dependabot-npm_and_yarn 0.375.0 → 0.376.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e7f590621314bbec275f05d07e0fd4730be9387291521e829d9682075a8901b
|
|
4
|
+
data.tar.gz: 7a9410b39a02e0c8a2a63ed961828c5df1cf7cc478d0ceb1214c5da523242e1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 31a88199376501a935588a17cc62a86189f488be78ca3b1f67c40849c1692f29a256e2c8a579e1c4c17ef8bb0446691de8614ea82f9759270840cf67d99156ad
|
|
7
|
+
data.tar.gz: 79b1035a89c6cb3787776325b326f206a660d9da1e4882dc530f1eef3a0b3394e5d6c80a389e88626195fa498b94b0b439a2de55fc928549a637d8f5b727c0db
|
|
@@ -230,8 +230,8 @@ module Dependabot
|
|
|
230
230
|
original_content = File.read(lockfile_name)
|
|
231
231
|
|
|
232
232
|
Helpers.run_pnpm_command(
|
|
233
|
-
|
|
234
|
-
fingerprint:
|
|
233
|
+
pnpm_update_command,
|
|
234
|
+
fingerprint: pnpm_update_fingerprint
|
|
235
235
|
)
|
|
236
236
|
|
|
237
237
|
updated_content = File.read(lockfile_name)
|
|
@@ -250,6 +250,24 @@ module Dependabot
|
|
|
250
250
|
end
|
|
251
251
|
end
|
|
252
252
|
|
|
253
|
+
sig { returns(String) }
|
|
254
|
+
def pnpm_update_command
|
|
255
|
+
if latest_allowable_version
|
|
256
|
+
"update #{dependency.name}@#{latest_allowable_version} --lockfile-only --no-save -r"
|
|
257
|
+
else
|
|
258
|
+
"update #{dependency.name} --lockfile-only"
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
sig { returns(String) }
|
|
263
|
+
def pnpm_update_fingerprint
|
|
264
|
+
if latest_allowable_version
|
|
265
|
+
"update <dependency_name>@<latest_allowable_version> --lockfile-only --no-save -r"
|
|
266
|
+
else
|
|
267
|
+
"update <dependency_name> --lockfile-only"
|
|
268
|
+
end
|
|
269
|
+
end
|
|
270
|
+
|
|
253
271
|
# First-tier fallback: try `pnpm update --depth Infinity <dep>` to
|
|
254
272
|
# update transitive dependencies in the lockfile without modifying
|
|
255
273
|
# any package.json (unlike `pnpm audit --fix`).
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.376.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.376.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.376.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -370,7 +370,7 @@ licenses:
|
|
|
370
370
|
- MIT
|
|
371
371
|
metadata:
|
|
372
372
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
373
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
373
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
|
|
374
374
|
rdoc_options: []
|
|
375
375
|
require_paths:
|
|
376
376
|
- lib
|