dependabot-npm_and_yarn 0.113.15 → 0.113.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/npm/peer-dependency-checker.js +1 -1
- data/helpers/lib/yarn/helpers.js +2 -2
- data/helpers/package.json +2 -2
- data/helpers/yarn.lock +51 -32
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6c59aaa540078ed23765e4051de8a0d7febfcd2469f3ee59a70c60e964116c18
|
4
|
+
data.tar.gz: aa339e575efa75e3d9fb01d7b8639e53e4024956cda34192675c99f138371a42
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5b0ae16b10eb492dc343ff926b0beacf349dca26a857f0552cf3ee9221b46506713cd4f126cbdd1add82645e276521a95fc1505c7e3b36535526413deee26feb
|
7
|
+
data.tar.gz: d080a491237ec36e3b1c37303126c6cd0427c5661cac081f1e0c514396821ca30f6bc696d890408a261daba4a7eedfd0024518ac2183e321a2e5088899dc7609
|
@@ -61,7 +61,7 @@ async function checkPeerDependencies(
|
|
61
61
|
// need to explicitly tell npm to fetch all manifests by specifying the
|
62
62
|
// existing dependency name and version in npm install
|
63
63
|
|
64
|
-
// For
|
64
|
+
// For example, if we have "react@15.6.2" and "react-dom@15.6.2" installed
|
65
65
|
// and we want to install react@16.6.0, we need get the existing version of
|
66
66
|
// react-dom and pass this to npm install along with the new version react,
|
67
67
|
// this way npm fetches the manifest for react-dom and determines that we
|
data/helpers/lib/yarn/helpers.js
CHANGED
@@ -13,11 +13,11 @@ function isString(value) {
|
|
13
13
|
// Usually, calling Add.init() would execute a series of steps: resolve, fetch,
|
14
14
|
// link, run lifecycle scripts, cleanup, then save new manifest (package.json).
|
15
15
|
// We only care about the first and last steps: resolve, then save the new
|
16
|
-
// manifest.
|
16
|
+
// manifest. Fortunately, overriding bailout() gives us an opportunity to skip
|
17
17
|
// over the intermediate steps in a relatively painless fashion.
|
18
18
|
class LightweightAdd extends Add {
|
19
19
|
// This method is called by init() at the end of the resolve step, and is
|
20
|
-
// responsible for checking if any
|
20
|
+
// responsible for checking if any dependencies need to be updated locally.
|
21
21
|
// If everything is up to date, it'll save a new lockfile and return true,
|
22
22
|
// which causes init() to skip over the next few steps (fetching and
|
23
23
|
// installing packages). If there are packages that need updating, it'll
|
data/helpers/package.json
CHANGED
@@ -15,10 +15,10 @@
|
|
15
15
|
"semver": "^6.3.0"
|
16
16
|
},
|
17
17
|
"devDependencies": {
|
18
|
-
"eslint": "^6.
|
18
|
+
"eslint": "^6.6.0",
|
19
19
|
"eslint-plugin-prettier": "^3.1.1",
|
20
20
|
"jest": "^24.9.0",
|
21
|
-
"nock": "^11.
|
21
|
+
"nock": "^11.6.0",
|
22
22
|
"prettier": "^1.18.2",
|
23
23
|
"rimraf": "^3.0.0"
|
24
24
|
}
|
data/helpers/yarn.lock
CHANGED
@@ -445,10 +445,10 @@ acorn-globals@^4.1.0:
|
|
445
445
|
acorn "^6.0.1"
|
446
446
|
acorn-walk "^6.0.1"
|
447
447
|
|
448
|
-
acorn-jsx@^5.0
|
449
|
-
version "5.0
|
450
|
-
resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.0.
|
451
|
-
integrity sha512-
|
448
|
+
acorn-jsx@^5.1.0:
|
449
|
+
version "5.1.0"
|
450
|
+
resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.1.0.tgz#294adb71b57398b0680015f0a38c563ee1db5384"
|
451
|
+
integrity sha512-tMUqwBWfLFbJbizRmEcWSLw6HnFzfdJs2sOJEOwwtVPMoH/0Ay+E703oZz78VSXZiiDcZrQ5XKjPIUQixhmgVw==
|
452
452
|
|
453
453
|
acorn-walk@^6.0.1:
|
454
454
|
version "6.2.0"
|
@@ -465,10 +465,10 @@ acorn@^6.0.1:
|
|
465
465
|
resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.3.0.tgz#0087509119ffa4fc0a0041d1e93a417e68cb856e"
|
466
466
|
integrity sha512-/czfa8BwS88b9gWQVhc8eknunSA2DoJpJyTQkhheIf5E48u1N0R4q/YxxsAeqRrmK9TQ/uYfgLDfZo91UlANIA==
|
467
467
|
|
468
|
-
acorn@^7.
|
469
|
-
version "7.
|
470
|
-
resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.
|
471
|
-
integrity sha512-
|
468
|
+
acorn@^7.1.0:
|
469
|
+
version "7.1.0"
|
470
|
+
resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.1.0.tgz#949d36f2c292535da602283586c2477c57eb2d6c"
|
471
|
+
integrity sha512-kL5CuoXA/dgxlBbVrflsflzQ3PAas7RYZB52NOm/6839iVYJgKMJ3cQJD+t2i5+qFa8h3MDpEOJiS64E8JLnSQ==
|
472
472
|
|
473
473
|
agent-base@4, agent-base@^4.3.0:
|
474
474
|
version "4.3.0"
|
@@ -1678,22 +1678,22 @@ eslint-scope@^5.0.0:
|
|
1678
1678
|
esrecurse "^4.1.0"
|
1679
1679
|
estraverse "^4.1.1"
|
1680
1680
|
|
1681
|
-
eslint-utils@^1.4.
|
1682
|
-
version "1.4.
|
1683
|
-
resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-1.4.
|
1684
|
-
integrity sha512-
|
1681
|
+
eslint-utils@^1.4.3:
|
1682
|
+
version "1.4.3"
|
1683
|
+
resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-1.4.3.tgz#74fec7c54d0776b6f67e0251040b5806564e981f"
|
1684
|
+
integrity sha512-fbBN5W2xdY45KulGXmLHZ3c3FHfVYmKg0IrAKGOkT/464PQsx2UeIzfz1RmEci+KLm1bBaAzZAh8+/E+XAeZ8Q==
|
1685
1685
|
dependencies:
|
1686
|
-
eslint-visitor-keys "^1.
|
1686
|
+
eslint-visitor-keys "^1.1.0"
|
1687
1687
|
|
1688
|
-
eslint-visitor-keys@^1.
|
1688
|
+
eslint-visitor-keys@^1.1.0:
|
1689
1689
|
version "1.1.0"
|
1690
1690
|
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-1.1.0.tgz#e2a82cea84ff246ad6fb57f9bde5b46621459ec2"
|
1691
1691
|
integrity sha512-8y9YjtM1JBJU/A9Kc+SbaOV4y29sSWckBwMHa+FGtVj5gN/sbnKDf6xJUl+8g7FAij9LVaP8C24DUiH/f/2Z9A==
|
1692
1692
|
|
1693
|
-
eslint@^6.
|
1694
|
-
version "6.
|
1695
|
-
resolved "https://registry.yarnpkg.com/eslint/-/eslint-6.
|
1696
|
-
integrity sha512-
|
1693
|
+
eslint@^6.6.0:
|
1694
|
+
version "6.6.0"
|
1695
|
+
resolved "https://registry.yarnpkg.com/eslint/-/eslint-6.6.0.tgz#4a01a2fb48d32aacef5530ee9c5a78f11a8afd04"
|
1696
|
+
integrity sha512-PpEBq7b6qY/qrOmpYQ/jTMDYfuQMELR4g4WI1M/NaSDDD/bdcMb+dj4Hgks7p41kW2caXsPsEZAEAyAgjVVC0g==
|
1697
1697
|
dependencies:
|
1698
1698
|
"@babel/code-frame" "^7.0.0"
|
1699
1699
|
ajv "^6.10.0"
|
@@ -1702,9 +1702,9 @@ eslint@^6.5.1:
|
|
1702
1702
|
debug "^4.0.1"
|
1703
1703
|
doctrine "^3.0.0"
|
1704
1704
|
eslint-scope "^5.0.0"
|
1705
|
-
eslint-utils "^1.4.
|
1705
|
+
eslint-utils "^1.4.3"
|
1706
1706
|
eslint-visitor-keys "^1.1.0"
|
1707
|
-
espree "^6.1.
|
1707
|
+
espree "^6.1.2"
|
1708
1708
|
esquery "^1.0.1"
|
1709
1709
|
esutils "^2.0.2"
|
1710
1710
|
file-entry-cache "^5.0.1"
|
@@ -1714,7 +1714,7 @@ eslint@^6.5.1:
|
|
1714
1714
|
ignore "^4.0.6"
|
1715
1715
|
import-fresh "^3.0.0"
|
1716
1716
|
imurmurhash "^0.1.4"
|
1717
|
-
inquirer "^
|
1717
|
+
inquirer "^7.0.0"
|
1718
1718
|
is-glob "^4.0.0"
|
1719
1719
|
js-yaml "^3.13.1"
|
1720
1720
|
json-stable-stringify-without-jsonify "^1.0.1"
|
@@ -1733,13 +1733,13 @@ eslint@^6.5.1:
|
|
1733
1733
|
text-table "^0.2.0"
|
1734
1734
|
v8-compile-cache "^2.0.3"
|
1735
1735
|
|
1736
|
-
espree@^6.1.
|
1737
|
-
version "6.1.
|
1738
|
-
resolved "https://registry.yarnpkg.com/espree/-/espree-6.1.
|
1739
|
-
integrity sha512-
|
1736
|
+
espree@^6.1.2:
|
1737
|
+
version "6.1.2"
|
1738
|
+
resolved "https://registry.yarnpkg.com/espree/-/espree-6.1.2.tgz#6c272650932b4f91c3714e5e7b5f5e2ecf47262d"
|
1739
|
+
integrity sha512-2iUPuuPP+yW1PZaMSDM9eyVf8D5P0Hi8h83YtZ5bPc/zHYjII5khoixIUTMO794NOY8F/ThF1Bo8ncZILarUTA==
|
1740
1740
|
dependencies:
|
1741
|
-
acorn "^7.
|
1742
|
-
acorn-jsx "^5.0
|
1741
|
+
acorn "^7.1.0"
|
1742
|
+
acorn-jsx "^5.1.0"
|
1743
1743
|
eslint-visitor-keys "^1.1.0"
|
1744
1744
|
|
1745
1745
|
esprima@^3.1.3:
|
@@ -2550,7 +2550,7 @@ init-package-json@^1.10.3:
|
|
2550
2550
|
validate-npm-package-license "^3.0.1"
|
2551
2551
|
validate-npm-package-name "^3.0.0"
|
2552
2552
|
|
2553
|
-
inquirer@^6.2.0
|
2553
|
+
inquirer@^6.2.0:
|
2554
2554
|
version "6.5.1"
|
2555
2555
|
resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-6.5.1.tgz#8bfb7a5ac02dac6ff641ac4c5ff17da112fcdb42"
|
2556
2556
|
integrity sha512-uxNHBeQhRXIoHWTSNYUFhQVrHYFThIt6IVo2fFmSe8aBwdR3/w6b58hJpiL/fMukFkvGzjg+hSxFtwvVmKZmXw==
|
@@ -2569,6 +2569,25 @@ inquirer@^6.2.0, inquirer@^6.4.1:
|
|
2569
2569
|
strip-ansi "^5.1.0"
|
2570
2570
|
through "^2.3.6"
|
2571
2571
|
|
2572
|
+
inquirer@^7.0.0:
|
2573
|
+
version "7.0.0"
|
2574
|
+
resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-7.0.0.tgz#9e2b032dde77da1db5db804758b8fea3a970519a"
|
2575
|
+
integrity sha512-rSdC7zelHdRQFkWnhsMu2+2SO41mpv2oF2zy4tMhmiLWkcKbOAs87fWAJhVXttKVwhdZvymvnuM95EyEXg2/tQ==
|
2576
|
+
dependencies:
|
2577
|
+
ansi-escapes "^4.2.1"
|
2578
|
+
chalk "^2.4.2"
|
2579
|
+
cli-cursor "^3.1.0"
|
2580
|
+
cli-width "^2.0.0"
|
2581
|
+
external-editor "^3.0.3"
|
2582
|
+
figures "^3.0.0"
|
2583
|
+
lodash "^4.17.15"
|
2584
|
+
mute-stream "0.0.8"
|
2585
|
+
run-async "^2.2.0"
|
2586
|
+
rxjs "^6.4.0"
|
2587
|
+
string-width "^4.1.0"
|
2588
|
+
strip-ansi "^5.1.0"
|
2589
|
+
through "^2.3.6"
|
2590
|
+
|
2572
2591
|
invariant@^2.2.0, invariant@^2.2.4:
|
2573
2592
|
version "2.2.4"
|
2574
2593
|
resolved "https://registry.yarnpkg.com/invariant/-/invariant-2.2.4.tgz#610f3c92c9359ce1db616e538008d23ff35158e6"
|
@@ -4063,10 +4082,10 @@ nice-try@^1.0.4:
|
|
4063
4082
|
resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
|
4064
4083
|
integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==
|
4065
4084
|
|
4066
|
-
nock@^11.
|
4067
|
-
version "11.
|
4068
|
-
resolved "https://registry.yarnpkg.com/nock/-/nock-11.
|
4069
|
-
integrity sha512-
|
4085
|
+
nock@^11.6.0:
|
4086
|
+
version "11.6.0"
|
4087
|
+
resolved "https://registry.yarnpkg.com/nock/-/nock-11.6.0.tgz#481961e0cf78794f200ea71e25d948d668446717"
|
4088
|
+
integrity sha512-9ocFR68CxS6nf2XtQNpdSh5n4QQSKl87DhXgLnHO/RD4CsGThFtu8/QG6myHTnrUHRE6JSKpiGjLJdRe2ZSlIA==
|
4070
4089
|
dependencies:
|
4071
4090
|
chai "^4.1.2"
|
4072
4091
|
debug "^4.1.0"
|
@@ -214,7 +214,7 @@ module Dependabot
|
|
214
214
|
end
|
215
215
|
|
216
216
|
# Re-write the glob name to the targeted dependency name (which is used
|
217
|
-
# in the lockfile), for example "parent-
|
217
|
+
# in the lockfile), for example "parent-package/**/sub-dep/target-dep" >
|
218
218
|
# "target-dep"
|
219
219
|
def convert_dependency_path_to_name(path, value)
|
220
220
|
# Picking the last two parts that might include a scope
|
@@ -355,7 +355,7 @@ module Dependabot
|
|
355
355
|
|
356
356
|
def dependencies_in_error_message?(error_message)
|
357
357
|
names = dependencies.map { |dep| dep.name.split("/").first }
|
358
|
-
# Example
|
358
|
+
# Example format: No matching version found for
|
359
359
|
# @dependabot/dummy-pkg-b@^1.3.0
|
360
360
|
names.any? do |name|
|
361
361
|
error_message.match?(%r{#{Regexp.quote(name)}[\/@]})
|
@@ -225,7 +225,7 @@ module Dependabot
|
|
225
225
|
# `bundledDependencies`.
|
226
226
|
#
|
227
227
|
# For example, fsevents < 2 bundles node-pre-gyp meaning all it's
|
228
|
-
# sub-
|
228
|
+
# sub-dependencies get bundled into the release tarball at publish time
|
229
229
|
# so you always get the same sub-dependency versions if you re-install a
|
230
230
|
# specific version of fsevents.
|
231
231
|
#
|
@@ -486,7 +486,7 @@ module Dependabot
|
|
486
486
|
).npmrc_content
|
487
487
|
end
|
488
488
|
|
489
|
-
# Top level
|
489
|
+
# Top level dependencies are required in the peer dep checker
|
490
490
|
# to fetch the manifests for all top level deps which may contain
|
491
491
|
# "peerDependency" requirements
|
492
492
|
def top_level_dependencies
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.113.
|
4
|
+
version: 0.113.16
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-10-
|
11
|
+
date: 2019-10-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.113.
|
19
|
+
version: 0.113.16
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.113.
|
26
|
+
version: 0.113.16
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|