dependabot-npm_and_yarn 0.330.0 → 0.331.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_parser/bun_lock.rb +4 -1
- data/lib/dependabot/npm_and_yarn/file_parser/json_lock.rb +5 -2
- data/lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb +6 -2
- data/lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb +4 -1
- data/lib/dependabot/npm_and_yarn/file_parser.rb +4 -1
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +4 -2
- data/lib/dependabot/npm_and_yarn/update_checker.rb +2 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ead6dbe56920db49b2451679cdb66303af4c2968b7d61d37faf04ac9b0623a4
|
|
4
|
+
data.tar.gz: fe8c3c14c55c99ad445105f89f54b5b6a8bd322661ba2bf64c36567d992fa4a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4e7fae1ef42c26ba9327815a93d1850e27dd17ef9d8a26eb85ac932ec817b6f14ce8312456cd024a07c63770fdfd4465e4eeae9628c7b167211c7fa7d65d778
|
|
7
|
+
data.tar.gz: b92350117f5b5059b36a2a96c0da36e2e0d4d45c5ebaa8fe3698b69b17007ad4968a71e0f87a79eff1251b1ee80dc80836c97a7c71ee93c11aa0c0fd5004fee3
|
|
@@ -40,6 +40,8 @@ module Dependabot
|
|
|
40
40
|
def dependencies
|
|
41
41
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
42
42
|
|
|
43
|
+
origin_file = Pathname.new(@dependency_file.directory).join(@dependency_file.name).to_s
|
|
44
|
+
|
|
43
45
|
# bun.lock v0 format:
|
|
44
46
|
# https://github.com/oven-sh/bun/blob/c130df6c589fdf28f9f3c7f23ed9901140bc9349/src/install/bun.lock.zig#L595-L605
|
|
45
47
|
|
|
@@ -62,7 +64,8 @@ module Dependabot
|
|
|
62
64
|
name: name,
|
|
63
65
|
version: semver.to_s,
|
|
64
66
|
package_manager: "npm_and_yarn",
|
|
65
|
-
requirements: []
|
|
67
|
+
requirements: [],
|
|
68
|
+
origin_files: [origin_file]
|
|
66
69
|
)
|
|
67
70
|
end
|
|
68
71
|
|
|
@@ -80,7 +80,7 @@ module Dependabot
|
|
|
80
80
|
params(object_with_dependencies: T::Hash[String, T.untyped])
|
|
81
81
|
.returns(Dependabot::FileParsers::Base::DependencySet)
|
|
82
82
|
end
|
|
83
|
-
def recursively_fetch_dependencies(object_with_dependencies)
|
|
83
|
+
def recursively_fetch_dependencies(object_with_dependencies) # rubocop:disable Metrics/AbcSize
|
|
84
84
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
85
85
|
|
|
86
86
|
dependencies = object_with_dependencies["dependencies"]
|
|
@@ -95,6 +95,8 @@ module Dependabot
|
|
|
95
95
|
package_name = name.split("node_modules/").last
|
|
96
96
|
version = version.to_s
|
|
97
97
|
|
|
98
|
+
origin_file = Pathname.new(@dependency_file.directory).join(@dependency_file.name).to_s
|
|
99
|
+
|
|
98
100
|
dependency_args = {
|
|
99
101
|
name: package_name,
|
|
100
102
|
version: version,
|
|
@@ -103,7 +105,8 @@ module Dependabot
|
|
|
103
105
|
direct_relationship: @direct_dependencies.include?(package_name),
|
|
104
106
|
metadata: {
|
|
105
107
|
depends_on: details&.fetch("dependencies", {})&.keys || []
|
|
106
|
-
}
|
|
108
|
+
},
|
|
109
|
+
origin_files: [origin_file]
|
|
107
110
|
}
|
|
108
111
|
|
|
109
112
|
if details["bundled"]
|
|
@@ -75,6 +75,8 @@ module Dependabot
|
|
|
75
75
|
end
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
+
origin_file = Pathname.new(@dependency_file.directory).join(@dependency_file.name).to_s
