dependabot-npm_and_yarn 0.129.5 → 0.130.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eb30778bc25e75281a74702e3e78fb05f3b13dd3c33bc20ea592f9808e058005
-  data.tar.gz: 66b25251777085081a292400aefa6868a8f106ef573214f57d21f97abb66da45
+  metadata.gz: 868aa266ae8253249dc3cbd04e818abf9d35920c208d950bd75e820e4f7a547f
+  data.tar.gz: b5969cbacc732eea97073c433ea5e4e17030e1841e61397945a2dadd72b5b2ab
 SHA512:
-  metadata.gz: b2099397abe358eae90ea8b8d729bc4e064c040b88ece07910f0c437f60a60038b0c7b92d261e0c8b1a81a0da9cef083a62bdd047324e0fef6876775a4f4b416
-  data.tar.gz: 95f4257f1b44bf9d7b85a3481c85947cc26c5ec3a7e5eb9faaaaf2d4e9eb34164ce88b5bebe913df36853d47299249030a63e9a23c0c73e264a6f375c5f55357
+  metadata.gz: 55395ff8544ef418bf1c30dfad27089859ece04b0641b86e3386514e48dab3497b309c143adf6777c300348e0248d8cbbe2bfd124377edebf235a90cb75aec31
+  data.tar.gz: 3f623a88d5c4d8e97efae41052177f1242b825539bb99e81a8a2aa0cfb785716640cce6381e3182cc16240112be98c62364f2d7bebe1329e809c81b748913665

data/helpers/lib/{npm → npm6}/peer-dependency-checker.js

@@ -10,8 +10,8 @@
  *  - successful completion, or an error if there are peer dependency warnings
  */
 
-const npm = require("npm");
-const installer = require("npm/lib/install");
+const npm = require("npm6");
+const installer = require("npm6/lib/install");
 const { muteStderr, runAsync } = require("./helpers.js");
 
 function installArgsWithVersion(depName, desiredVersion, reqs) {

data/helpers/lib/{npm → npm6}/subdependency-updater.js

@@ -1,7 +1,7 @@
 const fs = require("fs");
 const path = require("path");
-const npm = require("npm");
-const installer = require("npm/lib/install");
+const npm = require("npm6");
+const installer = require("npm6/lib/install");
 const detectIndent = require("detect-indent");
 const removeDependenciesFromLockfile = require("./remove-dependencies-from-lockfile");
 

data/helpers/lib/{npm → npm6}/updater.js

@@ -16,8 +16,8 @@
  */
 const fs = require("fs");
 const path = require("path");
-const npm = require("npm");
-const installer = require("npm/lib/install");
+const npm = require("npm6");
+const installer = require("npm6/lib/install");
 const detectIndent = require("detect-indent");
 const { muteStderr, runAsync } = require("./helpers.js");
 

data/helpers/package.json

@@ -10,9 +10,9 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.21.1",
-    "@npmcli/arborist": "^2.0.2",
+    "@npmcli/arborist": "^2.0.3",
     "detect-indent": "^6.0.0",
-    "npm": "6.14.10",
+    "npm6": "npm:npm@6.14.11",
     "semver": "^7.3.4"
   },
   "devDependencies": {

data/helpers/test/{npm → npm6}/conflicting-dependency-parser.test.js

@@ -4,7 +4,7 @@ const fs = require("fs");
 const rimraf = require("rimraf");
 const {
   findConflictingDependencies,
-} = require("../../lib/npm/conflicting-dependency-parser");
+} = require("../../lib/npm6/conflicting-dependency-parser");
 const helpers = require("./helpers");
 
 describe("findConflictingDependencies", () => {

data/helpers/test/{npm → npm6}/updater.test.js

@@ -2,7 +2,7 @@ const path = require("path");
 const os = require("os");
 const fs = require("fs");
 const rimraf = require("rimraf");
-const { updateDependencyFiles } = require("../../lib/npm/updater");
+const { updateDependencyFiles } = require("../../lib/npm6/updater");
 const helpers = require("./helpers");
 
 describe("updater", () => {

data/helpers/yarn.lock

@@ -543,10 +543,10 @@
     "@types/yargs" "^15.0.0"
     chalk "^4.0.0"
 
-"@npmcli/arborist@^2.0.2":
-  version "2.0.2"
-  resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.0.2.tgz#4b119e842f59fb150be81c36d01807270ba81a75"
-  integrity sha512-QMMUSeGW6u9/T8zH0zCGSRtOqCMmv8LnRNjZFX+zv4u1dauIx5iJ4i8e7EJbvXkKEZyGjK8sJ45NIoF+umMgIQ==
+"@npmcli/arborist@^2.0.3":
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.0.3.tgz#d11f85c6609f542588bb946d0223b57c9a968650"
+  integrity sha512-iqahzDZaqdUyAHLG1SIG9jrbkLtT5xNbKX1ppAnx7mKx1u+BXYjkxi5ohewLAfyERH6IpODPAiRVc8c3kxA5jQ==
   dependencies:
     "@npmcli/installed-package-contents" "^1.0.5"
     "@npmcli/map-workspaces" "^1.0.1"
@@ -564,13 +564,14 @@
     npm-install-checks "^4.0.0"
     npm-package-arg "^8.1.0"
     npm-pick-manifest "^6.1.0"
-    pacote "^11.1.13"
+    pacote "^11.1.14"
     parse-conflict-json "^1.1.1"
     promise-all-reject-late "^1.0.0"
     promise-call-limit "^1.0.1"
     read-package-json-fast "^1.2.1"
     readdir-scoped-modules "^1.1.0"
     semver "^7.3.4"
+    tar "^6.1.0"
     treeverse "^1.0.4"
     walk-up-path "^1.0.0"
 
@@ -3198,10 +3199,10 @@ inherits@2, inherits@^2.0.1, inherits@^2.0.3, inherits@^2.0.4, inherits@~2.0.1,
   resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
-ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
-  version "1.3.7"
-  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.7.tgz#a09363e1911972ea16d7a8851005d84cf09a9a84"
-  integrity sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ==
+ini@^1.3.4, ini@^1.3.5, ini@^1.3.8, ini@~1.3.0:
+  version "1.3.8"
+  resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+  integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
 
 init-package-json@^1.10.3:
   version "1.10.3"
@@ -5225,10 +5226,10 @@ npm-user-validate@^1.0.1:
   resolved "https://registry.yarnpkg.com/npm-user-validate/-/npm-user-validate-1.0.1.tgz#31428fc5475fe8416023f178c0ab47935ad8c561"
   integrity sha512-uQwcd/tY+h1jnEaze6cdX/LrhWhoBxfSknxentoqmIuStxUExxjWd3ULMLFPiFUrZKbOVMowH6Jq2FRWfmhcEw==
 
-npm@6.14.10:
-  version "6.14.10"
-  resolved "https://registry.yarnpkg.com/npm/-/npm-6.14.10.tgz#f45c8e4244294ba793770f2ab0e9ce2d0b93fd29"
-  integrity sha512-FT23Qy/JMA+qxEYReMOr1MY7642fKn8Onn+72LASPi872Owvmw0svm+/DXTHOC3yO9CheEO+EslyXEpdBdRtIA==
+"npm6@npm:npm@6.14.11":
+  version "6.14.11"
+  resolved "https://registry.npmjs.org/npm/-/npm-6.14.11.tgz#e0b5598d7b9a42d275e61d8bd28cd7eee0074a3b"
+  integrity sha512-1Zh7LjuIoEhIyjkBflSSGzfjuPQwDlghNloppjruOH5bmj9midT9qcNT0tRUZRR04shU9ekrxNy9+UTBrqeBpQ==
   dependencies:
     JSONStream "^1.3.5"
     abbrev "~1.1.1"
@@ -5248,7 +5249,6 @@ npm@6.14.10:
     cmd-shim "^3.0.3"
     columnify "~1.5.4"
     config-chain "^1.1.12"
-    debuglog "*"
     detect-indent "~5.0.0"
     detect-newline "^2.1.0"
     dezalgo "~1.0.3"
@@ -5263,11 +5263,10 @@ npm@6.14.10:
     has-unicode "~2.0.1"
     hosted-git-info "^2.8.8"
     iferr "^1.0.2"
-    imurmurhash "*"
     infer-owner "^1.0.4"
     inflight "~1.0.6"
     inherits "^2.0.4"
-    ini "^1.3.5"
+    ini "^1.3.8"
     init-package-json "^1.10.3"
     is-cidr "^3.0.0"
     json-parse-better-errors "^1.0.2"
@@ -5282,14 +5281,8 @@ npm@6.14.10:
     libnpx "^10.2.4"
     lock-verify "^2.1.0"
     lockfile "^1.0.4"
-    lodash._baseindexof "*"
     lodash._baseuniq "~4.6.0"
-    lodash._bindcallback "*"
-    lodash._cacheindexof "*"
-    lodash._createcache "*"
-    lodash._getnative "*"
     lodash.clonedeep "~4.5.0"
-    lodash.restparam "*"
     lodash.union "~4.6.0"
     lodash.uniq "~4.5.0"
     lodash.without "~4.4.0"
@@ -5605,10 +5598,10 @@ package-json@^4.0.0:
     registry-url "^3.0.3"
     semver "^5.1.0"
 
-pacote@^11.1.11, pacote@^11.1.13:
-  version "11.1.13"
-  resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.1.13.tgz#7e85213693b0b4b1119c4026dc1b68c087641dc2"
-  integrity sha512-oJ7Bg7p3izrIMhZPHCCHmMHQl+xb+pKBXL5ZYeM2oCZrw6sBRSx7f8l7F+95V2qA0BP3c1cNaaBmUNkbo6Hn9w==
+pacote@^11.1.11, pacote@^11.1.14:
+  version "11.1.14"
+  resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.1.14.tgz#c60b9849ab05488d3f9ccd644c8a42543f2f36d6"
+  integrity sha512-6c5OhQelaJFDfiw/Zd8MfGCvvFHurSdeGzufZMPvRFImdbNOYFciOINf3DtUNUaU3h98eCb749UyHDsgvL19+A==
   dependencies:
     "@npmcli/git" "^2.0.1"
     "@npmcli/installed-package-contents" "^1.0.5"
@@ -5628,7 +5621,7 @@ pacote@^11.1.11, pacote@^11.1.13:
     read-package-json-fast "^1.1.3"
     rimraf "^3.0.2"
     ssri "^8.0.0"
-    tar "^6.0.1"
+    tar "^6.1.0"
 
 pacote@^9.1.0, pacote@^9.5.12, pacote@^9.5.3:
   version "9.5.12"
@@ -7058,10 +7051,10 @@ tar@^4.4.10, tar@^4.4.12, tar@^4.4.13:
     safe-buffer "^5.1.2"
     yallist "^3.0.3"
 
-tar@^6.0.1, tar@^6.0.2:
-  version "6.0.5"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.0.5.tgz#bde815086e10b39f1dcd298e89d596e1535e200f"
-  integrity sha512-0b4HOimQHj9nXNEAA7zWwMM91Zhhba3pspja6sQbgTpynOJf+bkjBnfybNYzbpLbnwXnbyB4LOREvlyXLkCHSg==
+tar@^6.0.2, tar@^6.1.0:
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.0.tgz#d1724e9bcc04b977b18d5c573b333a2207229a83"
+  integrity sha512-DUCttfhsnLCjwoDoFcI+B2iJgYa93vBnDUATYEeRx6sntCTdN01VnqsIuTlALXla/LWooNg0yEGeB+Y8WdFxGA==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"

data/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -295,7 +295,9 @@ module Dependabot
           elsif resolved_url.include?("/#{name}/-/#{name}")
             # MyGet / Bintray format
             resolved_url.split("/#{name}/-/#{name}").first.
-              gsub("dl.bintray.com//", "api.bintray.com/npm/")
+              gsub("dl.bintray.com//", "api.bintray.com/npm/").
+              # GitLab format
+              gsub(%r{\/projects\/\d+}, "")
           elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
             # Sonatype Nexus / Artifactory JFrog format
             resolved_url.split("/#{name}/-/#{name.split('/').last}").first

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -150,7 +150,7 @@ module Dependabot
                                       top_level_dependency_updates:)
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
-            function: "npm:update",
+            function: "npm6:update",
             args: [
               Dir.pwd,
               lockfile_name,
@@ -162,7 +162,7 @@ module Dependabot
         def run_npm_subdependency_updater(lockfile_name:)
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
-            function: "npm:updateSubdependency",
+            function: "npm6:updateSubdependency",
             args: [Dir.pwd, lockfile_name, sub_dependencies.map(&:to_h)]
           )
         end

data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb

@@ -45,7 +45,7 @@ module Dependabot
                dependency_files_builder.shrinkwraps.any?
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:findConflictingDependencies",
+                function: "npm6:findConflictingDependencies",
                 args: [Dir.pwd, dependency.name, target_version.to_s]
               )
             else

data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb

@@ -112,7 +112,7 @@ module Dependabot
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:updateSubdependency",
+                function: "npm6:updateSubdependency",
                 args: [Dir.pwd, lockfile_name, [dependency.to_h]]
               )
             end

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

@@ -415,7 +415,7 @@ module Dependabot
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:checkPeerDependencies",
+                function: "npm6:checkPeerDependencies",
                 args: [
                   Dir.pwd,
                   dependency.name,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.129.5
+  version: 0.130.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-07 00:00:00.000000000 Z
+date: 2021-01-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.5
+        version: 0.130.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.5
+        version: 0.130.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -174,13 +174,13 @@ files:
 - helpers/.eslintrc
 - helpers/README.md
 - helpers/build
-- helpers/lib/npm/conflicting-dependency-parser.js
-- helpers/lib/npm/helpers.js
-- helpers/lib/npm/index.js
-- helpers/lib/npm/peer-dependency-checker.js
-- helpers/lib/npm/remove-dependencies-from-lockfile.js
-- helpers/lib/npm/subdependency-updater.js
-- helpers/lib/npm/updater.js
+- helpers/lib/npm6/conflicting-dependency-parser.js
+- helpers/lib/npm6/helpers.js
+- helpers/lib/npm6/index.js
+- helpers/lib/npm6/peer-dependency-checker.js
+- helpers/lib/npm6/remove-dependencies-from-lockfile.js
+- helpers/lib/npm6/subdependency-updater.js
+- helpers/lib/npm6/updater.js
 - helpers/lib/yarn/conflicting-dependency-parser.js
 - helpers/lib/yarn/fix-duplicates.js
 - helpers/lib/yarn/helpers.js
@@ -192,18 +192,18 @@ files:
 - helpers/lib/yarn/updater.js
 - helpers/package.json
 - helpers/run.js
-- helpers/test/npm/conflicting-dependency-parser.test.js
-- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
-- helpers/test/npm/fixtures/updater/original/package-lock.json
-- helpers/test/npm/fixtures/updater/original/package.json
-- helpers/test/npm/fixtures/updater/updated/package-lock.json
-- helpers/test/npm/helpers.js
-- helpers/test/npm/updater.test.js
+- helpers/test/npm6/conflicting-dependency-parser.test.js
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/npm6/fixtures/updater/original/package-lock.json
+- helpers/test/npm6/fixtures/updater/original/package.json
+- helpers/test/npm6/fixtures/updater/updated/package-lock.json
+- helpers/test/npm6/helpers.js
+- helpers/test/npm6/updater.test.js
 - helpers/test/yarn/conflicting-dependency-parser.test.js
 - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
 - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock