dependabot-npm_and_yarn 0.130.3 → 0.131.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a72032ddd9002f5f809306a78b9ef4ed6f162429304bf1028de47e26efe328b
-  data.tar.gz: f0339e357f2f3d9c06fa762af01563377a97291506475ebec1c0248f055ecf2b
+  metadata.gz: 1613e41a007efe3d0026aae84c460c120ded45d8630479b44fd83baf8c267ec3
+  data.tar.gz: e94988b12dd70a4a652ff4cc76933fb09dc2153f39db0a8ef4b78cf210db0ab6
 SHA512:
-  metadata.gz: 435dd37fd5d06d1840e9d7068f0aecfd5c0c856ff8f182f0ebd28e5d16219c1e871fc1f5e3478374cad730e37d03898d35d2cb74c05a6da531cb8f7e74680f82
-  data.tar.gz: 12f6c7d18c5581a0b10ab2b6fc92c1882cf7421d3b07b0ab2cb78d78bfcae4ad76bfae15f2cdc20e09ca5e13183c25349963ed69e69280bf4a411c390e3213ff
+  metadata.gz: 811b30d07b03bafca27445069568f914381b129c36969ae5b0b5e3ee3efb451ea894f4ce3426a205deab9837c728170216d2017a1458b97c142d2dd1b437dc25
+  data.tar.gz: cf664e29456677008b71555e03a1b3acd8fb0b3e7afd9d2e9a9b4c9f51bd210173e15c0c9befe3ef31c4a4a82f48f82ba02699a0827c23daeadb4f52b9d05507

data/helpers/jest.config.js

@@ -1,4 +1,5 @@
 module.exports = {
   verbose: true,
+  rootDir: "test",
   testEnvironment: "node",
 };

data/helpers/lib/npm/index.js

@@ -0,0 +1,6 @@
+const conflictingDependencyParser = require("./conflicting-dependency-parser");
+
+module.exports = {
+  findConflictingDependencies:
+    conflictingDependencyParser.findConflictingDependencies,
+};

data/helpers/lib/npm6/index.js

@@ -1,12 +1,9 @@
 const updater = require("./updater");
 const peerDependencyChecker = require("./peer-dependency-checker");
 const subdependencyUpdater = require("./subdependency-updater");
-const conflictingDependencyParser = require("./conflicting-dependency-parser");
 
 module.exports = {
   update: updater.updateDependencyFiles,
   updateSubdependency: subdependencyUpdater.updateDependencyFile,
   checkPeerDependencies: peerDependencyChecker.checkPeerDependencies,
-  findConflictingDependencies:
-    conflictingDependencyParser.findConflictingDependencies,
 };

data/helpers/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.21.1",
-    "@npmcli/arborist": "^2.0.6",
+    "@npmcli/arborist": "^2.1.1",
     "detect-indent": "^6.0.0",
     "npm6": "npm:npm@6.14.11",
     "npm7": "npm:npm@7.4.0",

data/helpers/test/npm6/conflicting-dependency-parser.test.js

@@ -4,7 +4,7 @@ const fs = require("fs");
 const rimraf = require("rimraf");
 const {
   findConflictingDependencies,
-} = require("../../lib/npm6/conflicting-dependency-parser");
+} = require("../../lib/npm/conflicting-dependency-parser");
 const helpers = require("./helpers");
 
 describe("findConflictingDependencies", () => {

data/helpers/yarn.lock

@@ -543,10 +543,10 @@
     "@types/yargs" "^15.0.0"
     chalk "^4.0.0"
 
-"@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3", "@npmcli/arborist@^2.0.6":
-  version "2.0.6"
-  resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.0.6.tgz#b1036209455f2048b791915a8e050a4390f99202"
-  integrity sha512-3VF6rr3TlGABVZHksblQCcG+aXvsND+pdkUc7vKsKyvY5DB1b6QxXUHwJTPTZz7hKvFM5GQPewp8OxMUdMDMRQ==
+"@npmcli/arborist@^2.0.0", "@npmcli/arborist@^2.0.3", "@npmcli/arborist@^2.1.1":
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-2.1.1.tgz#e0ae0ea657662b8b21406528e41545f2d4386fcb"
+  integrity sha512-zt+dabNvSuhQMlmJL4H0YV4mGujylxgxeXPWSSjMjMoZI3laniHUB+oGOhJi/k68FVoZ/o/Aevi4rWDClfm5ZQ==
   dependencies:
     "@npmcli/installed-package-contents" "^1.0.5"
     "@npmcli/map-workspaces" "^1.0.1"
@@ -565,7 +565,7 @@
     npm-package-arg "^8.1.0"
     npm-pick-manifest "^6.1.0"
     npm-registry-fetch "^9.0.0"
-    pacote "^11.2.3"
+    pacote "^11.2.4"
     parse-conflict-json "^1.1.1"
     promise-all-reject-late "^1.0.0"
     promise-call-limit "^1.0.1"
@@ -5844,10 +5844,10 @@ package-json@^4.0.0:
     registry-url "^3.0.3"
     semver "^5.1.0"
 
-pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4, pacote@^11.2.3:
-  version "11.2.3"
-  resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.2.3.tgz#3c9f70d281c62c86ca3dc2e17df4234c63c698f1"
-  integrity sha512-Jphxyk1EjGyLzNwa+MkbcQUQeTIqlKcIoPq0t9ekR9ZxsTGjzhRjz/cOoL9PTVkqAW1FH7qBoVbYL4FqQGNNJg==
+pacote@^11.1.11, pacote@^11.1.14, pacote@^11.1.4, pacote@^11.2.4:
+  version "11.2.4"
+  resolved "https://registry.yarnpkg.com/pacote/-/pacote-11.2.4.tgz#dc7ca740a573ed86a3bf863511d22c1d413ec82f"
+  integrity sha512-GfTeVQGJ6WyBQbQD4t3ocHbyOmTQLmWjkCKSZPmKiGFKYKNUaM5U2gbLzUW8WG1XmS9yQFnsTFA0k3o1+q4klQ==
   dependencies:
     "@npmcli/git" "^2.0.1"
     "@npmcli/installed-package-contents" "^1.0.5"

data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb

@@ -45,13 +45,9 @@ module Dependabot
             # parser doesn't deal with at the moment.
             if dependency_files_builder.package_locks.any? ||
                dependency_files_builder.shrinkwraps.any?
-              package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
-              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
-              Dependabot.logger.info(npm_version)
-
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm6:findConflictingDependencies",
+                function: "npm:findConflictingDependencies",
                 args: [Dir.pwd, dependency.name, target_version.to_s]
               )
             else

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.130.3
+  version: 0.131.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-26 00:00:00.000000000 Z
+date: 2021-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.130.3
+        version: 0.131.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.130.3
+        version: 0.131.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.9.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: 0.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -175,7 +175,8 @@ files:
 - helpers/README.md
 - helpers/build
 - helpers/jest.config.js
-- helpers/lib/npm6/conflicting-dependency-parser.js
+- helpers/lib/npm/conflicting-dependency-parser.js
+- helpers/lib/npm/index.js
 - helpers/lib/npm6/helpers.js
 - helpers/lib/npm6/index.js
 - helpers/lib/npm6/peer-dependency-checker.js
@@ -269,7 +270,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: JS support for dependabot