Skip to content

Update dependency snyk-nodejs-lockfile-parser to v2 #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency snyk-nodejs-lockfile-parser to v2 #136

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented May 2, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
snyk-nodejs-lockfile-parser ^1.44.0 -> ^2.0.0 age confidence

Release Notes

snyk/nodejs-lockfile-parser (snyk-nodejs-lockfile-parser)

v2.4.4

Compare Source

Bug Fixes
  • nodejs transitive with a top level alias but transitive it not (9e53a97)

v2.4.3

Compare Source

Bug Fixes

v2.4.2

Compare Source

Bug Fixes
  • resolve OutOfSyncError for workspace nested dependencies (81f09a7)

v2.4.1

Compare Source

Bug Fixes
  • handle npm aliases in resolutions field (yarn) (ea206a9)

v2.4.0

Compare Source

Features
  • [OSM-3009] handle optional dependencies without separate package entries (9f37a3c)

v2.3.3

Compare Source

Bug Fixes
  • [OSM-3091] resolve nested dependencies in aliased packages with honorAliases (dcc5d42)

v2.3.2

Compare Source

Bug Fixes
  • [OSM-2671] resolve bundled deps with non-hoisted bundle owner (f9bef4b)

v2.3.1

Compare Source

Bug Fixes
  • handle npm aliases in overrides field (db50e7d)

v2.3.0

Compare Source

Features
  • npm-lock-v2: handled bundled dependencies without lockfile entries (#​285) (b7115b3)

v2.2.4

Compare Source

Bug Fixes
  • add missing alias labels in yarn [SOSE-22] (621f791)

v2.2.3

Compare Source

Bug Fixes
  • aliases in dpgrph names instd of mutating lockfiles (7e9c94a)
  • lodash import issue (350bfa9)

v2.2.2

Compare Source

Bug Fixes
  • handle direct dep alias references in transitive deps - npm and yarn (00dc971)

v2.2.1

Compare Source

Bug Fixes
  • handle ignoring of transitive deps alias [SOSE-1] (45999e5)

v2.2.0

Compare Source

Features
  • add alias support for npm v1 v2 and v3 (0107642)
  • add alias support for npm v1 v2 and v3 (028acdb)
  • add alias support for yarn v1 and v2 (f8e6119)

v2.1.0

Compare Source

Features
  • OSM-2021: add support for multiple versions of the same dependency in Yarn resolutions (#​272) (ca73d78)

v2.0.1

Compare Source

Bug Fixes
  • [OSM-2120] npm handle bundled top level deps (8f57081)

v2.0.0

Compare Source

  • chore(deps)!: upgrade node engine to 18, update yarn core and typescript (5c605aa)
BREAKING CHANGES
  • Minimum required Node.js version is now 18.

v1.60.1

Compare Source

Bug Fixes
  • handle out of sync in resolutions for yarn 2 (d57fc87)

v1.60.0

Compare Source

Features
  • pnpm - function for parsing single project from a workspace (a7e7057)

v1.59.0

Compare Source

Bug Fixes
  • OSM-2190: check package version when fetching node key (eaf6043)
Features
  • only use new flow on feature flag (6d81596)

v1.58.19

Compare Source

Bug Fixes
  • [OSM-2481] pnpm outofsync error fix for overlap dep in peer/dev deps (4c61623)

v1.58.18

Compare Source

Bug Fixes
  • [OSM-2329] pnpm check out of sync option for missing top level deps (9aec600)

v1.58.17

Compare Source

Bug Fixes
  • [OSM-2314] handle codelabreferences in pnpm (231f4cd)

v1.58.16

Compare Source

Bug Fixes
  • [OSM-2329] handle peers deps in dep path for git protocol deps (2ccc03f)

v1.58.15

Compare Source

Bug Fixes
  • return same format for undefined versions pnpm (780939b)

v1.58.14

Compare Source

Bug Fixes
  • security update for micromatch, semver, snyk-config, cross-spawn (430a9a1)

v1.58.13

Compare Source

Bug Fixes

v1.58.12

Compare Source

Bug Fixes
  • handle pnpm empty lockfiles (45d6de9)

v1.58.11

Compare Source

Bug Fixes
  • removed optional params from extract top level deps (c0a049b)

v1.58.10

Compare Source

Bug Fixes
  • fixed dev deps ref and added more debug logs (4dd003a)

v1.58.9

Compare Source

Bug Fixes
  • fail early for top level deps out of sync pnpm and updated tests (f3f5193)

v1.58.8

Compare Source

Bug Fixes
  • [OSM-1996] support pnpm packages aliases (d42528b)

v1.58.7

Compare Source

Bug Fixes
  • small change for new version release (d6bc4d3)

v1.58.6

Compare Source

Bug Fixes
  • debug log for undefined version (c7bd821)

v1.58.5

Compare Source

Bug Fixes
  • ignore optional deps if not installed (928e2f2)

v1.58.4

Compare Source

Bug Fixes
  • [OSM-1122] handle projects cycles in workspace (9e5db13)
  • [OSM-1923] added test for catalogs feature in pnpm 9 (4fd3db3)
  • remove duplicate includePeerDeps (261fb3a)

v1.58.3

Compare Source

Bug Fixes
  • [OSM-1079] support the parsing of transitive peer deps - if they are installed (d77a36d)

v1.58.2

Compare Source

Bug Fixes
  • [OSM-1924] send peerDeps option (2eb6337)

v1.58.1

Compare Source

Bug Fixes
  • add info debug log and format test fixtures (96ce653)

v1.58.0

Compare Source

Features
  • [OSM-1122] improve workspaces parsing (63aef6c)

v1.57.0

Compare Source

Features
  • add prodsec/security_scans (d0bffa1)

v1.56.2

Compare Source

Bug Fixes

v1.56.1

Compare Source

Bug Fixes

v1.56.0

Compare Source

Features
  • added support for pnpm lockfiles v9 (da40be3)

v1.55.0

Compare Source

Features
  • expose getPnpmParser functionality at the top level (515e78e)

v1.54.0

Compare Source

Features
  • normalize pnpm importers on parse (0d8a77d)

v1.53.3

Compare Source

Bug Fixes
  • avoid redos by replacing regex with string split (1f63d42)

v1.53.2

Compare Source

Bug Fixes
  • fixed possible missing fields and dev/optional deps (dc40d04)

v1.53.1

Compare Source

Bug Fixes
  • pnpm workspaces should return everything if config file empty (bcbc059)

v1.53.0

Compare Source

Features
  • [OSM-1024] pnpm dep graph builder (384a1f7)

v1.52.11

Compare Source

Bug Fixes
  • stop hard failures on npm dist-tags (2501435)

v1.52.10

Compare Source

Bug Fixes
  • resolve npm scoped versions (0793a88)

v1.52.9

Compare Source

Bug Fixes
  • allow overrides with version specs (3f5926c)

v1.52.8

Compare Source

Bug Fixes
  • more accurately resolves deps of overrides (4be31c5)

v1.52.7

Compare Source

Bug Fixes
  • start supporting overrides in a non destructive way - npm lock v2 (9658c6d)

v1.52.6

Compare Source

Bug Fixes
  • stop assumption that local pkgs are in workspaces (9db7dff)

v1.52.5

Compare Source

Bug Fixes
  • correct nested pkg resolution (d7e087c)

v1.52.4

Compare Source

Bug Fixes
  • correctly pick npm-lock-v2 pkg version parsing lockfile (891789a)

v1.52.3

Compare Source

Bug Fixes
  • parse of package-lock with nested packages (98edb54)

v1.52.2

Compare Source

Bug Fixes
  • run all tests for npm lock v2 (29ef12d)

v1.52.1

Compare Source

Bug Fixes
  • correct bundled deps behaviour and add fixture (be500ff)

v1.52.0

Compare Source

Features

v1.51.1

Compare Source

Bug Fixes
  • accept optional workspace args for helping parse yarn2 workspace repos (#​193) (031be55)

v1.51.0

Compare Source

Features
  • add pruning to yarn lock v1 dep graph builder (e79c464)

v1.50.0

Compare Source

Features
  • add pruning to yarn lock v2 dep graph builder (ded8dde)

v1.49.0

Compare Source

Features
  • async-ify all the depgraph builder functions (6f7da8a)

v1.48.3

Compare Source

Bug Fixes
  • accuracy improvements for npm lock v2 and v3 parsing (4f1acb7)

v1.48.2

Compare Source

Bug Fixes
  • correctly index pkg lock with pkgs with similar candidates (5280457)

v1.48.1

Compare Source

Bug Fixes
  • correctyl choose key to index pkg lock data (0169478)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch 2 times, most recently from cef5898 to a16942d Compare August 13, 2025 11:33
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from a16942d to 8e6616d Compare August 19, 2025 12:43
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from 8e6616d to c5aee3b Compare August 31, 2025 09:39
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from c5aee3b to a988d14 Compare September 25, 2025 21:59
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch 2 times, most recently from eb0bfdc to 6c3ec42 Compare October 7, 2025 10:34
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch 3 times, most recently from 830ac20 to 6817e79 Compare October 16, 2025 21:52
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch 3 times, most recently from 9b06bbc to d8146af Compare October 21, 2025 23:59
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from d8146af to 3517dff Compare October 28, 2025 19:37
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from 3517dff to 7dff9b7 Compare November 11, 2025 00:41
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from 7dff9b7 to 09a6350 Compare November 18, 2025 14:10
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch 2 times, most recently from 1a04db0 to d0521b4 Compare November 27, 2025 18:59
@renovate renovate bot force-pushed the renovate/snyk-nodejs-lockfile-parser-2.x branch from d0521b4 to 67e2477 Compare December 3, 2025 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant