dependabot-npm_and_yarn 0.320.0 → 0.320.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/helpers.rb +4 -5
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e8d6f1d107d110d67d7bbfc67768a6c1afe62d22e7b327a9a495d5caf0535703
|
|
4
|
+
data.tar.gz: 2f3a64b55706976119011580025b65b199bc3e2e2e1fd7c54dd1f6506414fa9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7913cc686f742a69ec86a9f8835079c159fd159bcff483e62d8bc6162d4ae93a498d50ead60886b254d1c714060bfed0e92d31b907b74814f0e663c806241b76
|
|
7
|
+
data.tar.gz: f60d5b3bc19476bf60b85203a7441f694e557f1fe9b9419dfce2369fc271e1e4fad7f76a78f0885453c8aa0e98512ff06af816292f25c6e06a8a7fe89466e5dd
|
|
@@ -19,7 +19,7 @@ module Dependabot
|
|
|
19
19
|
NPM_V10 = 10
|
|
20
20
|
NPM_V8 = 8
|
|
21
21
|
NPM_V6 = 6
|
|
22
|
-
NPM_DEFAULT_VERSION =
|
|
22
|
+
NPM_DEFAULT_VERSION = NPM_V10
|
|
23
23
|
|
|
24
24
|
# PNPM Version Constants
|
|
25
25
|
PNPM_V9 = 9
|
|
@@ -56,26 +56,25 @@ module Dependabot
|
|
|
56
56
|
def self.detect_npm_version(lockfile)
|
|
57
57
|
lockfile_content = lockfile&.content
|
|
58
58
|
|
|
59
|
-
# Return
|
|
59
|
+
# Return npm 10 as the default if the lockfile is missing or empty
|
|
60
60
|
return NPM_DEFAULT_VERSION if lockfile_content.nil? || lockfile_content.strip.empty?
|
|
61
61
|
|
|
62
62
|
parsed_lockfile = JSON.parse(lockfile_content)
|
|
63
63
|
|
|
64
64
|
lockfile_version_str = parsed_lockfile["lockfileVersion"]
|
|
65
65
|
|
|
66
|
-
# Default to npm default version if lockfileVersion is missing or empty
|
|
67
66
|
return NPM_DEFAULT_VERSION if lockfile_version_str.nil? || lockfile_version_str.to_s.strip.empty?
|
|
68
67
|
|
|
69
68
|
lockfile_version = lockfile_version_str.to_i
|
|
70
69
|
|
|
71
70
|
# Using npm 8 as the default for lockfile_version > 2.
|
|
72
|
-
|
|
71
|
+
return NPM_V10 if lockfile_version >= 3
|
|
73
72
|
return NPM_V8 if lockfile_version >= 2
|
|
74
73
|
|
|
75
74
|
NPM_V6 if lockfile_version >= 1
|
|
76
75
|
# Return nil if can't capture
|
|
77
76
|
rescue JSON::ParserError
|
|
78
|
-
NPM_DEFAULT_VERSION # Fallback to
|
|
77
|
+
NPM_DEFAULT_VERSION # Fallback to npm 8 if the lockfile content cannot be parsed
|
|
79
78
|
end
|
|
80
79
|
|
|
81
80
|
private_class_method :detect_npm_version
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.320.
|
|
4
|
+
version: 0.320.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.320.
|
|
18
|
+
version: 0.320.1
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.320.
|
|
25
|
+
version: 0.320.1
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -356,7 +356,7 @@ licenses:
|
|
|
356
356
|
- MIT
|
|
357
357
|
metadata:
|
|
358
358
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
359
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.320.
|
|
359
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.320.1
|
|
360
360
|
rdoc_options: []
|
|
361
361
|
require_paths:
|
|
362
362
|
- lib
|