RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.93.1 → 0.93.2 - Mend

dependabot-npm_and_yarn 0.93.1 → 0.93.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/helpers/npm/lib/updater.js +57 -0
data/helpers/package.json +1 -1
data/helpers/yarn.lock +729 -705
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -29
metadata +4 -4

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED Viewed

@@ -403,30 +403,6 @@ module Dependabot
           @git_dependencies_to_lock
         end
-        # Note: NPM 6.6.0 started failing when a sub-dependency has a "from"
-        # field that includes the dependency name
-        #
-        # Example invalid from: "from": "bignumber.js@git+https://gi...
-        def remove_invalid_from_lines(npm_lockfile)
-          return npm_lockfile unless npm_lockfile.key?("dependencies")
-          dependencies =
-            npm_lockfile["dependencies"].
-            map do |k, v|
-              value =
-                if v["from"].to_s.start_with?("#{k}@")
-                  v.dup.tap do |hash|
-                    hash["from"] = hash["from"].gsub(/^#{Regexp.quote(k)}@/, "")
-                  end
-                else v
-                end
-              [k, remove_invalid_from_lines(value)]
-            end.to_h
-          npm_lockfile.merge("dependencies" => dependencies)
-        end
         def replace_ssh_sources(content)
           updated_content = content
@@ -458,11 +434,7 @@ module Dependabot
         end
         def prepared_npm_lockfile_content(content)
-          updated_content =
-            JSON.dump(remove_dependency_from_npm_lockfile(JSON.parse(content)))
-          updated_content =
-            JSON.dump(remove_invalid_from_lines(JSON.parse(updated_content)))
-          updated_content
+          JSON.dump(remove_dependency_from_npm_lockfile(JSON.parse(content)))
         end
         # Duplicated in SubdependencyVersionResolver

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.93.1
+  version: 0.93.2
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-25 00:00:00.000000000 Z
+date: 2019-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.93.1
+        version: 0.93.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.93.1
+        version: 0.93.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement