RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.331.0 → 0.332.0 - Mend

dependabot-npm_and_yarn 0.331.0 → 0.332.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/npm_and_yarn/file_parser/json_lock.rb +1 -31
data/lib/dependabot/npm_and_yarn/file_parser.rb +1 -4
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ead6dbe56920db49b2451679cdb66303af4c2968b7d61d37faf04ac9b0623a4
-  data.tar.gz: fe8c3c14c55c99ad445105f89f54b5b6a8bd322661ba2bf64c36567d992fa4a0
+  metadata.gz: 752dcfa198d045fc29e5dafd0496d2c796f7c9a8ff4916e0fc5deffe8e3574b8
+  data.tar.gz: ca0c56b6911e85fad52ceae0cbe98764bbd92745333cfb46d7602ee04c22099a
 SHA512:
-  metadata.gz: a4e7fae1ef42c26ba9327815a93d1850e27dd17ef9d8a26eb85ac932ec817b6f14ce8312456cd024a07c63770fdfd4465e4eeae9628c7b167211c7fa7d65d778
-  data.tar.gz: b92350117f5b5059b36a2a96c0da36e2e0d4d45c5ebaa8fe3698b69b17007ad4968a71e0f87a79eff1251b1ee80dc80836c97a7c71ee93c11aa0c0fd5004fee3
+  metadata.gz: 9ab7e4c83fc107b5b80f38ec024e7a0dbd8b7d9de9ca2973614f2e9a418aad8549f97dcaa47c6ee13c9227d7d664aa3bec610f86488aaaaf895e5f32524ad1b7
+  data.tar.gz: 1d8e6fe55e6a2a0bbd1773806510cc6e35eaba8b2364f52e4f46ead217f0801b264e19159aada801b233bf2d9a3715a6ae4c0f51ba6ff95c3381d8be14f36b80

data/lib/dependabot/npm_and_yarn/file_parser/json_lock.rb CHANGED Viewed

@@ -15,9 +15,6 @@ module Dependabot
         sig { params(dependency_file: DependencyFile).void }
         def initialize(dependency_file)
           @dependency_file = dependency_file
-          # Set this file to priority 1 to indicate it should override manifests for purposes of a graph
-          dependency_file.priority = 1
-          @direct_dependencies = T.let(fetch_direct_dependencies, T::Array[String])
         end
         sig { returns(T::Hash[String, T.untyped]) }
@@ -51,36 +48,11 @@ module Dependabot
         private
-        # Only V3 lockfiles contain information on the package itself, so we use `npm ls` to generate
-        # a graph we can pluck the direct dependency list from at parse-time for this lockfile.
-        sig { returns(T::Array[String]) }
-        def fetch_direct_dependencies
-          # TODO(brrygrdn): Implement a 'verbose' flag that runs this extra step?
-          #
-          # For now, don't run this extra native command if we aren't using the submission experiment
-          return [] unless Dependabot::Experiments.enabled?(:enable_dependency_submission_poc)
-          SharedHelpers.in_a_temporary_repo_directory do |_|
-            write_temporary_dependency_files
-            npm_ls_json = Helpers.run_npm_command("ls --all --package-lock-only --json")
-            JSON.parse(npm_ls_json).fetch("dependencies", {}).keys
-          end
-        end
-        sig { void }
-        def write_temporary_dependency_files
-          path = @dependency_file.name
-          FileUtils.mkdir_p(Pathname.new(path).dirname)
-          File.write(path, @dependency_file.content)
-        end
         sig do
           params(object_with_dependencies: T::Hash[String, T.untyped])
             .returns(Dependabot::FileParsers::Base::DependencySet)
         end
-        def recursively_fetch_dependencies(object_with_dependencies) # rubocop:disable Metrics/AbcSize
+        def recursively_fetch_dependencies(object_with_dependencies)
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
           dependencies = object_with_dependencies["dependencies"]
@@ -102,7 +74,6 @@ module Dependabot
               version: version,
               package_manager: "npm_and_yarn",
               requirements: [],
-              direct_relationship: @direct_dependencies.include?(package_name),
               metadata: {
                 depends_on: details&.fetch("dependencies", {})&.keys || []
               },
@@ -123,7 +94,6 @@ module Dependabot
             dependency_set += recursively_fetch_dependencies(details)
           end
-          @dependency_file.dependencies = dependency_set.dependencies.to_set
           dependency_set
         end

data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED Viewed

@@ -226,10 +226,7 @@ module Dependabot
             dep = build_dependency(
               file: file, type: type, name: name, requirement: requirement
             )
-            if dep
-              file.dependencies << dep
-              dependency_set << dep
-            end
+            dependency_set << dep if dep
           end
         end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.331.0
+  version: 0.332.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.332.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.332.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -362,7 +362,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.331.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.332.0
 rdoc_options: []
 require_paths:
 - lib