dependabot-npm_and_yarn 0.106.3 → 0.106.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +5 -0
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bca8202e13c4c5772559de24a6c185294db81223109db4e90e71a1c26a0dafd4
4
- data.tar.gz: 9a2a919429801075b4fc861d827fbfc1b5c71a5b6f7ec74908544cec2d73fce5
3
+ metadata.gz: edcd98e2a1935764c142c3b298ab356dcc2c6f217d1b6e8fe3d899ceb6e1523e
4
+ data.tar.gz: 9d6c81d05c5431b82c0c1a30b6758a319051a3f09704c3e58f54edb1e414e33a
5
5
  SHA512:
6
- metadata.gz: f5a8ddd9bfacc1ec4ef31f66fd18c9be3f4ad2ccd1345c275df76ca9992cd1e4b60a3f8547c3c00e01235ec2f70e68d1a6a0d6269aa8a188690d8b6ccf137bd2
7
- data.tar.gz: 8e557ffd27afd56cec3596fb26cbc96edf63ea7ec763d4310b59a4b44ed88ec5c7f1243fba374c8d169e0dc2230cca6e098790617a7deb45b95d51fac59b927a
6
+ metadata.gz: 27b4be4a3e70d7d1a7f6260b99765449cd7dde590004c0dca37a6313cbbbe76640d7bcd0dec9d7d94e3a03fe44f356cdb1d249b7da47f292d383021e5ba70de7
7
+ data.tar.gz: 58a7177ee3913e6438f37868968c7db67606d558888209c568f39b9159d2c86531f89d97aed5af535064b1d4dfe8a43cfaaf2390982b141a8b594f34123b747b
data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb CHANGED
@@ -71,6 +71,7 @@ module Dependabot
71
71
  yarn_locks.each do |yarn_lock|
72
72
  parse_yarn_lock(yarn_lock).each do |req, details|
73
73
  next unless semver_version_for(details["version"])
74
+ next if alias_package?(req)
74
75
 
75
76
  # Note: The DependencySet will de-dupe our dependencies, so they
76
77
  # end up unique by name. That's not a perfect representation of
@@ -151,6 +152,10 @@ module Dependabot
151
152
  version_string
152
153
  end
153
154
 
155
+ def alias_package?(requirement)
156
+ requirement.include?("@npm:")
157
+ end
158
+
154
159
  def parse_package_lock(package_lock)
155
160
  @parse_package_lock ||= {}
156
161
  @parse_package_lock[package_lock.name] ||=
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.106.3
4
+ version: 0.106.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.106.3
19
+ version: 0.106.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.106.3
26
+ version: 0.106.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement