RubyGems - dependabot-bun - Versions diffs - 0.296.2 → 0.296.3 - Mend

dependabot-bun 0.296.2 → 0.296.3

Files changed (144) hide show

data/lib/dependabot/javascript/shared/file_updater/npmrc_builder.rb DELETED Viewed

@@ -1,394 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Shared
-      class FileUpdater < Dependabot::FileUpdaters::Base
-        # Build a .npmrc file from the lockfile content, credentials, and any
-        # committed .npmrc
-        # We should refactor this to use UpdateChecker::RegistryFinder
-        class NpmrcBuilder
-          extend T::Sig
-          CENTRAL_REGISTRIES = T.let(
-            %w(
-              registry.npmjs.org
-              registry.yarnpkg.com
-            ).freeze,
-            T::Array[String]
-          )
-          SCOPED_REGISTRY = /^\s*@(?<scope>\S+):registry\s*=\s*(?<registry>\S+)/
-          sig do
-            params(
-              dependency_files: T::Array[Dependabot::DependencyFile],
-              credentials: T::Array[Dependabot::Credential],
-              dependencies: T::Array[Dependabot::Dependency]
-            ).void
-          end
-          def initialize(dependency_files:, credentials:, dependencies: [])
-            @dependency_files = dependency_files
-            @credentials = credentials
-            @dependencies = dependencies
-          end
-          # PROXY WORK
-          sig { returns(String) }
-          def npmrc_content
-            initial_content =
-              if npmrc_file then complete_npmrc_from_credentials
-              else
-                build_npmrc_content_from_lockfile
-              end
-            final_content = initial_content || ""
-            return final_content unless registry_credentials.any?
-            credential_lines_for_npmrc.each do |credential_line|
-              next if final_content.include?(credential_line)
-              final_content = [final_content, credential_line].reject(&:empty?).join("\n")
-            end
-            final_content
-          end
-          private
-          sig { returns(T::Array[Dependabot::DependencyFile]) }
-          attr_reader :dependency_files
-          sig { returns(T::Array[Dependabot::Credential]) }
-          attr_reader :credentials
-          sig { returns(T::Array[Dependabot::Dependency]) }
-          attr_reader :dependencies
-          sig { returns(T.nilable(String)) }
-          def build_npmrc_content_from_lockfile
-            return unless yarn_lock || package_lock || shrinkwrap
-            return unless global_registry
-            registry = T.must(global_registry)["registry"]
-            registry = "https://#{registry}" unless registry&.start_with?("http")
-            "registry = #{registry}\n" \
-              "#{npmrc_global_registry_auth_line}" \
-              "always-auth = true"
-          end
-          sig { returns(T.nilable(String)) }
-          def build_yarnrc_content_from_lockfile
-            return unless yarn_lock || package_lock
-            return unless global_registry
-            "registry \"https://#{T.must(global_registry)['registry']}\"\n" \
-              "#{yarnrc_global_registry_auth_line}" \
-              "npmAlwaysAuth: true"
-          end
-          # rubocop:disable Metrics/PerceivedComplexity
-          # rubocop:disable Metrics/CyclomaticComplexity
-          # rubocop:disable Metrics/AbcSize
-          sig { returns(T.nilable(Dependabot::Credential)) }
-          def global_registry
-            return @global_registry if defined?(@global_registry)
-            @global_registry = T.let(
-              registry_credentials.find do |cred|
-                next false if CENTRAL_REGISTRIES.include?(cred["registry"])
-                # If all the URLs include this registry, it's global
-                next true if dependency_urls&.size&.positive? && dependency_urls&.all? do |url|
-                               url.include?(T.must(cred["registry"]))
-                             end
-                # Check if this registry has already been defined in .npmrc as a scoped registry
-                next false if npmrc_scoped_registries&.any? { |sr| sr.include?(T.must(cred["registry"])) }
-                next false if yarnrc_scoped_registries&.any? { |sr| sr.include?(T.must(cred["registry"])) }
-                # If any unscoped URLs include this registry, assume it's global
-                dependency_urls
-                  &.reject { |u| u.include?("@") || u.include?("%40") }
-                  &.any? { |url| url.include?(T.must(cred["registry"])) }
-              end,
-              T.nilable(Dependabot::Credential)
-            )
-          end
-          # rubocop:enable Metrics/PerceivedComplexity
-          # rubocop:enable Metrics/CyclomaticComplexity
-          # rubocop:enable Metrics/AbcSize
-          sig { returns(String) }
-          def npmrc_global_registry_auth_line
-            # This token is passed in from the Dependabot Config
-            # We write it to the .npmrc file so that it can be used by the VulnerabilityAuditor
-            token = global_registry&.fetch("token", nil)
-            return "" unless token
-            auth_line(token, global_registry&.fetch("registry")) + "\n"
-          end
-          sig { returns(String) }
-          def yarnrc_global_registry_auth_line
-            token = global_registry&.fetch("token", nil)
-            return "" unless token
-            if token.include?(":")
-              encoded_token = Base64.encode64(token).delete("\n")
-              "npmAuthIdent: \"#{encoded_token}\""
-            elsif Base64.decode64(token).ascii_only? &&
-                  Base64.decode64(token).include?(":")
-              "npmAuthIdent: \"#{token.delete("\n")}\""
-            else
-              "npmAuthToken: \"#{token}\""
-            end
-          end
-          sig { returns(T.nilable(T::Array[String])) }
-          def dependency_urls
-            return @dependency_urls if defined?(@dependency_urls)
-            @dependency_urls = []
-            if dependencies.any?
-              @dependency_urls = dependencies.map do |dependency|
-                UpdateChecker::RegistryFinder.new(
-                  dependency: dependency,
-                  credentials: credentials,
-                  rc_file: npmrc_file
-                ).dependency_url
-              end
-              return @dependency_urls
-            end
-            # The registry URL for Bintray goes into the lockfile in a
-            # modified format, so we modify it back before checking against
-            # our credentials
-            @dependency_urls = T.let(
-              @dependency_urls.map do |url|
-                url.gsub("dl.bintray.com//", "api.bintray.com/npm/")
-              end,
-              T.nilable(T::Array[String])
-            )
-          end
-          sig { returns(String) }
-          def complete_npmrc_from_credentials
-            # removes attribute timeout to allow for job update,
-            # having a timeout=xxxxx value is causing some jobs to fail
-            initial_content = T.must(T.must(npmrc_file).content)
-                               .gsub(/^.*\$\{.*\}.*/, "").strip.gsub(/^timeout.*/, "").strip + "\n"
-            return initial_content unless yarn_lock || package_lock
-            return initial_content unless global_registry
-            registry = T.must(global_registry)["registry"]
-            registry = "https://#{registry}" unless registry&.start_with?("http")
-            initial_content +
-              "registry = #{registry}\n" \
-              "#{npmrc_global_registry_auth_line}" \
-              "always-auth = true\n"
-          end
-          sig { returns(String) }
-          def complete_yarnrc_from_credentials
-            initial_content = T.must(T.must(yarnrc_file).content)
-                               .gsub(/^.*\$\{.*\}.*/, "").strip + "\n"
-            return initial_content unless yarn_lock || package_lock
-            return initial_content unless global_registry
-            initial_content +
-              "registry: \"https://#{T.must(global_registry)['registry']}\"\n" \
-              "#{yarnrc_global_registry_auth_line}" \
-              "npmAlwaysAuth: true\n"
-          end
-          sig { returns(T.nilable(String)) }
-          def build_npmrc_from_yarnrc
-            yarnrc_global_registry =
-              yarnrc_file&.content
-                         &.lines
-                         &.find { |line| line.match?(/^\s*registry\s/) }
-                         &.match(UpdateChecker::RegistryFinder::YARN_GLOBAL_REGISTRY_REGEX)
-                         &.named_captures&.fetch("registry")
-            return "registry = #{yarnrc_global_registry}\n" if yarnrc_global_registry
-            build_npmrc_content_from_lockfile
-          end
-          sig { returns(T.nilable(String)) }
-          def build_yarnrc_from_yarnrc
-            yarnrc_global_registry =
-              yarnrc_file&.content
-                         &.lines
-                         &.find { |line| line.match?(/^\s*registry\s/) }
-                         &.match(/^\s*registry\s+"(?<registry>[^"]+)"/)
-                         &.named_captures&.fetch("registry")
-            return "registry \"#{yarnrc_global_registry}\"\n" if yarnrc_global_registry
-            build_yarnrc_content_from_lockfile
-          end
-          sig { returns(T::Array[String]) }
-          def credential_lines_for_npmrc
-            lines = T.let([], T::Array[String])
-            registry_credentials.each do |cred|
-              registry = cred.fetch("registry")
-              lines += T.must(registry_scopes(registry)) if registry_scopes(registry)
-              token = cred.fetch("token", nil)
-              next unless token
-              lines << auth_line(token, registry)
-            end
-            return lines unless lines.any? { |str| str.include?("auth=") }
-            # Work around a suspected yarn bug
-            ["always-auth = true"] + lines
-          end
-          sig { params(token: String, registry: T.nilable(String)).returns(String) }
-          def auth_line(token, registry = nil)
-            auth = if token.include?(":")
-                     encoded_token = Base64.encode64(token).delete("\n")
-                     "_auth=#{encoded_token}"
-                   elsif Base64.decode64(token).ascii_only? &&
-                         Base64.decode64(token).include?(":")
-                     "_auth=#{token.delete("\n")}"
-                   else
-                     "_authToken=#{token}"
-                   end
-            return auth unless registry
-            # We need to ensure the registry uri ends with a trailing slash in the npmrc file
-            # but we do not want to add one if it already exists
-            registry_with_trailing_slash = registry.sub(%r{\/?$}, "/")
-            "//#{registry_with_trailing_slash}:#{auth}"
-          end
-          sig { returns(T.nilable(T::Array[String])) }
-          def npmrc_scoped_registries
-            return [] unless npmrc_file
-            @npmrc_scoped_registries ||= T.let(
-              T.must(T.must(npmrc_file).content).lines.select { |line| line.match?(SCOPED_REGISTRY) }
-                        .filter_map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") },
-              T.nilable(T::Array[String])
-            )
-          end
-          sig { returns(T.nilable(T::Array[String])) }
-          def yarnrc_scoped_registries
-            return [] unless yarnrc_file
-            @yarnrc_scoped_registries ||= T.let(
-              T.must(T.must(yarnrc_file).content).lines.select { |line| line.match?(SCOPED_REGISTRY) }
-                         .filter_map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") },
-              T.nilable(T::Array[String])
-            )
-          end
-          # rubocop:disable Metrics/PerceivedComplexity
-          sig { params(registry: String).returns(T.nilable(T::Array[String])) }
-          def registry_scopes(registry)
-            # Central registries don't just apply to scopes
-            return if CENTRAL_REGISTRIES.include?(registry)
-            return unless dependency_urls
-            other_regs =
-              registry_credentials.map { |c| c.fetch("registry") } -
-              [registry]
-            affected_urls =
-              dependency_urls
-              &.select do |url|
-                next false unless url.include?(registry)
-                other_regs.none? { |r| r.include?(registry) && url.include?(r) }
-              end
-            scopes = T.must(affected_urls).map do |url|
-              url.split(/\%40|@/)[1]&.split(%r{\%2[fF]|/})&.first
-            end.uniq
-            # Registry used for unscoped packages
-            return if scopes.include?(nil)
-            scopes.map { |scope| "@#{scope}:registry=https://#{registry}" }
-          end
-          # rubocop:enable Metrics/PerceivedComplexity
-          sig { returns(T::Array[Dependabot::Credential]) }
-          def registry_credentials
-            credentials.select { |cred| cred.fetch("type") == "npm_registry" }
-          end
-          sig { returns(T.nilable(T::Hash[String, T.untyped])) }
-          def parsed_package_lock
-            @parsed_package_lock ||= T.let(
-              JSON.parse(T.must(T.must(package_lock).content)),
-              T.nilable(T::Hash[String, T.untyped])
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def npmrc_file
-            @npmrc_file ||= T.let(
-              dependency_files.find { |f| f.name.end_with?(".npmrc") },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def yarnrc_file
-            @yarnrc_file ||= T.let(
-              dependency_files.find { |f| f.name.end_with?(".yarnrc") },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def yarnrc_yml_file
-            @yarnrc_yml_file ||= T.let(
-              dependency_files.find { |f| f.name.end_with?(".yarnrc.yml") },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def yarn_lock
-            @yarn_lock ||= T.let(
-              dependency_files.find { |f| f.name == "yarn.lock" },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def package_lock
-            @package_lock ||= T.let(
-              dependency_files.find { |f| f.name == "package-lock.json" },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def shrinkwrap
-            @shrinkwrap ||= T.let(
-              dependency_files.find { |f| f.name == "npm-shrinkwrap.json" },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/shared/file_updater/package_json_preparer.rb DELETED Viewed

@@ -1,87 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Shared
-      class FileUpdater
-        class PackageJsonPreparer
-          def initialize(package_json_content:)
-            @package_json_content = package_json_content
-          end
-          def prepared_content
-            content = package_json_content
-            content = replace_ssh_sources(content)
-            content = remove_workspace_path_prefixes(content)
-            content = remove_invalid_characters(content)
-            content
-          end
-          def replace_ssh_sources(content)
-            updated_content = content
-            git_ssh_requirements_to_swap.each do |req|
-              new_req = req.gsub(%r{git\+ssh://git@(.*?)[:/]}, 'https://\1/')
-              updated_content = updated_content.gsub(req, new_req)
-            end
-            updated_content
-          end
-          # A bug prevents Yarn recognising that a directory is part of a
-          # workspace if it is specified with a `./` prefix.
-          def remove_workspace_path_prefixes(content)
-            json = JSON.parse(content)
-            return content unless json.key?("workspaces")
-            workspace_object = json.fetch("workspaces")
-            paths_array =
-              if workspace_object.is_a?(Hash)
-                workspace_object.values_at("packages", "nohoist")
-                                .flatten.compact
-              elsif workspace_object.is_a?(Array) then workspace_object
-              else
-                raise "Unexpected workspace object"
-              end
-            paths_array.each { |path| path.gsub!(%r{^\./}, "") }
-            JSON.pretty_generate(json)
-          end
-          def remove_invalid_characters(content)
-            content
-              .gsub(/\{\{[^\}]*?\}\}/, "something") # {{ nm }} syntax not allowed
-              .gsub(/(?<!\\)\\ /, " ") # escaped whitespace not allowed
-              .gsub(%r{^\s*//.*}, " ") # comments are not allowed
-          end
-          def swapped_ssh_requirements
-            git_ssh_requirements_to_swap
-          end
-          private
-          attr_reader :package_json_content
-          def git_ssh_requirements_to_swap
-            return @git_ssh_requirements_to_swap if @git_ssh_requirements_to_swap
-            @git_ssh_requirements_to_swap = []
-            FileParser.each_dependency(JSON.parse(package_json_content)) do |_, req, _t|
-              next unless req.is_a?(String)
-              next unless req.start_with?("git+ssh:")
-              req = req.split("#").first
-              @git_ssh_requirements_to_swap << req
-            end
-            @git_ssh_requirements_to_swap
-          end
-        end
-      end
-    end
-  end
-end