RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.217.0 → 0.218.0 - Mend

dependabot-npm_and_yarn 0.217.0 → 0.218.0

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a823eeb3c53a01ed5def55c048e922f0d7a0321b3c0e3a5fb72a6d6a00fbf46b
-  data.tar.gz: '086d8ec9bd1a36a0fb1c65f2eba91e8b5f6d6c64a3cf700774a275eeb07f3767'
+  metadata.gz: 7206f2db6166afbdb898d6bc710f53255a7ee8426eb820642e56bdd967ddc079
+  data.tar.gz: 6525f3d43debb1e9f09a612ca04589f29a4c14b1c16b27c86fb1140270ab5c18
 SHA512:
-  metadata.gz: a0d9706d209830b65e374334508f962a93442f48e7fd024f0a0436edb8381e3388e52f08ce1acaef7b39fc4a72a5a1df05813128e03c429a90ab971ef37969a7
-  data.tar.gz: cd710eb25983ce630ddfd87e816ab7c0f99264f78f2251c96393ebc32eba4b6c844a319c4f4b25113e46a1c4b2b48ff65a5f00a3a3f9d9b6601c4b71cb8c8e94
+  metadata.gz: 6f867a7d9a6cdef47a73c6d13b263b02e6622ff97282322c289fb46567548e6f58dd05588e7dd03e915183ed51ecd1532c9dd818452d0672521d1f43ede98d18
+  data.tar.gz: d55ba2258422781d317652cc712a349cbd43391aa9730ea1f1b79f7198c48cba24abb3956199278f796d76bb74e3bfa1c789e62eb5f930c47ff6d95d79282751

data/helpers/lib/pnpm/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+const lockfileParser = require("./lockfile-parser");
+module.exports = {
+  parseLockfile: lockfileParser.parse,
+};

data/helpers/lib/pnpm/lockfile-parser.js ADDED Viewed

@@ -0,0 +1,77 @@
+/* PNPM-LOCK.YAML PARSER
+ *
+ * Inputs:
+ *  - directory containing a pnpm-lock.yaml file
+ *
+ * Outputs:
+ *  - JSON formatted information of dependencies (name, version, dependency-type)
+ */
+const { readWantedLockfile } = require("@pnpm/lockfile-file");
+const dependencyPath = require("@pnpm/dependency-path");
+async function parse(directory) {
+  const lockfile = await readWantedLockfile(directory, {
+    ignoreIncompatible: true
+  });
+  return Object.entries(lockfile.packages ?? {})
+    .map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
+}
+function nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, projectSnapshots) {
+  let name;
+  let version;
+  if (!pkgSnapshot.name) {
+    const pkgInfo = dependencyPath.parse(depPath);
+    name = pkgInfo.name;
+    version = pkgInfo.version;
+  } else {
+    name = pkgSnapshot.name;
+    version = pkgSnapshot.version;
+  }
+  let specifiers = [];
+  let aliased = false;
+  projectSnapshots.every(projectSnapshot => {
+    const projectSpecifiers = projectSnapshot.specifiers;
+    if (Object.values(projectSpecifiers).some(specifier => specifier.startsWith(`npm:${name}@`) || specifier == `npm:${name}`)) {
+      aliased = true;
+      return false;
+    }
+    currentSpecifier = projectSpecifiers[name];
+    if (!currentSpecifier) {
+      return true;
+    }
+    let specifierVersion = currentSpecifier.version;
+    if (!currentSpecifier.version) {
+      specifierVersion = projectSnapshot.dependencies?.[name] || projectSnapshot.devDependencies?.[name] || projectSnapshot.optionalDependencies?.[name]
+    }
+    if (
+      specifierVersion == version ||
+      specifierVersion.startsWith(`${version}_`) || // lockfileVersion 5.4
+      specifierVersion.startsWith(`${version}(`)    // lockfileVersion 6.0
+    ) {
+      specifiers.push(currentSpecifier.specifier || currentSpecifier);
+    }
+    return true;
+  });
+  return {
+    name: name,
+    version: version,
+    dev: pkgSnapshot.dev,
+    specifiers: specifiers,
+    aliased: aliased
+  }
+}
+module.exports = { parse };