dependabot-npm_and_yarn 0.365.0 → 0.366.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +43 -66
- data/helpers/package.json +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +8 -24
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b0212799f2a2fa21c0bc9be370dbfb944652e9a34711e846e22608a05561060
|
|
4
|
+
data.tar.gz: 6a71485492ddf512478859078e298df9c5bf4e58826fe3098867504786c02242
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 43e6578bbc6940db3460dd2fe91751a1d986cde35fc648de8f408079da32fe94bd074c889fdfac65d7dda40f8575bbcb219681f8449a157226e98b8a96d2905c
|
|
7
|
+
data.tar.gz: 3798ea8bee4eb841638f9f3a5ceaeaab4603f5635c2387a02bff98cd35c3eb1a6434225dd2dc89c5c0abf1ed59640e257ec6a8cbbd75b15af0874120fe977ff6
|
data/helpers/package-lock.json
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"@pnpm/lockfile-file": "^9.1.3",
|
|
14
14
|
"detect-indent": "^6.1.0",
|
|
15
15
|
"npm": "6.14.18",
|
|
16
|
-
"patch-package": "^8.0.
|
|
16
|
+
"patch-package": "^8.0.1",
|
|
17
17
|
"semver": "^7.7.4"
|
|
18
18
|
},
|
|
19
19
|
"bin": {
|
|
@@ -3906,14 +3906,6 @@
|
|
|
3906
3906
|
"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
|
|
3907
3907
|
"integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
|
|
3908
3908
|
},
|
|
3909
|
-
"node_modules/at-least-node": {
|
|
3910
|
-
"version": "1.0.0",
|
|
3911
|
-
"resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
|
|
3912
|
-
"integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
|
|
3913
|
-
"engines": {
|
|
3914
|
-
"node": ">= 4.0.0"
|
|
3915
|
-
}
|
|
3916
|
-
},
|
|
3917
3909
|
"node_modules/aws-sign2": {
|
|
3918
3910
|
"version": "0.7.0",
|
|
3919
3911
|
"resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
|
|
@@ -5672,17 +5664,16 @@
|
|
|
5672
5664
|
"integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
|
|
5673
5665
|
},
|
|
5674
5666
|
"node_modules/fs-extra": {
|
|
5675
|
-
"version": "
|
|
5676
|
-
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-
|
|
5677
|
-
"integrity": "sha512-
|
|
5667
|
+
"version": "10.1.0",
|
|
5668
|
+
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
|
|
5669
|
+
"integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==",
|
|
5678
5670
|
"dependencies": {
|
|
5679
|
-
"at-least-node": "^1.0.0",
|
|
5680
5671
|
"graceful-fs": "^4.2.0",
|
|
5681
5672
|
"jsonfile": "^6.0.1",
|
|
5682
5673
|
"universalify": "^2.0.0"
|
|
5683
5674
|
},
|
|
5684
5675
|
"engines": {
|
|
5685
|
-
"node": ">=
|
|
5676
|
+
"node": ">=12"
|
|
5686
5677
|
}
|
|
5687
5678
|
},
|
|
5688
5679
|
"node_modules/fs-minipass": {
|
|
@@ -8673,9 +8664,9 @@
|
|
|
8673
8664
|
}
|
|
8674
8665
|
},
|
|
8675
8666
|
"node_modules/jsonfile": {
|
|
8676
|
-
"version": "6.
|
|
8677
|
-
"resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.
|
|
8678
|
-
"integrity": "sha512-
|
|
8667
|
+
"version": "6.2.0",
|
|
8668
|
+
"resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz",
|
|
8669
|
+
"integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==",
|
|
8679
8670
|
"dependencies": {
|
|
8680
8671
|
"universalify": "^2.0.0"
|
|
8681
8672
|
},
|
|
@@ -14112,24 +14103,23 @@
|
|
|
14112
14103
|
}
|
|
14113
14104
|
},
|
|
14114
14105
|
"node_modules/patch-package": {
|
|
14115
|
-
"version": "8.0.
|
|
14116
|
-
"resolved": "https://registry.npmjs.org/patch-package/-/patch-package-8.0.
|
|
14117
|
-
"integrity": "sha512-
|
|
14106
|
+
"version": "8.0.1",
|
|
14107
|
+
"resolved": "https://registry.npmjs.org/patch-package/-/patch-package-8.0.1.tgz",
|
|
14108
|
+
"integrity": "sha512-VsKRIA8f5uqHQ7NGhwIna6Bx6D9s/1iXlA1hthBVBEbkq+t4kXD0HHt+rJhf/Z+Ci0F/HCB2hvn0qLdLG+Qxlw==",
|
|
14118
14109
|
"dependencies": {
|
|
14119
14110
|
"@yarnpkg/lockfile": "^1.1.0",
|
|
14120
14111
|
"chalk": "^4.1.2",
|
|
14121
14112
|
"ci-info": "^3.7.0",
|
|
14122
14113
|
"cross-spawn": "^7.0.3",
|
|
14123
14114
|
"find-yarn-workspace-root": "^2.0.0",
|
|
14124
|
-
"fs-extra": "^
|
|
14115
|
+
"fs-extra": "^10.0.0",
|
|
14125
14116
|
"json-stable-stringify": "^1.0.2",
|
|
14126
14117
|
"klaw-sync": "^6.0.0",
|
|
14127
14118
|
"minimist": "^1.2.6",
|
|
14128
14119
|
"open": "^7.4.2",
|
|
14129
|
-
"rimraf": "^2.6.3",
|
|
14130
14120
|
"semver": "^7.5.3",
|
|
14131
14121
|
"slash": "^2.0.0",
|
|
14132
|
-
"tmp": "^0.
|
|
14122
|
+
"tmp": "^0.2.4",
|
|
14133
14123
|
"yaml": "^2.2.2"
|
|
14134
14124
|
},
|
|
14135
14125
|
"bin": {
|
|
@@ -14207,17 +14197,6 @@
|
|
|
14207
14197
|
"node": ">=8"
|
|
14208
14198
|
}
|
|
14209
14199
|
},
|
|
14210
|
-
"node_modules/patch-package/node_modules/rimraf": {
|
|
14211
|
-
"version": "2.7.1",
|
|
14212
|
-
"resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
|
|
14213
|
-
"integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
|
|
14214
|
-
"dependencies": {
|
|
14215
|
-
"glob": "^7.1.3"
|
|
14216
|
-
},
|
|
14217
|
-
"bin": {
|
|
14218
|
-
"rimraf": "bin.js"
|
|
14219
|
-
}
|
|
14220
|
-
},
|
|
14221
14200
|
"node_modules/patch-package/node_modules/slash": {
|
|
14222
14201
|
"version": "2.0.0",
|
|
14223
14202
|
"resolved": "https://registry.npmjs.org/slash/-/slash-2.0.0.tgz",
|
|
@@ -14237,6 +14216,14 @@
|
|
|
14237
14216
|
"node": ">=8"
|
|
14238
14217
|
}
|
|
14239
14218
|
},
|
|
14219
|
+
"node_modules/patch-package/node_modules/tmp": {
|
|
14220
|
+
"version": "0.2.5",
|
|
14221
|
+
"resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
|
|
14222
|
+
"integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==",
|
|
14223
|
+
"engines": {
|
|
14224
|
+
"node": ">=14.14"
|
|
14225
|
+
}
|
|
14226
|
+
},
|
|
14240
14227
|
"node_modules/path-exists": {
|
|
14241
14228
|
"version": "4.0.0",
|
|
14242
14229
|
"resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
|
|
@@ -15668,9 +15655,9 @@
|
|
|
15668
15655
|
}
|
|
15669
15656
|
},
|
|
15670
15657
|
"node_modules/universalify": {
|
|
15671
|
-
"version": "2.0.
|
|
15672
|
-
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.
|
|
15673
|
-
"integrity": "sha512-
|
|
15658
|
+
"version": "2.0.1",
|
|
15659
|
+
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
|
|
15660
|
+
"integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
|
|
15674
15661
|
"engines": {
|
|
15675
15662
|
"node": ">= 10.0.0"
|
|
15676
15663
|
}
|
|
@@ -18955,11 +18942,6 @@
|
|
|
18955
18942
|
"resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
|
|
18956
18943
|
"integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
|
|
18957
18944
|
},
|
|
18958
|
-
"at-least-node": {
|
|
18959
|
-
"version": "1.0.0",
|
|
18960
|
-
"resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
|
|
18961
|
-
"integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg=="
|
|
18962
|
-
},
|
|
18963
18945
|
"aws-sign2": {
|
|
18964
18946
|
"version": "0.7.0",
|
|
18965
18947
|
"resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
|
|
@@ -20265,11 +20247,10 @@
|
|
|
20265
20247
|
"integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
|
|
20266
20248
|
},
|
|
20267
20249
|
"fs-extra": {
|
|
20268
|
-
"version": "
|
|
20269
|
-
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-
|
|
20270
|
-
"integrity": "sha512-
|
|
20250
|
+
"version": "10.1.0",
|
|
20251
|
+
"resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
|
|
20252
|
+
"integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==",
|
|
20271
20253
|
"requires": {
|
|
20272
|
-
"at-least-node": "^1.0.0",
|
|
20273
20254
|
"graceful-fs": "^4.2.0",
|
|
20274
20255
|
"jsonfile": "^6.0.1",
|
|
20275
20256
|
"universalify": "^2.0.0"
|
|
@@ -22481,9 +22462,9 @@
|
|
|
22481
22462
|
"dev": true
|
|
22482
22463
|
},
|
|
22483
22464
|
"jsonfile": {
|
|
22484
|
-
"version": "6.
|
|
22485
|
-
"resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.
|
|
22486
|
-
"integrity": "sha512-
|
|
22465
|
+
"version": "6.2.0",
|
|
22466
|
+
"resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz",
|
|
22467
|
+
"integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==",
|
|
22487
22468
|
"requires": {
|
|
22488
22469
|
"graceful-fs": "^4.1.6",
|
|
22489
22470
|
"universalify": "^2.0.0"
|
|
@@ -26547,24 +26528,23 @@
|
|
|
26547
26528
|
}
|
|
26548
26529
|
},
|
|
26549
26530
|
"patch-package": {
|
|
26550
|
-
"version": "8.0.
|
|
26551
|
-
"resolved": "https://registry.npmjs.org/patch-package/-/patch-package-8.0.
|
|
26552
|
-
"integrity": "sha512-
|
|
26531
|
+
"version": "8.0.1",
|
|
26532
|
+
"resolved": "https://registry.npmjs.org/patch-package/-/patch-package-8.0.1.tgz",
|
|
26533
|
+
"integrity": "sha512-VsKRIA8f5uqHQ7NGhwIna6Bx6D9s/1iXlA1hthBVBEbkq+t4kXD0HHt+rJhf/Z+Ci0F/HCB2hvn0qLdLG+Qxlw==",
|
|
26553
26534
|
"requires": {
|
|
26554
26535
|
"@yarnpkg/lockfile": "^1.1.0",
|
|
26555
26536
|
"chalk": "^4.1.2",
|
|
26556
26537
|
"ci-info": "^3.7.0",
|
|
26557
26538
|
"cross-spawn": "^7.0.3",
|
|
26558
26539
|
"find-yarn-workspace-root": "^2.0.0",
|
|
26559
|
-
"fs-extra": "^
|
|
26540
|
+
"fs-extra": "^10.0.0",
|
|
26560
26541
|
"json-stable-stringify": "^1.0.2",
|
|
26561
26542
|
"klaw-sync": "^6.0.0",
|
|
26562
26543
|
"minimist": "^1.2.6",
|
|
26563
26544
|
"open": "^7.4.2",
|
|
26564
|
-
"rimraf": "^2.6.3",
|
|
26565
26545
|
"semver": "^7.5.3",
|
|
26566
26546
|
"slash": "^2.0.0",
|
|
26567
|
-
"tmp": "^0.
|
|
26547
|
+
"tmp": "^0.2.4",
|
|
26568
26548
|
"yaml": "^2.2.2"
|
|
26569
26549
|
},
|
|
26570
26550
|
"dependencies": {
|
|
@@ -26608,14 +26588,6 @@
|
|
|
26608
26588
|
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
|
|
26609
26589
|
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="
|
|
26610
26590
|
},
|
|
26611
|
-
"rimraf": {
|
|
26612
|
-
"version": "2.7.1",
|
|
26613
|
-
"resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
|
|
26614
|
-
"integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
|
|
26615
|
-
"requires": {
|
|
26616
|
-
"glob": "^7.1.3"
|
|
26617
|
-
}
|
|
26618
|
-
},
|
|
26619
26591
|
"slash": {
|
|
26620
26592
|
"version": "2.0.0",
|
|
26621
26593
|
"resolved": "https://registry.npmjs.org/slash/-/slash-2.0.0.tgz",
|
|
@@ -26628,6 +26600,11 @@
|
|
|
26628
26600
|
"requires": {
|
|
26629
26601
|
"has-flag": "^4.0.0"
|
|
26630
26602
|
}
|
|
26603
|
+
},
|
|
26604
|
+
"tmp": {
|
|
26605
|
+
"version": "0.2.5",
|
|
26606
|
+
"resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
|
|
26607
|
+
"integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow=="
|
|
26631
26608
|
}
|
|
26632
26609
|
}
|
|
26633
26610
|
},
|
|
@@ -27719,9 +27696,9 @@
|
|
|
27719
27696
|
}
|
|
27720
27697
|
},
|
|
27721
27698
|
"universalify": {
|
|
27722
|
-
"version": "2.0.
|
|
27723
|
-
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.
|
|
27724
|
-
"integrity": "sha512-
|
|
27699
|
+
"version": "2.0.1",
|
|
27700
|
+
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
|
|
27701
|
+
"integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw=="
|
|
27725
27702
|
},
|
|
27726
27703
|
"unrs-resolver": {
|
|
27727
27704
|
"version": "1.11.1",
|
data/helpers/package.json
CHANGED
|
@@ -41,8 +41,6 @@ module Dependabot
|
|
|
41
41
|
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
42
42
|
attr_reader :dependencies
|
|
43
43
|
|
|
44
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
45
|
-
|
|
46
44
|
sig { returns(T.nilable(String)) }
|
|
47
45
|
def updated_package_json_content
|
|
48
46
|
# checks if we are updating single dependency in package.json
|
|
@@ -59,27 +57,14 @@ module Dependabot
|
|
|
59
57
|
new_req: new_req
|
|
60
58
|
)
|
|
61
59
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
# the update continue.
|
|
71
|
-
|
|
72
|
-
Dependabot.logger.info(
|
|
73
|
-
"experiment: avoid_duplicate_updates_package_json.
|
|
74
|
-
Updating package.json for #{dep.name} "
|
|
75
|
-
)
|
|
76
|
-
|
|
77
|
-
raise "Expected content to change!"
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
if !Dependabot::Experiments.enabled?(:avoid_duplicate_updates_package_json) && (content == new_content)
|
|
81
|
-
raise "Expected content to change!"
|
|
82
|
-
end
|
|
60
|
+
# package.json does not always contain the same dependencies compared to the
|
|
61
|
+
# "dependencies" list. For example, the dependencies object can contain same name dependency
|
|
62
|
+
# "dep" => "1.0.0" and "dev" => "1.0.1" while package.json can only contain "dep" => "1.0.0".
|
|
63
|
+
# The other dependency is not present in package.json so we don't have to update it — this is
|
|
64
|
+
# most likely a transitive dependency which only needs an update in the lockfile. For a batch
|
|
65
|
+
# with a single unique dependency name we tolerate this no-op update, but when multiple unique
|
|
66
|
+
# dependencies are being updated and none change the content we treat that as unexpected and raise.
|
|
67
|
+
raise "Expected content to change!" if content == new_content && unique_deps_count > 1
|
|
83
68
|
|
|
84
69
|
content = new_content
|
|
85
70
|
end
|
|
@@ -98,7 +83,6 @@ module Dependabot
|
|
|
98
83
|
content
|
|
99
84
|
end
|
|
100
85
|
end
|
|
101
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
102
86
|
sig do
|
|
103
87
|
params(
|
|
104
88
|
dependency: Dependabot::Dependency,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.366.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.366.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.366.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -361,7 +361,7 @@ licenses:
|
|
|
361
361
|
- MIT
|
|
362
362
|
metadata:
|
|
363
363
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
364
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
364
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.366.0
|
|
365
365
|
rdoc_options: []
|
|
366
366
|
require_paths:
|
|
367
367
|
- lib
|