From e94ddeaca1e75ecc8f54ebcb3df222965e3635d1 Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 28 Sep 2021 10:05:08 -0700 Subject: [PATCH] deps: @npmcli/arborist@2.9.0 * fix: avoid infinite loops in peer dep replacements * fix: use Intl.Collator for string sorting when available * feat(vuln): expose isDirect --- .../@isaacs/string-locale-compare/LICENSE | 15 +++++ .../@isaacs/string-locale-compare/index.js | 22 +++++++ .../string-locale-compare/package.json | 28 +++++++++ .../@npmcli/arborist/lib/add-rm-pkg-deps.js | 4 +- .../arborist/lib/arborist/build-ideal-tree.js | 14 +++-- .../arborist/lib/arborist/load-virtual.js | 5 +- .../@npmcli/arborist/lib/arborist/rebuild.js | 4 +- .../@npmcli/arborist/lib/audit-report.js | 3 +- .../@npmcli/arborist/lib/can-place-dep.js | 5 +- .../@npmcli/arborist/lib/place-dep.js | 63 ++++++++++++++++--- .../@npmcli/arborist/lib/printable.js | 9 +-- .../@npmcli/arborist/lib/shrinkwrap.js | 3 +- node_modules/@npmcli/arborist/lib/vuln.js | 22 +++++-- .../@npmcli/arborist/lib/yarn-lock.js | 13 ++-- node_modules/@npmcli/arborist/package.json | 3 +- package-lock.json | 27 +++++--- package.json | 2 +- 17 files changed, 197 insertions(+), 45 deletions(-) create mode 100644 node_modules/@isaacs/string-locale-compare/LICENSE create mode 100644 node_modules/@isaacs/string-locale-compare/index.js create mode 100644 node_modules/@isaacs/string-locale-compare/package.json diff --git a/node_modules/@isaacs/string-locale-compare/LICENSE b/node_modules/@isaacs/string-locale-compare/LICENSE new file mode 100644 index 0000000000000..05eeeb88c2ef4 --- /dev/null +++ b/node_modules/@isaacs/string-locale-compare/LICENSE @@ -0,0 +1,15 @@ +The ISC License + +Copyright (c) Isaac Z. Schlueter + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR +IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/node_modules/@isaacs/string-locale-compare/index.js b/node_modules/@isaacs/string-locale-compare/index.js new file mode 100644 index 0000000000000..a6cec27efb8ec --- /dev/null +++ b/node_modules/@isaacs/string-locale-compare/index.js @@ -0,0 +1,22 @@ +const hasIntl = typeof Intl === 'object' && !!Intl +const Collator = hasIntl && Intl.Collator +const cache = new Map() + +const collatorCompare = locale => { + const collator = new Collator(locale) + return (a, b) => collator.compare(a, b) +} + +const localeCompare = locale => (a, b) => a.localeCompare(b, locale) + +module.exports = locale => { + if (!locale || typeof locale !== 'string') + throw new TypeError('locale required') + + if (cache.has(locale)) + return cache.get(locale) + + const compare = hasIntl ? collatorCompare(locale) : localeCompare(locale) + cache.set(locale, compare) + return compare +} diff --git a/node_modules/@isaacs/string-locale-compare/package.json b/node_modules/@isaacs/string-locale-compare/package.json new file mode 100644 index 0000000000000..a322c1c92d3cc --- /dev/null +++ b/node_modules/@isaacs/string-locale-compare/package.json @@ -0,0 +1,28 @@ +{ + "name": "@isaacs/string-locale-compare", + "version": "1.0.1", + "files": [ + "index.js" + ], + "main": "index.js", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "repository": { + "type": "git", + "url": "git+https://github.com/isaacs/string-locale-compare" + }, + "author": "Isaac Z. Schlueter (https://izs.me)", + "license": "ISC", + "scripts": { + "test": "tap", + "snap": "tap", + "preversion": "npm test", + "postversion": "npm publish", + "prepublishOnly": "git push origin --follow-tags" + }, + "tap": { + "check-coverage": true + }, + "devDependencies": { + "tap": "^15.0.9" + } +} diff --git a/node_modules/@npmcli/arborist/lib/add-rm-pkg-deps.js b/node_modules/@npmcli/arborist/lib/add-rm-pkg-deps.js index c1b64a461af8a..3c1cbd44abcc9 100644 --- a/node_modules/@npmcli/arborist/lib/add-rm-pkg-deps.js +++ b/node_modules/@npmcli/arborist/lib/add-rm-pkg-deps.js @@ -1,5 +1,7 @@ // add and remove dependency specs to/from pkg manifest +const localeCompare = require('@isaacs/string-locale-compare')('en') + const add = ({pkg, add, saveBundle, saveType, log}) => { for (const spec of add) { addSingle({pkg, spec, saveBundle, saveType, log}) @@ -79,7 +81,7 @@ const addSingle = ({pkg, spec, saveBundle, saveType, log}) => { // keep it sorted, keep it unique const bd = new Set(pkg.bundleDependencies || []) bd.add(spec.name) - pkg.bundleDependencies = [...bd].sort((a, b) => a.localeCompare(b, 'en')) + pkg.bundleDependencies = [...bd].sort(localeCompare) } } diff --git a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js index c45024d16e86b..b7876b1147e10 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js +++ b/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js @@ -1,4 +1,5 @@ // mixin implementing the buildIdealTree method +const localeCompare = require('@isaacs/string-locale-compare')('en') const rpj = require('read-package-json-fast') const npa = require('npm-package-arg') const pacote = require('pacote') @@ -771,7 +772,7 @@ This is a one-time fix-up, please be patient... // sort physically shallower deps up to the front of the queue, // because they'll affect things deeper in, then alphabetical this[_depsQueue].sort((a, b) => - (a.depth - b.depth) || a.path.localeCompare(b.path, 'en')) + (a.depth - b.depth) || localeCompare(a.path, b.path)) const node = this[_depsQueue].shift() const bd = node.package.bundleDependencies @@ -916,7 +917,7 @@ This is a one-time fix-up, please be patient... } const placeDeps = tasks - .sort((a, b) => a.edge.name.localeCompare(b.edge.name, 'en')) + .sort((a, b) => localeCompare(a.edge.name, b.edge.name)) .map(({ edge, dep }) => new PlaceDep({ edge, dep, @@ -993,8 +994,13 @@ This is a one-time fix-up, please be patient... return } - // lastly, also check for the missing deps of the node we placed + // lastly, also check for the missing deps of the node we placed, + // and any holes created by pruning out conflicted peer sets. this[_depsQueue].push(placed) + for (const dep of pd.needEvaluation) { + this[_depsSeen].delete(dep) + this[_depsQueue].push(dep) + } // pre-fetch any problem edges, since we'll need these soon // if it fails at this point, though, dont' worry because it @@ -1242,7 +1248,7 @@ This is a one-time fix-up, please be patient... // we typically only install non-optional peers, but we have to // factor them into the peerSet so that we can avoid conflicts .filter(e => e.peer && !(e.valid && e.to)) - .sort(({name: a}, {name: b}) => a.localeCompare(b, 'en')) + .sort(({name: a}, {name: b}) => localeCompare(a, b)) for (const edge of peerEdges) { // already placed this one, and we're happy with it. diff --git a/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js b/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js index fa0aa0746e11a..f1960116737e8 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js +++ b/node_modules/@npmcli/arborist/lib/arborist/load-virtual.js @@ -1,4 +1,5 @@ // mixin providing the loadVirtual method +const localeCompare = require('@isaacs/string-locale-compare')('en') const {resolve} = require('path') @@ -167,12 +168,12 @@ module.exports = cls => class VirtualLoader extends cls { ...depsToEdges('peerOptional', peerOptional), ...lockWS, ].sort(([atype, aname], [btype, bname]) => - atype.localeCompare(btype, 'en') || aname.localeCompare(bname, 'en')) + localeCompare(atype, btype) || localeCompare(aname, bname)) const rootEdges = [...root.edgesOut.values()] .map(e => [e.type, e.name, e.spec]) .sort(([atype, aname], [btype, bname]) => - atype.localeCompare(btype, 'en') || aname.localeCompare(bname, 'en')) + localeCompare(atype, btype) || localeCompare(aname, bname)) if (rootEdges.length !== lockEdges.length) { // something added or removed diff --git a/node_modules/@npmcli/arborist/lib/arborist/rebuild.js b/node_modules/@npmcli/arborist/lib/arborist/rebuild.js index 743794f4bda51..e48bdd76b538c 100644 --- a/node_modules/@npmcli/arborist/lib/arborist/rebuild.js +++ b/node_modules/@npmcli/arborist/lib/arborist/rebuild.js @@ -1,6 +1,7 @@ // Arborist.rebuild({path = this.path}) will do all the binlinks and // bundle building needed. Called by reify, and by `npm rebuild`. +const localeCompare = require('@isaacs/string-locale-compare')('en') const {depth: dfwalk} = require('treeverse') const promiseAllRejectLate = require('promise-all-reject-late') const rpj = require('read-package-json-fast') @@ -14,7 +15,8 @@ const { } = require('@npmcli/node-gyp') const boolEnv = b => b ? '1' : '' -const sortNodes = (a, b) => (a.depth - b.depth) || a.path.localeCompare(b.path, 'en') +const sortNodes = (a, b) => + (a.depth - b.depth) || localeCompare(a.path, b.path) const _workspaces = Symbol.for('workspaces') const _build = Symbol('build') diff --git a/node_modules/@npmcli/arborist/lib/audit-report.js b/node_modules/@npmcli/arborist/lib/audit-report.js index 2e6c207b33eb3..de97cdc29e3a5 100644 --- a/node_modules/@npmcli/arborist/lib/audit-report.js +++ b/node_modules/@npmcli/arborist/lib/audit-report.js @@ -1,6 +1,7 @@ // an object representing the set of vulnerabilities in a tree /* eslint camelcase: "off" */ +const localeCompare = require('@isaacs/string-locale-compare')('en') const npa = require('npm-package-arg') const pickManifest = require('npm-pick-manifest') @@ -79,7 +80,7 @@ class AuditReport extends Map { } obj.vulnerabilities = vulnerabilities - .sort(([a], [b]) => a.localeCompare(b, 'en')) + .sort(([a], [b]) => localeCompare(a, b)) .reduce((set, [name, vuln]) => { set[name] = vuln return set diff --git a/node_modules/@npmcli/arborist/lib/can-place-dep.js b/node_modules/@npmcli/arborist/lib/can-place-dep.js index 7e2e1a0e2d29b..6be59093c034f 100644 --- a/node_modules/@npmcli/arborist/lib/can-place-dep.js +++ b/node_modules/@npmcli/arborist/lib/can-place-dep.js @@ -35,6 +35,7 @@ // then we will return REPLACE rather than CONFLICT, and Arborist will queue // the replaced node for resolution elsewhere. +const localeCompare = require('@isaacs/string-locale-compare')('en') const semver = require('semver') const debug = require('./debug.js') const peerEntrySets = require('./peer-entry-sets.js') @@ -79,7 +80,7 @@ class CanPlaceDep { this._treeSnapshot = JSON.stringify([...target.root.inventory.entries()] .map(([loc, {packageName, version, resolved}]) => { return [loc, packageName, version, resolved] - }).sort(([a], [b]) => a.localeCompare(b, 'en'))) + }).sort(([a], [b]) => localeCompare(a, b))) }) // the result of whether we can place it or not @@ -119,7 +120,7 @@ class CanPlaceDep { const treeSnapshot = JSON.stringify([...target.root.inventory.entries()] .map(([loc, {packageName, version, resolved}]) => { return [loc, packageName, version, resolved] - }).sort(([a], [b]) => a.localeCompare(b, 'en'))) + }).sort(([a], [b]) => localeCompare(a, b))) /* istanbul ignore if */ if (this._treeSnapshot !