dependabot-npm_and_yarn 0.97.11 → 0.98.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5c3a4df4b0ab796e9145381a49db80b4e3c5a2cdc072cf80d25d2bc7b0ccb1e
|
|
4
|
+
data.tar.gz: 99e96ee258cf6371d68c0ac1fe5d245f541d04c69f037272508c77e0cb7637b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 25561d520e94ff8f17cd8e48742961993261988b2a5ced46b7a204af590dc7aee10c40d625e7e21db157587113c858556480ffaff69816f06f916fe7a674559a
|
|
7
|
+
data.tar.gz: aa2270e91a462d26f4597a8208c37dbd94af754eae8a6d8e324284ba78988352897c072ba1cb2e37baaffa20174ab865de0885d97d45fcb80c726f23a6fc47a3
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
require "json"
|
|
4
4
|
require "dependabot/dependency_file"
|
|
5
5
|
require "dependabot/errors"
|
|
6
|
-
require "dependabot/npm_and_yarn/native_helpers"
|
|
7
6
|
require "dependabot/npm_and_yarn/file_fetcher"
|
|
8
7
|
|
|
9
8
|
module Dependabot
|
|
@@ -115,16 +114,20 @@ module Dependabot
|
|
|
115
114
|
def parsed_yarn_lock
|
|
116
115
|
return {} unless yarn_lock
|
|
117
116
|
|
|
117
|
+
# This is *extremely* crude, but saves us from having to shell out
|
|
118
|
+
# to Yarn, which may not be safe
|
|
118
119
|
@parsed_yarn_lock ||=
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
)
|
|
120
|
+
begin
|
|
121
|
+
content = yarn_lock.content.
|
|
122
|
+
lines.
|
|
123
|
+
map { |l| l.match?(/^[\w"]/) ? l.split(", ").last : l }.
|
|
124
|
+
join.
|
|
125
|
+
gsub(/(?<=\w|")\s(?=\w|")/, ": ")
|
|
126
|
+
|
|
127
|
+
YAML.safe_load(content)
|
|
127
128
|
end
|
|
129
|
+
rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
|
|
130
|
+
@parsed_yarn_lock ||= {}
|
|
128
131
|
end
|
|
129
132
|
|
|
130
133
|
# The path back to the root lockfile
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.98.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.98.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.98.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|