dependabot-npm_and_yarn 0.129.3 → 0.130.2

data/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -295,7 +295,9 @@ module Dependabot
           elsif resolved_url.include?("/#{name}/-/#{name}")
             # MyGet / Bintray format
             resolved_url.split("/#{name}/-/#{name}").first.
-              gsub("dl.bintray.com//", "api.bintray.com/npm/")
+              gsub("dl.bintray.com//", "api.bintray.com/npm/").
+              # GitLab format
+              gsub(%r{\/projects\/\d+}, "")
           elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
             # Sonatype Nexus / Artifactory JFrog format
             resolved_url.split("/#{name}/-/#{name.split('/').last}").first

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
-require "dependabot/npm_and_yarn/file_updater"
+require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
-require "dependabot/npm_and_yarn/update_checker/registry_finder"
+require "dependabot/npm_and_yarn/file_updater"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/npm_and_yarn/update_checker/registry_finder"
 require "dependabot/shared_helpers"
-require "dependabot/errors"
 
 # rubocop:disable Metrics/ClassLength
 module Dependabot
@@ -32,7 +34,7 @@ module Dependabot
               lockfile_name = Pathname.new(lockfile.name).basename.to_s
               write_temporary_dependency_files(lockfile.name)
               updated_files = Dir.chdir(path) do
-                run_current_npm_update(lockfile_name: lockfile_name)
+                run_current_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
               end
               updated_content = updated_files.fetch(lockfile_name)
               post_process_npm_lockfile(lockfile.content, updated_content)
@@ -107,18 +109,19 @@ module Dependabot
           dependency.top_level? && requirements_for_path.empty?
         end
 
-        def run_current_npm_update(lockfile_name:)
+        def run_current_npm_update(lockfile_name:, lockfile_content:)
           top_level_dependency_updates = top_level_dependencies.map do |d|
             { name: d.name, version: d.version, requirements: d.requirements }
           end
 
           run_npm_updater(
             lockfile_name: lockfile_name,
-            top_level_dependency_updates: top_level_dependency_updates
+            top_level_dependency_updates: top_level_dependency_updates,
+            lockfile_content: lockfile_content
           )
         end
 
-        def run_previous_npm_update(lockfile_name:)
+        def run_previous_npm_update(lockfile_name:, lockfile_content:)
           previous_top_level_dependencies = top_level_dependencies.map do |d|
             {
               name: d.name,
@@ -129,28 +132,32 @@ module Dependabot
 
           run_npm_updater(
             lockfile_name: lockfile_name,
-            top_level_dependency_updates: previous_top_level_dependencies
+            top_level_dependency_updates: previous_top_level_dependencies,
+            lockfile_content: lockfile_content
           )
         end
 
-        def run_npm_updater(lockfile_name:, top_level_dependency_updates:)
+        def run_npm_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
           SharedHelpers.with_git_configured(credentials: credentials) do
             if top_level_dependency_updates.any?
               run_npm_top_level_updater(
                 lockfile_name: lockfile_name,
-                top_level_dependency_updates: top_level_dependency_updates
+                top_level_dependency_updates: top_level_dependency_updates,
+                lockfile_content: lockfile_content
               )
             else
-              run_npm_subdependency_updater(lockfile_name: lockfile_name)
+              run_npm_subdependency_updater(lockfile_name: lockfile_name, lockfile_content: lockfile_content)
             end
           end
         end
 
-        def run_npm_top_level_updater(lockfile_name:,
-                                      top_level_dependency_updates:)
+        def run_npm_top_level_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
+          npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+          Dependabot.logger.info(npm_version)
+
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
-            function: "npm:update",
+            function: "npm6:update",
             args: [
               Dir.pwd,
               lockfile_name,
@@ -159,10 +166,13 @@ module Dependabot
           )
         end
 
-        def run_npm_subdependency_updater(lockfile_name:)
+        def run_npm_subdependency_updater(lockfile_name:, lockfile_content:)
+          npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+          Dependabot.logger.info(npm_version)
+
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
-            function: "npm:updateSubdependency",
+            function: "npm6:updateSubdependency",
             args: [Dir.pwd, lockfile_name, sub_dependencies.map(&:to_h)]
           )
         end
@@ -341,7 +351,7 @@ module Dependabot
                 lockfile_name = Pathname.new(lockfile.name).basename.to_s
                 path = Pathname.new(lockfile.name).dirname.to_s
                 Dir.chdir(path) do
-                  run_previous_npm_update(lockfile_name: lockfile_name)
+                  run_previous_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
                 end
               end
 

data/lib/dependabot/npm_and_yarn/helpers.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module NpmAndYarn
+    module Helpers
+      def self.npm_version(lockfile_content)
+        return "npm6" unless lockfile_content
+        return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] == 2
+
+        "npm6"
+      rescue JSON::ParserError
+        "npm6"
+      end
+    end
+  end
+end

