dependabot-npm_and_yarn 0.98.32 → 0.98.33
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/yarn/helpers.js +43 -1
- data/helpers/lib/yarn/subdependency-updater.js +64 -24
- data/helpers/lib/yarn/updater.js +1 -39
- data/helpers/package.json +0 -1
- data/helpers/test/npm/updater.test.js +4 -4
- data/helpers/test/yarn/updater.test.js +4 -4
- data/helpers/yarn.lock +1 -36
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +2 -16
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e6327a5956505106a441156cb9848c3e4ebaab9f3231e74293cb5aa3dc59089
|
4
|
+
data.tar.gz: fff9e97f74fbfdba88a58dd0343f51b0ae290b881fe5e6320fbd6130f3cdf206
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: daaecb855d18ffdf7ef03bdf0184b8f29b7d5a36f2d34effee5d9ada80a173d27a4771dae4571ca79b194737539f67538186fb3d3a05d9983a413cdebb46d934
|
7
|
+
data.tar.gz: 130f940d6ab13bc6fdddb0afad03bdd14c3b11782a6c3543ab128cdfb63460470378dceee25d9784904fe396d8acae93ba24514eef9c290e01bcb53748456832
|
data/helpers/lib/yarn/helpers.js
CHANGED
@@ -1,5 +1,47 @@
|
|
1
|
+
const { Add } = require("@dependabot/yarn-lib/lib/cli/commands/add");
|
2
|
+
const { Install } = require("@dependabot/yarn-lib/lib/cli/commands/install");
|
3
|
+
|
1
4
|
function isString(value) {
|
2
5
|
return Object.prototype.toString.call(value) === "[object String]";
|
3
6
|
}
|
4
7
|
|
5
|
-
|
8
|
+
// Add is a subclass of the Install CLI command, which is responsible for
|
9
|
+
// adding packages to a package.json and yarn.lock. Upgrading a package is
|
10
|
+
// exactly the same as adding, except the package already exists in the
|
11
|
+
// manifests.
|
12
|
+
//
|
13
|
+
// Usually, calling Add.init() would execute a series of steps: resolve, fetch,
|
14
|
+
// link, run lifecycle scripts, cleanup, then save new manifest (package.json).
|
15
|
+
// We only care about the first and last steps: resolve, then save the new
|
16
|
+
// manifest. Fotunately, overriding bailout() gives us an opportunity to skip
|
17
|
+
// over the intermediate steps in a relatively painless fashion.
|
18
|
+
class LightweightAdd extends Add {
|
19
|
+
// This method is called by init() at the end of the resolve step, and is
|
20
|
+
// responsible for checking if any dependnecies need to be updated locally.
|
21
|
+
// If everything is up to date, it'll save a new lockfile and return true,
|
22
|
+
// which causes init() to skip over the next few steps (fetching and
|
23
|
+
// installing packages). If there are packages that need updating, it'll
|
24
|
+
// return false, and init() will continue on to the fetching and installing
|
25
|
+
// steps.
|
26
|
+
//
|
27
|
+
// Add overrides Install's implementation to always return false - meaning
|
28
|
+
// that it will always continue to the fetch and install steps. We want to
|
29
|
+
// do the opposite - just save the new lockfile and stop there.
|
30
|
+
async bailout(patterns, workspaceLayout) {
|
31
|
+
// This is the only part of the original bailout implementation that
|
32
|
+
// matters: saving the new lockfile
|
33
|
+
await this.saveLockfileAndIntegrity(patterns, workspaceLayout);
|
34
|
+
|
35
|
+
// Skip over the unnecessary steps - fetching and linking packages, etc.
|
36
|
+
return true;
|
37
|
+
}
|
38
|
+
}
|
39
|
+
|
40
|
+
class LightweightInstall extends Install {
|
41
|
+
async bailout(patterns, workspaceLayout) {
|
42
|
+
await this.saveLockfileAndIntegrity(patterns, workspaceLayout);
|
43
|
+
return true;
|
44
|
+
}
|
45
|
+
}
|
46
|
+
|
47
|
+
module.exports = { isString, LightweightAdd, LightweightInstall };
|
@@ -1,28 +1,14 @@
|
|
1
|
-
/* DEPENDENCY FILE UPDATER
|
2
|
-
*
|
3
|
-
* Inputs:
|
4
|
-
* - directory containing a package.json and a yarn.lock
|
5
|
-
* - dependency name
|
6
|
-
*
|
7
|
-
* Outputs:
|
8
|
-
* - yarn.lock file
|
9
|
-
*
|
10
|
-
* Update the sub-dependency versions for this dependency to that latest
|
11
|
-
* possible versions, without unlocking any other dependencies
|
12
|
-
*/
|
13
1
|
const fs = require("fs");
|
2
|
+
const os = require("os");
|
14
3
|
const path = require("path");
|
15
|
-
const { Install } = require("@dependabot/yarn-lib/lib/cli/commands/install");
|
16
4
|
const Config = require("@dependabot/yarn-lib/lib/config").default;
|
17
5
|
const { EventReporter } = require("@dependabot/yarn-lib/lib/reporters");
|
18
6
|
const Lockfile = require("@dependabot/yarn-lib/lib/lockfile").default;
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
}
|
25
|
-
}
|
7
|
+
const fixDuplicates = require("./fix-duplicates");
|
8
|
+
const { LightweightAdd, LightweightInstall } = require("./helpers");
|
9
|
+
const { parse } = require("./lockfile-parser");
|
10
|
+
const stringify = require("@dependabot/yarn-lib/lib/lockfile/stringify")
|
11
|
+
.default;
|
26
12
|
|
27
13
|
// Replace the version comments in the new lockfile with the ones from the old
|
28
14
|
// lockfile. If they weren't present in the old lockfile, delete them.
|
@@ -35,7 +21,42 @@ function recoverVersionComments(oldLockfile, newLockfile) {
|
|
35
21
|
.replace(nodeRegex, () => oldMatch(nodeRegex) || "");
|
36
22
|
}
|
37
23
|
|
38
|
-
|
24
|
+
// Installs exact version and returns lockfile entry
|
25
|
+
async function getLockfileEntryForUpdate(depName, depVersion) {
|
26
|
+
const directory = fs.mkdtempSync(`${os.tmpdir()}${path.sep}`);
|
27
|
+
const readFile = fileName =>
|
28
|
+
fs.readFileSync(path.join(directory, fileName)).toString();
|
29
|
+
|
30
|
+
const flags = {
|
31
|
+
ignoreScripts: true,
|
32
|
+
ignoreWorkspaceRootCheck: true,
|
33
|
+
ignoreEngines: true
|
34
|
+
};
|
35
|
+
const reporter = new EventReporter();
|
36
|
+
const config = new Config(reporter);
|
37
|
+
await config.init({
|
38
|
+
cwd: directory,
|
39
|
+
nonInteractive: true,
|
40
|
+
enableDefaultRc: true
|
41
|
+
});
|
42
|
+
|
43
|
+
// Empty lockfile
|
44
|
+
const lockfile = await Lockfile.fromDirectory(directory, reporter);
|
45
|
+
|
46
|
+
const arg = [`${depName}@${depVersion}`];
|
47
|
+
await new LightweightAdd(arg, flags, config, reporter, lockfile).init();
|
48
|
+
|
49
|
+
const lockfileObject = await parse(directory);
|
50
|
+
const noHeader = true;
|
51
|
+
const enableLockfileVersions = false;
|
52
|
+
return stringify(lockfileObject, noHeader, enableLockfileVersions);
|
53
|
+
}
|
54
|
+
|
55
|
+
async function updateDependencyFile(
|
56
|
+
directory,
|
57
|
+
lockfileName,
|
58
|
+
updatedDependency
|
59
|
+
) {
|
39
60
|
const readFile = fileName =>
|
40
61
|
fs.readFileSync(path.join(directory, fileName)).toString();
|
41
62
|
const originalYarnLock = readFile(lockfileName);
|
@@ -53,16 +74,35 @@ async function updateDependencyFile(directory, lockfileName) {
|
|
53
74
|
enableDefaultRc: true
|
54
75
|
});
|
55
76
|
config.enableLockfileVersions = Boolean(originalYarnLock.match(/^# yarn v/m));
|
77
|
+
const depName = updatedDependency && updatedDependency.name;
|
78
|
+
const depVersion = updatedDependency && updatedDependency.version;
|
79
|
+
|
80
|
+
// SubDependencyVersionResolver relies on the install finding the latest
|
81
|
+
// version of a sub-dependency that's been removed from the lockfile
|
82
|
+
// YarnLockFileUpdater passes a specific version to be updated
|
83
|
+
if (depName && depVersion) {
|
84
|
+
const lockfileEntryForUpdate = await getLockfileEntryForUpdate(
|
85
|
+
depName,
|
86
|
+
depVersion
|
87
|
+
);
|
88
|
+
const lockfileContent = `${originalYarnLock}\n${lockfileEntryForUpdate}`;
|
89
|
+
|
90
|
+
const dedupedYarnLock = fixDuplicates(lockfileContent, depName);
|
91
|
+
fs.writeFileSync(path.join(directory, lockfileName), dedupedYarnLock);
|
92
|
+
}
|
56
93
|
|
57
94
|
const lockfile = await Lockfile.fromDirectory(directory, reporter);
|
58
95
|
const install = new LightweightInstall(flags, config, reporter, lockfile);
|
59
96
|
await install.init();
|
60
|
-
var updatedYarnLock = readFile(lockfileName);
|
61
97
|
|
62
|
-
updatedYarnLock =
|
98
|
+
const updatedYarnLock = readFile(lockfileName);
|
99
|
+
const updatedYarnLockWithVersion = recoverVersionComments(
|
100
|
+
originalYarnLock,
|
101
|
+
updatedYarnLock
|
102
|
+
);
|
63
103
|
|
64
104
|
return {
|
65
|
-
[lockfileName]:
|
105
|
+
[lockfileName]: updatedYarnLockWithVersion
|
66
106
|
};
|
67
107
|
}
|
68
108
|
|
data/helpers/lib/yarn/updater.js
CHANGED
@@ -25,45 +25,7 @@ const Lockfile = require("@dependabot/yarn-lib/lib/lockfile").default;
|
|
25
25
|
const parse = require("@dependabot/yarn-lib/lib/lockfile/parse").default;
|
26
26
|
const fixDuplicates = require("./fix-duplicates");
|
27
27
|
const replaceDeclaration = require("./replace-lockfile-declaration");
|
28
|
-
|
29
|
-
// Add is a subclass of the Install CLI command, which is responsible for
|
30
|
-
// adding packages to a package.json and yarn.lock. Upgrading a package is
|
31
|
-
// exactly the same as adding, except the package already exists in the
|
32
|
-
// manifests.
|
33
|
-
//
|
34
|
-
// Usually, calling Add.init() would execute a series of steps: resolve, fetch,
|
35
|
-
// link, run lifecycle scripts, cleanup, then save new manifest (package.json).
|
36
|
-
// We only care about the first and last steps: resolve, then save the new
|
37
|
-
// manifest. Fotunately, overriding bailout() gives us an opportunity to skip
|
38
|
-
// over the intermediate steps in a relatively painless fashion.
|
39
|
-
class LightweightAdd extends Add {
|
40
|
-
// This method is called by init() at the end of the resolve step, and is
|
41
|
-
// responsible for checking if any dependnecies need to be updated locally.
|
42
|
-
// If everything is up to date, it'll save a new lockfile and return true,
|
43
|
-
// which causes init() to skip over the next few steps (fetching and
|
44
|
-
// installing packages). If there are packages that need updating, it'll
|
45
|
-
// return false, and init() will continue on to the fetching and installing
|
46
|
-
// steps.
|
47
|
-
//
|
48
|
-
// Add overrides Install's implementation to always return false - meaning
|
49
|
-
// that it will always continue to the fetch and install steps. We want to
|
50
|
-
// do the opposite - just save the new lockfile and stop there.
|
51
|
-
async bailout(patterns, workspaceLayout) {
|
52
|
-
// This is the only part of the original bailout implementation that
|
53
|
-
// matters: saving the new lockfile
|
54
|
-
await this.saveLockfileAndIntegrity(patterns, workspaceLayout);
|
55
|
-
|
56
|
-
// Skip over the unnecessary steps - fetching and linking packages, etc.
|
57
|
-
return true;
|
58
|
-
}
|
59
|
-
}
|
60
|
-
|
61
|
-
class LightweightInstall extends Install {
|
62
|
-
async bailout(patterns, workspaceLayout) {
|
63
|
-
await this.saveLockfileAndIntegrity(patterns, workspaceLayout);
|
64
|
-
return true;
|
65
|
-
}
|
66
|
-
}
|
28
|
+
const { LightweightAdd, LightweightInstall } = require("./helpers");
|
67
29
|
|
68
30
|
function flattenAllDependencies(manifest) {
|
69
31
|
return Object.assign(
|
data/helpers/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
const path = require("path");
|
2
2
|
const os = require("os");
|
3
|
-
const fs = require("fs
|
3
|
+
const fs = require("fs");
|
4
4
|
const nock = require("nock");
|
5
5
|
const {
|
6
6
|
updateDependencyFiles,
|
@@ -17,20 +17,20 @@ describe("updater", () => {
|
|
17
17
|
|
18
18
|
tempDir = fs.mkdtempSync(os.tmpdir() + path.sep);
|
19
19
|
});
|
20
|
-
afterEach(() => fs.
|
20
|
+
afterEach(() => fs.rmdirSync(tempDir));
|
21
21
|
|
22
22
|
async function copyDependencies(sourceDir, destDir) {
|
23
23
|
const srcPackageJson = path.join(
|
24
24
|
__dirname,
|
25
25
|
`fixtures/updater/${sourceDir}/package.json`
|
26
26
|
);
|
27
|
-
await fs.
|
27
|
+
await fs.copyFile(srcPackageJson, `${destDir}/package.json`);
|
28
28
|
|
29
29
|
const srcLockfile = path.join(
|
30
30
|
__dirname,
|
31
31
|
`fixtures/updater/${sourceDir}/package-lock.json`
|
32
32
|
);
|
33
|
-
await fs.
|
33
|
+
await fs.copyFile(srcLockfile, `${destDir}/package-lock.json`);
|
34
34
|
}
|
35
35
|
|
36
36
|
it("generates an updated package-lock.json", async () => {
|
@@ -1,6 +1,6 @@
|
|
1
1
|
const path = require("path");
|
2
2
|
const os = require("os");
|
3
|
-
const fs = require("fs
|
3
|
+
const fs = require("fs");
|
4
4
|
const nock = require("nock");
|
5
5
|
const {
|
6
6
|
updateDependencyFiles,
|
@@ -20,20 +20,20 @@ describe("updater", () => {
|
|
20
20
|
|
21
21
|
tempDir = fs.mkdtempSync(os.tmpdir() + path.sep);
|
22
22
|
});
|
23
|
-
afterEach(() => fs.
|
23
|
+
afterEach(() => fs.rmdirSync(tempDir));
|
24
24
|
|
25
25
|
async function copyDependencies(sourceDir, destDir) {
|
26
26
|
const srcPackageJson = path.join(
|
27
27
|
__dirname,
|
28
28
|
`fixtures/updater/${sourceDir}/package.json`
|
29
29
|
);
|
30
|
-
await fs.
|
30
|
+
await fs.copyFile(srcPackageJson, `${destDir}/package.json`);
|
31
31
|
|
32
32
|
const srcYarnLock = path.join(
|
33
33
|
__dirname,
|
34
34
|
`fixtures/updater/${sourceDir}/yarn.lock`
|
35
35
|
);
|
36
|
-
await fs.
|
36
|
+
await fs.copyFile(srcYarnLock, `${destDir}/yarn.lock`);
|
37
37
|
}
|
38
38
|
|
39
39
|
it("generates an updated yarn.lock", async () => {
|
data/helpers/yarn.lock
CHANGED
@@ -2039,15 +2039,6 @@ fs-constants@^1.0.0:
|
|
2039
2039
|
resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad"
|
2040
2040
|
integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==
|
2041
2041
|
|
2042
|
-
fs-extra@^7.0.1:
|
2043
|
-
version "7.0.1"
|
2044
|
-
resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-7.0.1.tgz#4f189c44aa123b895f722804f55ea23eadc348e9"
|
2045
|
-
integrity sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw==
|
2046
|
-
dependencies:
|
2047
|
-
graceful-fs "^4.1.2"
|
2048
|
-
jsonfile "^4.0.0"
|
2049
|
-
universalify "^0.1.0"
|
2050
|
-
|
2051
2042
|
fs-minipass@^1.2.5:
|
2052
2043
|
version "1.2.5"
|
2053
2044
|
resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-1.2.5.tgz#06c277218454ec288df77ada54a03b8702aacb9d"
|
@@ -2233,7 +2224,7 @@ got@^6.7.1:
|
|
2233
2224
|
unzip-response "^2.0.1"
|
2234
2225
|
url-parse-lax "^1.0.0"
|
2235
2226
|
|
2236
|
-
graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2
|
2227
|
+
graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2:
|
2237
2228
|
version "4.1.15"
|
2238
2229
|
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00"
|
2239
2230
|
integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==
|
@@ -3373,13 +3364,6 @@ json5@^2.1.0:
|
|
3373
3364
|
dependencies:
|
3374
3365
|
minimist "^1.2.0"
|
3375
3366
|
|
3376
|
-
jsonfile@^4.0.0:
|
3377
|
-
version "4.0.0"
|
3378
|
-
resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-4.0.0.tgz#8771aae0799b64076b76640fca058f9c10e33ecb"
|
3379
|
-
integrity sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=
|
3380
|
-
optionalDependencies:
|
3381
|
-
graceful-fs "^4.1.6"
|
3382
|
-
|
3383
3367
|
jsonparse@^1.2.0:
|
3384
3368
|
version "1.3.1"
|
3385
3369
|
resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280"
|
@@ -4303,7 +4287,6 @@ npm@^6.9.0:
|
|
4303
4287
|
cmd-shim "~2.0.2"
|
4304
4288
|
columnify "~1.5.4"
|
4305
4289
|
config-chain "^1.1.12"
|
4306
|
-
debuglog "*"
|
4307
4290
|
detect-indent "~5.0.0"
|
4308
4291
|
detect-newline "^2.1.0"
|
4309
4292
|
dezalgo "~1.0.3"
|
@@ -4318,7 +4301,6 @@ npm@^6.9.0:
|
|
4318
4301
|
has-unicode "~2.0.1"
|
4319
4302
|
hosted-git-info "^2.7.1"
|
4320
4303
|
iferr "^1.0.2"
|
4321
|
-
imurmurhash "*"
|
4322
4304
|
inflight "~1.0.6"
|
4323
4305
|
inherits "~2.0.3"
|
4324
4306
|
ini "^1.3.5"
|
@@ -4328,22 +4310,12 @@ npm@^6.9.0:
|
|
4328
4310
|
lazy-property "~1.0.0"
|
4329
4311
|
libcipm "^3.0.3"
|
4330
4312
|
libnpm "^2.0.1"
|
4331
|
-
libnpmaccess "*"
|
4332
4313
|
libnpmhook "^5.0.2"
|
4333
|
-
libnpmorg "*"
|
4334
|
-
libnpmsearch "*"
|
4335
|
-
libnpmteam "*"
|
4336
4314
|
libnpx "^10.2.0"
|
4337
4315
|
lock-verify "^2.1.0"
|
4338
4316
|
lockfile "^1.0.4"
|
4339
|
-
lodash._baseindexof "*"
|
4340
4317
|
lodash._baseuniq "~4.6.0"
|
4341