== treeSnapshot) { throw Object.assign(new Error('tree changed in CanPlaceDep'), { diff --git a/node_modules/@npmcli/arborist/lib/place-dep.js b/node_modules/@npmcli/arborist/lib/place-dep.js index d7cc7d935afc8..6edd94a38e749 100644 --- a/node_modules/@npmcli/arborist/lib/place-dep.js +++ b/node_modules/@npmcli/arborist/lib/place-dep.js @@ -7,6 +7,7 @@ // and saves a set of what was placed and what needs re-evaluation as // a result. +const localeCompare = require('@isaacs/string-locale-compare')('en') const log = require('proc-log') const deepestNestingTarget = require('./deepest-nesting-target.js') const CanPlaceDep = require('./can-place-dep.js') @@ -63,6 +64,8 @@ class PlaceDep { this.parent = parent this.peerConflict = null + this.needEvaluation = new Set() + this.checks = new Map() this.place() @@ -365,6 +368,8 @@ class PlaceDep { } replaceOldDep () { + const target = this.oldDep.parent + // XXX handle replacing an entire peer group? // what about cases where we need to push some other peer groups deeper // into the tree? all the tree updating should be done here, and track @@ -383,8 +388,47 @@ class PlaceDep { oldDeps.push(...gatherDepSet([edge.to], e => e.to !== edge.to)) } } + + // gather all peer edgesIn which are at this level, and will not be + // satisfied by the new dependency. Those are the peer sets that need + // to be either warned about (if they cannot go deeper), or removed and + // re-placed (if they can). + const prunePeerSets = [] + for (const edge of this.oldDep.edgesIn) { + if (this.placed.satisfies(edge) || + !edge.peer || + edge.from.parent !== target || + edge.overridden) { + // not a peer dep, not invalid, or not from this level, so it's fine + // to just let it re-evaluate as a problemEdge later, or let it be + // satisfied by the new dep being placed. + continue + } + for (const entryEdge of peerEntrySets(edge.from).keys()) { + // either this one needs to be pruned and re-evaluated, or marked + // as overridden and warned about. If the entryEdge comes in from + // the root, then we have to leave it alone, and in that case, it + // will have already warned or crashed by getting to this point. + const entryNode = entryEdge.to + const deepestTarget = deepestNestingTarget(entryNode) + if (deepestTarget !== target && !entryEdge.from.isRoot) { + prunePeerSets.push(...gatherDepSet([entryNode], e => { + return e.to !== entryNode && !e.overridden + })) + } else { + this.warnPeerConflict(edge, this.dep) + } + } + } + this.placed.replace(this.oldDep) this.pruneForReplacement(this.placed, oldDeps) + for (const dep of prunePeerSets) { + for (const edge of dep.edgesIn) { + this.needEvaluation.add(edge.from) + } + dep.root = null + } } pruneForReplacement (node, oldDeps) { @@ -430,7 +474,7 @@ class PlaceDep { // sort these so that they're deterministically ordered // otherwise, resulting tree shape is dependent on the order // in which they happened to be resolved. - const nodeSort = (a, b) => a.location.localeCompare(b.location, 'en') + const nodeSort = (a, b) => localeCompare(a.location, b.location) const children = [...node.children.values()].sort(nodeSort) for (const child of children) { @@ -485,19 +529,22 @@ class PlaceDep { return false } - warnPeerConflict () { - this.edge.overridden = true - const expl = this.explainPeerConflict() + warnPeerConflict (edge, dep) { + edge = edge || this.edge + dep = dep || this.dep + edge.overridden = true + const expl = this.explainPeerConflict(edge, dep) log.warn('ERESOLVE', 'overriding peer dependency', expl) } - failPeerConflict () { - const expl = this.explainPeerConflict() + failPeerConflict (edge, dep) { + edge = edge || this.top.edge + dep = dep || this.top.dep + const expl = this.explainPeerConflict(edge, dep) throw Object.assign(new Error('could not resolve'), expl) } - explainPeerConflict () { - const { edge, dep } = this.top + explainPeerConflict (edge, dep) { const { from: node } = edge const curNode = node.resolve(edge.name) diff --git a/node_modules/@npmcli/arborist/lib/printable.js b/node_modules/@npmcli/arborist/lib/printable.js index af24ccb959288..74925d96d2587 100644 --- a/node_modules/@npmcli/arborist/lib/printable.js +++ b/node_modules/@npmcli/arborist/lib/printable.js @@ -1,6 +1,7 @@ // helper function to output a clearer visualization // of the current node and its descendents +const localeCompare = require('@isaacs/string-locale-compare')('en') const util = require('util') const relpath = require('./relpath.js') @@ -67,14 +68,14 @@ class ArboristNode { // edgesOut sorted by name if (tree.edgesOut.size) { this.edgesOut = new Map([...tree.edgesOut.entries()] - .sort(([a], [b]) => a.localeCompare(b, 'en')) + .sort(([a], [b]) => localeCompare(a, b)) .map(([name, edge]) => [name, new EdgeOut(edge)])) } // edgesIn sorted by location if (tree.edgesIn.size) { this.edgesIn = new Set([...tree.edgesIn] - .sort((a, b) => a.from.location.localeCompare(b.from.location, 'en')) + .sort((a, b) => localeCompare(a.from.location, b.from.location)) .map(edge => new EdgeIn(edge))) } @@ -86,14 +87,14 @@ class ArboristNode { // fsChildren sorted by path if (tree.fsChildren.size) { this.fsChildren = new Set([...tree.fsChildren] - .sort(({path: a}, {path: b}) => a.localeCompare(b, 'en')) + .sort(({path: a}, {path: b}) => localeCompare(a, b)) .map(tree => printableTree(tree, path))) } // children sorted by name if (tree.children.size) { this.children = new Map([...tree.children.entries()] - .sort(([a], [b]) => a.localeCompare(b, 'en')) + .sort(([a], [b]) => localeCompare(a, b)) .map(([name, tree]) => [name, printableTree(tree, path)])) } } diff --git a/node_modules/@npmcli/arborist/lib/shrinkwrap.js b/node_modules/@npmcli/arborist/lib/shrinkwrap.js index 6e7e0e31f166b..ed28130249ea0 100644 --- a/node_modules/@npmcli/arborist/lib/shrinkwrap.js +++ b/node_modules/@npmcli/arborist/lib/shrinkwrap.js @@ -9,6 +9,7 @@ // We cannot bump to v3 until npm v6 is out of common usage, and // definitely not before npm v8. +const localeCompare = require('@isaacs/string-locale-compare')('en') const lockfileVersion = 2 // for comparing nodes to yarn.lock entries @@ -911,7 +912,7 @@ class Shrinkwrap { /* istanbul ignore next - sort calling order is indeterminate */ return aloc.length > bloc.length ? 1 : bloc.length > aloc.length ? -1 - : aloc[aloc.length - 1].localeCompare(bloc[bloc.length - 1], 'en') + : localeCompare(aloc[aloc.length - 1], bloc[bloc.length - 1]) })[0] const res = consistentResolve(node.resolved, this.path, this.path, true) diff --git a/node_modules/@npmcli/arborist/lib/vuln.js b/node_modules/@npmcli/arborist/lib/vuln.js index da44e7c34d63c..a818cf318eb89 100644 --- a/node_modules/@npmcli/arborist/lib/vuln.js +++ b/node_modules/@npmcli/arborist/lib/vuln.js @@ -14,6 +14,7 @@ const {satisfies, simplifyRange} = require('semver') const semverOpt = { loose: true, includePrerelease: true } +const localeCompare = require('@isaacs/string-locale-compare')('en') const npa = require('npm-package-arg') const _range = Symbol('_range') const _simpleRange = Symbol('_simpleRange') @@ -81,6 +82,17 @@ class Vuln { } } + get isDirect () { + for (const node of this.nodes.values()) { + for (const edge of node.edgesIn) { + if (edge.from.isProjectRoot || edge.from.isWorkspace) { + return true + } + } + } + return false + } + testSpec (spec) { const specObj = npa(spec) if (!specObj.registry) { @@ -100,10 +112,10 @@ class Vuln { } toJSON () { - // sort so that they're always in a consistent order return { name: this.name, severity: this.severity, + isDirect: this.isDirect, // just loop over the advisories, since via is only Vuln objects, // and calculated advisories have all the info we need via: [...this.advisories].map(v => v.type === 'metavuln' ? v.dependency : { @@ -112,12 +124,10 @@ class Vuln { vulnerableVersions: undefined, id: undefined, }).sort((a, b) => - String(a.source || a).localeCompare(String(b.source || b, 'en'))), - effects: [...this.effects].map(v => v.name) - .sort(/* istanbul ignore next */(a, b) => a.localeCompare(b, 'en')), + localeCompare(String(a.source || a), String(b.source || b))), + effects: [...this.effects].map(v => v.name).sort(localeCompare), range: this.simpleRange, - nodes: [...this.nodes].map(n => n.location) - .sort(/* istanbul ignore next */(a, b) => a.localeCompare(b, 'en')), + nodes: [...this.nodes].map(n => n.location).sort(localeCompare), fixAvailable: this[_fixAvailable], } } diff --git a/node_modules/@npmcli/arborist/lib/yarn-lock.js b/node_modules/@npmcli/arborist/lib/yarn-lock.js index 384ba447d72fa..1eed0664083ac 100644 --- a/node_modules/@npmcli/arborist/lib/yarn-lock.js +++ b/node_modules/@npmcli/arborist/lib/yarn-lock.js @@ -28,13 +28,14 @@ // is an impenetrable 10kloc of webpack flow output, which is overkill // for something relatively simple and tailored to Arborist's use case. +const localeCompare = require('@isaacs/string-locale-compare')('en') const consistentResolve = require('./consistent-resolve.js') const {dirname} = require('path') const {breadth} = require('treeverse') // sort a key/value object into a string of JSON stringified keys and vals const sortKV = obj => Object.keys(obj) - .sort((a, b) => a.localeCompare(b, 'en')) + .sort(localeCompare) .map(k => ` ${JSON.stringify(k)} ${JSON.stringify(obj[k])}`) .join('\n') @@ -170,7 +171,7 @@ class YarnLock { toString () { return prefix + [...new Set([...this.entries.values()])] .map(e => e.toString()) - .sort((a, b) => a.localeCompare(b, 'en')).join('\n\n') + '\n' + .sort(localeCompare).join('\n\n') + '\n' } fromTree (tree) { @@ -180,7 +181,7 @@ class YarnLock { tree, visit: node => this.addEntryFromNode(node), getChildren: node => [...node.children.values(), ...node.fsChildren] - .sort((a, b) => a.depth - b.depth || a.name.localeCompare(b.name, 'en')), + .sort((a, b) => a.depth - b.depth || localeCompare(a.name, b.name)), }) return this } @@ -188,7 +189,7 @@ class YarnLock { addEntryFromNode (node) { const specs = [...node.edgesIn] .map(e => `${node.name}@${e.spec}`) - .sort((a, b) => a.localeCompare(b, 'en')) + .sort(localeCompare) // Note: // yarn will do excessive duplication in a case like this: @@ -321,7 +322,7 @@ class YarnLockEntry { toString () { // sort objects to the bottom, then alphabetical return ([...this[_specs]] - .sort((a, b) => a.localeCompare(b, 'en')) + .sort(localeCompare) .map(JSON.stringify).join(', ') + ':\n' + Object.getOwnPropertyNames(this) @@ -330,7 +331,7 @@ class YarnLockEntry { (a, b) => /* istanbul ignore next - sort call order is unpredictable */ (typeof this[a] === 'object') === (typeof this[b] === 'object') - ? a.localeCompare(b, 'en') + ? localeCompare(a, b) : typeof this[a] === 'object' ? 1 : -1) .map(prop => typeof this[prop] !== 'object' diff --git a/node_modules/@npmcli/arborist/package.json b/node_modules/@npmcli/arborist/package.json index 5d0e31af975d2..b39818d481503 100644 --- a/node_modules/@npmcli/arborist/package.json +++ b/node_modules/@npmcli/arborist/package.json @@ -1,8 +1,9 @@ { "name": "@npmcli/arborist", - "version": "2.8.3", + "version": "2.9.0", "description": "Manage node_modules trees", "dependencies": { + "@isaacs/string-locale-compare": "^1.0.1", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^1.0.2", "@npmcli/metavuln-calculator": "^1.1.0", diff --git a/package-lock.json b/package-lock.json index b9181803c103a..246b517ab3764 100644 --- a/package-lock.json +++ b/package-lock.json @@ -84,7 +84,7 @@ "packages/*" ], "dependencies": { - "@npmcli/arborist": "^2.8.3", + "@npmcli/arborist": "^2.9.0", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^1.0.4", @@ -618,6 +618,12 @@ "integrity": "sha512-wdppn25U8z/2yiaT6YGquE6X8sSv7hNMWSXYSSU1jGv/yd6XqjXgTDJ8KP4NgjTXfJ3GbRjeeb8RTV7a/VpM+w==", "dev": true }, + "node_modules/@isaacs/string-locale-compare": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@isaacs/string-locale-compare/-/string-locale-compare-1.0.1.tgz", + "integrity": "sha512-AknEkBKSyAcIpl7SIUp12bs1rOmTDp9ojfDI9hvXl6qHqUCcaswkZOslbfdEbzI+8OPatiixY9AFKaUUpgGoBw==", + "inBundle": true + }, "node_modules/@istanbuljs/load-nyc-config": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", @@ -764,11 +770,12 @@ } }, "node_modules/@npmcli/arborist": { - "version": "2.8.3", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.8.3.tgz", - "integrity": "sha512-miFcxbZjmQqeFTeRSLLh+lc/gxIKDO5L4PVCp+dp+kmcwJmYsEJmF7YvHR2yi3jF+fxgvLf3CCFzboPIXAuabg==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.9.0.tgz", + "integrity": "sha512-21DTow2xC0GlkowlE4zOu99UY21nSymW14fHZmB0yeAqhagmttJPmCUZXU+ngJmJ/Dwe5YP9QJUTgEVRLqnwcg==", "inBundle": true, "dependencies": { + "@isaacs/string-locale-compare": "^1.0.1", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^1.0.2", "@npmcli/metavuln-calculator": "^1.1.0", @@ -10900,6 +10907,11 @@ "integrity": "sha512-wdppn25U8z/2yiaT6YGquE6X8sSv7hNMWSXYSSU1jGv/yd6XqjXgTDJ8KP4NgjTXfJ3GbRjeeb8RTV7a/VpM+w==", "dev": true }, + "@isaacs/string-locale-compare": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@isaacs/string-locale-compare/-/string-locale-compare-1.0.1.tgz", + "integrity": "sha512-AknEkBKSyAcIpl7SIUp12bs1rOmTDp9ojfDI9hvXl6qHqUCcaswkZOslbfdEbzI+8OPatiixY9AFKaUUpgGoBw==" + }, "@istanbuljs/load-nyc-config": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", @@ -11010,10 +11022,11 @@ "dev": true }, "@npmcli/arborist": { - "version": "2.8.3", - "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.8.3.tgz", - "integrity": "sha512-miFcxbZjmQqeFTeRSLLh+lc/gxIKDO5L4PVCp+dp+kmcwJmYsEJmF7YvHR2yi3jF+fxgvLf3CCFzboPIXAuabg==", + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.9.0.tgz", + "integrity": "sha512-21DTow2xC0GlkowlE4zOu99UY21nSymW14fHZmB0yeAqhagmttJPmCUZXU+ngJmJ/Dwe5YP9QJUTgEVRLqnwcg==", "requires": { + "@isaacs/string-locale-compare": "^1.0.1", "@npmcli/installed-package-contents": "^1.0.7", "@npmcli/map-workspaces": "^1.0.2", "@npmcli/metavuln-calculator": "^1.1.0", diff --git a/package.json b/package.json index 6ff77fdb35836..912600026eb8e 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "./package.json": "./package.json" }, "dependencies": { - "@npmcli/arborist": "^2.8.3", + "@npmcli/arborist": "^2.9.0", "@npmcli/ci-detect": "^1.2.0", "@npmcli/config": "^2.3.0", "@npmcli/map-workspaces": "^1.0.4",