dependabot-npm_and_yarn 0.111.6 → 0.111.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package.json +1 -1
  3. data/helpers/yarn.lock +6 -10
  4. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +6 -0
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1abb936574249bc4ca7790c66b45b228b5e57b1b1d0ef81e1096df0af2708927
4
- data.tar.gz: 7d9c53d098e60071489751b17878897acd068358461b3e4f32f03aa5815f6894
3
+ metadata.gz: 8742b25d31caacb54996758807de5855716ce866fb1876c2b5849ee1588aa6a0
4
+ data.tar.gz: b686cae8633713cc872d3efca332ce2b33c816f7d59875aaeea9f9e5796442c3
5
5
  SHA512:
6
- metadata.gz: 7eb3947ce95e610f56137dd0395f8f506bb8822b163d21c2ea8e9cc39977d20d332f502269745b27d3c4adce4edb3b04659a31e53a7c240a9a3d3a54eff8c3bd
7
- data.tar.gz: 63bcb958e71cb00c3e169141c84fc0f114898db9ce3f48171f6ccf3c420d57c1beaa48bf8e3c6841a249f09b0ef1a665448b8df32d4d50abd289289323a7c190
6
+ metadata.gz: d0e6a28c47cdd4ea3e178fbf9771112900d1d3efb4af048ef4864754388109b827e32f0389651184268768588d6940c62da430c83d0a8feeea537759d8c87cd8
7
+ data.tar.gz: 145e649557a83fa0eef08f10cea5d86d56da298e3a82d42eed5f47925aca15a7a3f507e7dba419af49a3c6deb103173e4649ff22fd574a4372831ffa9765de4f
data/helpers/package.json CHANGED
@@ -9,7 +9,7 @@
9
9
  "test": "jest"
10
10
  },
11
11
  "dependencies": {
12
- "@dependabot/yarn-lib": "^1.16.0",
12
+ "@dependabot/yarn-lib": "^1.17.3",
13
13
  "detect-indent": "^6.0.0",
14
14
  "npm": "^6.10.1",
15
15
  "semver": "^6.2.0"
data/helpers/yarn.lock CHANGED
@@ -139,10 +139,10 @@
139
139
  exec-sh "^0.3.2"
140
140
  minimist "^1.2.0"
141
141
 
142
- "@dependabot/yarn-lib@^1.16.0":
143
- version "1.16.0"
144
- resolved "https://registry.yarnpkg.com/@dependabot/yarn-lib/-/yarn-lib-1.16.0.tgz#5c5f8d48706f60f90f5dbc48d7036f82a5fb4ad4"
145
- integrity sha512-TufgpxY7IDeBfmzhXc/b71Oz56/nwq0+w0Y4dOkNC+XVEa3SJwW8kmyJxWWyFwoUwBZKZhT2wCTqCogtlhZLAw==
142
+ "@dependabot/yarn-lib@^1.17.3":
143
+ version "1.17.3"
144
+ resolved "https://registry.yarnpkg.com/@dependabot/yarn-lib/-/yarn-lib-1.17.3.tgz#69213a7ef3854d9d89e3ab58fb5f18ab80f582c9"
145
+ integrity sha512-jzkoR/bW/VtrYPuMxxhhPSS5oEAwBijDVcz2E887RIf9csFHIJPqOJ0PVPBzhU0FJbGLlKSStvjbJMiHPe/zHg==
146
146
  dependencies:
147
147
  "@zkochan/cmd-shim" "^3.1.0"
148
148
  babel-runtime "^6.26.0"
@@ -166,6 +166,7 @@
166
166
  is-builtin-module "^2.0.0"
167
167
  is-ci "^1.0.10"
168
168
  is-webpack-bundle "^1.0.0"
169
+ js-yaml "^3.13.1"
169
170
  leven "^2.0.0"
170
171
  loud-rejection "^1.2.0"
171
172
  micromatch "^2.3.11"
@@ -1155,12 +1156,7 @@ combined-stream@^1.0.6, combined-stream@~1.0.6:
1155
1156
  dependencies:
1156
1157
  delayed-stream "~1.0.0"
1157
1158
 
1158
- commander@^2.9.0:
1159
- version "2.19.0"
1160
- resolved "https://registry.yarnpkg.com/commander/-/commander-2.19.0.tgz#f6198aa84e5b83c46054b94ddedbfed5ee9ff12a"
1161
- integrity sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==
1162
-
1163
- commander@~2.20.0:
1159
+ commander@^2.9.0, commander@~2.20.0:
1164
1160
  version "2.20.0"
1165
1161
  resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.0.tgz#d58bb2b5c1ee8f87b0d340027e9e94e222c5a422"
1166
1162
  integrity sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==
data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED
@@ -388,6 +388,12 @@ module Dependabot
388
388
  updated_content = updated_content.gsub(new_req, req)
389
389
  end
390
390
 
391
+ # Enforce https for most common hostnames
392
+ updated_content = updated_content.gsub(
393
+ %r{http://(.*?(?:yarnpkg\.com|npmjs\.org|npmjs\.com))/},
394
+ 'https://\1/'
395
+ )
396
+
391
397
  if remove_integrity_lines?
392
398
  updated_content = remove_integrity_lines(updated_content)
393
399
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.111.6
4
+ version: 0.111.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-13 00:00:00.000000000 Z
11
+ date: 2019-07-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.111.6
19
+ version: 0.111.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.111.6
26
+ version: 0.111.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement