dependabot-npm_and_yarn 0.97.11 → 0.98.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a5c3a4df4b0ab796e9145381a49db80b4e3c5a2cdc072cf80d25d2bc7b0ccb1e
|
4
|
+
data.tar.gz: 99e96ee258cf6371d68c0ac1fe5d245f541d04c69f037272508c77e0cb7637b0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 25561d520e94ff8f17cd8e48742961993261988b2a5ced46b7a204af590dc7aee10c40d625e7e21db157587113c858556480ffaff69816f06f916fe7a674559a
|
7
|
+
data.tar.gz: aa2270e91a462d26f4597a8208c37dbd94af754eae8a6d8e324284ba78988352897c072ba1cb2e37baaffa20174ab865de0885d97d45fcb80c726f23a6fc47a3
|
@@ -3,7 +3,6 @@
|
|
3
3
|
require "json"
|
4
4
|
require "dependabot/dependency_file"
|
5
5
|
require "dependabot/errors"
|
6
|
-
require "dependabot/npm_and_yarn/native_helpers"
|
7
6
|
require "dependabot/npm_and_yarn/file_fetcher"
|
8
7
|
|
9
8
|
module Dependabot
|
@@ -115,16 +114,20 @@ module Dependabot
|
|
115
114
|
def parsed_yarn_lock
|
116
115
|
return {} unless yarn_lock
|
117
116
|
|
117
|
+
# This is *extremely* crude, but saves us from having to shell out
|
118
|
+
# to Yarn, which may not be safe
|
118
119
|
@parsed_yarn_lock ||=
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
)
|
120
|
+
begin
|
121
|
+
content = yarn_lock.content.
|
122
|
+
lines.
|
123
|
+
map { |l| l.match?(/^[\w"]/) ? l.split(", ").last : l }.
|
124
|
+
join.
|
125
|
+
gsub(/(?<=\w|")\s(?=\w|")/, ": ")
|
126
|
+
|
127
|
+
YAML.safe_load(content)
|
127
128
|
end
|
129
|
+
rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
|
130
|
+
@parsed_yarn_lock ||= {}
|
128
131
|
end
|
129
132
|
|
130
133
|
# The path back to the root lockfile
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.98.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.98.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.98.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|