dependabot-npm_and_yarn 0.111.6 → 0.111.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package.json +1 -1
- data/helpers/yarn.lock +6 -10
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +6 -0
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8742b25d31caacb54996758807de5855716ce866fb1876c2b5849ee1588aa6a0
|
4
|
+
data.tar.gz: b686cae8633713cc872d3efca332ce2b33c816f7d59875aaeea9f9e5796442c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d0e6a28c47cdd4ea3e178fbf9771112900d1d3efb4af048ef4864754388109b827e32f0389651184268768588d6940c62da430c83d0a8feeea537759d8c87cd8
|
7
|
+
data.tar.gz: 145e649557a83fa0eef08f10cea5d86d56da298e3a82d42eed5f47925aca15a7a3f507e7dba419af49a3c6deb103173e4649ff22fd574a4372831ffa9765de4f
|
data/helpers/package.json
CHANGED
data/helpers/yarn.lock
CHANGED
@@ -139,10 +139,10 @@
|
|
139
139
|
exec-sh "^0.3.2"
|
140
140
|
minimist "^1.2.0"
|
141
141
|
|
142
|
-
"@dependabot/yarn-lib@^1.
|
143
|
-
version "1.
|
144
|
-
resolved "https://registry.yarnpkg.com/@dependabot/yarn-lib/-/yarn-lib-1.
|
145
|
-
integrity sha512-
|
142
|
+
"@dependabot/yarn-lib@^1.17.3":
|
143
|
+
version "1.17.3"
|
144
|
+
resolved "https://registry.yarnpkg.com/@dependabot/yarn-lib/-/yarn-lib-1.17.3.tgz#69213a7ef3854d9d89e3ab58fb5f18ab80f582c9"
|
145
|
+
integrity sha512-jzkoR/bW/VtrYPuMxxhhPSS5oEAwBijDVcz2E887RIf9csFHIJPqOJ0PVPBzhU0FJbGLlKSStvjbJMiHPe/zHg==
|
146
146
|
dependencies:
|
147
147
|
"@zkochan/cmd-shim" "^3.1.0"
|
148
148
|
babel-runtime "^6.26.0"
|
@@ -166,6 +166,7 @@
|
|
166
166
|
is-builtin-module "^2.0.0"
|
167
167
|
is-ci "^1.0.10"
|
168
168
|
is-webpack-bundle "^1.0.0"
|
169
|
+
js-yaml "^3.13.1"
|
169
170
|
leven "^2.0.0"
|
170
171
|
loud-rejection "^1.2.0"
|
171
172
|
micromatch "^2.3.11"
|
@@ -1155,12 +1156,7 @@ combined-stream@^1.0.6, combined-stream@~1.0.6:
|
|
1155
1156
|
dependencies:
|
1156
1157
|
delayed-stream "~1.0.0"
|
1157
1158
|
|
1158
|
-
commander@^2.9.0:
|
1159
|
-
version "2.19.0"
|
1160
|
-
resolved "https://registry.yarnpkg.com/commander/-/commander-2.19.0.tgz#f6198aa84e5b83c46054b94ddedbfed5ee9ff12a"
|
1161
|
-
integrity sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==
|
1162
|
-
|
1163
|
-
commander@~2.20.0:
|
1159
|
+
commander@^2.9.0, commander@~2.20.0:
|
1164
1160
|
version "2.20.0"
|
1165
1161
|
resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.0.tgz#d58bb2b5c1ee8f87b0d340027e9e94e222c5a422"
|
1166
1162
|
integrity sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==
|
@@ -388,6 +388,12 @@ module Dependabot
|
|
388
388
|
updated_content = updated_content.gsub(new_req, req)
|
389
389
|
end
|
390
390
|
|
391
|
+
# Enforce https for most common hostnames
|
392
|
+
updated_content = updated_content.gsub(
|
393
|
+
%r{http://(.*?(?:yarnpkg\.com|npmjs\.org|npmjs\.com))/},
|
394
|
+
'https://\1/'
|
395
|
+
)
|
396
|
+
|
391
397
|
if remove_integrity_lines?
|
392
398
|
updated_content = remove_integrity_lines(updated_content)
|
393
399
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.111.
|
4
|
+
version: 0.111.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-07-
|
11
|
+
date: 2019-07-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.111.
|
19
|
+
version: 0.111.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.111.
|
26
|
+
version: 0.111.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|