|
|
79
|
+
|
|
78
80
|
# Add prioritized dependencies to the dependency set.
|
|
79
81
|
dependencies_with_specifiers.each do |dependency_args|
|
|
80
82
|
dependency_set << Dependency.new(
|
|
@@ -82,7 +84,8 @@ module Dependabot
|
|
|
82
84
|
version: dependency_args[:version],
|
|
83
85
|
package_manager: dependency_args[:package_manager],
|
|
84
86
|
requirements: dependency_args[:requirements],
|
|
85
|
-
subdependency_metadata: dependency_args[:subdependency_metadata]
|
|
87
|
+
subdependency_metadata: dependency_args[:subdependency_metadata],
|
|
88
|
+
origin_files: [origin_file]
|
|
86
89
|
)
|
|
87
90
|
end
|
|
88
91
|
|
|
@@ -92,7 +95,8 @@ module Dependabot
|
|
|
92
95
|
version: dependency_args[:version],
|
|
93
96
|
package_manager: dependency_args[:package_manager],
|
|
94
97
|
requirements: dependency_args[:requirements],
|
|
95
|
-
subdependency_metadata: dependency_args[:subdependency_metadata]
|
|
98
|
+
subdependency_metadata: dependency_args[:subdependency_metadata],
|
|
99
|
+
origin_files: [origin_file]
|
|
96
100
|
)
|
|
97
101
|
end
|
|
98
102
|
|
|
@@ -46,6 +46,8 @@ module Dependabot
|
|
|
46
46
|
def dependencies
|
|
47
47
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
|
48
48
|
|
|
49
|
+
origin_file = Pathname.new(@dependency_file.directory).join(@dependency_file.name).to_s
|
|
50
|
+
|
|
49
51
|
parsed.each do |reqs, details|
|
|
50
52
|
reqs.split(", ").each do |req|
|
|
51
53
|
version = Version.semver_for(details["version"])
|
|
@@ -58,7 +60,8 @@ module Dependabot
|
|
|
58
60
|
name: T.must(req.split(/(?<=\w)\@/).first),
|
|
59
61
|
version: version.to_s,
|
|
60
62
|
package_manager: "npm_and_yarn",
|
|
61
|
-
requirements: []
|
|
63
|
+
requirements: [],
|
|
64
|
+
origin_files: [origin_file]
|
|
62
65
|
)
|
|
63
66
|
end
|
|
64
67
|
end
|
|
@@ -302,6 +302,8 @@ module Dependabot
|
|
|
302
302
|
# Example: "my-fetch-factory@npm:fetch-factory"
|
|
303
303
|
return if aliased_package_name?(name)
|
|
304
304
|
|
|
305
|
+
origin_file = Pathname.new(file.directory).join(file.name).to_s
|
|
306
|
+
|
|
305
307
|
Dependency.new(
|
|
306
308
|
name: name,
|
|
307
309
|
version: converted_version,
|
|
@@ -311,7 +313,8 @@ module Dependabot
|
|
|
311
313
|
file: file.name,
|
|
312
314
|
groups: [type],
|
|
313
315
|
source: source_for(name, requirement, lockfile_details)
|
|
314
|
-
}]
|
|
316
|
+
}],
|
|
317
|
+
origin_files: [origin_file]
|
|
315
318
|
)
|
|
316
319
|
end
|
|
317
320
|
|
|
@@ -207,7 +207,8 @@ module Dependabot
|
|
|
207
207
|
version: d.previous_version,
|
|
208
208
|
previous_version: d.previous_version,
|
|
209
209
|
requirements: T.must(d.previous_requirements),
|
|
210
|
-
previous_requirements: d.previous_requirements
|
|
210
|
+
previous_requirements: d.previous_requirements,
|
|
211
|
+
origin_files: d.origin_files
|
|
211
212
|
)
|
|
212
213
|
end
|
|
213
214
|
|
|
@@ -218,7 +219,8 @@ module Dependabot
|
|
|
218
219
|
version: d.previous_version,
|
|
219
220
|
previous_version: d.previous_version,
|
|
220
221
|
requirements: [],
|
|
221
|
-
previous_requirements: []
|
|
222
|
+
previous_requirements: [],
|
|
223
|
+
origin_files: d.origin_files
|
|
222
224
|
)
|
|
223
225
|
end
|
|
224
226
|
|
|
@@ -31,6 +31,7 @@ module Dependabot
|
|
|
31
31
|
requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
|
|
32
32
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
33
33
|
update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
|
|
34
|
+
exclude_paths: T.nilable(T::Array[String]),
|
|
34
35
|
options: T::Hash[Symbol, T.untyped]
|
|
35
36
|
)
|
|
36
37
|
.void
|
|
@@ -39,7 +40,7 @@ module Dependabot
|
|
|
39
40
|
repo_contents_path: nil, ignored_versions: [],
|
|
40
41
|
raise_on_ignored: false, security_advisories: [],
|
|
41
42
|
requirements_update_strategy: nil, dependency_group: nil,
|
|
42
|
-
update_cooldown: nil, options: {})
|
|
43
|
+
update_cooldown: nil, exclude_paths: [], options: {})
|
|
43
44
|
@latest_version = T.let(nil, T.nilable(T.any(String, Gem::Version)))
|
|
44
45
|
@latest_resolvable_version = T.let(nil, T.nilable(T.any(String, Dependabot::Version)))
|
|
45
46
|
@updated_requirements = T.let(nil, T.nilable(T::Array[T::Hash[Symbol, T.untyped]]))
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.331.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.331.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.331.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -362,7 +362,7 @@ licenses:
|
|
|
362
362
|
- MIT
|
|
363
363
|
metadata:
|
|
364
364
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
365
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
365
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.331.0
|
|
366
366
|
rdoc_options: []
|
|
367
367
|
require_paths:
|
|
368
368
|
- lib
|