dependabot-npm_and_yarn 0.119.3 → 0.119.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2340984d63e9e3857a9e46bf2c2fa48c95909b054a05360fdb886967801e0b2c
4
- data.tar.gz: 132deb9d358b3b7954c29fd3e740ec733a90fd9667f09e5486b34f6a17c8a9ee
3
+ metadata.gz: ef2adfce3682f36c0240bcdf876235f4f5d3c62a8e6ee4d1117471ab92de8dd2
4
+ data.tar.gz: a43a079c74eb3032fc878680b011995424311d67f8b748cafcb97505e8f923a9
5
5
  SHA512:
6
- metadata.gz: 2a2677b777e682fee09368e516f11e36aed89a0ac8dec28f966f193392eef8adf1f8b78e9679a195ce62c897093d6b6dd4ccb19c70280d77e85035c46ea2ab5d
7
- data.tar.gz: a27d191b48036f2abfe5904a5f2caf28686017fd4afa3b695a2671b1080310534d69e7a0f43dc9d124668999d6239d42a0ff64444c1aac619f618c744d898ca1
6
+ metadata.gz: 549602f8438cf4ad4520acce0fd311b3208c0ec756804c874ca74b5babe6a1e4426ec7eebc43206850cb7d9d8bebc40e7b6c2dc8cd5c76df29158a9815eb5857
7
+ data.tar.gz: 02bbe98a9b1461ae3f25abc2108fd1b8a8ba7cc6fdcf6e0e5c13ee8f359a5f361dd747f5b14f42d41c78312d3c03267abe125a8784e68bdeb2ccf8a70f268704
@@ -31,7 +31,6 @@ module Dependabot
31
31
 
32
32
  private
33
33
 
34
- # rubocop:disable Metrics/PerceivedComplexity
35
34
  def fetch_files
36
35
  fetched_files = []
37
36
  fetched_files << package_json
@@ -48,8 +47,6 @@ module Dependabot
48
47
  fetched_files.uniq
49
48
  end
50
49
 
51
- # rubocop:enable Metrics/PerceivedComplexity
52
-
53
50
  def package_json
54
51
  @package_json ||= fetch_file_from_host("package.json")
55
52
  end
@@ -173,6 +170,7 @@ module Dependabot
173
170
  ].uniq
174
171
  end
175
172
 
173
+ # rubocop:disable Metrics/PerceivedComplexity
176
174
  # rubocop:disable Metrics/AbcSize
177
175
  def path_dependency_details_from_manifest(file)
178
176
  return [] unless file.name.end_with?("package.json")
@@ -208,6 +206,7 @@ module Dependabot
208
206
  raise Dependabot::DependencyFileNotParseable, file.path
209
207
  end
210
208
  # rubocop:enable Metrics/AbcSize
209
+ # rubocop:enable Metrics/PerceivedComplexity
211
210
 
212
211
  def path_dependency_details_from_npm_lockfile(parsed_lockfile)
213
212
  path_starts = NPM_PATH_DEPENDENCY_STARTS
@@ -127,7 +127,6 @@ module Dependabot
127
127
  build_npmrc_content_from_lockfile
128
128
  end
129
129
 
130
- # rubocop:disable Metrics/PerceivedComplexity
131
130
  def credential_lines_for_npmrc
132
131
  lines = []
133
132
  registry_credentials.each do |cred|
@@ -154,8 +153,8 @@ module Dependabot
154
153
  # Work around a suspected yarn bug
155
154
  ["always-auth = true"] + lines
156
155
  end
157
- # rubocop:enable Metrics/PerceivedComplexity
158
156
 
157
+ # rubocop:disable Metrics/PerceivedComplexity
159
158
  def registry_scopes(registry)
160
159
  # Central registries don't just apply to scopes
161
160
  return if CENTRAL_REGISTRIES.include?(registry)
@@ -182,6 +181,7 @@ module Dependabot
182
181
 
183
182
  scopes.map { |scope| "@#{scope}:registry=https://#{registry}" }
184
183
  end
184
+ # rubocop:enable Metrics/PerceivedComplexity
185
185
 
186
186
  def registry_credentials
187
187
  credentials.select { |cred| cred.fetch("type") == "npm_registry" }
@@ -171,7 +171,7 @@ module Dependabot
171
171
  # Local path error: When installing a git dependency which
172
172
  # is using local file paths for sub-dependencies (e.g. unbuilt yarn
173
173
  # workspace project)
174
- sub_dep_local_path_err = "Package \"\" refers to a non-existing file"
174
+ sub_dep_local_path_err = 'Package "" refers to a non-existing file'
175
175
  if error_message.match?(INVALID_PACKAGE) ||
176
176
  error_message.start_with?(sub_dep_local_path_err)
177
177
  raise_resolvability_error(error_message, yarn_lock)
@@ -56,7 +56,6 @@ module Dependabot
56
56
 
57
57
  private
58
58
 
59
- # rubocop:disable Metrics/PerceivedComplexity
60
59
  def convert_js_constraint_to_ruby_constraint(req_string)
61
60
  return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
62
61
 
@@ -72,7 +71,6 @@ module Dependabot
72
71
  else ruby_range(req_string)
73
72
  end
74
73
  end
75
- # rubocop:enable Metrics/PerceivedComplexity
76
74
 
77
75
  def convert_tilde_req(req_string)
78
76
  version = req_string.gsub(/^~\>?[\s=]*/, "")
@@ -112,11 +110,10 @@ module Dependabot
112
110
  "~> #{parts.join('.')}"
113
111
  end
114
112
 
115
- # rubocop:disable Metrics/PerceivedComplexity
116
113
  def convert_caret_req(req_string)
117
114
  version = req_string.gsub(/^\^[\s=]*/, "")
118
115
  parts = version.split(".")
119
- parts = parts.fill("x", parts.length...3)
116
+ parts.fill("x", parts.length...3)
120
117
  first_non_zero = parts.find { |d| d != "0" }
121
118
  first_non_zero_index =
122
119
  first_non_zero ? parts.index(first_non_zero) : parts.count - 1
@@ -133,7 +130,6 @@ module Dependabot
133
130
 
134
131
  [">= #{version}", "< #{upper_bound}"]
135
132
  end
136
- # rubocop:enable Metrics/PerceivedComplexity
137
133
  end
138
134
  end
139
135
  end
@@ -167,6 +167,7 @@ module Dependabot
167
167
  wants_latest_dist_tag?(latest) ? latest : nil
168
168
  end
169
169
 
170
+ # rubocop:disable Metrics/PerceivedComplexity
170
171
  def related_to_current_pre?(version)
171
172
  current_version = dependency.version
172
173
  if current_version &&
@@ -188,6 +189,7 @@ module Dependabot
188
189
  false
189
190
  end
190
191
  end
192
+ # rubocop:enable Metrics/PerceivedComplexity
191
193
 
192
194
  def specified_dist_tag_requirement?
193
195
  dependency.requirements.any? do |req|
@@ -82,7 +82,6 @@ module Dependabot
82
82
  version_class.new(updated_version)
83
83
  end
84
84
 
85
- # rubocop:disable Metrics/PerceivedComplexity
86
85
  def run_yarn_updater(path, lockfile_name)
87
86
  SharedHelpers.with_git_configured(credentials: credentials) do
88
87
  Dir.chdir(path) do
@@ -107,8 +106,6 @@ module Dependabot
107
106
  sleep(rand(3.0..10.0)) && retry
108
107
  end
109
108
 
110
- # rubocop:enable Metrics/PerceivedComplexity
111
-
112
109
  def run_npm_updater(path, lockfile_name)
113
110
  SharedHelpers.with_git_configured(credentials: credentials) do
114
111
  Dir.chdir(path) do
@@ -130,6 +130,7 @@ module Dependabot
130
130
  )
131
131
  end
132
132
 
133
+ # rubocop:disable Metrics/PerceivedComplexity
133
134
  def resolve_latest_previous_version(dep, updated_version)
134
135
  return dep.version if dep.version
135
136
 
@@ -160,6 +161,7 @@ module Dependabot
160
161
  latest_previous_version
161
162
  end
162
163
  end
164
+ # rubocop:enable Metrics/PerceivedComplexity
163
165
 
164
166
  def part_of_tightly_locked_monorepo?
165
167
  monorepo_dep_names =
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.119.3
4
+ version: 0.119.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-10 00:00:00.000000000 Z
11
+ date: 2020-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.119.3
19
+ version: 0.119.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.119.3
26
+ version: 0.119.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.88.0
103
+ version: 0.90.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.88.0
110
+ version: 0.90.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: vcr
113
113
  requirement: !ruby/object:Gem::Requirement