|
-
lodash._bindcallback "*"
|
4342
|
-
lodash._cacheindexof "*"
|
4343
|
-
lodash._createcache "*"
|
4344
|
-
lodash._getnative "*"
|
4345
4318
|
lodash.clonedeep "~4.5.0"
|
4346
|
-
lodash.restparam "*"
|
4347
4319
|
lodash.union "~4.6.0"
|
4348
4320
|
lodash.uniq "~4.5.0"
|
4349
4321
|
lodash.without "~4.4.0"
|
@@ -4362,7 +4334,6 @@ npm@^6.9.0:
|
|
4362
4334
|
npm-package-arg "^6.1.0"
|
4363
4335
|
npm-packlist "^1.4.1"
|
4364
4336
|
npm-pick-manifest "^2.2.3"
|
4365
|
-
npm-profile "*"
|
4366
4337
|
npm-registry-fetch "^3.9.0"
|
4367
4338
|
npm-user-validate "~1.0.0"
|
4368
4339
|
npmlog "~4.1.2"
|
@@ -4381,7 +4352,6 @@ npm@^6.9.0:
|
|
4381
4352
|
read-package-json "^2.0.13"
|
4382
4353
|
read-package-tree "^5.2.2"
|
4383
4354
|
readable-stream "^3.1.1"
|
4384
|
-
readdir-scoped-modules "*"
|
4385
4355
|
request "^2.88.0"
|
4386
4356
|
retry "^0.12.0"
|
4387
4357
|
rimraf "^2.6.3"
|
@@ -6121,11 +6091,6 @@ unique-string@^1.0.0:
|
|
6121
6091
|
dependencies:
|
6122
6092
|
crypto-random-string "^1.0.0"
|
6123
6093
|
|
6124
|
-
universalify@^0.1.0:
|
6125
|
-
version "0.1.2"
|
6126
|
-
resolved "https://registry.yarnpkg.com/universalify/-/universalify-0.1.2.tgz#b646f69be3942dabcecc9d6639c80dc105efaa66"
|
6127
|
-
integrity sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==
|
6128
|
-
|
6129
6094
|
unpipe@~1.0.0:
|
6130
6095
|
version "1.0.0"
|
6131
6096
|
resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
|
@@ -149,7 +149,7 @@ module Dependabot
|
|
149
149
|
SharedHelpers.run_helper_subprocess(
|
150
150
|
command: NativeHelpers.helper_path,
|
151
151
|
function: "yarn:updateSubdependency",
|
152
|
-
args: [Dir.pwd, lockfile_name]
|
152
|
+
args: [Dir.pwd, lockfile_name, sub_dependencies.first.to_h]
|
153
153
|
)
|
154
154
|
end
|
155
155
|
|
@@ -314,21 +314,7 @@ module Dependabot
|
|
314
314
|
def write_lockfiles
|
315
315
|
yarn_locks.each do |f|
|
316
316
|
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
317
|
-
|
318
|
-
if top_level_dependencies.any?
|
319
|
-
File.write(f.name, f.content)
|
320
|
-
else
|
321
|
-
File.write(f.name, prepared_yarn_lockfile_content(f.content))
|
322
|
-
end
|
323
|
-
end
|
324
|
-
end
|
325
|
-
|
326
|
-
# Duplicated in SubdependencyVersionResolver
|
327
|
-
# Remove the dependency we want to update from the lockfile and let
|
328
|
-
# yarn find the latest resolvable version and fix the lockfile
|
329
|
-
def prepared_yarn_lockfile_content(content)
|
330
|
-
sub_dependencies.map(&:name).reduce(content) do |result, name|
|
331
|
-
result.gsub(/^#{Regexp.quote(name)}\@.*?\n\n/m, "")
|
317
|
+
File.write(f.name, f.content)
|
332
318
|
end
|
333
319
|
end
|
334
320
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.98.
|
4
|
+
version: 0.98.33
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.98.
|
19
|
+
version: 0.98.33
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.98.
|
26
|
+
version: 0.98.33
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|