dependabot-npm_and_yarn 0.117.3 → 0.117.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/npm/helpers.js +1 -1
- data/helpers/lib/npm/index.js +1 -1
- data/helpers/lib/npm/peer-dependency-checker.js +11 -9
- data/helpers/lib/npm/subdependency-updater.js +8 -8
- data/helpers/lib/npm/updater.js +9 -9
- data/helpers/lib/yarn/fix-duplicates.js +4 -4
- data/helpers/lib/yarn/index.js +1 -1
- data/helpers/lib/yarn/lockfile-parser.js +1 -1
- data/helpers/lib/yarn/peer-dependency-checker.js +5 -5
- data/helpers/lib/yarn/replace-lockfile-declaration.js +1 -1
- data/helpers/lib/yarn/subdependency-updater.js +8 -8
- data/helpers/lib/yarn/updater.js +10 -10
- data/helpers/package.json +2 -2
- data/helpers/run.js +3 -3
- data/helpers/test/npm/helpers.js +2 -2
- data/helpers/test/npm/updater.test.js +3 -3
- data/helpers/test/yarn/helpers.js +2 -2
- data/helpers/test/yarn/updater.test.js +9 -9
- data/helpers/yarn.lock +24 -24
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '096bcf1e064de66241e6903ecdc843165a51caecb442954ec24b3964aa928532'
|
|
4
|
+
data.tar.gz: b7fae157fe771e44db29e78b615326b16453862970aca6b68e2e6252f4fc11d8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 520c2fdc23652fb9c28ed0f429eac71c67bb7dec2a4a75dbaeff780527575a0d2f2f4217671f75446bc106453582e057b347093373de3f789bbb348c8bc74e32
|
|
7
|
+
data.tar.gz: b1404953cae660ff58eb9a54faa21b46d34640af341b406a04a50cf9667c7302bfb6ff08d027a80cba65b0eaed6dc9cf5d236e4cf0ad0ed631040a4a3fc90f8a
|
data/helpers/lib/npm/helpers.js
CHANGED
data/helpers/lib/npm/index.js
CHANGED
|
@@ -5,5 +5,5 @@ const subdependencyUpdater = require("./subdependency-updater");
|
|
|
5
5
|
module.exports = {
|
|
6
6
|
update: updater.updateDependencyFiles,
|
|
7
7
|
updateSubdependency: subdependencyUpdater.updateDependencyFile,
|
|
8
|
-
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies
|
|
8
|
+
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
|
|
9
9
|
};
|
|
@@ -15,7 +15,7 @@ const installer = require("npm/lib/install");
|
|
|
15
15
|
const { muteStderr, runAsync } = require("./helpers.js");
|
|
16
16
|
|
|
17
17
|
function installArgsWithVersion(depName, desiredVersion, reqs) {
|
|
18
|
-
const source = (reqs.find(req => req.source) || {}).source;
|
|
18
|
+
const source = (reqs.find((req) => req.source) || {}).source;
|
|
19
19
|
|
|
20
20
|
if (source && source.type === "git") {
|
|
21
21
|
return [`${depName}@${source.url}#${desiredVersion}`];
|
|
@@ -48,8 +48,8 @@ async function checkPeerDependencies(
|
|
|
48
48
|
audit: false,
|
|
49
49
|
"prefer-offline": true,
|
|
50
50
|
"ignore-scripts": true,
|
|
51
|
-
save: false
|
|
52
|
-
}
|
|
51
|
+
save: false,
|
|
52
|
+
},
|
|
53
53
|
]);
|
|
54
54
|
|
|
55
55
|
const dryRun = true;
|
|
@@ -75,18 +75,20 @@ async function checkPeerDependencies(
|
|
|
75
75
|
// Returns dep name and version for npm install, example: ["react-dom@15.6.2"]
|
|
76
76
|
// - given react and react-dom in top level deps
|
|
77
77
|
const otherDeps = (topLevelDependencies || [])
|
|
78
|
-
.filter(dep => dep.name !== depName && dep.version)
|
|
79
|
-
.map(dep =>
|
|
78
|
+
.filter((dep) => dep.name !== depName && dep.version)
|
|
79
|
+
.map((dep) =>
|
|
80
|
+
installArgsWithVersion(dep.name, dep.version, dep.requirements)
|
|
81
|
+
)
|
|
80
82
|
.reduce((acc, dep) => acc.concat(dep), []);
|
|
81
83
|
|
|
82
84
|
args = args.concat(otherDeps);
|
|
83
85
|
|
|
84
86
|
const initialInstaller = new installer.Installer(directory, dryRun, args, {
|
|
85
|
-
packageLockOnly: true
|
|
87
|
+
packageLockOnly: true,
|
|
86
88
|
});
|
|
87
89
|
|
|
88
90
|
// Skip printing the success message
|
|
89
|
-
initialInstaller.printInstalled = cb => cb();
|
|
91
|
+
initialInstaller.printInstalled = (cb) => cb();
|
|
90
92
|
|
|
91
93
|
// There are some hard-to-prevent bits of output.
|
|
92
94
|
// This is horrible, but works.
|
|
@@ -98,8 +100,8 @@ async function checkPeerDependencies(
|
|
|
98
100
|
}
|
|
99
101
|
|
|
100
102
|
const peerDependencyWarnings = initialInstaller.idealTree.warnings
|
|
101
|
-
.filter(warning => warning.code === "EPEERINVALID")
|
|
102
|
-
.map(warning => warning.message);
|
|
103
|
+
.filter((warning) => warning.code === "EPEERINVALID")
|
|
104
|
+
.map((warning) => warning.message);
|
|
103
105
|
|
|
104
106
|
if (peerDependencyWarnings.length) {
|
|
105
107
|
throw new Error(peerDependencyWarnings.join("\n"));
|
|
@@ -8,7 +8,7 @@ const removeDependenciesFromLockfile = require("./remove-dependencies-from-lockf
|
|
|
8
8
|
const { muteStderr, runAsync } = require("./helpers.js");
|
|
9
9
|
|
|
10
10
|
async function updateDependencyFile(directory, lockfileName, dependencies) {
|
|
11
|
-
const readFile = fileName =>
|
|
11
|
+
const readFile = (fileName) =>
|
|
12
12
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
13
13
|
|
|
14
14
|
const lockfile = readFile(lockfileName);
|
|
@@ -18,7 +18,7 @@ async function updateDependencyFile(directory, lockfileName, dependencies) {
|
|
|
18
18
|
// npm find the latest resolvable version and fix the lockfile
|
|
19
19
|
const updatedLockfileObject = removeDependenciesFromLockfile(
|
|
20
20
|
lockfileObject,
|
|
21
|
-
dependencies.map(dep => dep.name)
|
|
21
|
+
dependencies.map((dep) => dep.name)
|
|
22
22
|
);
|
|
23
23
|
fs.writeFileSync(
|
|
24
24
|
path.join(directory, lockfileName),
|
|
@@ -41,24 +41,24 @@ async function updateDependencyFile(directory, lockfileName, dependencies) {
|
|
|
41
41
|
force: true,
|
|
42
42
|
audit: false,
|
|
43
43
|
"prefer-offline": true,
|
|
44
|
-
"ignore-scripts": true
|
|
45
|
-
}
|
|
44
|
+
"ignore-scripts": true,
|
|
45
|
+
},
|
|
46
46
|
]);
|
|
47
47
|
|
|
48
48
|
const dryRun = true;
|
|
49
49
|
const initialInstaller = new installer.Installer(directory, dryRun, [], {
|
|
50
|
-
packageLockOnly: true
|
|
50
|
+
packageLockOnly: true,
|
|
51
51
|
});
|
|
52
52
|
|
|
53
53
|
// A bug in npm means the initial install will remove any git dependencies
|
|
54
54
|
// from the lockfile. A subsequent install with no arguments fixes this.
|
|
55
55
|
const cleanupInstaller = new installer.Installer(directory, dryRun, [], {
|
|
56
|
-
packageLockOnly: true
|
|
56
|
+
packageLockOnly: true,
|
|
57
57
|
});
|
|
58
58
|
|
|
59
59
|
// Skip printing the success message
|
|
60
|
-
initialInstaller.printInstalled = cb => cb();
|
|
61
|
-
cleanupInstaller.printInstalled = cb => cb();
|
|
60
|
+
initialInstaller.printInstalled = (cb) => cb();
|
|
61
|
+
cleanupInstaller.printInstalled = (cb) => cb();
|
|
62
62
|
|
|
63
63
|
// There are some hard-to-prevent bits of output.
|
|
64
64
|
// This is horrible, but works.
|
data/helpers/lib/npm/updater.js
CHANGED
|
@@ -22,7 +22,7 @@ const detectIndent = require("detect-indent");
|
|
|
22
22
|
const { muteStderr, runAsync } = require("./helpers.js");
|
|
23
23
|
|
|
24
24
|
async function updateDependencyFiles(directory, lockfileName, dependencies) {
|
|
25
|
-
const readFile = fileName =>
|
|
25
|
+
const readFile = (fileName) =>
|
|
26
26
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
27
27
|
|
|
28
28
|
// `force: true` ignores checks for platform (os, cpu) and engines
|
|
@@ -41,14 +41,14 @@ async function updateDependencyFiles(directory, lockfileName, dependencies) {
|
|
|
41
41
|
force: true,
|
|
42
42
|
audit: false,
|
|
43
43
|
"prefer-offline": true,
|
|
44
|
-
"ignore-scripts": true
|
|
45
|
-
}
|
|
44
|
+
"ignore-scripts": true,
|
|
45
|
+
},
|
|
46
46
|
]);
|
|
47
47
|
const manifest = JSON.parse(readFile("package.json"));
|
|
48
48
|
|
|
49
49
|
const dryRun = true;
|
|
50
50
|
const flattenedDependencies = flattenAllDependencies(manifest);
|
|
51
|
-
const args = dependencies.map(dependency => {
|
|
51
|
+
const args = dependencies.map((dependency) => {
|
|
52
52
|
const existingVersionRequirement = flattenedDependencies[dependency.name];
|
|
53
53
|
return installArgs(
|
|
54
54
|
dependency.name,
|
|
@@ -58,18 +58,18 @@ async function updateDependencyFiles(directory, lockfileName, dependencies) {
|
|
|
58
58
|
);
|
|
59
59
|
});
|
|
60
60
|
const initialInstaller = new installer.Installer(directory, dryRun, args, {
|
|
61
|
-
packageLockOnly: true
|
|
61
|
+
packageLockOnly: true,
|
|
62
62
|
});
|
|
63
63
|
|
|
64
64
|
// A bug in npm means the initial install will remove any git dependencies
|
|
65
65
|
// from the lockfile. A subsequent install with no arguments fixes this.
|
|
66
66
|
const cleanupInstaller = new installer.Installer(directory, dryRun, [], {
|
|
67
|
-
packageLockOnly: true
|
|
67
|
+
packageLockOnly: true,
|
|
68
68
|
});
|
|
69
69
|
|
|
70
70
|
// Skip printing the success message
|
|
71
|
-
initialInstaller.printInstalled = cb => cb();
|
|
72
|
-
cleanupInstaller.printInstalled = cb => cb();
|
|
71
|
+
initialInstaller.printInstalled = (cb) => cb();
|
|
72
|
+
cleanupInstaller.printInstalled = (cb) => cb();
|
|
73
73
|
|
|
74
74
|
// There are some hard-to-prevent bits of output.
|
|
75
75
|
// This is horrible, but works.
|
|
@@ -119,7 +119,7 @@ function installArgs(
|
|
|
119
119
|
requirements,
|
|
120
120
|
existingVersionRequirement
|
|
121
121
|
) {
|
|
122
|
-
const source = (requirements.find(req => req.source) || {}).source;
|
|
122
|
+
const source = (requirements.find((req) => req.source) || {}).source;
|
|
123
123
|
|
|
124
124
|
if (source && source.type === "git") {
|
|
125
125
|
if (!existingVersionRequirement) {
|
|
@@ -55,11 +55,11 @@ module.exports = (data, updatedDependencyName) => {
|
|
|
55
55
|
.filter(([name]) => packagesToDedupe.includes(name))
|
|
56
56
|
.forEach(([name, packages]) => {
|
|
57
57
|
// Reverse sort, so we'll find the maximum satisfying version first
|
|
58
|
-
const versions = packages.map(p => p.pkg.version).sort(semver.rcompare);
|
|
59
|
-
const ranges = packages.map(p => p.requestedVersion);
|
|
58
|
+
const versions = packages.map((p) => p.pkg.version).sort(semver.rcompare);
|
|
59
|
+
const ranges = packages.map((p) => p.requestedVersion);
|
|
60
60
|
|
|
61
61
|
// Dedup each package to its maxSatisfying version
|
|
62
|
-
packages.forEach(p => {
|
|
62
|
+
packages.forEach((p) => {
|
|
63
63
|
const targetVersion = semver.maxSatisfying(
|
|
64
64
|
versions,
|
|
65
65
|
p.requestedVersion
|
|
@@ -67,7 +67,7 @@ module.exports = (data, updatedDependencyName) => {
|
|
|
67
67
|
if (targetVersion === null) return;
|
|
68
68
|
if (targetVersion !== p.pkg.version) {
|
|
69
69
|
const dedupedPackage = packages.find(
|
|
70
|
-
p => p.pkg.version === targetVersion
|
|
70
|
+
(p) => p.pkg.version === targetVersion
|
|
71
71
|
);
|
|
72
72
|
json[`${name}@${p.requestedVersion}`] = dedupedPackage.pkg;
|
|
73
73
|
}
|
data/helpers/lib/yarn/index.js
CHANGED
|
@@ -7,5 +7,5 @@ module.exports = {
|
|
|
7
7
|
parseLockfile: lockfileParser.parse,
|
|
8
8
|
update: updater.updateDependencyFiles,
|
|
9
9
|
updateSubdependency: subdependencyUpdater.updateDependencyFile,
|
|
10
|
-
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies
|
|
10
|
+
checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
|
|
11
11
|
};
|
|
@@ -12,7 +12,7 @@ const parseLockfile = require("@dependabot/yarn-lib/lib/lockfile/parse")
|
|
|
12
12
|
.default;
|
|
13
13
|
|
|
14
14
|
async function parse(directory) {
|
|
15
|
-
const readFile = fileName =>
|
|
15
|
+
const readFile = (fileName) =>
|
|
16
16
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
17
17
|
const data = readFile("yarn.lock");
|
|
18
18
|
return parseLockfile(data).object;
|
|
@@ -53,11 +53,11 @@ function installArgsWithVersion(depName, desiredVersion, requirements) {
|
|
|
53
53
|
const source =
|
|
54
54
|
"source" in requirements
|
|
55
55
|
? requirements.source
|
|
56
|
-
: (requirements.find(req => req.source) || {}).source;
|
|
56
|
+
: (requirements.find((req) => req.source) || {}).source;
|
|
57
57
|
const req =
|
|
58
58
|
"requirement" in requirements
|
|
59
59
|
? requirements.requirement
|
|
60
|
-
: (requirements.find(req => req.requirement) || {}).requirement;
|
|
60
|
+
: (requirements.find((req) => req.requirement) || {}).requirement;
|
|
61
61
|
|
|
62
62
|
if (source && source.type === "git") {
|
|
63
63
|
if (desiredVersion) {
|
|
@@ -93,7 +93,7 @@ async function checkPeerDepsForReq(
|
|
|
93
93
|
ignoreEngines: true,
|
|
94
94
|
ignorePlatform: true,
|
|
95
95
|
dev: devRequirement(requirement),
|
|
96
|
-
optional: optionalRequirement(requirement)
|
|
96
|
+
optional: optionalRequirement(requirement),
|
|
97
97
|
};
|
|
98
98
|
const reporter = new BufferReporter();
|
|
99
99
|
const config = new Config(reporter);
|
|
@@ -101,7 +101,7 @@ async function checkPeerDepsForReq(
|
|
|
101
101
|
await config.init({
|
|
102
102
|
cwd: path.join(directory, path.dirname(requirement.file)),
|
|
103
103
|
nonInteractive: true,
|
|
104
|
-
enableDefaultRc: true
|
|
104
|
+
enableDefaultRc: true,
|
|
105
105
|
});
|
|
106
106
|
|
|
107
107
|
const lockfile = await Lockfile.fromDirectory(directory, reporter);
|
|
@@ -118,7 +118,7 @@ async function checkPeerDepsForReq(
|
|
|
118
118
|
const eventBuffer = reporter.getBuffer();
|
|
119
119
|
const peerDependencyWarnings = eventBuffer
|
|
120
120
|
.map(({ data }) => data)
|
|
121
|
-
.filter(data => {
|
|
121
|
+
.filter((data) => {
|
|
122
122
|
// Guard against event.data sometimes being an object
|
|
123
123
|
return isString(data) && data.match(/(unmet|incorrect) peer dependency/);
|
|
124
124
|
});
|
|
@@ -39,7 +39,7 @@ module.exports = (
|
|
|
39
39
|
const oldPackageReqs = getRequestedVersions(depName, oldJson);
|
|
40
40
|
const newPackageReqs = getRequestedVersions(depName, newJson);
|
|
41
41
|
|
|
42
|
-
const reqToReplace = newPackageReqs.find(pattern => {
|
|
42
|
+
const reqToReplace = newPackageReqs.find((pattern) => {
|
|
43
43
|
return !oldPackageReqs.includes(pattern);
|
|
44
44
|
});
|
|
45
45
|
|
|
@@ -15,7 +15,7 @@ const stringify = require("@dependabot/yarn-lib/lib/lockfile/stringify")
|
|
|
15
15
|
function recoverVersionComments(oldLockfile, newLockfile) {
|
|
16
16
|
const yarnRegex = /^# yarn v(\S+)\n/gm;
|
|
17
17
|
const nodeRegex = /^# node v(\S+)\n/gm;
|
|
18
|
-
const oldMatch = regex => [].concat(oldLockfile.match(regex))[0];
|
|
18
|
+
const oldMatch = (regex) => [].concat(oldLockfile.match(regex))[0];
|
|
19
19
|
return newLockfile
|
|
20
20
|
.replace(yarnRegex, () => oldMatch(yarnRegex) || "")
|
|
21
21
|
.replace(nodeRegex, () => oldMatch(nodeRegex) || "");
|
|
@@ -24,21 +24,21 @@ function recoverVersionComments(oldLockfile, newLockfile) {
|
|
|
24
24
|
// Installs exact version and returns lockfile entry
|
|
25
25
|
async function getLockfileEntryForUpdate(depName, depVersion) {
|
|
26
26
|
const directory = fs.mkdtempSync(`${os.tmpdir()}${path.sep}`);
|
|
27
|
-
const readFile = fileName =>
|
|
27
|
+
const readFile = (fileName) =>
|
|
28
28
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
29
29
|
|
|
30
30
|
const flags = {
|
|
31
31
|
ignoreScripts: true,
|
|
32
32
|
ignoreWorkspaceRootCheck: true,
|
|
33
33
|
ignoreEngines: true,
|
|
34
|
-
ignorePlatform: true
|
|
34
|
+
ignorePlatform: true,
|
|
35
35
|
};
|
|
36
36
|
const reporter = new EventReporter();
|
|
37
37
|
const config = new Config(reporter);
|
|
38
38
|
await config.init({
|
|
39
39
|
cwd: directory,
|
|
40
40
|
nonInteractive: true,
|
|
41
|
-
enableDefaultRc: true
|
|
41
|
+
enableDefaultRc: true,
|
|
42
42
|
});
|
|
43
43
|
|
|
44
44
|
// Empty lockfile
|
|
@@ -58,21 +58,21 @@ async function updateDependencyFile(
|
|
|
58
58
|
lockfileName,
|
|
59
59
|
updatedDependency
|
|
60
60
|
) {
|
|
61
|
-
const readFile = fileName =>
|
|
61
|
+
const readFile = (fileName) =>
|
|
62
62
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
63
63
|
const originalYarnLock = readFile(lockfileName);
|
|
64
64
|
|
|
65
65
|
const flags = {
|
|
66
66
|
ignoreScripts: true,
|
|
67
67
|
ignoreWorkspaceRootCheck: true,
|
|
68
|
-
ignoreEngines: true
|
|
68
|
+
ignoreEngines: true,
|
|
69
69
|
};
|
|
70
70
|
const reporter = new EventReporter();
|
|
71
71
|
const config = new Config(reporter);
|
|
72
72
|
await config.init({
|
|
73
73
|
cwd: directory,
|
|
74
74
|
nonInteractive: true,
|
|
75
|
-
enableDefaultRc: true
|
|
75
|
+
enableDefaultRc: true,
|
|
76
76
|
});
|
|
77
77
|
config.enableLockfileVersions = Boolean(originalYarnLock.match(/^# yarn v/m));
|
|
78
78
|
const depName = updatedDependency && updatedDependency.name;
|
|
@@ -103,7 +103,7 @@ async function updateDependencyFile(
|
|
|
103
103
|
);
|
|
104
104
|
|
|
105
105
|
return {
|
|
106
|
-
[lockfileName]: updatedYarnLockWithVersion
|
|
106
|
+
[lockfileName]: updatedYarnLockWithVersion,
|
|
107
107
|
};
|
|
108
108
|
}
|
|
109
109
|
|
data/helpers/lib/yarn/updater.js
CHANGED
|
@@ -17,7 +17,7 @@ const path = require("path");
|
|
|
17
17
|
const { Add } = require("@dependabot/yarn-lib/lib/cli/commands/add");
|
|
18
18
|
const { Install } = require("@dependabot/yarn-lib/lib/cli/commands/install");
|
|
19
19
|
const {
|
|
20
|
-
cleanLockfile
|
|
20
|
+
cleanLockfile,
|
|
21
21
|
} = require("@dependabot/yarn-lib/lib/cli/commands/upgrade");
|
|
22
22
|
const Config = require("@dependabot/yarn-lib/lib/config").default;
|
|
23
23
|
const { EventReporter } = require("@dependabot/yarn-lib/lib/reporters");
|
|
@@ -42,10 +42,10 @@ function flattenAllDependencies(manifest) {
|
|
|
42
42
|
function recoverVersionComments(oldLockfile, newLockfile) {
|
|
43
43
|
const yarnRegex = /^# yarn v(\S+)\n/gm;
|
|
44
44
|
const nodeRegex = /^# node v(\S+)\n/gm;
|
|
45
|
-
const oldMatch = regex => [].concat(oldLockfile.match(regex))[0];
|
|
45
|
+
const oldMatch = (regex) => [].concat(oldLockfile.match(regex))[0];
|
|
46
46
|
return newLockfile
|
|
47
|
-
.replace(yarnRegex, match => oldMatch(yarnRegex) || "")
|
|
48
|
-
.replace(nodeRegex, match => oldMatch(nodeRegex) || "");
|
|
47
|
+
.replace(yarnRegex, (match) => oldMatch(yarnRegex) || "")
|
|
48
|
+
.replace(nodeRegex, (match) => oldMatch(nodeRegex) || "");
|
|
49
49
|
}
|
|
50
50
|
|
|
51
51
|
function devRequirement(requirements) {
|
|
@@ -92,7 +92,7 @@ function installArgsWithVersion(
|
|
|
92
92
|
`${depName}@${existingVersionRequirement.replace(
|
|
93
93
|
/#.*/,
|
|
94
94
|
""
|
|
95
|
-
)}#${desiredVersion}
|
|
95
|
+
)}#${desiredVersion}`,
|
|
96
96
|
];
|
|
97
97
|
}
|
|
98
98
|
} else {
|
|
@@ -101,7 +101,7 @@ function installArgsWithVersion(
|
|
|
101
101
|
}
|
|
102
102
|
|
|
103
103
|
async function updateDependencyFiles(directory, dependencies) {
|
|
104
|
-
const readFile = fileName =>
|
|
104
|
+
const readFile = (fileName) =>
|
|
105
105
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
106
106
|
let updateRunResults = { "yarn.lock": readFile("yarn.lock") };
|
|
107
107
|
|
|
@@ -123,7 +123,7 @@ async function updateDependencyFile(
|
|
|
123
123
|
desiredVersion,
|
|
124
124
|
requirements
|
|
125
125
|
) {
|
|
126
|
-
const readFile = fileName =>
|
|
126
|
+
const readFile = (fileName) =>
|
|
127
127
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
|
128
128
|
const originalYarnLock = readFile("yarn.lock");
|
|
129
129
|
const originalPackageJson = readFile(requirements.file);
|
|
@@ -134,14 +134,14 @@ async function updateDependencyFile(
|
|
|
134
134
|
ignoreEngines: true,
|
|
135
135
|
ignorePlatform: true,
|
|
136
136
|
dev: devRequirement(requirements),
|
|
137
|
-
optional: optionalRequirement(requirements)
|
|
137
|
+
optional: optionalRequirement(requirements),
|
|
138
138
|
};
|
|
139
139
|
const reporter = new EventReporter();
|
|
140
140
|
const config = new Config(reporter);
|
|
141
141
|
await config.init({
|
|
142
142
|
cwd: path.join(directory, path.dirname(requirements.file)),
|
|
143
143
|
nonInteractive: true,
|
|
144
|
-
enableDefaultRc: true
|
|
144
|
+
enableDefaultRc: true,
|
|
145
145
|
});
|
|
146
146
|
config.enableLockfileVersions = Boolean(originalYarnLock.match(/^# yarn v/m));
|
|
147
147
|
|
|
@@ -198,7 +198,7 @@ async function updateDependencyFile(
|
|
|
198
198
|
updatedYarnLock = recoverVersionComments(originalYarnLock, updatedYarnLock);
|
|
199
199
|
|
|
200
200
|
return {
|
|
201
|
-
"yarn.lock": updatedYarnLock
|
|
201
|
+
"yarn.lock": updatedYarnLock,
|
|
202
202
|
};
|
|
203
203
|
}
|
|
204
204
|
|
data/helpers/package.json
CHANGED
|
@@ -11,14 +11,14 @@
|
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
13
|
"detect-indent": "^6.0.0",
|
|
14
|
-
"npm": "6.14.
|
|
14
|
+
"npm": "6.14.3",
|
|
15
15
|
"semver": "^7.1.3"
|
|
16
16
|
},
|
|
17
17
|
"devDependencies": {
|
|
18
18
|
"eslint": "^6.8.0",
|
|
19
19
|
"eslint-plugin-prettier": "^3.1.2",
|
|
20
20
|
"jest": "^25.1.0",
|
|
21
|
-
"prettier": "^
|
|
21
|
+
"prettier": "^2.0.2",
|
|
22
22
|
"rimraf": "^3.0.2"
|
|
23
23
|
}
|
|
24
24
|
}
|
data/helpers/run.js
CHANGED
|
@@ -5,7 +5,7 @@ function output(obj) {
|
|
|
5
5
|
}
|
|
6
6
|
|
|
7
7
|
const input = [];
|
|
8
|
-
process.stdin.on("data", data => input.push(data));
|
|
8
|
+
process.stdin.on("data", (data) => input.push(data));
|
|
9
9
|
process.stdin.on("end", () => {
|
|
10
10
|
const request = JSON.parse(input.join(""));
|
|
11
11
|
const [manager, functionName] = request.function.split(":");
|
|
@@ -19,10 +19,10 @@ process.stdin.on("end", () => {
|
|
|
19
19
|
try {
|
|
20
20
|
func
|
|
21
21
|
.apply(null, request.args)
|
|
22
|
-
.then(result => {
|
|
22
|
+
.then((result) => {
|
|
23
23
|
output({ result: result });
|
|
24
24
|
})
|
|
25
|
-
.catch(error => {
|
|
25
|
+
.catch((error) => {
|
|
26
26
|
output({ error: error.message });
|
|
27
27
|
process.exit(1);
|
|
28
28
|
});
|
data/helpers/test/npm/helpers.js
CHANGED
|
@@ -2,6 +2,6 @@ const path = require("path");
|
|
|
2
2
|
const fs = require("fs");
|
|
3
3
|
|
|
4
4
|
module.exports = {
|
|
5
|
-
loadFixture: fixturePath =>
|
|
6
|
-
fs.readFileSync(path.join(__dirname, "fixtures", fixturePath)).toString()
|
|
5
|
+
loadFixture: (fixturePath) =>
|
|
6
|
+
fs.readFileSync(path.join(__dirname, "fixtures", fixturePath)).toString(),
|
|
7
7
|
};
|
|
@@ -33,13 +33,13 @@ describe("updater", () => {
|
|
|
33
33
|
{
|
|
34
34
|
name: "left-pad",
|
|
35
35
|
version: "1.1.3",
|
|
36
|
-
requirements: [{ file: "package.json", groups: ["dependencies"] }]
|
|
37
|
-
}
|
|
36
|
+
requirements: [{ file: "package.json", groups: ["dependencies"] }],
|
|
37
|
+
},
|
|
38
38
|
]);
|
|
39
39
|
expect(result).toEqual({
|
|
40
40
|
"package-lock.json": helpers.loadFixture(
|
|
41
41
|
"updater/updated/package-lock.json"
|
|
42
|
-
)
|
|
42
|
+
),
|
|
43
43
|
});
|
|
44
44
|
});
|
|
45
45
|
});
|
|
@@ -2,6 +2,6 @@ const path = require("path");
|
|
|
2
2
|
const fs = require("fs");
|
|
3
3
|
|
|
4
4
|
module.exports = {
|
|
5
|
-
loadFixture: fixturePath =>
|
|
6
|
-
fs.readFileSync(path.join(__dirname, "fixtures", fixturePath)).toString()
|
|
5
|
+
loadFixture: (fixturePath) =>
|
|
6
|
+
fs.readFileSync(path.join(__dirname, "fixtures", fixturePath)).toString(),
|
|
7
7
|
};
|
|
@@ -33,11 +33,11 @@ describe("updater", () => {
|
|
|
33
33
|
{
|
|
34
34
|
name: "left-pad",
|
|
35
35
|
version: "1.1.3",
|
|
36
|
-
requirements: [{ file: "package.json", groups: ["dependencies"] }]
|
|
37
|
-
}
|
|
36
|
+
requirements: [{ file: "package.json", groups: ["dependencies"] }],
|
|
37
|
+
},
|
|
38
38
|
]);
|
|
39
39
|
expect(result).toEqual({
|
|
40
|
-
"yarn.lock": helpers.loadFixture("updater/updated/yarn.lock")
|
|
40
|
+
"yarn.lock": helpers.loadFixture("updater/updated/yarn.lock"),
|
|
41
41
|
});
|
|
42
42
|
});
|
|
43
43
|
|
|
@@ -48,8 +48,8 @@ describe("updater", () => {
|
|
|
48
48
|
{
|
|
49
49
|
name: "left-pad",
|
|
50
50
|
version: "1.1.3",
|
|
51
|
-
requirements: [{ file: "package.json", groups: ["dependencies"] }]
|
|
52
|
-
}
|
|
51
|
+
requirements: [{ file: "package.json", groups: ["dependencies"] }],
|
|
52
|
+
},
|
|
53
53
|
]);
|
|
54
54
|
expect(result["yarn.lock"]).toContain("\n# yarn v0.0.0-0\n");
|
|
55
55
|
expect(result["yarn.lock"]).toContain("\n# node v0.0.0\n");
|
|
@@ -62,8 +62,8 @@ describe("updater", () => {
|
|
|
62
62
|
{
|
|
63
63
|
name: "left-pad",
|
|
64
64
|
version: "1.1.3",
|
|
65
|
-
requirements: [{ file: "package.json", groups: ["dependencies"] }]
|
|
66
|
-
}
|
|
65
|
+
requirements: [{ file: "package.json", groups: ["dependencies"] }],
|
|
66
|
+
},
|
|
67
67
|
]);
|
|
68
68
|
expect(result["yarn.lock"]).not.toContain("\n# yarn v");
|
|
69
69
|
expect(result["yarn.lock"]).not.toContain("\n# node");
|
|
@@ -79,8 +79,8 @@ describe("updater", () => {
|
|
|
79
79
|
{
|
|
80
80
|
name: "left-pad",
|
|
81
81
|
version: "99.99.99",
|
|
82
|
-
requirements: [{ file: "package.json", groups: ["dependencies"] }]
|
|
83
|
-
}
|
|
82
|
+
requirements: [{ file: "package.json", groups: ["dependencies"] }],
|
|
83
|
+
},
|
|
84
84
|
]);
|
|
85
85
|
} catch (error) {
|
|
86
86
|
expect(error).not.toBeNull();
|
data/helpers/yarn.lock
CHANGED
|
@@ -628,9 +628,9 @@ acorn-walk@^6.0.1:
|
|
|
628
628
|
integrity sha512-7evsyfH1cLOCdAzZAd43Cic04yKydNx0cF+7tiA19p1XnLLPU4dpCQOqpjqwokFe//vS0QqfqqjCS2JkiIs0cA==
|
|
629
629
|
|
|
630
630
|
acorn@^6.0.1:
|
|
631
|
-
version "6.
|
|
632
|
-
resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.
|
|
633
|
-
integrity sha512
|
|
631
|
+
version "6.4.1"
|
|
632
|
+
resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.1.tgz#531e58ba3f51b9dacb9a6646ca4debf5b14ca474"
|
|
633
|
+
integrity sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA==
|
|
634
634
|
|
|
635
635
|
acorn@^7.1.0:
|
|
636
636
|
version "7.1.0"
|
|
@@ -4200,16 +4200,16 @@ mimic-fn@^2.1.0:
|
|
|
4200
4200
|
dependencies:
|
|
4201
4201
|
brace-expansion "^1.1.7"
|
|
4202
4202
|
|
|
4203
|
-
minimist@0.0.8:
|
|
4204
|
-
version "0.0.8"
|
|
4205
|
-
resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
|
|
4206
|
-
integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=
|
|
4207
|
-
|
|
4208
4203
|
minimist@^1.1.1, minimist@^1.2.0:
|
|
4209
4204
|
version "1.2.0"
|
|
4210
4205
|
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
|
|
4211
4206
|
integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
|
|
4212
4207
|
|
|
4208
|
+
minimist@^1.2.5:
|
|
4209
|
+
version "1.2.5"
|
|
4210
|
+
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
|
|
4211
|
+
integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
|
|
4212
|
+
|
|
4213
4213
|
minipass@^2.2.1, minipass@^2.3.5:
|
|
4214
4214
|
version "2.3.5"
|
|
4215
4215
|
resolved "https://registry.yarnpkg.com/minipass/-/minipass-2.3.5.tgz#cacebe492022497f656b0f0f51e2682a9ed2d848"
|
|
@@ -4264,12 +4264,12 @@ mkdirp-promise@^5.0.1:
|
|
|
4264
4264
|
dependencies:
|
|
4265
4265
|
mkdirp "*"
|
|
4266
4266
|
|
|
4267
|
-
mkdirp@*, mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp
|
|
4268
|
-
version "0.5.
|
|
4269
|
-
resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.
|
|
4270
|
-
integrity
|
|
4267
|
+
mkdirp@*, mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.3, mkdirp@~0.5.0:
|
|
4268
|
+
version "0.5.3"
|
|
4269
|
+
resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.3.tgz#5a514b7179259287952881e94410ec5465659f8c"
|
|
4270
|
+
integrity sha512-P+2gwrFqx8lhew375MQHHeTlY8AuOJSrGf0R5ddkEndUkmwpgUob/vQuBD1V22/Cw1/lJr4x+EjllSezBThzBg==
|
|
4271
4271
|
dependencies:
|
|
4272
|
-
minimist "
|
|
4272
|
+
minimist "^1.2.5"
|
|
4273
4273
|
|
|
4274
4274
|
move-concurrently@^1.0.1:
|
|
4275
4275
|
version "1.0.1"
|
|
@@ -4545,10 +4545,10 @@ npm-user-validate@~1.0.0:
|
|
|
4545
4545
|
resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.0.tgz#8ceca0f5cea04d4e93519ef72d0557a75122e951"
|
|
4546
4546
|
integrity sha1-jOyg9c6gTU6TUZ73LQVXp1Ei6VE=
|
|
4547
4547
|
|
|
4548
|
-
npm@6.14.
|
|
4549
|
-
version "6.14.
|
|
4550
|
-
resolved "https://registry.yarnpkg.com/npm/-/npm-6.14.
|
|
4551
|
-
integrity sha512-
|
|
4548
|
+
npm@6.14.3:
|
|
4549
|
+
version "6.14.3"
|
|
4550
|
+
resolved "https://registry.yarnpkg.com/npm/-/npm-6.14.3.tgz#a122618543c6670765cf5e827cd996b5552f9b65"
|
|
4551
|
+
integrity sha512-3tQYVEEdSGQGYoXhZvNqW8faqCidfMMaL387RdDo4Uu5kQy4IgvJ13NIsWVMQ6e3QWlbicNMSpFiyzYfMUuPDw==
|
|
4552
4552
|
dependencies:
|
|
4553
4553
|
JSONStream "^1.3.5"
|
|
4554
4554
|
abbrev "~1.1.1"
|
|
@@ -4616,7 +4616,7 @@ npm@6.14.2:
|
|
|
4616
4616
|
lru-cache "^5.1.1"
|
|
4617
4617
|
meant "~1.0.1"
|
|
4618
4618
|
mississippi "^3.0.0"
|
|
4619
|
-
mkdirp "
|
|
4619
|
+
mkdirp "^0.5.3"
|
|
4620
4620
|
move-concurrently "^1.0.1"
|
|
4621
4621
|
node-gyp "^5.1.0"
|
|
4622
4622
|
nopt "~4.0.1"
|
|
@@ -4650,7 +4650,7 @@ npm@6.14.2:
|
|
|
4650
4650
|
readdir-scoped-modules "^1.1.0"
|
|
4651
4651
|
request "^2.88.0"
|
|
4652
4652
|
retry "^0.12.0"
|
|
4653
|
-
rimraf "^2.
|
|
4653
|
+
rimraf "^2.7.1"
|
|
4654
4654
|
safe-buffer "^5.1.2"
|
|
4655
4655
|
semver "^5.7.1"
|
|
4656
4656
|
sha "^3.0.0"
|
|
@@ -5087,10 +5087,10 @@ prettier-linter-helpers@^1.0.0:
|
|
|
5087
5087
|
dependencies:
|
|
5088
5088
|
fast-diff "^1.1.2"
|
|
5089
5089
|
|
|
5090
|
-
prettier@^
|
|
5091
|
-
version "
|
|
5092
|
-
resolved "https://registry.yarnpkg.com/prettier/-/prettier-
|
|
5093
|
-
integrity sha512-
|
|
5090
|
+
prettier@^2.0.2:
|
|
5091
|
+
version "2.0.2"
|
|
5092
|
+
resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.0.2.tgz#1ba8f3eb92231e769b7fcd7cb73ae1b6b74ade08"
|
|
5093
|
+
integrity sha512-5xJQIPT8BraI7ZnaDwSbu5zLrB6vvi8hVV58yHQ+QK64qrY40dULy0HSRlQ2/2IdzeBpjhDkqdcFBnFeDEMVdg==
|
|
5094
5094
|
|
|
5095
5095
|
pretty-format@^25.1.0:
|
|
5096
5096
|
version "25.1.0"
|
|
@@ -5567,7 +5567,7 @@ rimraf@2.6.3:
|
|
|
5567
5567
|
dependencies:
|
|
5568
5568
|
glob "^7.1.3"
|
|
5569
5569
|
|
|
5570
|
-
rimraf@^2.5.0, rimraf@^2.5.2, rimraf@^2.5.4, rimraf@^2.6.2, rimraf@^2.6.3:
|
|
5570
|
+
rimraf@^2.5.0, rimraf@^2.5.2, rimraf@^2.5.4, rimraf@^2.6.2, rimraf@^2.6.3, rimraf@^2.7.1:
|
|
5571
5571
|
version "2.7.1"
|
|
5572
5572
|
resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.7.1.tgz#35797f13a7fdadc566142c29d4f07ccad483e3ec"
|
|
5573
5573
|
integrity sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-03-
|
|
11
|
+
date: 2020-03-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|