RubyGems - dependabot-bun - Versions diffs - 0.304.0 → 0.305.0 - Mend

dependabot-bun 0.304.0 → 0.305.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/dependabot/bun/file_updater/bun_lockfile_updater.rb +1 -1
data/lib/dependabot/bun/file_updater/npmrc_builder.rb +2 -2
data/lib/dependabot/bun/metadata_finder.rb +2 -2
data/lib/dependabot/bun/package/package_details_fetcher.rb +440 -0
data/lib/dependabot/bun/package/registry_finder.rb +413 -0
data/lib/dependabot/bun/update_checker/latest_version_finder.rb +532 -32
data/lib/dependabot/bun/update_checker/library_detector.rb +1 -1
data/lib/dependabot/bun/update_checker.rb +6 -3
metadata +7 -6
data/lib/dependabot/bun/update_checker/registry_finder.rb +0 -279

data/lib/dependabot/bun/update_checker/library_detector.rb CHANGED Viewed

@@ -64,7 +64,7 @@ module Dependabot
         end
         def registry
-          Bun::UpdateChecker::RegistryFinder.new(
+          Bun::Package::RegistryFinder.new(
             dependency: nil,
             credentials: credentials,
             npmrc_file: dependency_files.find { |f| f.name.end_with?(".npmrc") }

data/lib/dependabot/bun/update_checker.rb CHANGED Viewed

@@ -427,9 +427,12 @@ module Dependabot
       def original_source(updated_dependency)
         sources =
-          updated_dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-                            .sort_by { |source| RegistryFinder.central_registry?(source[:url]) ? 1 : 0 }
+          updated_dependency
+          .requirements.map { |r| r.fetch(:source) }
+          .uniq.compact
+          .sort_by do |source|
+            Package::RegistryFinder.central_registry?(source[:url]) ? 1 : 0
+          end
         sources.first
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bun
 version: !ruby/object:Gem::Version
-  version: 0.304.0
+  version: 0.305.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-03 00:00:00.000000000 Z
+date: 2025-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.304.0
+        version: 0.305.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.304.0
+        version: 0.305.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -323,6 +323,8 @@ files:
 - lib/dependabot/bun/language.rb
 - lib/dependabot/bun/metadata_finder.rb
 - lib/dependabot/bun/native_helpers.rb
+- lib/dependabot/bun/package/package_details_fetcher.rb
+- lib/dependabot/bun/package/registry_finder.rb
 - lib/dependabot/bun/package_manager.rb
 - lib/dependabot/bun/package_name.rb
 - lib/dependabot/bun/pnpm_package_manager.rb
@@ -335,7 +337,6 @@ files:
 - lib/dependabot/bun/update_checker/dependency_files_builder.rb
 - lib/dependabot/bun/update_checker/latest_version_finder.rb
 - lib/dependabot/bun/update_checker/library_detector.rb
-- lib/dependabot/bun/update_checker/registry_finder.rb
 - lib/dependabot/bun/update_checker/requirements_updater.rb
 - lib/dependabot/bun/update_checker/subdependency_version_resolver.rb
 - lib/dependabot/bun/update_checker/version_resolver.rb
@@ -347,7 +348,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.304.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.305.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/dependabot/bun/update_checker/registry_finder.rb DELETED Viewed

@@ -1,279 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-require "excon"
-require "dependabot/bun/update_checker"
-require "dependabot/registry_client"
-module Dependabot
-  module Bun
-    class UpdateChecker
-      class RegistryFinder
-        CENTRAL_REGISTRIES = %w(
-          https://registry.npmjs.org
-          http://registry.npmjs.org
-        ).freeze
-        NPM_AUTH_TOKEN_REGEX = %r{//(?<registry>.*)/:_authToken=(?<token>.*)$}
-        NPM_GLOBAL_REGISTRY_REGEX = /^registry\s*=\s*['"]?(?<registry>.*?)['"]?$/
-        NPM_SCOPED_REGISTRY_REGEX = /^(?<scope>@[^:]+)\s*:registry\s*=\s*['"]?(?<registry>.*?)['"]?$/
-        def initialize(dependency:, credentials:, npmrc_file: nil)
-          @dependency = dependency
-          @credentials = credentials
-          @npmrc_file = npmrc_file
-        end
-        def registry
-          @registry ||= locked_registry || configured_registry || first_registry_with_dependency_details
-        end
-        def auth_headers
-          auth_header_for(auth_token)
-        end
-        def dependency_url
-          "#{registry_url}/#{escaped_dependency_name}"
-        end
-        def tarball_url(version)
-          version_without_build_metadata = version.to_s.gsub(/\+.*/, "")
-          # Dependency name needs to be unescaped since tarball URLs don't always work with escaped slashes
-          "#{registry_url}/#{dependency.name}/-/#{scopeless_name}-#{version_without_build_metadata}.tgz"
-        end
-        def self.central_registry?(registry)
-          CENTRAL_REGISTRIES.any? do |r|
-            r.include?(registry)
-          end
-        end
-        def registry_from_rc(dependency_name)
-          explicit_registry_from_rc(dependency_name) || global_registry
-        end
-        private
-        attr_reader :dependency
-        attr_reader :credentials
-        attr_reader :npmrc_file
-        def explicit_registry_from_rc(dependency_name)
-          if dependency_name.start_with?("@") && dependency_name.include?("/")
-            scope = dependency_name.split("/").first
-            scoped_registry(scope) || configured_global_registry
-          else
-            configured_global_registry
-          end
-        end
-        def first_registry_with_dependency_details
-          @first_registry_with_dependency_details ||=
-            known_registries.find do |details|
-              url = "#{details['registry'].gsub(%r{/+$}, '')}/#{escaped_dependency_name}"
-              url = "https://#{url}" unless url.start_with?("http")
-              response = Dependabot::RegistryClient.get(
-                url: url,
-                headers: auth_header_for(details["token"])
-              )
-              response.status < 400 && JSON.parse(response.body)
-            rescue Excon::Error::Timeout,
-                   Excon::Error::Socket,
-                   JSON::ParserError
-              nil
-            rescue URI::InvalidURIError => e
-              raise DependencyFileNotResolvable, e.message
-            end&.fetch("registry")
-          @first_registry_with_dependency_details ||= global_registry.sub(%r{/+$}, "").sub(%r{^.*?//}, "")
-        end
-        def registry_url
-          url =
-            if registry.start_with?("http")
-              registry
-            else
-              protocol =
-                if registry_source_url
-                  registry_source_url.split("://").first
-                else
-                  "https"
-                end
-              "#{protocol}://#{registry}"
-            end
-          url.gsub(%r{/+$}, "")
-        end
-        def auth_header_for(token)
-          return {} unless token
-          if token.include?(":")
-            encoded_token = Base64.encode64(token).delete("\n")
-            { "Authorization" => "Basic #{encoded_token}" }
-          elsif Base64.decode64(token).ascii_only? &&
-                Base64.decode64(token).include?(":")
-            { "Authorization" => "Basic #{token.delete("\n")}" }
-          else
-            { "Authorization" => "Bearer #{token}" }
-          end
-        end
-        def auth_token
-          known_registries
-            .find { |cred| cred["registry"] == registry }
-            &.fetch("token", nil)
-        end
-        def locked_registry
-          return unless registry_source_url
-          lockfile_registry =
-            registry_source_url
-            .gsub("https://", "")
-            .gsub("http://", "")
-          detailed_registry =
-            known_registries
-            .find { |h| h["registry"].include?(lockfile_registry) }
-            &.fetch("registry")
-          detailed_registry || lockfile_registry
-        end
-        def configured_registry
-          configured_registry_url = explicit_registry_from_rc(dependency.name)
-          return unless configured_registry_url
-          normalize_configured_registry(configured_registry_url)
-        end
-        def known_registries
-          @known_registries ||=
-            begin
-              registries = []
-              registries += credentials
-                            .select { |cred| cred["type"] == "npm_registry" && cred["registry"] }
-                            .tap { |arr| arr.each { |c| c["token"] ||= nil } }
-              registries += npmrc_registries
-              unique_registries(registries)
-            end
-        end
-        def npmrc_registries
-          return [] unless npmrc_file
-          registries = []
-          npmrc_file.content.scan(NPM_AUTH_TOKEN_REGEX) do
-            next if Regexp.last_match&.[](:registry)&.include?("${")
-            registry = T.must(Regexp.last_match)[:registry]
-            token = T.must(Regexp.last_match)[:token]&.strip
-            registries << {
-              "type" => "npm_registry",
-              "registry" => registry&.gsub(/\s+/, "%20"),
-              "token" => token
-            }
-          end
-          registries += npmrc_global_registries
-        end
-        def unique_registries(registries)
-          registries.uniq.reject do |registry|
-            next if registry["token"]
-            # Reject this entry if an identical one with a token exists
-            registries.any? do |r|
-              r["token"] && r["registry"] == registry["registry"]
-            end
-          end
-        end
-        def global_registry
-          return @global_registry if defined? @global_registry
-          @global_registry ||= configured_global_registry || "https://registry.npmjs.org"
-        end
-        def configured_global_registry
-          return @configured_global_registry if defined? @configured_global_registry
-          @configured_global_registry = npmrc_file && npmrc_global_registries.first&.fetch("url")
-          return @configured_global_registry if @configured_global_registry
-          replaces_base = credentials.find { |cred| cred["type"] == "npm_registry" && cred.replaces_base? }
-          if replaces_base
-            registry = replaces_base["registry"]
-            registry = "https://#{registry}" unless registry.start_with?("http")
-            return @configured_global_registry = registry
-          end
-          @configured_global_registry = nil
-        end
-        def npmrc_global_registries
-          global_rc_registries(npmrc_file, syntax: NPM_GLOBAL_REGISTRY_REGEX)
-        end
-        def scoped_registry(scope)
-          scoped_rc_registry(npmrc_file, syntax: NPM_SCOPED_REGISTRY_REGEX, scope: scope)
-        end
-        def global_rc_registries(file, syntax:)
-          registries = []
-          file.content.scan(syntax) do
-            next if Regexp.last_match&.[](:registry)&.include?("${")
-            url = T.must(T.must(Regexp.last_match)[:registry]).strip
-            registry = normalize_configured_registry(url)
-            registries << {
-              "type" => "npm_registry",
-              "registry" => registry,
-              "url" => url,
-              "token" => nil
-            }
-          end
-          registries
-        end
-        def scoped_rc_registry(file, syntax:, scope:)
-          file&.content.to_s.scan(syntax) do
-            next if Regexp.last_match&.[](:registry)&.include?("${") || Regexp.last_match&.[](:scope) != scope
-            return T.must(T.must(Regexp.last_match)[:registry]).strip
-          end
-          nil
-        end
-        # npm registries expect slashes to be escaped
-        def escaped_dependency_name
-          dependency.name.gsub("/", "%2F")
-        end
-        def scopeless_name
-          dependency.name.split("/").last
-        end
-        def registry_source_url
-          sources = dependency.requirements
-                              .map { |r| r.fetch(:source) }.uniq.compact
-                              .sort_by { |source| self.class.central_registry?(source[:url]) ? 1 : 0 }
-          sources.find { |s| s[:type] == "registry" }&.fetch(:url)
-        end
-        def normalize_configured_registry(url)
-          url.sub(%r{/+$}, "")
-             .sub(%r{^.*?//}, "")
-             .gsub(/\s+/, "%20")
-        end
-      end
-    end
-  end
-end