dependabot-npm_and_yarn 0.141.1 → 0.143.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +240 -8
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/file_parser.rb +3 -4
  5. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +1 -1
  6. data/lib/dependabot/npm_and_yarn/requirement.rb +3 -3
  7. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +4 -4
  8. data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +7 -7
  9. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3c005c01399dd0a911b6db78644779e3bcbad49297703dc6103d05f8e99b4cfd
4
- data.tar.gz: ce861a4173a462ce834736e1d38d426b8db235d5907e4b812084276d3252a6a6
3
+ metadata.gz: a2fb01840787fe50d5b15880a5ca1d552c47d58118998b7bdc9322f2ba02bd30
4
+ data.tar.gz: 2350133d2114b6c29ac986b742e59a58122940e1282217268f53112069c6a558
5
5
  SHA512:
6
- metadata.gz: 5f9304069c2f1c9ceec760438f2a3757522fd34f9fe716f289b3d4bc993006405e650ef111a62f314298ff2e1b06b17ff8d062675f820512da117db6856a3a00
7
- data.tar.gz: c06e6d401a35507e70c15710927b3287c5c2800d23046fae167bf3435137dccf57b75dfb79bda048a5a4988b2f3b53fcee6eda2636a1012996b1ecbb43a6e938
6
+ metadata.gz: d87f229c82c4a82b014ac000736f8cce64da3d17b0b8cd23aa43f9d57dbd5643811ced3c61b51fe970ad899103b485faf14adfdc91095c78c03d333ba0b141aa
7
+ data.tar.gz: bcf1f36b481528cd2a5ab280e9bd3e6a80dff8bdb4fec4b14049897bfbaa55e5a27e8cb65de73dc7fd156cc77f1ec99e20a4bd0899ca3bd7a2c13fd6c2d114bb
data/helpers/package-lock.json CHANGED
@@ -17,7 +17,7 @@
17
17
  },
18
18
  "devDependencies": {
19
19
  "eslint": "^7.24.0",
20
- "eslint-config-prettier": "^8.1.0",
20
+ "eslint-config-prettier": "^8.2.0",
21
21
  "jest": "^26.6.3",
22
22
  "prettier": "^2.2.1",
23
23
  "rimraf": "^3.0.2"
@@ -3510,9 +3510,9 @@
3510
3510
  }
3511
3511
  },
3512
3512
  "node_modules/eslint-config-prettier": {
3513
- "version": "8.1.0",
3514
- "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.1.0.tgz",
3515
- "integrity": "sha512-oKMhGv3ihGbCIimCAjqkdzx2Q+jthoqnXSP+d86M9tptwugycmTFdVR4IpLgq2c4SHifbwO90z2fQ8/Aio73yw==",
3513
+ "version": "8.2.0",
3514
+ "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.2.0.tgz",
3515
+ "integrity": "sha512-dWV9EVeSo2qodOPi1iBYU/x6F6diHv8uujxbxr77xExs3zTAlNXvVZKiyLsQGNz7yPV2K49JY5WjPzNIuDc2Bw==",
3516
3516
  "dev": true,
3517
3517
  "bin": {
3518
3518
  "eslint-config-prettier": "bin/cli.js"
@@ -8195,7 +8195,239 @@
8195
8195
  "validate-npm-package-name",
8196
8196
  "which",
8197
8197
  "worker-farm",
8198
- "write-file-atomic"
8198
+ "write-file-atomic",
8199
+ "agent-base",
8200
+ "agentkeepalive",
8201
+ "ansi-align",
8202
+ "ansi-regex",
8203
+ "ansi-styles",
8204
+ "are-we-there-yet",
8205
+ "asap",
8206
+ "asn1",
8207
+ "assert-plus",
8208
+ "asynckit",
8209
+ "aws-sign2",
8210
+ "aws4",
8211
+ "balanced-match",
8212
+ "bcrypt-pbkdf",
8213
+ "boxen",
8214
+ "brace-expansion",
8215
+ "buffer-from",
8216
+ "builtins",
8217
+ "byline",
8218
+ "camelcase",
8219
+ "capture-stack-trace",
8220
+ "caseless",
8221
+ "chalk",
8222
+ "cidr-regex",
8223
+ "cli-boxes",
8224
+ "cliui",
8225
+ "clone",
8226
+ "code-point-at",
8227
+ "color-convert",
8228
+ "color-name",
8229
+ "colors",
8230
+ "combined-stream",
8231
+ "concat-map",
8232
+ "concat-stream",
8233
+ "configstore",
8234
+ "console-control-strings",
8235
+ "copy-concurrently",
8236
+ "core-util-is",
8237
+ "create-error-class",
8238
+ "cross-spawn",
8239
+ "crypto-random-string",
8240
+ "cyclist",
8241
+ "dashdash",
8242
+ "debug",
8243
+ "decamelize",
8244
+ "decode-uri-component",
8245
+ "deep-extend",
8246
+ "defaults",
8247
+ "define-properties",
8248
+ "delayed-stream",
8249
+ "delegates",
8250
+ "dot-prop",
8251
+ "dotenv",
8252
+ "duplexer3",
8253
+ "duplexify",
8254
+ "ecc-jsbn",
8255
+ "emoji-regex",
8256
+ "encoding",
8257
+ "end-of-stream",
8258
+ "env-paths",
8259
+ "err-code",
8260
+ "errno",
8261
+ "es-abstract",
8262
+ "es-to-primitive",
8263
+ "es6-promise",
8264
+ "es6-promisify",
8265
+ "escape-string-regexp",
8266
+ "execa",
8267
+ "extend",
8268
+ "extsprintf",
8269
+ "fast-json-stable-stringify",
8270
+ "flush-write-stream",
8271
+ "forever-agent",
8272
+ "form-data",
8273
+ "from2",
8274
+ "fs-minipass",
8275
+ "fs.realpath",
8276
+ "function-bind",
8277
+ "gauge",
8278
+ "genfun",
8279
+ "get-caller-file",
8280
+ "get-stream",
8281
+ "getpass",
8282
+ "global-dirs",
8283
+ "got",
8284
+ "har-schema",
8285
+ "har-validator",
8286
+ "has",
8287
+ "has-flag",
8288
+ "has-symbols",
8289
+ "http-cache-semantics",
8290
+ "http-proxy-agent",
8291
+ "http-signature",
8292
+ "https-proxy-agent",
8293
+ "humanize-ms",
8294
+ "iconv-lite",
8295
+ "ignore-walk",
8296
+ "import-lazy",
8297
+ "ip",
8298
+ "ip-regex",
8299
+ "is-callable",
8300
+ "is-ci",
8301
+ "is-date-object",
8302
+ "is-fullwidth-code-point",
8303
+ "is-installed-globally",
8304
+ "is-npm",
8305
+ "is-obj",
8306
+ "is-path-inside",
8307
+ "is-redirect",
8308
+ "is-regex",
8309
+ "is-retry-allowed",
8310
+ "is-stream",
8311
+ "is-symbol",
8312
+ "is-typedarray",
8313
+ "isarray",
8314
+ "isexe",
8315
+ "isstream",
8316
+ "jsbn",
8317
+ "json-schema",
8318
+ "json-stringify-safe",
8319
+ "jsonparse",
8320
+ "jsprim",
8321
+ "latest-version",
8322
+ "libnpmconfig",
8323
+ "libnpmpublish",
8324
+ "lodash._createset",
8325
+ "lodash._root",
8326
+ "lowercase-keys",
8327
+ "make-dir",
8328
+ "make-fetch-happen",
8329
+ "mime-db",
8330
+ "mime-types",
8331
+ "minimatch",
8332
+ "minimist",
8333
+ "minizlib",
8334
+ "ms",
8335
+ "mute-stream",
8336
+ "node-fetch-npm",
8337
+ "npm-bundled",
8338
+ "npm-logical-tree",
8339
+ "npm-normalize-package-bin",
8340
+ "npm-run-path",
8341
+ "number-is-nan",
8342
+ "oauth-sign",
8343
+ "object-assign",
8344
+ "object-keys",
8345
+ "object.getownpropertydescriptors",
8346
+ "os-homedir",
8347
+ "os-tmpdir",
8348
+ "p-finally",
8349
+ "package-json",
8350
+ "parallel-transform",
8351
+ "path-exists",
8352
+ "path-is-absolute",
8353
+ "path-key",
8354
+ "path-parse",
8355
+ "performance-now",
8356
+ "pify",
8357
+ "prepend-http",
8358
+ "process-nextick-args",
8359
+ "promise-retry",
8360
+ "promzard",
8361
+ "proto-list",
8362
+ "protoduck",
8363
+ "prr",
8364
+ "pseudomap",
8365
+ "psl",
8366
+ "pump",
8367
+ "pumpify",
8368
+ "punycode",
8369
+ "qs",
8370
+ "rc",
8371
+ "registry-auth-token",
8372
+ "registry-url",
8373
+ "require-directory",
8374
+ "require-main-filename",
8375
+ "resolve-from",
8376
+ "run-queue",
8377
+ "safer-buffer",
8378
+ "semver-diff",
8379
+ "set-blocking",
8380
+ "shebang-command",
8381
+ "shebang-regex",
8382
+ "signal-exit",
8383
+ "smart-buffer",
8384
+ "socks",
8385
+ "socks-proxy-agent",
8386
+ "spdx-correct",
8387
+ "spdx-exceptions",
8388
+ "spdx-expression-parse",
8389
+ "spdx-license-ids",
8390
+ "split-on-first",
8391
+ "sshpk",
8392
+ "stream-each",
8393
+ "stream-iterate",
8394
+ "stream-shift",
8395
+ "strict-uri-encode",
8396
+ "string_decoder",
8397
+ "string-width",
8398
+ "strip-ansi",
8399
+ "strip-eof",
8400
+ "strip-json-comments",
8401
+ "supports-color",
8402
+ "term-size",
8403
+ "through",
8404
+ "through2",
8405
+ "timed-out",
8406
+ "tough-cookie",
8407
+ "tunnel-agent",
8408
+ "tweetnacl",
8409
+ "typedarray",
8410
+ "unique-slug",
8411
+ "unique-string",
8412
+ "unzip-response",
8413
+ "uri-js",
8414
+ "url-parse-lax",
8415
+ "util-deprecate",
8416
+ "util-extend",
8417
+ "util-promisify",
8418
+ "verror",
8419
+ "wcwidth",
8420
+ "which-module",
8421
+ "wide-align",
8422
+ "widest-line",
8423
+ "wrap-ansi",
8424
+ "wrappy",
8425
+ "xdg-basedir",
8426
+ "xtend",
8427
+ "y18n",
8428
+ "yallist",
8429
+ "yargs",
8430
+ "yargs-parser"
8199
8431
  ],
8200
8432
  "dependencies": {
8201
8433
  "abbrev": "~1.1.1",
@@ -18794,9 +19026,9 @@
18794
19026
  }
18795
19027
  },
18796
19028
  "eslint-config-prettier": {
18797
- "version": "8.1.0",
18798
- "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.1.0.tgz",
18799
- "integrity": "sha512-oKMhGv3ihGbCIimCAjqkdzx2Q+jthoqnXSP+d86M9tptwugycmTFdVR4IpLgq2c4SHifbwO90z2fQ8/Aio73yw==",
19029
+ "version": "8.2.0",
19030
+ "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.2.0.tgz",
19031
+ "integrity": "sha512-dWV9EVeSo2qodOPi1iBYU/x6F6diHv8uujxbxr77xExs3zTAlNXvVZKiyLsQGNz7yPV2K49JY5WjPzNIuDc2Bw==",
18800
19032
  "dev": true,
18801
19033
  "requires": {}
18802
19034
  },
data/helpers/package.json CHANGED
@@ -17,7 +17,7 @@
17
17
  },
18
18
  "devDependencies": {
19
19
  "eslint": "^7.24.0",
20
- "eslint-config-prettier": "^8.1.0",
20
+ "eslint-config-prettier": "^8.2.0",
21
21
  "jest": "^26.6.3",
22
22
  "prettier": "^2.2.1",
23
23
  "rimraf": "^3.0.2"
data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED
@@ -252,10 +252,9 @@ module Dependabot
252
252
 
253
253
  return unless resolved_url
254
254
  return unless resolved_url.start_with?("http")
255
- return if CENTRAL_REGISTRIES.any? { |u| resolved_url.start_with?(u) }
256
255
  return if resolved_url.match?(/(?<!pkg\.)github/)
257
256
 
258
- private_registry_source_for(resolved_url, name)
257
+ registry_source_for(resolved_url, name)
259
258
  end
260
259
 
261
260
  def requirement_for(requirement)
@@ -287,7 +286,7 @@ module Dependabot
287
286
  }
288
287
  end
289
288
 
290
- def private_registry_source_for(resolved_url, name)
289
+ def registry_source_for(resolved_url, name)
291
290
  url =
292
291
  if resolved_url.include?("/~/")
293
292
  # Gemfury format
@@ -305,7 +304,7 @@ module Dependabot
305
304
  else resolved_url.split("/")[0..2].join("/")
306
305
  end
307
306
 
308
- { type: "private_registry", url: url }
307
+ { type: "registry", url: url }
309
308
  end
310
309
 
311
310
  def url_for_relevant_cred(resolved_url)
data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED
@@ -39,7 +39,7 @@ module Dependabot
39
39
 
40
40
  case source_type
41
41
  when "git" then find_source_from_git_url
42
- when "private_registry" then find_source_from_registry
42
+ when "registry" then find_source_from_registry
43
43
  else raise "Unexpected source type: #{source_type}"
44
44
  end
45
45
  end
data/lib/dependabot/npm_and_yarn/requirement.rb CHANGED
@@ -45,9 +45,9 @@ module Dependabot
45
45
  end
46
46
 
47
47
  def initialize(*requirements)
48
- requirements = requirements.flatten.flat_map do |req_string|
49
- convert_js_constraint_to_ruby_constraint(req_string)
50
- end
48
+ requirements = requirements.flatten.
49
+ flat_map { |req_string| req_string.split(",").map(&:strip) }.
50
+ flat_map { |req_string| convert_js_constraint_to_ruby_constraint(req_string) }
51
51
 
52
52
  super(requirements)
53
53
  end
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -106,7 +106,7 @@ module Dependabot
106
106
 
107
107
  def filter_ignored_versions(versions_array)
108
108
  filtered = versions_array.reject do |v, _|
109
- ignore_reqs.any? { |r| r.satisfied_by?(v) }
109
+ ignore_requirements.any? { |r| r.satisfied_by?(v) }
110
110
  end
111
111
 
112
112
  raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
@@ -201,7 +201,7 @@ module Dependabot
201
201
  return false if related_to_current_pre?(ver) ^ ver.prerelease?
202
202
  return false if current_version_greater_than?(ver)
203
203
  return false if current_requirement_greater_than?(ver)
204
- return false if ignore_reqs.any? { |r| r.satisfied_by?(ver) }
204
+ return false if ignore_requirements.any? { |r| r.satisfied_by?(ver) }
205
205
  return false if yanked?(ver)
206
206
 
207
207
  true
@@ -388,8 +388,8 @@ module Dependabot
388
388
  )
389
389
  end
390
390
 
391
- def ignore_reqs
392
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
391
+ def ignore_requirements
392
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
393
393
  end
394
394
 
395
395
  def version_class
data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb CHANGED
@@ -62,8 +62,8 @@ module Dependabot
62
62
 
63
63
  def registry_url
64
64
  protocol =
65
- if private_registry_source_url
66
- private_registry_source_url.split("://").first
65
+ if registry_source_url
66
+ registry_source_url.split("://").first
67
67
  else
68
68
  "https"
69
69
  end
@@ -92,10 +92,10 @@ module Dependabot
92
92
  end
93
93
 
94
94
  def locked_registry
95
- return unless private_registry_source_url
95
+ return unless registry_source_url
96
96
 
97
97
  lockfile_registry =
98
- private_registry_source_url.
98
+ registry_source_url.
99
99
  gsub("https://", "").
100
100
  gsub("http://", "")
101
101
  detailed_registry =
@@ -210,7 +210,7 @@ module Dependabot
210
210
  dependency.name.gsub("/", "%2F")
211
211
  end
212
212
 
213
- def private_registry_source_url
213
+ def registry_source_url
214
214
  sources = dependency.requirements.
215
215
  map { |r| r.fetch(:source) }.uniq.compact
216
216
 
@@ -218,8 +218,8 @@ module Dependabot
218
218
  # it's unclear how we should proceed
219
219
  raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| [s[:type], s[:url]] }.uniq.count > 1
220
220
 
221
- # Otherwise we just take the URL of the first private registry
222
- sources.find { |s| s[:type] == "private_registry" }&.fetch(:url)
221
+ # Otherwise we just take the URL of the first registry
222
+ sources.find { |s| s[:type] == "registry" }&.fetch(:url)
223
223
  end
224
224
  end
225
225
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.141.1
4
+ version: 0.143.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-13 00:00:00.000000000 Z
11
+ date: 2021-04-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.141.1
19
+ version: 0.143.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.141.1
26
+ version: 0.143.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.12.0
103
+ version: 1.13.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.12.0
110
+ version: 1.13.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 2.5.0
286
286
  requirements: []
287
- rubygems_version: 3.2.3
287
+ rubygems_version: 3.2.15
288
288
  signing_key:
289
289
  specification_version: 4
290
290
  summary: JS support for dependabot