Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates #9562

Merged
merged 18 commits into from
May 2, 2024
Merged

Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates #9562

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
2fcf64f
Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates
dependabot[bot] Apr 22, 2024
2f80141
#9562: pnpm-lock.yaml added.
Apr 23, 2024
e0c7c21
#9562: Latest dependncy-path v3.0.0 has changed the way it reading th…
Apr 24, 2024
f2aada0
#9562: Removed the test due to dependency-review-action@v4 github act…
Apr 24, 2024
e56d2e2
#9562: As per the review comments, removing unwanted pnpm-lock file a…
Apr 24, 2024
a65a25c
#9562: adding helpers/test/*/fixtures to the paths-ignore.
Apr 24, 2024
3883367
#9562: adding helpers/test/*/fixtures to the paths-ignore in dependen…
Apr 24, 2024
2df51d5
#9562: adding helpers/test/*/fixtures to the paths-ignore in dependen…
Apr 24, 2024
d3085f3
#9562: removed lodash references, As that is not part of test scenario.
Apr 24, 2024
8efde37
Merge branch 'main' into dependabot/npm_and_yarn/npm_and_yarn/helpers…
thavaahariharangit Apr 24, 2024
67698c5
#9562: Testing the workflow file changes. Expecting to ignore the fix…
Apr 24, 2024
895b50b
#9562: Removing the vulnerable dependency from the fixture files.
Apr 26, 2024
6b68d48
#9562: Removing the vulnerable dependency from the fixture files.
Apr 26, 2024
1cf9680
#9562: As per review comments, handled null/undefined check and impro…
Apr 29, 2024
77aad3c
#9562: As per review comments, handled null/undefined check and impro…
Apr 29, 2024
0c43d72
#9562: updated with the meaningfull variable name.
Apr 29, 2024
963a9f2
Merge branch 'main' into dependabot/npm_and_yarn/npm_and_yarn/helpers…
abdulapopoola May 1, 2024
a43cf5a
Merge branch 'main' into dependabot/npm_and_yarn/npm_and_yarn/helpers…
raj-meka May 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions npm_and_yarn/helpers/lib/pnpm/lockfile-parser.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ async function parse(directory) {
});

return Object.entries(lockfile.packages ?? {})
.filter(([depPath, pkgSnapshot]) => dependencyPath.parse(depPath).name) // exclude empty names
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought: can dependencyPath.parse() return null/undefined and do we need to handle that? Answer: no 👍

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Answer yes, I am updating the code now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bdragon Thanks and updated.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry if my comment wasn't clear. I was just checking to see if this was something we needed to handle, but what you had was fine so there was no need to change it.

.map(([depPath, pkgSnapshot]) => nameVerDevFromPkgSnapshot(depPath, pkgSnapshot, Object.values(lockfile.importers)))
}

Expand Down
Loading
Loading