dependabot-npm_and_yarn 0.95.38 → 0.95.39

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +9 -5
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43000948df07f8f5e73901ba2642157ccd9ff445f0afc57e49068341eb02b5ab
4
- data.tar.gz: 9ccf2c58473dfe18f77297f815ca8222a1173afcd4a8bcbe0a962806cc93a2d5
3
+ metadata.gz: 2290921443159d73086ecbdba38e96c95c5974e920898bdb3db6eb954ee0749d
4
+ data.tar.gz: 1b6c37363bc74eb6fc897fc8d8383215a417e0f74360e51cbcccb0443c44cbbc
5
5
  SHA512:
6
- metadata.gz: 9ce89b2ffd6a64c02f61a295b1e63b2f1be78ea18df634126b71976229eea355f0d1bf35748f8fd9f2e55fc896307161dc18e34d20965d6e8fe10d2aa8e907ab
7
- data.tar.gz: 2e77e3a0688ebe8e009a3e58ade91f2415e4170f9aadf14c7a26af45b947ba92a81d4da3a25f3d39be9bf2c1ad42bf13b8bf7a0942524553504ba3acdf9f9964
6
+ metadata.gz: a6c304fab965e69f111505f9319a2392d6f9db0086b240e3804aa6f845dec72e60844483116e4ec3c2c4d61890f1dd6285aeb37414a40d5b7acc453669adb23c
7
+ data.tar.gz: c74472ed4161591d84c959d1a9b18902b06844e812ae603a0a345e2107ed9721bc254ff056a0f30ec93a7ce9c3afbca33f66796c38dcf07962df2ffa4feb3ede
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED
@@ -465,11 +465,15 @@ module Dependabot
465
465
  # Switch from details back for git dependencies (they will have
466
466
  # changed because we locked them)
467
467
  git_dependencies_to_lock.each do |_, details|
468
- next unless details[:from]
469
-
470
- new_r = /"from": "#{Regexp.quote(details[:from])}#[^\"]+"/
471
- old_r = %("from": "#{details[:from]}")
472
- updated_content = updated_content.gsub(new_r, old_r)
468
+ next unless details[:version] && details[:from]
469
+
470
+ # When locking git dependencies in package.json we set the version
471
+ # to be the git commit from the lockfile "version" field which
472
+ # updates the lockfile "from" field to the new git commit when we
473
+ # run npm install
474
+ locked_from = %("from": "#{details[:version]}")
475
+ original_from = %("from": "#{details[:from]}")
476
+ updated_content = updated_content.gsub(locked_from, original_from)
473
477
  end
474
478
 
475
479
  # Switch back the protocol of tarball resolutions if they've changed
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.38
4
+ version: 0.95.39
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.95.38
19
+ version: 0.95.39
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.95.38
26
+ version: 0.95.39
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement