dependabot-npm_and_yarn 0.125.4 → 0.125.5
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 74b4f8a2fdcbfb3b33dc587ee7fff5488bb2328e5d5cb59327520ce52a19e6f0
|
|
4
|
+
data.tar.gz: f8e09730aec68b7ff4745d58c6873539de25686cac0c10dc41ecff434e1a2435
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8338c4eae0027af367594c67c79befb5603a2c9534adffb0f6bc501e264c40e453643aa423d1cf18d8e7e87c3d9b99b384cbbc494d0548e5f05bc3dd904feb04
|
|
7
|
+
data.tar.gz: 542f15a0de016dd10b58c128e47f997b76a32cbc411945f6db40e3f5544760c2c683b83104ef5fbe194b5c3008e729bcafc9b6a3b0e47a329adab1bb1d59c49e
|
data/helpers/package.json
CHANGED
|
@@ -10,13 +10,13 @@
|
|
|
10
10
|
},
|
|
11
11
|
"dependencies": {
|
|
12
12
|
"@dependabot/yarn-lib": "^1.21.1",
|
|
13
|
-
"@npmcli/arborist": "^1.0.
|
|
13
|
+
"@npmcli/arborist": "^1.0.12",
|
|
14
14
|
"detect-indent": "^6.0.0",
|
|
15
|
-
"npm": "6.14.
|
|
15
|
+
"npm": "6.14.9",
|
|
16
16
|
"semver": "^7.3.2"
|
|
17
17
|
},
|
|
18
18
|
"devDependencies": {
|
|
19
|
-
"eslint": "^7.
|
|
19
|
+
"eslint": "^7.14.0",
|
|
20
20
|
"eslint-plugin-prettier": "^3.1.4",
|
|
21
21
|
"jest": "^26.6.2",
|
|
22
22
|
"prettier": "^2.1.2",
|
data/helpers/yarn.lock
CHANGED
|
@@ -543,10 +543,10 @@
|
|
|
543
543
|
"@types/yargs" "^15.0.0"
|
|
544
544
|
chalk "^4.0.0"
|
|
545
545
|
|
|
546
|
-
"@npmcli/arborist@^1.0.
|
|
547
|
-
version "1.0.
|
|
548
|
-
resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-1.0.
|
|
549
|
-
integrity sha512-
|
|
546
|
+
"@npmcli/arborist@^1.0.12":
|
|
547
|
+
version "1.0.12"
|
|
548
|
+
resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-1.0.12.tgz#b8b5e6cbf8b65740a1f53e929f53df521f26017a"
|
|
549
|
+
integrity sha512-w/Wmy5qBphI1QiuPt7ff3+SL1/PzVkEjuBQj3zAhNxvsXyQMHtK4YKyFm1cUbO9tcEOKhN0RfHuax0LCmDlMzQ==
|
|
550
550
|
dependencies:
|
|
551
551
|
"@npmcli/installed-package-contents" "^1.0.5"
|
|
552
552
|
"@npmcli/map-workspaces" "^1.0.1"
|
|
@@ -554,7 +554,7 @@
|
|
|
554
554
|
"@npmcli/move-file" "^1.0.1"
|
|
555
555
|
"@npmcli/name-from-folder" "^1.0.1"
|
|
556
556
|
"@npmcli/node-gyp" "^1.0.0"
|
|
557
|
-
"@npmcli/run-script" "^1.
|
|
557
|
+
"@npmcli/run-script" "^1.8.0"
|
|
558
558
|
bin-links "^2.2.1"
|
|
559
559
|
cacache "^15.0.3"
|
|
560
560
|
common-ancestor-path "^1.0.1"
|
|
@@ -647,15 +647,16 @@
|
|
|
647
647
|
dependencies:
|
|
648
648
|
infer-owner "^1.0.4"
|
|
649
649
|
|
|
650
|
-
"@npmcli/run-script@^1.3.0", "@npmcli/run-script@^1.
|
|
651
|
-
version "1.
|
|
652
|
-
resolved "https://registry.yarnpkg.com/@npmcli/run-script/-/run-script-1.
|
|
653
|
-
integrity sha512-
|
|
650
|
+
"@npmcli/run-script@^1.3.0", "@npmcli/run-script@^1.8.0":
|
|
651
|
+
version "1.8.0"
|
|
652
|
+
resolved "https://registry.yarnpkg.com/@npmcli/run-script/-/run-script-1.8.0.tgz#5cebd6373a4b051e5bf8473eb70c327fa48ebfe5"
|
|
653
|
+
integrity sha512-ljPLRbQM5byhqacWl9kIjt/yPMee0heaTskaMBFaFvYzOXNJ64h27xV96Sr+LnjJpqR0qJejG36QzJkXILvghQ==
|
|
654
654
|
dependencies:
|
|
655
655
|
"@npmcli/node-gyp" "^1.0.0"
|
|
656
656
|
"@npmcli/promise-spawn" "^1.3.0"
|
|
657
657
|
infer-owner "^1.0.4"
|
|
658
658
|
node-gyp "^7.1.0"
|
|
659
|
+
puka "^1.0.1"
|
|
659
660
|
read-package-json-fast "^1.1.3"
|
|
660
661
|
|
|
661
662
|
"@sinonjs/commons@^1.7.0":
|
|
@@ -1890,7 +1891,7 @@ debug@^3.0.0, debug@^3.1.0:
|
|
|
1890
1891
|
dependencies:
|
|
1891
1892
|
ms "^2.1.1"
|
|
1892
1893
|
|
|
1893
|
-
debuglog@^1.0.1:
|
|
1894
|
+
debuglog@*, debuglog@^1.0.1:
|
|
1894
1895
|
version "1.0.1"
|
|
1895
1896
|
resolved "https://registry.npmjs.org/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
|
|
1896
1897
|
integrity sha1-qiT/uaw9+aI1GDfPstJ5NgzXhJI=
|
|
@@ -2258,10 +2259,10 @@ eslint-visitor-keys@^2.0.0:
|
|
|
2258
2259
|
resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-2.0.0.tgz#21fdc8fbcd9c795cc0321f0563702095751511a8"
|
|
2259
2260
|
integrity sha512-QudtT6av5WXels9WjIM7qz1XD1cWGvX4gGXvp/zBn9nXG02D0utdU3Em2m/QjTnrsk6bBjmCygl3rmj118msQQ==
|
|
2260
2261
|
|
|
2261
|
-
eslint@^7.
|
|
2262
|
-
version "7.
|
|
2263
|
-
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.
|
|
2264
|
-
integrity sha512-
|
|
2262
|
+
eslint@^7.14.0:
|
|
2263
|
+
version "7.14.0"
|
|
2264
|
+
resolved "https://registry.yarnpkg.com/eslint/-/eslint-7.14.0.tgz#2d2cac1d28174c510a97b377f122a5507958e344"
|
|
2265
|
+
integrity sha512-5YubdnPXrlrYAFCKybPuHIAH++PINe1pmKNc5wQRB9HSbqIK1ywAnntE3Wwua4giKu0bjligf1gLF6qxMGOYRA==
|
|
2265
2266
|
dependencies:
|
|
2266
2267
|
"@babel/code-frame" "^7.0.0"
|
|
2267
2268
|
"@eslint/eslintrc" "^0.2.1"
|
|
@@ -3170,7 +3171,7 @@ imports-loader@^0.8.0:
|
|
|
3170
3171
|
loader-utils "^1.0.2"
|
|
3171
3172
|
source-map "^0.6.1"
|
|
3172
3173
|
|
|
3173
|
-
imurmurhash@^0.1.4:
|
|
3174
|
+
imurmurhash@*, imurmurhash@^0.1.4:
|
|
3174
3175
|
version "0.1.4"
|
|
3175
3176
|
resolved "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"
|
|
3176
3177
|
integrity sha1-khi5srkoojixPcT7a21XbyMUU+o=
|
|
@@ -4437,6 +4438,11 @@ lockfile@^1.0.4:
|
|
|
4437
4438
|
dependencies:
|
|
4438
4439
|
signal-exit "^3.0.2"
|
|
4439
4440
|
|
|
4441
|
+
lodash._baseindexof@*:
|
|
4442
|
+
version "3.1.0"
|
|
4443
|
+
resolved "https://registry.yarnpkg.com/lodash._baseindexof/-/lodash._baseindexof-3.1.0.tgz#fe52b53a1c6761e42618d654e4a25789ed61822c"
|
|
4444
|
+
integrity sha1-/lK1OhxnYeQmGNZU5KJXie1hgiw=
|
|
4445
|
+
|
|
4440
4446
|
lodash._baseuniq@~4.6.0:
|
|
4441
4447
|
version "4.6.0"
|
|
4442
4448
|
resolved "https://registry.npmjs.org/lodash._baseuniq/-/lodash._baseuniq-4.6.0.tgz#0ebb44e456814af7905c6212fa2c9b2d51b841e8"
|
|
@@ -4445,11 +4451,33 @@ lodash._baseuniq@~4.6.0:
|
|
|
4445
4451
|
lodash._createset "~4.0.0"
|
|
4446
4452
|
lodash._root "~3.0.0"
|
|
4447
4453
|
|
|
4454
|
+
lodash._bindcallback@*:
|
|
4455
|
+
version "3.0.1"
|
|
4456
|
+
resolved "https://registry.yarnpkg.com/lodash._bindcallback/-/lodash._bindcallback-3.0.1.tgz#e531c27644cf8b57a99e17ed95b35c748789392e"
|
|
4457
|
+
integrity sha1-5THCdkTPi1epnhftlbNcdIeJOS4=
|
|
4458
|
+
|
|
4459
|
+
lodash._cacheindexof@*:
|
|
4460
|
+
version "3.0.2"
|
|
4461
|
+
resolved "https://registry.yarnpkg.com/lodash._cacheindexof/-/lodash._cacheindexof-3.0.2.tgz#3dc69ac82498d2ee5e3ce56091bafd2adc7bde92"
|
|
4462
|
+
integrity sha1-PcaayCSY0u5ePOVgkbr9Ktx73pI=
|
|
4463
|
+
|
|
4464
|
+
lodash._createcache@*:
|
|
4465
|
+
version "3.1.2"
|
|
4466
|
+
resolved "https://registry.yarnpkg.com/lodash._createcache/-/lodash._createcache-3.1.2.tgz#56d6a064017625e79ebca6b8018e17440bdcf093"
|
|
4467
|
+
integrity sha1-VtagZAF2JeeevKa4AY4XRAvc8JM=
|
|
4468
|
+
dependencies:
|
|
4469
|
+
lodash._getnative "^3.0.0"
|
|
4470
|
+
|
|
4448
4471
|
lodash._createset@~4.0.0:
|
|
4449
4472
|
version "4.0.3"
|
|
4450
4473
|
resolved "https://registry.npmjs.org/lodash._createset/-/lodash._createset-4.0.3.tgz#0f4659fbb09d75194fa9e2b88a6644d363c9fe26"
|
|
4451
4474
|
integrity sha1-D0ZZ+7CddRlPqeK4imZE02PJ/iY=
|
|
4452
4475
|
|
|
4476
|
+
lodash._getnative@*, lodash._getnative@^3.0.0:
|
|
4477
|
+
version "3.9.1"
|
|
4478
|
+
resolved "https://registry.yarnpkg.com/lodash._getnative/-/lodash._getnative-3.9.1.tgz#570bc7dede46d61cdcde687d65d3eecbaa3aaff5"
|
|
4479
|
+
integrity sha1-VwvH3t5G1hzc3mh9ZdPuy6o6r/U=
|
|
4480
|
+
|
|
4453
4481
|
lodash._root@~3.0.0:
|
|
4454
4482
|
version "3.0.1"
|
|
4455
4483
|
resolved "https://registry.npmjs.org/lodash._root/-/lodash._root-3.0.1.tgz#fba1c4524c19ee9a5f8136b4609f017cf4ded692"
|
|
@@ -4465,6 +4493,11 @@ lodash.clonedeep@^4.5.0, lodash.clonedeep@~4.5.0:
|
|
|
4465
4493
|
resolved "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
|
|
4466
4494
|
integrity sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8=
|
|
4467
4495
|
|
|
4496
|
+
lodash.restparam@*:
|
|
4497
|
+
version "3.6.1"
|
|
4498
|
+
resolved "https://registry.yarnpkg.com/lodash.restparam/-/lodash.restparam-3.6.1.tgz#936a4e309ef330a7645ed4145986c85ae5b20805"
|
|
4499
|
+
integrity sha1-k2pOMJ7zMKdkXtQUWYbIWuWyCAU=
|
|
4500
|
+
|
|
4468
4501
|
lodash.sortby@^4.7.0:
|
|
4469
4502
|
version "4.7.0"
|
|
4470
4503
|
resolved "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
|
|
@@ -5188,15 +5221,15 @@ npm-run-path@^4.0.0:
|
|
|
5188
5221
|
dependencies:
|
|
5189
5222
|
path-key "^3.0.0"
|
|
5190
5223
|
|
|
5191
|
-
npm-user-validate
|
|
5224
|
+
npm-user-validate@^1.0.1:
|
|
5192
5225
|
version "1.0.1"
|
|
5193
5226
|
resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.1.tgz#31428fc5475fe8416023f178c0ab47935ad8c561"
|
|
5194
5227
|
integrity sha512-uQwcd/tY+h1jnEaze6cdX/LrhWhoBxfSknxentoqmIuStxUExxjWd3ULMLFPiFUrZKbOVMowH6Jq2FRWfmhcEw==
|
|
5195
5228
|
|
|
5196
|
-
npm@6.14.
|
|
5197
|
-
version "6.14.
|
|
5198
|
-
resolved "https://registry.
|
|
5199
|
-
integrity sha512-
|
|
5229
|
+
npm@6.14.9:
|
|
5230
|
+
version "6.14.9"
|
|
5231
|
+
resolved "https://registry.yarnpkg.com/npm/-/npm-6.14.9.tgz#d2b4237562bfd95689249e2c2874700ed952ed82"
|
|
5232
|
+
integrity sha512-yHi1+i9LyAZF1gAmgyYtVk+HdABlLy94PMIDoK1TRKWvmFQAt5z3bodqVwKvzY0s6dLqQPVsRLiwhJfNtiHeCg==
|
|
5200
5233
|
dependencies:
|
|
5201
5234
|
JSONStream "^1.3.5"
|
|
5202
5235
|
abbrev "~1.1.1"
|
|
@@ -5216,6 +5249,7 @@ npm@6.14.8:
|
|
|
5216
5249
|
cmd-shim "^3.0.3"
|
|
5217
5250
|
columnify "~1.5.4"
|
|
5218
5251
|
config-chain "^1.1.12"
|
|
5252
|
+
debuglog "*"
|
|
5219
5253
|
detect-indent "~5.0.0"
|
|
5220
5254
|
detect-newline "^2.1.0"
|
|
5221
5255
|
dezalgo "~1.0.3"
|
|
@@ -5230,6 +5264,7 @@ npm@6.14.8:
|
|
|
5230
5264
|
has-unicode "~2.0.1"
|
|
5231
5265
|
hosted-git-info "^2.8.8"
|
|
5232
5266
|
iferr "^1.0.2"
|
|
5267
|
+
imurmurhash "*"
|
|
5233
5268
|
infer-owner "^1.0.4"
|
|
5234
5269
|
inflight "~1.0.6"
|
|
5235
5270
|
inherits "^2.0.4"
|
|
@@ -5248,8 +5283,14 @@ npm@6.14.8:
|
|
|
5248
5283
|
libnpx "^10.2.4"
|
|
5249
5284
|
lock-verify "^2.1.0"
|
|
5250
5285
|
lockfile "^1.0.4"
|
|
5286
|
+
lodash._baseindexof "*"
|
|
5251
5287
|
lodash._baseuniq "~4.6.0"
|
|
5288
|
+
lodash._bindcallback "*"
|
|
5289
|
+
lodash._cacheindexof "*"
|
|
5290
|
+
lodash._createcache "*"
|
|
5291
|
+
lodash._getnative "*"
|
|
5252
5292
|
lodash.clonedeep "~4.5.0"
|
|
5293
|
+
lodash.restparam "*"
|
|
5253
5294
|
lodash.union "~4.6.0"
|
|
5254
5295
|
lodash.uniq "~4.5.0"
|
|
5255
5296
|
lodash.without "~4.4.0"
|
|
@@ -5270,7 +5311,7 @@ npm@6.14.8:
|
|
|
5270
5311
|
npm-pick-manifest "^3.0.2"
|
|
5271
5312
|
npm-profile "^4.0.4"
|
|
5272
5313
|
npm-registry-fetch "^4.0.7"
|
|
5273
|
-
npm-user-validate "
|
|
5314
|
+
npm-user-validate "^1.0.1"
|
|
5274
5315
|
npmlog "~4.1.2"
|
|
5275
5316
|
once "~1.4.0"
|
|
5276
5317
|
opener "^1.5.1"
|
|
@@ -5925,7 +5966,7 @@ psl@^1.1.28:
|
|
|
5925
5966
|
resolved "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz#9326f8bcfb013adcc005fdff056acce020e51c24"
|
|
5926
5967
|
integrity sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==
|
|
5927
5968
|
|
|
5928
|
-
puka@^1.0.0:
|
|
5969
|
+
puka@^1.0.0, puka@^1.0.1:
|
|
5929
5970
|
version "1.0.1"
|
|
5930
5971
|
resolved "https://registry.npmjs.org/puka/-/puka-1.0.1.tgz#a2df782b7eb4cf9564e4c93a5da422de0dfacc02"
|
|
5931
5972
|
integrity sha512-ssjRZxBd7BT3dte1RR3VoeT2cT/ODH8x+h0rUF1rMqB0srHYf48stSDWfiYakTp5UBZMxroZhB2+ExLDHm7W3g==
|
|
@@ -36,16 +36,22 @@ module Dependabot
|
|
|
36
36
|
)
|
|
37
37
|
dependency_files_builder.write_temporary_dependency_files
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
# TODO: Look into using npm/arborist for parsing yarn lockfiles (there's currently partial yarn support)
|
|
40
|
+
#
|
|
41
|
+
# Prefer the npm conflicting dependency parser if there's both a npm lockfile and a yarn.lock file as the
|
|
42
|
+
# npm parser handles edge cases where the package.json is out of sync with the lockfile, something the yarn
|
|
43
|
+
# parser doesn't deal with at the moment.
|
|
44
|
+
if dependency_files_builder.package_locks.any? ||
|
|
45
|
+
dependency_files_builder.shrinkwraps.any?
|
|
40
46
|
SharedHelpers.run_helper_subprocess(
|
|
41
47
|
command: NativeHelpers.helper_path,
|
|
42
|
-
function: "
|
|
48
|
+
function: "npm:findConflictingDependencies",
|
|
43
49
|
args: [Dir.pwd, dependency.name, target_version.to_s]
|
|
44
50
|
)
|
|
45
51
|
else
|
|
46
52
|
SharedHelpers.run_helper_subprocess(
|
|
47
53
|
command: NativeHelpers.helper_path,
|
|
48
|
-
function: "
|
|
54
|
+
function: "yarn:findConflictingDependencies",
|
|
49
55
|
args: [Dir.pwd, dependency.name, target_version.to_s]
|
|
50
56
|
)
|
|
51
57
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.125.
|
|
4
|
+
version: 0.125.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.125.
|
|
19
|
+
version: 0.125.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.125.
|
|
26
|
+
version: 0.125.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|