dependabot-npm_and_yarn 0.92.2 → 0.92.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9fa2b9c641fb15406703fb5da15ae5a125b567b9cb1f94a7716f74d001282048
|
4
|
+
data.tar.gz: d2f5ac936ddcaa7ef9734fad56f7857b78d96977d21ed4c55880995551c99dc8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 42edaa08ce39493f1d4da8bcbce75476f153d49ca53ae3c730d30277298fabc1ffc85a1deec4de93357a980d64dd38051ce7b63322f3eb429a3e72a2befb59bd
|
7
|
+
data.tar.gz: 9c5c44cb15b93ce7077f1d04cbebe2517350abd5370b29691f5b88dccf61b735b70f24d023813edcf1bde20795073b8e91d0dd83cae4f9372784db75339c408e
|
@@ -358,11 +358,7 @@ module Dependabot
|
|
358
358
|
|
359
359
|
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
360
360
|
|
361
|
-
|
362
|
-
File.write(f.name, f.content)
|
363
|
-
else
|
364
|
-
File.write(f.name, prepared_npm_lockfile_content(f.content))
|
365
|
-
end
|
361
|
+
File.write(f.name, prepared_npm_lockfile_content(f.content))
|
366
362
|
end
|
367
363
|
end
|
368
364
|
|
@@ -407,6 +403,30 @@ module Dependabot
|
|
407
403
|
@git_dependencies_to_lock
|
408
404
|
end
|
409
405
|
|
406
|
+
# Note: NPM 6.6.0 started failing when a sub-dependency has a "from"
|
407
|
+
# field that includes the dependency name
|
408
|
+
#
|
409
|
+
# Example invalid from: "from": "bignumber.js@git+https://gi...
|
410
|
+
def remove_invalid_from_lines(npm_lockfile)
|
411
|
+
return npm_lockfile unless npm_lockfile.key?("dependencies")
|
412
|
+
|
413
|
+
dependencies =
|
414
|
+
npm_lockfile["dependencies"].
|
415
|
+
map do |k, v|
|
416
|
+
value =
|
417
|
+
if v["from"].to_s.start_with?("#{k}@")
|
418
|
+
v.dup.tap do |hash|
|
419
|
+
hash["from"] = hash["from"].gsub(/^#{Regexp.quote(k)}@/, "")
|
420
|
+
end
|
421
|
+
else v
|
422
|
+
end
|
423
|
+
|
424
|
+
[k, remove_invalid_from_lines(value)]
|
425
|
+
end.to_h
|
426
|
+
|
427
|
+
npm_lockfile.merge("dependencies" => dependencies)
|
428
|
+
end
|
429
|
+
|
410
430
|
def replace_ssh_sources(content)
|
411
431
|
updated_content = content
|
412
432
|
|
@@ -438,9 +458,11 @@ module Dependabot
|
|
438
458
|
end
|
439
459
|
|
440
460
|
def prepared_npm_lockfile_content(content)
|
441
|
-
|
442
|
-
remove_dependency_from_npm_lockfile(JSON.parse(content))
|
443
|
-
|
461
|
+
updated_content =
|
462
|
+
JSON.dump(remove_dependency_from_npm_lockfile(JSON.parse(content)))
|
463
|
+
updated_content =
|
464
|
+
JSON.dump(remove_invalid_from_lines(JSON.parse(updated_content)))
|
465
|
+
updated_content
|
444
466
|
end
|
445
467
|
|
446
468
|
# Duplicated in SubdependencyVersionResolver
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.92.
|
4
|
+
version: 0.92.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-core
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.92.
|
19
|
+
version: 0.92.3
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.92.
|
26
|
+
version: 0.92.3
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|