data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb

@@ -2,7 +2,9 @@
 
 require "dependabot/dependency"
 require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
 require "dependabot/npm_and_yarn/update_checker"
 require "dependabot/npm_and_yarn/update_checker/dependency_files_builder"
@@ -43,9 +45,13 @@ module Dependabot
             # parser doesn't deal with at the moment.
             if dependency_files_builder.package_locks.any? ||
                dependency_files_builder.shrinkwraps.any?
+              package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:findConflictingDependencies",
+                function: "npm6:findConflictingDependencies",
                 args: [Dir.pwd, dependency.name, target_version.to_s]
               )
             else

data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb

@@ -2,9 +2,11 @@
 
 require "dependabot/dependency"
 require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
 require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
 require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
 require "dependabot/npm_and_yarn/update_checker"
@@ -60,7 +62,7 @@ module Dependabot
           updated_files = if lockfile.name.end_with?("yarn.lock")
                             run_yarn_updater(path, lockfile_name)
                           else
-                            run_npm_updater(path, lockfile_name)
+                            run_npm_updater(path, lockfile_name, lockfile.content)
                           end
 
           updated_files.fetch(lockfile_name)
@@ -107,12 +109,15 @@ module Dependabot
           sleep(rand(3.0..10.0)) && retry
         end
 
-        def run_npm_updater(path, lockfile_name)
+        def run_npm_updater(path, lockfile_name, lockfile_content)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:updateSubdependency",
+                function: "npm6:updateSubdependency",
                 args: [Dir.pwd, lockfile_name, [dependency.to_h]]
               )
             end

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

@@ -1,16 +1,18 @@
 # frozen_string_literal: true
 
+require "dependabot/errors"
 require "dependabot/git_commit_checker"
-require "dependabot/npm_and_yarn/update_checker"
-require "dependabot/npm_and_yarn/file_parser"
-require "dependabot/npm_and_yarn/version"
-require "dependabot/npm_and_yarn/requirement"
-require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/dependency_files_filterer"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
+require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
 require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
+require "dependabot/npm_and_yarn/helpers"
+require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/npm_and_yarn/requirement"
+require "dependabot/npm_and_yarn/update_checker"
+require "dependabot/npm_and_yarn/version"
+require "dependabot/shared_helpers"
 
 # rubocop:disable Metrics/ClassLength
 module Dependabot
@@ -413,9 +415,16 @@ module Dependabot
         def run_npm_checker(path:, version:)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
+              package_lock = dependency_files_builder.package_locks.find do |f|
+                # Find the lockfile that's in the current directory
+                f.name == [path, "package-lock.json"].join("/").sub(%r{\A.?\/}, "")
+              end
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
-                function: "npm:checkPeerDependencies",
+                function: "npm6:checkPeerDependencies",
                 args: [
                   Dir.pwd,
                   dependency.name,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.129.3
+  version: 0.130.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-05 00:00:00.000000000 Z
+date: 2021-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.3
+        version: 0.130.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.129.3
+        version: 0.130.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -174,13 +174,13 @@ files:
 - helpers/.eslintrc
 - helpers/README.md
 - helpers/build
-- helpers/lib/npm/conflicting-dependency-parser.js
-- helpers/lib/npm/helpers.js
-- helpers/lib/npm/index.js
-- helpers/lib/npm/peer-dependency-checker.js
-- helpers/lib/npm/remove-dependencies-from-lockfile.js
-- helpers/lib/npm/subdependency-updater.js
-- helpers/lib/npm/updater.js
+- helpers/lib/npm6/conflicting-dependency-parser.js
+- helpers/lib/npm6/helpers.js
+- helpers/lib/npm6/index.js
+- helpers/lib/npm6/peer-dependency-checker.js
+- helpers/lib/npm6/remove-dependencies-from-lockfile.js
+- helpers/lib/npm6/subdependency-updater.js
+- helpers/lib/npm6/updater.js
 - helpers/lib/yarn/conflicting-dependency-parser.js
 - helpers/lib/yarn/fix-duplicates.js
 - helpers/lib/yarn/helpers.js
@@ -192,18 +192,18 @@ files:
 - helpers/lib/yarn/updater.js
 - helpers/package.json
 - helpers/run.js
-- helpers/test/npm/conflicting-dependency-parser.test.js
-- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
-- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
-- helpers/test/npm/fixtures/updater/original/package-lock.json
-- helpers/test/npm/fixtures/updater/original/package.json
-- helpers/test/npm/fixtures/updater/updated/package-lock.json
-- helpers/test/npm/helpers.js
-- helpers/test/npm/updater.test.js
+- helpers/test/npm6/conflicting-dependency-parser.test.js
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/npm6/fixtures/updater/original/package-lock.json
+- helpers/test/npm6/fixtures/updater/original/package.json
+- helpers/test/npm6/fixtures/updater/updated/package-lock.json
+- helpers/test/npm6/helpers.js
+- helpers/test/npm6/updater.test.js
 - helpers/test/yarn/conflicting-dependency-parser.test.js
 - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
 - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
@@ -234,6 +234,7 @@ files:
 - lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb
 - lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb
 - lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb
+- lib/dependabot/npm_and_yarn/helpers.rb
 - lib/dependabot/npm_and_yarn/metadata_finder.rb
 - lib/dependabot/npm_and_yarn/native_helpers.rb
 - lib/dependabot/npm_and_yarn/requirement.rb
@@ -267,7 +268,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: JS support for dependabot