpp": "^4.12.1",
|
|
4589
4602
|
"@eslint/config-array": "^0.18.0",
|
|
4590
4603
|
"@eslint/core": "^0.7.0",
|
|
4591
4604
|
"@eslint/eslintrc": "^3.1.0",
|
|
4592
|
-
"@eslint/js": "9.
|
|
4605
|
+
"@eslint/js": "9.14.0",
|
|
4593
4606
|
"@eslint/plugin-kit": "^0.2.0",
|
|
4594
|
-
"@humanfs/node": "^0.16.
|
|
4607
|
+
"@humanfs/node": "^0.16.6",
|
|
4595
4608
|
"@humanwhocodes/module-importer": "^1.0.1",
|
|
4596
|
-
"@humanwhocodes/retry": "^0.
|
|
4609
|
+
"@humanwhocodes/retry": "^0.4.0",
|
|
4597
4610
|
"@types/estree": "^1.0.6",
|
|
4598
4611
|
"@types/json-schema": "^7.0.15",
|
|
4599
4612
|
"ajv": "^6.12.4",
|
|
@@ -4601,9 +4614,9 @@
|
|
|
4601
4614
|
"cross-spawn": "^7.0.2",
|
|
4602
4615
|
"debug": "^4.3.2",
|
|
4603
4616
|
"escape-string-regexp": "^4.0.0",
|
|
4604
|
-
"eslint-scope": "^8.
|
|
4605
|
-
"eslint-visitor-keys": "^4.
|
|
4606
|
-
"espree": "^10.
|
|
4617
|
+
"eslint-scope": "^8.2.0",
|
|
4618
|
+
"eslint-visitor-keys": "^4.2.0",
|
|
4619
|
+
"espree": "^10.3.0",
|
|
4607
4620
|
"esquery": "^1.5.0",
|
|
4608
4621
|
"esutils": "^2.0.2",
|
|
4609
4622
|
"fast-deep-equal": "^3.1.3",
|
|
@@ -4651,9 +4664,9 @@
|
|
|
4651
4664
|
}
|
|
4652
4665
|
},
|
|
4653
4666
|
"node_modules/eslint-scope": {
|
|
4654
|
-
"version": "8.
|
|
4655
|
-
"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.
|
|
4656
|
-
"integrity": "sha512-
|
|
4667
|
+
"version": "8.2.0",
|
|
4668
|
+
"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.2.0.tgz",
|
|
4669
|
+
"integrity": "sha512-PHlWUfG6lvPc3yvP5A4PNyBL1W8fkDUccmI21JUu/+GKZBoH/W5u6usENXUrWFRsyoW5ACUjFGgAFQp5gUlb/A==",
|
|
4657
4670
|
"dev": true,
|
|
4658
4671
|
"dependencies": {
|
|
4659
4672
|
"esrecurse": "^4.3.0",
|
|
@@ -4757,9 +4770,9 @@
|
|
|
4757
4770
|
}
|
|
4758
4771
|
},
|
|
4759
4772
|
"node_modules/eslint/node_modules/eslint-visitor-keys": {
|
|
4760
|
-
"version": "4.
|
|
4761
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.
|
|
4762
|
-
"integrity": "sha512-
|
|
4773
|
+
"version": "4.2.0",
|
|
4774
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
|
|
4775
|
+
"integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
|
|
4763
4776
|
"dev": true,
|
|
4764
4777
|
"engines": {
|
|
4765
4778
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
@@ -4842,14 +4855,14 @@
|
|
|
4842
4855
|
}
|
|
4843
4856
|
},
|
|
4844
4857
|
"node_modules/espree": {
|
|
4845
|
-
"version": "10.
|
|
4846
|
-
"resolved": "https://registry.npmjs.org/espree/-/espree-10.
|
|
4847
|
-
"integrity": "sha512-
|
|
4858
|
+
"version": "10.3.0",
|
|
4859
|
+
"resolved": "https://registry.npmjs.org/espree/-/espree-10.3.0.tgz",
|
|
4860
|
+
"integrity": "sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==",
|
|
4848
4861
|
"dev": true,
|
|
4849
4862
|
"dependencies": {
|
|
4850
|
-
"acorn": "^8.
|
|
4863
|
+
"acorn": "^8.14.0",
|
|
4851
4864
|
"acorn-jsx": "^5.3.2",
|
|
4852
|
-
"eslint-visitor-keys": "^4.
|
|
4865
|
+
"eslint-visitor-keys": "^4.2.0"
|
|
4853
4866
|
},
|
|
4854
4867
|
"engines": {
|
|
4855
4868
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
@@ -4859,9 +4872,9 @@
|
|
|
4859
4872
|
}
|
|
4860
4873
|
},
|
|
4861
4874
|
"node_modules/espree/node_modules/eslint-visitor-keys": {
|
|
4862
|
-
"version": "4.
|
|
4863
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.
|
|
4864
|
-
"integrity": "sha512-
|
|
4875
|
+
"version": "4.2.0",
|
|
4876
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
|
|
4877
|
+
"integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
|
|
4865
4878
|
"dev": true,
|
|
4866
4879
|
"engines": {
|
|
4867
4880
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
@@ -16876,9 +16889,9 @@
|
|
|
16876
16889
|
}
|
|
16877
16890
|
},
|
|
16878
16891
|
"@eslint-community/regexpp": {
|
|
16879
|
-
"version": "4.
|
|
16880
|
-
"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.
|
|
16881
|
-
"integrity": "sha512-
|
|
16892
|
+
"version": "4.12.1",
|
|
16893
|
+
"resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
|
|
16894
|
+
"integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
|
|
16882
16895
|
"dev": true
|
|
16883
16896
|
},
|
|
16884
16897
|
"@eslint/config-array": {
|
|
@@ -16959,9 +16972,9 @@
|
|
|
16959
16972
|
}
|
|
16960
16973
|
},
|
|
16961
16974
|
"@eslint/js": {
|
|
16962
|
-
"version": "9.
|
|
16963
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.
|
|
16964
|
-
"integrity": "sha512-
|
|
16975
|
+
"version": "9.14.0",
|
|
16976
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.14.0.tgz",
|
|
16977
|
+
"integrity": "sha512-pFoEtFWCPyDOl+C6Ift+wC7Ro89otjigCf5vcuWqWgqNSQbRrpjSvdeE6ofLz4dHmyxD5f7gIdGT4+p36L6Twg==",
|
|
16965
16978
|
"dev": true
|
|
16966
16979
|
},
|
|
16967
16980
|
"@eslint/object-schema": {
|
|
@@ -16980,19 +16993,27 @@
|
|
|
16980
16993
|
}
|
|
16981
16994
|
},
|
|
16982
16995
|
"@humanfs/core": {
|
|
16983
|
-
"version": "0.19.
|
|
16984
|
-
"resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.
|
|
16985
|
-
"integrity": "sha512-
|
|
16996
|
+
"version": "0.19.1",
|
|
16997
|
+
"resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz",
|
|
16998
|
+
"integrity": "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==",
|
|
16986
16999
|
"dev": true
|
|
16987
17000
|
},
|
|
16988
17001
|
"@humanfs/node": {
|
|
16989
|
-
"version": "0.16.
|
|
16990
|
-
"resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.
|
|
16991
|
-
"integrity": "sha512-
|
|
17002
|
+
"version": "0.16.6",
|
|
17003
|
+
"resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.6.tgz",
|
|
17004
|
+
"integrity": "sha512-YuI2ZHQL78Q5HbhDiBA1X4LmYdXCKCMQIfw0pw7piHJwyREFebJUvrQN4cMssyES6x+vfUbx1CIpaQUKYdQZOw==",
|
|
16992
17005
|
"dev": true,
|
|
16993
17006
|
"requires": {
|
|
16994
|
-
"@humanfs/core": "^0.19.
|
|
17007
|
+
"@humanfs/core": "^0.19.1",
|
|
16995
17008
|
"@humanwhocodes/retry": "^0.3.0"
|
|
17009
|
+
},
|
|
17010
|
+
"dependencies": {
|
|
17011
|
+
"@humanwhocodes/retry": {
|
|
17012
|
+
"version": "0.3.1",
|
|
17013
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.3.1.tgz",
|
|
17014
|
+
"integrity": "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA==",
|
|
17015
|
+
"dev": true
|
|
17016
|
+
}
|
|
16996
17017
|
}
|
|
16997
17018
|
},
|
|
16998
17019
|
"@humanwhocodes/module-importer": {
|
|
@@ -17002,9 +17023,9 @@
|
|
|
17002
17023
|
"dev": true
|
|
17003
17024
|
},
|
|
17004
17025
|
"@humanwhocodes/retry": {
|
|
17005
|
-
"version": "0.
|
|
17006
|
-
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.
|
|
17007
|
-
"integrity": "sha512-
|
|
17026
|
+
"version": "0.4.0",
|
|
17027
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.0.tgz",
|
|
17028
|
+
"integrity": "sha512-xnRgu9DxZbkWak/te3fcytNyp8MTbuiZIaueg2rgEvBuN55n04nwLYLU9TX/VVlusc9L2ZNXi99nUFNkHXtr5g==",
|
|
17008
17029
|
"dev": true
|
|
17009
17030
|
},
|
|
17010
17031
|
"@isaacs/cliui": {
|
|
@@ -18675,9 +18696,9 @@
|
|
|
18675
18696
|
"integrity": "sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ=="
|
|
18676
18697
|
},
|
|
18677
18698
|
"acorn": {
|
|
18678
|
-
"version": "8.
|
|
18679
|
-
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.
|
|
18680
|
-
"integrity": "sha512-
|
|
18699
|
+
"version": "8.14.0",
|
|
18700
|
+
"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
|
|
18701
|
+
"integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
|
|
18681
18702
|
"dev": true
|
|
18682
18703
|
},
|
|
18683
18704
|
"acorn-jsx": {
|
|
@@ -19759,21 +19780,21 @@
|
|
|
19759
19780
|
"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
|
|
19760
19781
|
},
|
|
19761
19782
|
"eslint": {
|
|
19762
|
-
"version": "9.
|
|
19763
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.
|
|
19764
|
-
"integrity": "sha512-
|
|
19783
|
+
"version": "9.14.0",
|
|
19784
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.14.0.tgz",
|
|
19785
|
+
"integrity": "sha512-c2FHsVBr87lnUtjP4Yhvk4yEhKrQavGafRA/Se1ouse8PfbfC/Qh9Mxa00yWsZRlqeUB9raXip0aiiUZkgnr9g==",
|
|
19765
19786
|
"dev": true,
|
|
19766
19787
|
"requires": {
|
|
19767
19788
|
"@eslint-community/eslint-utils": "^4.2.0",
|
|
19768
|
-
"@eslint-community/regexpp": "^4.
|
|
19789
|
+
"@eslint-community/regexpp": "^4.12.1",
|
|
19769
19790
|
"@eslint/config-array": "^0.18.0",
|
|
19770
19791
|
"@eslint/core": "^0.7.0",
|
|
19771
19792
|
"@eslint/eslintrc": "^3.1.0",
|
|
19772
|
-
"@eslint/js": "9.
|
|
19793
|
+
"@eslint/js": "9.14.0",
|
|
19773
19794
|
"@eslint/plugin-kit": "^0.2.0",
|
|
19774
|
-
"@humanfs/node": "^0.16.
|
|
19795
|
+
"@humanfs/node": "^0.16.6",
|
|
19775
19796
|
"@humanwhocodes/module-importer": "^1.0.1",
|
|
19776
|
-
"@humanwhocodes/retry": "^0.
|
|
19797
|
+
"@humanwhocodes/retry": "^0.4.0",
|
|
19777
19798
|
"@types/estree": "^1.0.6",
|
|
19778
19799
|
"@types/json-schema": "^7.0.15",
|
|
19779
19800
|
"ajv": "^6.12.4",
|
|
@@ -19781,9 +19802,9 @@
|
|
|
19781
19802
|
"cross-spawn": "^7.0.2",
|
|
19782
19803
|
"debug": "^4.3.2",
|
|
19783
19804
|
"escape-string-regexp": "^4.0.0",
|
|
19784
|
-
"eslint-scope": "^8.
|
|
19785
|
-
"eslint-visitor-keys": "^4.
|
|
19786
|
-
"espree": "^10.
|
|
19805
|
+
"eslint-scope": "^8.2.0",
|
|
19806
|
+
"eslint-visitor-keys": "^4.2.0",
|
|
19807
|
+
"espree": "^10.3.0",
|
|
19787
19808
|
"esquery": "^1.5.0",
|
|
19788
19809
|
"esutils": "^2.0.2",
|
|
19789
19810
|
"fast-deep-equal": "^3.1.3",
|
|
@@ -19851,9 +19872,9 @@
|
|
|
19851
19872
|
"dev": true
|
|
19852
19873
|
},
|
|
19853
19874
|
"eslint-visitor-keys": {
|
|
19854
|
-
"version": "4.
|
|
19855
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.
|
|
19856
|
-
"integrity": "sha512-
|
|
19875
|
+
"version": "4.2.0",
|
|
19876
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
|
|
19877
|
+
"integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
|
|
19857
19878
|
"dev": true
|
|
19858
19879
|
},
|
|
19859
19880
|
"find-up": {
|
|
@@ -19915,9 +19936,9 @@
|
|
|
19915
19936
|
"requires": {}
|
|
19916
19937
|
},
|
|
19917
19938
|
"eslint-scope": {
|
|
19918
|
-
"version": "8.
|
|
19919
|
-
"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.
|
|
19920
|
-
"integrity": "sha512-
|
|
19939
|
+
"version": "8.2.0",
|
|
19940
|
+
"resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.2.0.tgz",
|
|
19941
|
+
"integrity": "sha512-PHlWUfG6lvPc3yvP5A4PNyBL1W8fkDUccmI21JUu/+GKZBoH/W5u6usENXUrWFRsyoW5ACUjFGgAFQp5gUlb/A==",
|
|
19921
19942
|
"dev": true,
|
|
19922
19943
|
"requires": {
|
|
19923
19944
|
"esrecurse": "^4.3.0",
|
|
@@ -19931,20 +19952,20 @@
|
|
|
19931
19952
|
"dev": true
|
|
19932
19953
|
},
|
|
19933
19954
|
"espree": {
|
|
19934
|
-
"version": "10.
|
|
19935
|
-
"resolved": "https://registry.npmjs.org/espree/-/espree-10.
|
|
19936
|
-
"integrity": "sha512-
|
|
19955
|
+
"version": "10.3.0",
|
|
19956
|
+
"resolved": "https://registry.npmjs.org/espree/-/espree-10.3.0.tgz",
|
|
19957
|
+
"integrity": "sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==",
|
|
19937
19958
|
"dev": true,
|
|
19938
19959
|
"requires": {
|
|
19939
|
-
"acorn": "^8.
|
|
19960
|
+
"acorn": "^8.14.0",
|
|
19940
19961
|
"acorn-jsx": "^5.3.2",
|
|
19941
|
-
"eslint-visitor-keys": "^4.
|
|
19962
|
+
"eslint-visitor-keys": "^4.2.0"
|
|
19942
19963
|
},
|
|
19943
19964
|
"dependencies": {
|
|
19944
19965
|
"eslint-visitor-keys": {
|
|
19945
|
-
"version": "4.
|
|
19946
|
-
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.
|
|
19947
|
-
"integrity": "sha512-
|
|
19966
|
+
"version": "4.2.0",
|
|
19967
|
+
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
|
|
19968
|
+
"integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
|
|
19948
19969
|
"dev": true
|
|
19949
19970
|
}
|
|
19950
19971
|
}
|
data/helpers/package.json
CHANGED
|
@@ -182,71 +182,93 @@ module Dependabot
|
|
|
182
182
|
|
|
183
183
|
sig { returns(T.nilable(T.any(Integer, String))) }
|
|
184
184
|
def npm_version
|
|
185
|
-
@npm_version ||= T.let(
|
|
185
|
+
@npm_version ||= T.let(package_manager_helper.setup(NpmPackageManager::NAME), T.nilable(T.any(Integer, String)))
|
|
186
186
|
end
|
|
187
187
|
|
|
188
188
|
sig { returns(T.nilable(T.any(Integer, String))) }
|
|
189
189
|
def yarn_version
|
|
190
|
-
@yarn_version ||= T.let(
|
|
190
|
+
@yarn_version ||= T.let(
|
|
191
|
+
package_manager_helper.setup(YarnPackageManager::NAME),
|
|
192
|
+
T.nilable(T.any(Integer, String))
|
|
193
|
+
)
|
|
191
194
|
end
|
|
192
195
|
|
|
193
196
|
sig { returns(T.nilable(T.any(Integer, String))) }
|
|
194
197
|
def pnpm_version
|
|
195
|
-
@pnpm_version ||= T.let(
|
|
198
|
+
@pnpm_version ||= T.let(
|
|
199
|
+
package_manager_helper.setup(PNPMPackageManager::NAME),
|
|
200
|
+
T.nilable(T.any(Integer, String))
|
|
201
|
+
)
|
|
196
202
|
end
|
|
197
203
|
|
|
198
|
-
sig { returns(
|
|
199
|
-
def
|
|
200
|
-
@
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
+
sig { returns(PackageManagerHelper) }
|
|
205
|
+
def package_manager_helper
|
|
206
|
+
@package_manager_helper ||= T.let(
|
|
207
|
+
PackageManagerHelper.new(
|
|
208
|
+
parsed_package_json,
|
|
209
|
+
lockfiles: lockfiles
|
|
210
|
+
), T.nilable(PackageManagerHelper)
|
|
211
|
+
)
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
sig { returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
|
|
215
|
+
def lockfiles
|
|
216
|
+
{
|
|
217
|
+
npm: package_lock || shrinkwrap,
|
|
218
|
+
yarn: yarn_lock,
|
|
219
|
+
pnpm: pnpm_lock
|
|
220
|
+
}
|
|
204
221
|
end
|
|
205
222
|
|
|
206
223
|
sig { returns(DependencyFile) }
|
|
207
224
|
def package_json
|
|
208
|
-
@package_json ||= T.let(fetch_file_from_host(
|
|
225
|
+
@package_json ||= T.let(fetch_file_from_host(MANIFEST_FILENAME), T.nilable(DependencyFile))
|
|
209
226
|
end
|
|
210
227
|
|
|
211
228
|
sig { returns(T.nilable(DependencyFile)) }
|
|
212
229
|
def package_lock
|
|
213
230
|
return @package_lock if defined?(@package_lock)
|
|
214
231
|
|
|
215
|
-
@package_lock ||= T.let(fetch_file_if_present(
|
|
232
|
+
@package_lock ||= T.let(fetch_file_if_present(NpmPackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
|
|
216
233
|
end
|
|
217
234
|
|
|
218
235
|
sig { returns(T.nilable(DependencyFile)) }
|
|
219
236
|
def yarn_lock
|
|
220
237
|
return @yarn_lock if defined?(@yarn_lock)
|
|
221
238
|
|
|
222
|
-
@yarn_lock ||= T.let(fetch_file_if_present(
|
|
239
|
+
@yarn_lock ||= T.let(fetch_file_if_present(YarnPackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
|
|
223
240
|
end
|
|
224
241
|
|
|
225
242
|
sig { returns(T.nilable(DependencyFile)) }
|
|
226
243
|
def pnpm_lock
|
|
227
244
|
return @pnpm_lock if defined?(@pnpm_lock)
|
|
228
245
|
|
|
229
|
-
@pnpm_lock ||= T.let(fetch_file_if_present(
|
|
246
|
+
@pnpm_lock ||= T.let(fetch_file_if_present(PNPMPackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
|
|
230
247
|
end
|
|
231
248
|
|
|
232
249
|
sig { returns(T.nilable(DependencyFile)) }
|
|
233
250
|
def shrinkwrap
|
|
234
251
|
return @shrinkwrap if defined?(@shrinkwrap)
|
|
235
252
|
|
|
236
|
-
@shrinkwrap ||= T.let(
|
|
253
|
+
@shrinkwrap ||= T.let(
|
|
254
|
+
fetch_file_if_present(
|
|
255
|
+
NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME
|
|
256
|
+
),
|
|
257
|
+
T.nilable(DependencyFile)
|
|
258
|
+
)
|
|
237
259
|
end
|
|
238
260
|
|
|
239
261
|
sig { returns(T.nilable(DependencyFile)) }
|
|
240
262
|
def npmrc
|
|
241
263
|
return @npmrc if defined?(@npmrc)
