RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.297.0 → 0.297.2 - Mend

dependabot-npm_and_yarn 0.297.0 → 0.297.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb +0 -31
data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb +4 -11
data/lib/dependabot/npm_and_yarn/file_updater.rb +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db692ebc45a4eb2613ef8b07ea99296182eaa0dccefb00cb63f58dc04cea8583
-  data.tar.gz: 5f1eed80cd80760f98764264e3e1b28f6268c17455e7c362a00d5ab881d8840f
+  metadata.gz: 2307a97eb41a67224a30ed8eae6fae297da6e8e6a0e539e6921fced9ff3e0cba
+  data.tar.gz: 63e3a04e1369f918bc6102ba34630f05008c9e0ba42ad790b7a7f330e3a43ca7
 SHA512:
-  metadata.gz: dfdf08ab0edc80277c21fd5836a53cf0c49468f8222bd615c41f3eb04ab5930df2f8ce0e5af2f8abee714dd5adfe3fba7efd636afa5918d4caf20d9ef248708e
-  data.tar.gz: a918c8ab92b805ff7e89a7b6bd674ddf693ba655bf3540a472b62c7162eacd16995d644d69c87e4e10006bbc2359fe93140670a64942e9374240962e4ff65aae
+  metadata.gz: f6ec9590ca30562db1384bca1656edba5f32b21c477a5f92470a10bce8fee8e95d1d4e31bea26c205ff0df63ea6d13c23a4e00aa9c56646990941614f999ffc0
+  data.tar.gz: 895ca647a7cc9d4f5d7a2c9f7378a0db9bc60666bd484662453f441144ee81c2c4c5424192f3ece40e80e7d263e8b14343928dd5fca5dafa79632ed0f1269dc3

data/lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb CHANGED Viewed

@@ -26,37 +26,6 @@ module Dependabot
         end
         def dependencies
-          if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error)
-            return dependencies_with_prioritization
-          end
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-          parsed.each do |details|
-            next if details["aliased"]
-            name = details["name"]
-            version = details["version"]
-            dependency_args = {
-              name: name,
-              version: version,
-              package_manager: "npm_and_yarn",
-              requirements: []
-            }
-            if details["dev"]
-              dependency_args[:subdependency_metadata] =
-                [{ production: !details["dev"] }]
-            end
-            dependency_set << Dependency.new(**dependency_args)
-          end
-          dependency_set
-        end
-        def dependencies_with_prioritization
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
           # Separate dependencies into two categories: with specifiers and without specifiers.

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb CHANGED Viewed

@@ -127,17 +127,10 @@ module Dependabot
             "#{d.name}@#{d.version}"
           end.join(" ")
-          if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error)
-            Helpers.run_pnpm_command(
-              "update #{dependency_updates}  --lockfile-only --no-save -r",
-              fingerprint: "update <dependency_updates>  --lockfile-only --no-save -r"
-            )
-          else
-            Helpers.run_pnpm_command(
-              "install #{dependency_updates} --lockfile-only --ignore-workspace-root-check",
-              fingerprint: "install <dependency_updates> --lockfile-only --ignore-workspace-root-check"
-            )
-          end
+          Helpers.run_pnpm_command(
+            "update #{dependency_updates}  --lockfile-only --no-save -r",
+            fingerprint: "update <dependency_updates>  --lockfile-only --no-save -r"
+          )
         end
         def run_pnpm_install

data/lib/dependabot/npm_and_yarn/file_updater.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module Dependabot
                          end
         if updated_files.none?
-          if Dependabot::Experiments.enabled?(:enable_fix_for_pnpm_no_change_error) && original_pnpm_locks.any?
+          if original_pnpm_locks.any?
             raise_tool_not_supported_for_pnpm_if_transitive
             raise_miss_configured_tooling_if_pnpm_subdirectory
           end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.297.0
+  version: 0.297.2
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-13 00:00:00.000000000 Z
+date: 2025-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.297.0
+        version: 0.297.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.297.0
+        version: 0.297.2
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -356,7 +356,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.297.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.297.2
 post_install_message:
 rdoc_options: []
 require_paths: