dependabot-npm_and_yarn 0.97.11 → 0.98.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb +12 -9
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 21820ca70f46629dcc2224ed6e46030235984156e28cd1781a4832c1abf0349f
4
- data.tar.gz: 310954ee920e1f1f4c9ddff00f83919d0ceae93d928a1f32e87299fa7dd45332
3
+ metadata.gz: a5c3a4df4b0ab796e9145381a49db80b4e3c5a2cdc072cf80d25d2bc7b0ccb1e
4
+ data.tar.gz: 99e96ee258cf6371d68c0ac1fe5d245f541d04c69f037272508c77e0cb7637b0
5
5
  SHA512:
6
- metadata.gz: cbb1646faa53f69ba316f6f6e5a08922e041c045c6cc2358f85f4a7518e2409a4da9feea07d52755fd27dfe262d5e1a15699f20d60c85e12def9156cf35723ce
7
- data.tar.gz: 6a8f2d1a186fdabc43f9be66b16e6f0e1666d29c2d996287cd180d7b1eecefc12a87aa4a087a6f8ae04310a0a6ef7aa2601a7ac434e53957945a1f26595e73d4
6
+ metadata.gz: 25561d520e94ff8f17cd8e48742961993261988b2a5ced46b7a204af590dc7aee10c40d625e7e21db157587113c858556480ffaff69816f06f916fe7a674559a
7
+ data.tar.gz: aa2270e91a462d26f4597a8208c37dbd94af754eae8a6d8e324284ba78988352897c072ba1cb2e37baaffa20174ab865de0885d97d45fcb80c726f23a6fc47a3
data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb CHANGED
@@ -3,7 +3,6 @@
3
3
  require "json"
4
4
  require "dependabot/dependency_file"
5
5
  require "dependabot/errors"
6
- require "dependabot/npm_and_yarn/native_helpers"
7
6
  require "dependabot/npm_and_yarn/file_fetcher"
8
7
 
9
8
  module Dependabot
@@ -115,16 +114,20 @@ module Dependabot
115
114
  def parsed_yarn_lock
116
115
  return {} unless yarn_lock
117
116
 
117
+ # This is *extremely* crude, but saves us from having to shell out
118
+ # to Yarn, which may not be safe
118
119
  @parsed_yarn_lock ||=
119
- SharedHelpers.in_a_temporary_directory do
120
- File.write("yarn.lock", yarn_lock.content)
121
-
122
- SharedHelpers.run_helper_subprocess(
123
- command: NativeHelpers.helper_path,
124
- function: "yarn:parseLockfile",
125
- args: [Dir.pwd]
126
- )
120
+ begin
121
+ content = yarn_lock.content.
122
+ lines.
123
+ map { |l| l.match?(/^[\w"]/) ? l.split(", ").last : l }.
124
+ join.
125
+ gsub(/(?<=\w|")\s(?=\w|")/, ": ")
126
+
127
+ YAML.safe_load(content)
127
128
  end
129
+ rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias
130
+ @parsed_yarn_lock ||= {}
128
131
  end
129
132
 
130
133
  # The path back to the root lockfile
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.97.11
4
+ version: 0.98.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.97.11
19
+ version: 0.98.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.97.11
26
+ version: 0.98.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement