RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.196.2 → 0.196.3 - Mend

dependabot-npm_and_yarn 0.196.2 → 0.196.3

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17d091442f5535aee32eff806235c2c2fd5a003c1a0462020b66ed72877193c5
-  data.tar.gz: 0bc5a3ea0d891b2b146b576fa173e335b61e6495eb7d5246fffc9c7742dc2e55
+  metadata.gz: 7b7522d7728466cae083fc498a0e5c4a7923c46a56a38546f36834de5470fe84
+  data.tar.gz: a55c8659f731d24c8b93a13853d2d05bdc11eb72466873ab002b56b5d8a8ed99
 SHA512:
-  metadata.gz: 488838fc133bb86735d241857ce6ce2825a2b00d555568999c435426e64b94a01f657f685f53b4f354daeb2437d257dcd319b4e935303bc8eb2237379ef25bd7
-  data.tar.gz: 239df30dd2eb4694e28f7382c1bfa6c75dc64b94d3d086c7831bbe893d1d06c5cb86244ad93635a192f0e96f6d3aa91aba6cefb535464f77492bad8796454c4b
+  metadata.gz: f5c67225a4f85b8887d2318f236b078820c201e5daf654cde802633723005f98b7136f3581a9c1edc09d6f2923839454f4340580fc2e3f9e96d478de1de44de4
+  data.tar.gz: 7dd77797d4c581508b60c49adb083e6fab1f2fecdb74456f1b8d9fc2023172f6349cf3b12d2a70f0ab6af5930d73777fa62764dcbb39d2ccde12583e3e2bfec3

@@ -15,6 +15,8 @@ const semver = require("semver");
 async function findConflictingDependencies(directory, depName, targetVersion) {
   const arb = new Arborist({
     path: directory,
+    dryRun: true,
+    ignoreScripts: true,
   });
   return await arb.loadVirtual().then((tree) => {

data/helpers/lib/npm/vulnerability-auditor.js CHANGED Viewed

@@ -43,6 +43,7 @@ async function findVulnerableDependencies(directory, advisories) {
     ca: caCerts,
     force: true,
     dryRun: true,
+    ignoreScripts: true,
     ...registryOpts,
     ...registryCreds,
   })