|
|
242
264
|
|
|
243
|
-
@npmrc ||= T.let(fetch_support_file(
|
|
265
|
+
@npmrc ||= T.let(fetch_support_file(NpmPackageManager::RC_FILENAME), T.nilable(DependencyFile))
|
|
244
266
|
|
|
245
267
|
return @npmrc if @npmrc || directory == "/"
|
|
246
268
|
|
|
247
269
|
# Loop through parent directories looking for an npmrc
|
|
248
270
|
(1..directory.split("/").count).each do |i|
|
|
249
|
-
@npmrc = fetch_file_from_host(("../" * i) +
|
|
271
|
+
@npmrc = fetch_file_from_host(("../" * i) + NpmPackageManager::RC_FILENAME)
|
|
250
272
|
.tap { |f| f.support_file = true }
|
|
251
273
|
break if @npmrc
|
|
252
274
|
rescue Dependabot::DependencyFileNotFound
|
|
@@ -261,13 +283,13 @@ module Dependabot
|
|
|
261
283
|
def yarnrc
|
|
262
284
|
return @yarnrc if defined?(@yarnrc)
|
|
263
285
|
|
|
264
|
-
@yarnrc ||= T.let(fetch_support_file(
|
|
286
|
+
@yarnrc ||= T.let(fetch_support_file(YarnPackageManager::RC_FILENAME), T.nilable(DependencyFile))
|
|
265
287
|
|
|
266
288
|
return @yarnrc if @yarnrc || directory == "/"
|
|
267
289
|
|
|
268
290
|
# Loop through parent directories looking for an yarnrc
|
|
269
291
|
(1..directory.split("/").count).each do |i|
|
|
270
|
-
@yarnrc = fetch_file_from_host(("../" * i) +
|
|
292
|
+
@yarnrc = fetch_file_from_host(("../" * i) + YarnPackageManager::RC_FILENAME)
|
|
271
293
|
.tap { |f| f.support_file = true }
|
|
272
294
|
break if @yarnrc
|
|
273
295
|
rescue Dependabot::DependencyFileNotFound
|
|
@@ -280,21 +302,24 @@ module Dependabot
|
|
|
280
302
|
|
|
281
303
|
sig { returns(T.nilable(DependencyFile)) }
|
|
282
304
|
def yarnrc_yml
|
|
283
|
-
@yarnrc_yml ||= T.let(fetch_support_file(
|
|
305
|
+
@yarnrc_yml ||= T.let(fetch_support_file(YarnPackageManager::RC_YML_FILENAME), T.nilable(DependencyFile))
|
|
284
306
|
end
|
|
285
307
|
|
|
286
308
|
sig { returns(T.nilable(DependencyFile)) }
|
|
287
309
|
def pnpm_workspace_yaml
|
|
288
310
|
return @pnpm_workspace_yaml if defined?(@pnpm_workspace_yaml)
|
|
289
311
|
|
|
290
|
-
@pnpm_workspace_yaml = T.let(
|
|
312
|
+
@pnpm_workspace_yaml = T.let(
|
|
313
|
+
fetch_support_file(PNPMPackageManager::PNPM_WS_YML_FILENAME),
|
|
314
|
+
T.nilable(DependencyFile)
|
|
315
|
+
)
|
|
291
316
|
end
|
|
292
317
|
|
|
293
318
|
sig { returns(T.nilable(DependencyFile)) }
|
|
294
319
|
def lerna_json
|
|
295
320
|
return @lerna_json if defined?(@lerna_json)
|
|
296
321
|
|
|
297
|
-
@lerna_json = T.let(fetch_support_file(
|
|
322
|
+
@lerna_json = T.let(fetch_support_file(LERNA_JSON_FILENAME), T.nilable(DependencyFile))
|
|
298
323
|
end
|
|
299
324
|
|
|
300
325
|
sig { returns(T::Array[DependencyFile]) }
|
|
@@ -329,7 +354,7 @@ module Dependabot
|
|
|
329
354
|
filename = path
|
|
330
355
|
# NPM/Yarn support loading path dependencies from tarballs:
|
|
331
356
|
# https://docs.npmjs.com/cli/pack.html
|
|
332
|
-
filename = File.join(filename,
|
|
357
|
+
filename = File.join(filename, MANIFEST_FILENAME) unless filename.end_with?(".tgz", ".tar", ".tar.gz")
|
|
333
358
|
cleaned_name = Pathname.new(filename).cleanpath.to_path
|
|
334
359
|
next if fetched_files.map(&:name).include?(cleaned_name)
|
|
335
360
|
|
|
@@ -380,7 +405,7 @@ module Dependabot
|
|
|
380
405
|
# rubocop:disable Metrics/AbcSize
|
|
381
406
|
sig { params(file: DependencyFile).returns(T::Array[[String, String]]) }
|
|
382
407
|
def path_dependency_details_from_manifest(file)
|
|
383
|
-
return [] unless file.name.end_with?(
|
|
408
|
+
return [] unless file.name.end_with?(MANIFEST_FILENAME)
|
|
384
409
|
|
|
385
410
|
current_dir = file.name.rpartition("/").first
|
|
386
411
|
current_dir = nil if current_dir == ""
|
|
@@ -471,9 +496,9 @@ module Dependabot
|
|
|
471
496
|
return [] unless package_json
|
|
472
497
|
|
|
473
498
|
[package_json] + [
|
|
474
|
-
fetch_file_if_present(File.join(path,
|
|
475
|
-
fetch_file_if_present(File.join(path,
|
|
476
|
-
fetch_file_if_present(File.join(path,
|
|
499
|
+
fetch_file_if_present(File.join(path, NpmPackageManager::LOCKFILE_NAME)),
|
|
500
|
+
fetch_file_if_present(File.join(path, YarnPackageManager::LOCKFILE_NAME)),
|
|
501
|
+
fetch_file_if_present(File.join(path, NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME))
|
|
477
502
|
]
|
|
478
503
|
end
|
|
479
504
|
|
|
@@ -542,7 +567,7 @@ module Dependabot
|
|
|
542
567
|
|
|
543
568
|
sig { params(workspace: String).returns(T.nilable(DependencyFile)) }
|
|
544
569
|
def fetch_package_json_if_present(workspace)
|
|
545
|
-
file = File.join(workspace,
|
|
570
|
+
file = File.join(workspace, MANIFEST_FILENAME)
|
|
546
571
|
|
|
547
572
|
begin
|
|
548
573
|
fetch_file_from_host(file)
|
|
@@ -635,4 +660,4 @@ module Dependabot
|
|
|
635
660
|
end
|
|
636
661
|
|
|
637
662
|
Dependabot::FileFetchers
|
|
638
|
-
.register(
|
|
663
|
+
.register(Dependabot::NpmAndYarn::ECOSYSTEM, Dependabot::NpmAndYarn::FileFetcher)
|
|
@@ -19,7 +19,7 @@ require "sorbet-runtime"
|
|
|
19
19
|
|
|
20
20
|
module Dependabot
|
|
21
21
|
module NpmAndYarn
|
|
22
|
-
class FileParser < Dependabot::FileParsers::Base
|
|
22
|
+
class FileParser < Dependabot::FileParsers::Base # rubocop:disable Metrics/ClassLength
|
|
23
23
|
extend T::Sig
|
|
24
24
|
|
|
25
25
|
require "dependabot/file_parsers/base/dependency_set"
|
|
@@ -78,8 +78,82 @@ module Dependabot
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
sig { returns(Ecosystem) }
|
|
82
|
+
def ecosystem
|
|
83
|
+
@ecosystem ||= T.let(
|
|
84
|
+
Ecosystem.new(
|
|
85
|
+
name: ECOSYSTEM,
|
|
86
|
+
package_manager: package_manager_helper.package_manager
|
|
87
|
+
),
|
|
88
|
+
T.nilable(Ecosystem)
|
|
89
|
+
)
|
|
90
|
+
end
|
|
91
|
+
|
|
81
92
|
private
|
|
82
93
|
|
|
94
|
+
sig { returns(PackageManagerHelper) }
|
|
95
|
+
def package_manager_helper
|
|
96
|
+
@package_manager_helper ||= T.let(
|
|
97
|
+
PackageManagerHelper.new(
|
|
98
|
+
parsed_package_json,
|
|
99
|
+
lockfiles: lockfiles
|
|
100
|
+
), T.nilable(PackageManagerHelper)
|
|
101
|
+
)
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
sig { returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
|
|
105
|
+
def lockfiles
|
|
106
|
+
{
|
|
107
|
+
npm: package_lock || shrinkwrap,
|
|
108
|
+
yarn: yarn_lock,
|
|
109
|
+
pnpm: pnpm_lock
|
|
110
|
+
}
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
sig { returns(T.untyped) }
|
|
114
|
+
def parsed_package_json
|
|
115
|
+
JSON.parse(T.must(package_json.content))
|
|
116
|
+
rescue JSON::ParserError
|
|
117
|
+
raise Dependabot::DependencyFileNotParseable, package_json.path
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
121
|
+
def package_json
|
|
122
|
+
# Declare the instance variable with T.let and the correct type
|
|
123
|
+
@package_json ||= T.let(
|
|
124
|
+
T.must(dependency_files.find { |f| f.name == MANIFEST_FILENAME }),
|
|
125
|
+
T.nilable(Dependabot::DependencyFile)
|
|
126
|
+
)
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
130
|
+
def shrinkwrap
|
|
131
|
+
@shrinkwrap ||= T.let(dependency_files.find do |f|
|
|
132
|
+
f.name == NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME
|
|
133
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
137
|
+
def package_lock
|
|
138
|
+
@package_lock ||= T.let(dependency_files.find do |f|
|
|
139
|
+
f.name == NpmPackageManager::LOCKFILE_NAME
|
|
140
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
144
|
+
def yarn_lock
|
|
145
|
+
@yarn_lock ||= T.let(dependency_files.find do |f|
|
|
146
|
+
f.name == YarnPackageManager::LOCKFILE_NAME
|
|
147
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
151
|
+
def pnpm_lock
|
|
152
|
+
@pnpm_lock ||= T.let(dependency_files.find do |f|
|
|
153
|
+
f.name == PNPMPackageManager::LOCKFILE_NAME
|
|
154
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
155
|
+
end
|
|
156
|
+
|
|
83
157
|
sig { returns(Dependabot::FileParsers::Base::DependencySet) }
|
|
84
158
|
def manifest_dependencies
|
|
85
159
|
dependency_set = DependencySet.new
|
|
@@ -154,7 +228,7 @@ module Dependabot
|
|
|
154
228
|
Dependency.new(
|
|
155
229
|
name: name,
|
|
156
230
|
version: converted_version,
|
|
157
|
-
package_manager:
|
|
231
|
+
package_manager: ECOSYSTEM,
|
|
158
232
|
requirements: [{
|
|
159
233
|
requirement: requirement_for(requirement),
|
|
160
234
|
file: file.name,
|
|
@@ -166,7 +240,10 @@ module Dependabot
|
|
|
166
240
|
|
|
167
241
|
sig { override.void }
|
|
168
242
|
def check_required_files
|
|
169
|
-
|
|
243
|
+
return if get_original_file(MANIFEST_FILENAME)
|
|
244
|
+
|
|
245
|
+
raise DependencyFileNotFound.new(nil,
|
|
246
|
+
"#{MANIFEST_FILENAME} not found.")
|
|
170
247
|
end
|
|
171
248
|
|
|
172
249
|
sig { params(requirement: String).returns(T::Boolean) }
|
|
@@ -186,7 +263,7 @@ module Dependabot
|
|
|
186
263
|
|
|
187
264
|
sig { params(requirement: String).returns(T::Boolean) }
|
|
188
265
|
def alias_package?(requirement)
|
|
189
|
-
requirement.start_with?("
|
|
266
|
+
requirement.start_with?("#{NpmPackageManager::NAME}:")
|
|
190
267
|
end
|
|
191
268
|
|
|
192
269
|
sig { params(requirement: String).returns(T::Boolean) }
|
|
@@ -208,7 +285,7 @@ module Dependabot
|
|
|
208
285
|
|
|
209
286
|
sig { params(name: String).returns(T::Boolean) }
|
|
210
287
|
def aliased_package_name?(name)
|
|
211
|
-
name.include?("
|
|
288
|
+
name.include?("@#{NpmPackageManager::NAME}:")
|
|
212
289
|
end
|
|
213
290
|
|
|
214
291
|
sig { returns(T::Array[String]) }
|
|
@@ -370,8 +447,8 @@ module Dependabot
|
|
|
370
447
|
def sub_package_files
|
|
371
448
|
return T.must(@sub_package_files) if defined?(@sub_package_files)
|
|
372
449
|
|
|
373
|
-
files = dependency_files.select { |f| f.name.end_with?(
|
|
374
|
-
.reject { |f| f.name ==
|
|
450
|
+
files = dependency_files.select { |f| f.name.end_with?(MANIFEST_FILENAME) }
|
|
451
|
+
.reject { |f| f.name == MANIFEST_FILENAME }
|
|
375
452
|
.reject { |f| f.name.include?("node_modules/") }
|
|
376
453
|
@sub_package_files ||= T.let(files, T.nilable(T::Array[Dependabot::DependencyFile]))
|
|
377
454
|
end
|
|
@@ -380,7 +457,7 @@ module Dependabot
|
|
|
380
457
|
def package_files
|
|
381
458
|
@package_files ||= T.let(
|
|
382
459
|
[
|
|
383
|
-
dependency_files.find { |f| f.name ==
|
|
460
|
+
dependency_files.find { |f| f.name == MANIFEST_FILENAME },
|
|
384
461
|
*sub_package_files
|
|
385
462
|
].compact, T.nilable(T::Array[DependencyFile])
|
|
386
463
|
)
|
|
@@ -37,7 +37,7 @@ module Dependabot
|
|
|
37
37
|
# Determines the npm version depends to the feature flag
|
|
38
38
|
# If the feature flag is enabled, we are going to use the minimum version npm 8
|
|
39
39
|
# Otherwise, we are going to use old versionining npm 6
|
|
40
|
-
sig { params(lockfile: DependencyFile).returns(Integer) }
|
|
40
|
+
sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) }
|
|
41
41
|
def self.npm_version_numeric(lockfile)
|
|
42
42
|
fallback_version_npm8 = Dependabot::Experiments.enabled?(:npm_fallback_version_above_v6)
|
|
43
43
|
|
|
@@ -46,10 +46,15 @@ module Dependabot
|
|
|
46
46
|
npm_version_numeric_npm6_or_higher(lockfile)
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
sig { params(lockfile: DependencyFile).returns(Integer) }
|
|
49
|
+
sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) }
|
|
50
50
|
def self.npm_version_numeric_npm6_or_higher(lockfile)
|
|
51
|
-
lockfile_content =
|
|
52
|
-
|
|
51
|
+
lockfile_content = lockfile&.content
|
|
52
|
+
|
|
53
|
+
if lockfile_content.nil? ||
|
|
54
|
+
lockfile_content.strip.empty? ||
|
|
55
|
+
JSON.parse(lockfile_content)["lockfileVersion"].to_i >= 2
|
|
56
|
+
return NPM_V8
|
|
57
|
+
end
|
|
53
58
|
|
|
54
59
|
NPM_V6
|
|
55
60
|
rescue JSON::ParserError
|
|
@@ -60,9 +65,9 @@ module Dependabot
|
|
|
60
65
|
# - NPM 7 uses lockfileVersion 2
|
|
61
66
|
# - NPM 8 uses lockfileVersion 2
|
|
62
67
|
# - NPM 9 uses lockfileVersion 3
|
|
63
|
-
sig { params(lockfile: DependencyFile).returns(Integer) }
|
|
68
|
+
sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) }
|
|
64
69
|
def self.npm_version_numeric_npm8_or_higher(lockfile)
|
|
65
|
-
lockfile_content = lockfile
|
|
70
|
+
lockfile_content = lockfile&.content
|
|
66
71
|
|
|
67
72
|
# Return default NPM version if there's no lockfile or it's empty
|
|
68
73
|
return NPM_DEFAULT_VERSION if lockfile_content.nil? || lockfile_content.strip.empty?
|
|
@@ -85,8 +90,12 @@ module Dependabot
|
|
|
85
90
|
NPM_DEFAULT_VERSION # Fallback to default npm version if parsing fails
|
|
86
91
|
end
|
|
87
92
|
|
|
88
|
-
sig { params(yarn_lock: DependencyFile).returns(Integer) }
|
|
93
|
+
sig { params(yarn_lock: T.nilable(DependencyFile)).returns(Integer) }
|
|
89
94
|
def self.yarn_version_numeric(yarn_lock)
|
|
95
|
+
lockfile_content = yarn_lock&.content
|
|
96
|
+
|
|
97
|
+
return YARN_DEFAULT_VERSION if lockfile_content.nil? || lockfile_content.strip.empty?
|
|
98
|
+
|
|
90
99
|
if yarn_berry?(yarn_lock)
|
|
91
100
|
YARN_DEFAULT_VERSION
|
|
92
101
|
else
|
|
@@ -97,8 +106,12 @@ module Dependabot
|
|
|
97
106
|
# Mapping from lockfile versions to PNPM versions is at
|
|
98
107
|
# https://github.com/pnpm/spec/tree/274ff02de23376ad59773a9f25ecfedd03a41f64/lockfile, but simplify it for now.
|
|
99
108
|
|
|
100
|
-
sig { params(pnpm_lock: DependencyFile).returns(Integer) }
|
|
109
|
+
sig { params(pnpm_lock: T.nilable(DependencyFile)).returns(Integer) }
|
|
101
110
|
def self.pnpm_version_numeric(pnpm_lock)
|
|
111
|
+
lockfile_content = pnpm_lock&.content
|
|
112
|
+
|
|
113
|
+
return PNPM_DEFAULT_VERSION if lockfile_content.nil? || lockfile_content.strip.empty?
|
|
114
|
+
|
|
102
115
|
pnpm_lockfile_version = pnpm_lockfile_version(pnpm_lock).to_f
|
|
103
116
|
return PNPM_V9 if pnpm_lockfile_version >= 9.0
|
|
104
117
|
return PNPM_V8 if pnpm_lockfile_version >= 6.0
|
|
@@ -117,7 +130,7 @@ module Dependabot
|
|
|
117
130
|
|
|
118
131
|
sig { params(package_lock: T.nilable(DependencyFile)).returns(T::Boolean) }
|
|
119
132
|
def self.npm8?(package_lock)
|
|
120
|
-
return true unless package_lock
|
|
133
|
+
return true unless package_lock&.content
|
|
121
134
|
|
|
122
135
|
npm_version_numeric(package_lock) == NPM_V8
|
|
123
136
|
end
|
|
@@ -2,18 +2,225 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/shared_helpers"
|
|
5
|
+
require "dependabot/ecosystem"
|
|
5
6
|
require "dependabot/npm_and_yarn/version_selector"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module NpmAndYarn
|
|
9
|
-
|
|
10
|
+
ECOSYSTEM = "npm_and_yarn"
|
|
11
|
+
MANIFEST_FILENAME = "package.json"
|
|
12
|
+
LERNA_JSON_FILENAME = "lerna.json"
|
|
13
|
+
|
|
14
|
+
MANIFEST_PACKAGE_MANAGER_KEY = "packageManager"
|
|
15
|
+
MANIFEST_ENGINES_KEY = "engines"
|
|
16
|
+
|
|
17
|
+
class NpmPackageManager < Ecosystem::VersionManager
|
|
18
|
+
extend T::Sig
|
|
19
|
+
NAME = "npm"
|
|
20
|
+
RC_FILENAME = ".npmrc"
|
|
21
|
+
LOCKFILE_NAME = "package-lock.json"
|
|
22
|
+
SHRINKWRAP_LOCKFILE_NAME = "npm-shrinkwrap.json"
|
|
23
|
+
|
|
24
|
+
NPM_V6 = "6"
|
|
25
|
+
NPM_V7 = "7"
|
|
26
|
+
NPM_V8 = "8"
|
|
27
|
+
NPM_V9 = "9"
|
|
28
|
+
|
|
29
|
+
# Keep versions in ascending order
|
|
30
|
+
SUPPORTED_VERSIONS = T.let([
|
|
31
|
+
Version.new(NPM_V6),
|
|
32
|
+
Version.new(NPM_V7),
|
|
33
|
+
Version.new(NPM_V8),
|
|
34
|
+
Version.new(NPM_V9)
|
|
35
|
+
].freeze, T::Array[Dependabot::Version])
|
|
36
|
+
|
|
37
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
38
|
+
|
|
39
|
+
sig { params(raw_version: String).void }
|
|
40
|
+
def initialize(raw_version)
|
|
41
|
+
super(
|
|
42
|
+
NAME,
|
|
43
|
+
Version.new(raw_version),
|
|
44
|
+
DEPRECATED_VERSIONS,
|
|
45
|
+
SUPPORTED_VERSIONS
|
|
46
|
+
)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
sig { override.returns(T::Boolean) }
|
|
50
|
+
def deprecated?
|
|
51
|
+
false
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
sig { override.returns(T::Boolean) }
|
|
55
|
+
def unsupported?
|
|
56
|
+
false
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
class YarnPackageManager < Ecosystem::VersionManager
|
|
61
|
+
extend T::Sig
|
|
62
|
+
NAME = "yarn"
|
|
63
|
+
RC_FILENAME = ".yarnrc"
|
|
64
|
+
RC_YML_FILENAME = ".yarnrc.yml"
|
|
65
|
+
LOCKFILE_NAME = "yarn.lock"
|
|
66
|
+
|
|
67
|
+
YARN_V1 = "1"
|
|
68
|
+
YARN_V2 = "2"
|
|
69
|
+
YARN_V3 = "3"
|
|
70
|
+
|
|
71
|
+
SUPPORTED_VERSIONS = T.let([
|
|
72
|
+
Version.new(YARN_V1),
|
|
73
|
+
Version.new(YARN_V2),
|
|
74
|
+
Version.new(YARN_V3)
|
|
75
|
+
].freeze, T::Array[Dependabot::Version])
|
|
76
|
+
|
|
77
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
78
|
+
|
|
79
|
+
sig { params(raw_version: String).void }
|
|
80
|
+
def initialize(raw_version)
|
|
81
|
+
super(
|
|
82
|
+
NAME,
|
|
83
|
+
Version.new(raw_version),
|
|
84
|
+
DEPRECATED_VERSIONS,
|
|
85
|
+
SUPPORTED_VERSIONS
|
|
86
|
+
)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
sig { override.returns(T::Boolean) }
|
|
90
|
+
def deprecated?
|
|
91
|
+
false
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
sig { override.returns(T::Boolean) }
|
|
95
|
+
def unsupported?
|
|
96
|
+
false
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
class PNPMPackageManager < Ecosystem::VersionManager
|
|
101
|
+
extend T::Sig
|
|
102
|
+
NAME = "pnpm"
|
|
103
|
+
LOCKFILE_NAME = "pnpm-lock.yaml"
|
|
104
|
+
PNPM_WS_YML_FILENAME = "pnpm-workspace.yaml"
|
|
105
|
+
|
|
106
|
+
PNPM_V7 = "7"
|
|
107
|
+
PNPM_V8 = "8"
|
|
108
|
+
PNPM_V9 = "9"
|
|
109
|
+
|
|
110
|
+
SUPPORTED_VERSIONS = T.let([
|
|
111
|
+
Version.new(PNPM_V7),
|
|
112
|
+
Version.new(PNPM_V8),
|
|
113
|
+
Version.new(PNPM_V9)
|
|
114
|
+
].freeze, T::Array[Dependabot::Version])
|
|
115
|
+
|
|
116
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
117
|
+
|
|
118
|
+
sig { params(raw_version: String).void }
|
|
119
|
+
def initialize(raw_version)
|
|
120
|
+
super(
|
|
121
|
+
NAME,
|
|
122
|
+
Version.new(raw_version),
|
|
123
|
+
DEPRECATED_VERSIONS,
|
|
124
|
+
SUPPORTED_VERSIONS
|
|
125
|
+
)
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
sig { override.returns(T::Boolean) }
|
|
129
|
+
def deprecated?
|
|
130
|
+
false
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
sig { override.returns(T::Boolean) }
|
|
134
|
+
def unsupported?
|
|
135
|
+
false
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
DEFAULT_PACKAGE_MANAGER = NpmPackageManager::NAME
|
|
140
|
+
|
|
141
|
+
PACKAGE_MANAGER_CLASSES = {
|
|
142
|
+
NpmPackageManager::NAME => NpmPackageManager,
|
|
143
|
+
YarnPackageManager::NAME => YarnPackageManager,
|
|
144
|
+
PNPMPackageManager::NAME => PNPMPackageManager
|
|
145
|
+
}.freeze
|
|
146
|
+
|
|
147
|
+
class PackageManagerDetector
|
|
148
|
+
extend T::Sig
|
|
149
|
+
extend T::Helpers
|
|
150
|
+
|
|
151
|
+
sig do
|
|
152
|
+
params(
|
|
153
|
+
lockfiles: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)],
|
|
154
|
+
package_json: T::Hash[String, T.untyped]
|
|
155
|
+
).void
|
|
156
|
+
end
|
|
157
|
+
def initialize(lockfiles, package_json)
|
|
158
|
+
@lockfiles = lockfiles
|
|
159
|
+
@package_json = package_json
|
|
160
|
+
@manifest_package_manager = package_json["packageManager"]
|
|
161
|
+
@engines = package_json.fetch(MANIFEST_ENGINES_KEY, nil)
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
# Returns npm, yarn, or pnpm based on the lockfiles, package.json, and engines
|
|
165
|
+
# Defaults to npm if no package manager is detected
|
|
166
|
+
sig { returns(String) }
|
|
167
|
+
def detect_package_manager
|
|
168
|
+
name_from_lockfiles || name_from_package_manager_attr || name_from_engines || DEFAULT_PACKAGE_MANAGER
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
private
|
|
172
|
+
|
|
173
|
+
sig { returns(T.nilable(String)) }
|
|
174
|
+
def name_from_lockfiles
|
|
175
|
+
PACKAGE_MANAGER_CLASSES.each_key do |manager_name| # iterates keys in order as defined in the hash
|
|
176
|
+
return manager_name.to_s if @lockfiles[manager_name.to_sym]
|
|
177
|
+
end
|
|
178
|
+
nil
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
sig { returns(T.nilable(String)) }
|
|
182
|
+
def name_from_package_manager_attr
|
|
183
|
+
return unless @manifest_package_manager
|
|
184
|
+
|
|
185
|
+
PACKAGE_MANAGER_CLASSES.each_key do |manager_name| # iterates keys in order as defined in the hash
|
|
186
|
+
return manager_name.to_s if @manifest_package_manager.start_with?("#{manager_name}@")
|
|
187
|
+
end
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
sig { returns(T.nilable(String)) }
|
|
191
|
+
def name_from_engines
|
|
192
|
+
return unless @engines.is_a?(Hash)
|
|
193
|
+
|
|
194
|
+
PACKAGE_MANAGER_CLASSES.each_key do |manager_name|
|
|
195
|
+
return manager_name if @engines[manager_name]
|
|
196
|
+
end
|
|
197
|
+
nil
|
|
198
|
+
end
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
class PackageManagerHelper
|
|
10
202
|
extend T::Sig
|
|
11
203
|
extend T::Helpers
|
|
204
|
+
|
|
205
|
+
sig do
|
|
206
|
+
params(
|
|
207
|
+
package_json: T::Hash[String, T.untyped],
|
|
208
|
+
lockfiles: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]
|
|
209
|
+
).void
|
|
210
|
+
end
|
|
12
211
|
def initialize(package_json, lockfiles:)
|
|
13
212
|
@package_json = package_json
|
|
14
213
|
@lockfiles = lockfiles
|
|
15
|
-
@
|
|
16
|
-
@engines = package_json.fetch(
|
|
214
|
+
@manifest_package_manager = package_json[MANIFEST_PACKAGE_MANAGER_KEY]
|
|
215
|
+
@engines = package_json.fetch(MANIFEST_ENGINES_KEY, nil)
|
|
216
|
+
@package_manager_detector = PackageManagerDetector.new(@lockfiles, @package_json)
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
sig { returns(Ecosystem::VersionManager) }
|
|
220
|
+
def package_manager
|
|
221
|
+
package_manager_by_name(
|
|
222
|
+
@package_manager_detector.detect_package_manager
|
|
223
|
+
)
|
|
17
224
|
end
|
|
18
225
|
|
|
19
226
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
@@ -23,24 +230,29 @@ module Dependabot
|
|
|
23
230
|
# i.e. if { engines : "pnpm" : "6" } and { packageManager: "pnpm@6.0.2" },
|
|
24
231
|
# we go for the specificity mentioned in packageManager (6.0.2)
|
|
25
232
|
|
|
26
|
-
unless @
|
|
233
|
+
unless @manifest_package_manager&.start_with?("#{name}@") ||
|
|
234
|
+
(@manifest_package_manager&.==name.to_s) ||
|
|
235
|
+
@manifest_package_manager.nil?
|
|
27
236
|
return
|
|
28
237
|
end
|
|
29
238
|
|
|
30
|
-
if @engines && @
|
|
239
|
+
if @engines && @manifest_package_manager.nil?
|
|
31
240
|
# if "packageManager" doesn't exists in manifest file,
|
|
32
241
|
# we check if we can extract "engines" information
|
|
33
242
|
version = check_engine_version(name)
|
|
34
243
|
|
|
35
|
-
elsif @
|
|
244
|
+
elsif @manifest_package_manager&.==name.to_s
|
|
36
245
|
# if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
|
|
37
246
|
# we check if we can get "engines" info to override default version
|
|
38
247
|
version = check_engine_version(name) if @engines
|
|
39
248
|
|
|
40
|
-
elsif @
|
|
249
|
+
elsif @manifest_package_manager&.start_with?("#{name}@")
|
|
41
250
|
# if "packageManager" info has version specification i.e. yarn@3.3.1
|
|
42
251
|
# we go with the version in "packageManager"
|
|
43
|
-
Dependabot.logger.info(
|
|
252
|
+
Dependabot.logger.info(
|
|
253
|
+
"Found \"#{MANIFEST_PACKAGE_MANAGER_KEY}\" : \"#{@manifest_package_manager}\". " \
|
|
254
|
+
"Skipped checking \"#{MANIFEST_ENGINES_KEY}\"."
|
|
255
|
+
)
|
|
44
256
|
end
|
|
45
257
|
|
|
46
258
|
version ||= requested_version(name)
|
|
@@ -55,7 +267,7 @@ module Dependabot
|
|
|
55
267
|
if version
|
|
56
268
|
raise_if_unsupported!(name, version.to_s)
|
|
57
269
|
|
|
58
|
-
install(name, version) if name ==
|
|
270
|
+
install(name, version) if name == PNPMPackageManager::NAME
|
|
59
271
|
end
|
|
60
272
|
end
|
|
61
273
|
|
|
@@ -66,11 +278,22 @@ module Dependabot
|
|
|
66
278
|
|
|
67
279
|
private
|
|
68
280
|
|
|
281
|
+
sig { params(name: String).returns(Ecosystem::VersionManager) }
|
|
282
|
+
def package_manager_by_name(name)
|
|
283
|
+
package_manager_class = PACKAGE_MANAGER_CLASSES[name]
|
|
284
|
+
|
|
285
|
+
package_manager_class ||= PACKAGE_MANAGER_CLASSES[DEFAULT_PACKAGE_MANAGER]
|
|
286
|
+
|
|
287
|
+
version = Helpers.send(:"#{name}_version_numeric", @lockfiles[name.to_sym])
|
|
288
|
+
|
|
289
|
+
package_manager_class.new(version.to_s)
|
|
290
|
+
end
|
|
291
|
+
|
|
69
292
|
def raise_if_unsupported!(name, version)
|
|
70
|
-
return unless name ==
|
|
293
|
+
return unless name == PNPMPackageManager::NAME
|
|
71
294
|
return unless Version.new(version) < Version.new("7")
|
|
72
295
|
|
|
73
|
-
raise ToolVersionNotSupported.new(
|
|
296
|
+
raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*")
|
|
74
297
|
end
|
|
75
298
|
|
|
76
299
|
def install(name, version)
|
|
@@ -83,9 +306,9 @@ module Dependabot
|
|
|
83
306
|
end
|
|
84
307
|
|
|
85
308
|
def requested_version(name)
|
|
86
|
-
return unless @
|
|
309
|
+
return unless @manifest_package_manager
|
|
87
310
|
|
|
88
|
-
match = @
|
|
311
|
+
match = @manifest_package_manager.match(/^#{name}@(?<version>\d+.\d+.\d+)/)
|
|
89
312
|
return unless match
|
|
90
313
|
|
|
91
314
|
Dependabot.logger.info("Requested version #{match['version']}")
|
|
@@ -111,7 +334,7 @@ module Dependabot
|
|
|
111
334
|
return if engine_versions.empty?
|
|
112
335
|
|
|
113
336
|
version = engine_versions[name]
|
|
114
|
-
Dependabot.logger.info("Returned (
|
|
337
|
+
Dependabot.logger.info("Returned (#{MANIFEST_ENGINES_KEY}) info \"#{name}\" : \"#{version}\"")
|
|
115
338
|
version
|
|
116
339
|
end
|
|
117
340
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.285.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.285.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.285.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,7 +346,7 @@ licenses:
|
|
|
346
346
|
- MIT
|
|
347
347
|
metadata:
|
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.285.0
|
|
350
350
|
post_install_message:
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|