RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.111.3 → 0.111.4 - Mend

dependabot-npm_and_yarn 0.111.3 → 0.111.4

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 426735cc5e4b03ae1fcbb1c9a896b2df9c8f3c4b1cbe330f4c073d4f106f09a5
-  data.tar.gz: c03c2becc3d1164366ec0cb1f926d705954169c906998b0bf845124d413a7729
+  metadata.gz: d211a87dd33be112768fc89bfd86758631beeb8020c6b4d15fe8c18b75faab58
+  data.tar.gz: e10d66acf5e877d1f2a2780bea01903571904b941a494c4509bc74dc85ffcfbc
 SHA512:
-  metadata.gz: 0a8a510788318489f41405d716099167e88c01bf4e4598bb75af372e6ea2a163edf9f08964276a21c9af876ded78fbabaf3ad3f0c212aff8b18305f48c818ccc
-  data.tar.gz: 1edfc61beade1a9fe7399853951833173b4795e98178aa7e191691e5eb14f30c52398dc16e7c87764f23ee3cfb5d2a209a164a0e1484fc20f75a7a6489ac900a
+  metadata.gz: a1c49c13c7d524de0fb5b2afd1164714757feedceca2e6aca2b50d7b47dd972aff847e5c7e4cb43020b14d00fa1f01338b0bee74af5e52373ed2a07fc92568fe
+  data.tar.gz: e591c6c870167dab07b6c6a34a5f684274247d0e2d2fe9f2e0dc2529b2767e0cc154b9d55228dc950cff8bcc88c52d0605d01848830ef12c12596c1caae8ae0c

data/helpers/yarn.lock CHANGED Viewed

@@ -3740,9 +3740,9 @@ lodash.without@~4.4.0:
   integrity sha1-PNRXSgC2e643OpS3SHcmQFB7eqw=
 lodash@^4.17.11, lodash@^4.17.5:
-  version "4.17.11"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
-  integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
+  version "4.17.14"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba"
+  integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw==
 loose-envify@^1.0.0:
   version "1.4.0"

data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED Viewed

@@ -171,9 +171,14 @@ module Dependabot
         current_dir = nil if current_dir == ""
         path_dep_starts = %w(file: / ./ ../ ~/ link:.)
-        dependency_objects =
-          JSON.parse(file.content).
-          values_at(*NpmAndYarn::FileParser::DEPENDENCY_TYPES).compact
+        # Fetch yarn "file:" path "resolutions" so that we can resolve the
+        # lockfile. This pattern seems to be used to replace a sub-dependency
+        # with a local mock version.
+        dependency_types = NpmAndYarn::FileParser::DEPENDENCY_TYPES +
+                           ["resolutions"]
+        dependency_objects = JSON.parse(file.content).
+                             values_at(*dependency_types).
+                             compact
         unless dependency_objects.all? { |o| o.is_a?(Hash) }
           raise Dependabot::DependencyFileNotParseable, file.path

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.111.3
+  version: 0.111.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-08 00:00:00.000000000 Z
+date: 2019-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.3
+        version: 0.111.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.3
+        version: 0.111.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement