dependabot-npm_and_yarn 0.98.28 → 0.98.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/yarn/replace-lockfile-declaration.js +3 -3
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 191893799b7915a3bc14b21cb8427d05b4c4e1cb04fafd68e083fea00060740b
4
- data.tar.gz: b5d9037f6bc96ce948340c633ff7001a228a8a5a033984a410260aa1e7143016
3
+ metadata.gz: 4f0b6122a0492da87358e051a2a5060bab09ab044790f06fba34b80923441707
4
+ data.tar.gz: 1dc1d383a704378815838c49056a875e38e07b2313d88faf796fbdf8109d20be
5
5
  SHA512:
6
- metadata.gz: 674a0e345bcc99cea9d5eb5dac87decd51e77798601fe3f7714ed6cd4a28570519c2b55bb9cf530fe34d5962342a2dcd76dfd1473938902edf959bd696f83a1a
7
- data.tar.gz: 1bc88a7970d338661b50859ebfc550157c83f187ba8bbe014a1a38d121fbc564c05f70ff7bde4d72e1bb13b10e50c236c0cbb1e6588650435bc9701a8cef738a
6
+ metadata.gz: 693e78be26fefb60e336d4ea0a1c004704de5b8d876d8078a05dc59cc06507821ea2b0f9ac5a04cb3f349946f96cb39853bf4dcca29713ac7d6b68a946778fcd
7
+ data.tar.gz: af9a043ebc540313cdb69768c99b84de7c92600c1f03d7a0d2b30fb7e8475c2449366d9c9474f4eef720608ba48e4d9f130615bda3f729dc46339261e63b40d7
data/helpers/lib/yarn/replace-lockfile-declaration.js CHANGED
@@ -5,9 +5,9 @@ const stringify = require("@dependabot/yarn-lib/lib/lockfile/stringify")
5
5
  // Get an array of a dependency's requested version ranges from a lockfile
6
6
  function getRequestedVersions(depName, lockfileJson) {
7
7
  const requestedVersions = [];
8
- // TODO: Rethink this regex matching, for example, we don't currently match:
9
- // @dependabot/pack-core@^git+ssh://git@github.com:dependabot/pack-core.git
10
- const re = /^(.*)@([^@]*?)$/;
8
+ // Matching dependency name and version requirements which could be a full url:
9
+ // dep@version, @private-dep@version, private-dep@https:://token@gh.com...#ref
10
+ const re = /^(.[^@]*)@(.*?)$/;
11
11
 
12
12
  Object.entries(lockfileJson).forEach(([name, _]) => {
13
13
  if (name.match(re)) {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.28
4
+ version: 0.98.29
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.28
19
+ version: 0.98.29
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.28
26
+ version: 0.98.29
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement