dependabot-npm_and_yarn 0.156.6 → 0.157.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +62 -40
  3. data/helpers/package.json +2 -2
  4. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +16 -2
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 77bdbc778fe8dc11a3b4407c0b3f3136c59d48fc67a3b62fd2656490f52116f3
4
- data.tar.gz: 6dd12de5ba7601c7a9002343a4581625640ae24e28ab6e835843a5ef007bc1ca
3
+ metadata.gz: 2ba0260f8784780d66e9c729b0b6dbdb975555619860d65597fe952a64e64875
4
+ data.tar.gz: 6e08c8da916f7356555107f8e1300f41d28c9f20adf103d1a9af2234c0e089b1
5
5
  SHA512:
6
- metadata.gz: bee0a6cb5cb83c8466db8e111b23e9d7529dae6b414b12a39b74d195f62fa60c569a315e873d276dcd49552186c1b0258fbc789ed0a7fbd8364ce1eb092870d3
7
- data.tar.gz: 73c21aed92c80c94de13f335ced41da0a80e6b4eb968990b46d1ed216314a715da3776cbd870a349913ad68c780bd7d911a361161b02efb642a1081b4c093512
6
+ metadata.gz: 42df65c283f2318a35e8487837878f8cbe3c2cafd1345a42974e349f9d52ddf0711704210c1d5abe9f0f8631120750dd71bbab753b93c2c10161aed9491bfde9
7
+ data.tar.gz: 5aa14e4401b7d7afc748f9a6905bd9ece4deeab5dd696e8a140fa84084c3c1d36c6e0e237db15370db62c67976b1682ff9e089a8f0f7143d2a06ca1f3609a4be
data/helpers/package-lock.json CHANGED
@@ -7,7 +7,7 @@
7
7
  "name": "@dependabot/helper",
8
8
  "dependencies": {
9
9
  "@dependabot/yarn-lib": "^1.21.1",
10
- "@npmcli/arborist": "^2.6.4",
10
+ "@npmcli/arborist": "^2.7.1",
11
11
  "detect-indent": "^6.1.0",
12
12
  "npm": "6.14.13",
13
13
  "semver": "^7.3.4"
@@ -16,7 +16,7 @@
16
16
  "helper": "run.js"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^7.30.0",
19
+ "eslint": "^7.31.0",
20
20
  "eslint-config-prettier": "^8.3.0",
21
21
  "jest": "^27.0.6",
22
22
  "prettier": "^2.3.2",
@@ -729,9 +729,9 @@
729
729
  }
730
730
  },
731
731
  "node_modules/@eslint/eslintrc": {
732
- "version": "0.4.2",
733
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.2.tgz",
734
- "integrity": "sha512-8nmGq/4ycLpIwzvhI4tNDmQztZ8sp+hI7cyG8i1nQDhkAbRzHpXPidRAHlNvCZQpJTKw5ItIpMw9RSToGF00mg==",
732
+ "version": "0.4.3",
733
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
734
+ "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
735
735
  "dev": true,
736
736
  "dependencies": {
737
737
  "ajv": "^6.12.4",
@@ -749,9 +749,9 @@
749
749
  }
750
750
  },
751
751
  "node_modules/@eslint/eslintrc/node_modules/debug": {
752
- "version": "4.3.1",
753
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
754
- "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
752
+ "version": "4.3.2",
753
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
754
+ "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
755
755
  "dev": true,
756
756
  "dependencies": {
757
757
  "ms": "2.1.2"
@@ -1561,9 +1561,9 @@
1561
1561
  }
1562
1562
  },
1563
1563
  "node_modules/@npmcli/arborist": {
1564
- "version": "2.6.4",
1565
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.4.tgz",
1566
- "integrity": "sha512-A/pDQ/VZpdxaqsQS5XOWrhrPuC+ER7HLq+4ZkEmnO2yo/USFCWEsiUPYKhfY+sWXK3pgKjN7B7CEFmAnSoAt3g==",
1564
+ "version": "2.7.1",
1565
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.1.tgz",
1566
+ "integrity": "sha512-EGDHJs6dna/52BrStr/6aaRcMLrYxGbSjT4V3JzvoTBY9/w5i2+1KNepmsG80CAsGADdo6nuNnFwb7sDRm8ZAw==",
1567
1567
  "dependencies": {
1568
1568
  "@npmcli/installed-package-contents": "^1.0.7",
1569
1569
  "@npmcli/map-workspaces": "^1.0.2",
@@ -1578,6 +1578,7 @@
1578
1578
  "common-ancestor-path": "^1.0.1",
1579
1579
  "json-parse-even-better-errors": "^2.3.1",
1580
1580
  "json-stringify-nice": "^1.1.4",
1581
+ "mkdirp": "^1.0.4",
1581
1582
  "mkdirp-infer-owner": "^2.0.0",
1582
1583
  "npm-install-checks": "^4.0.0",
1583
1584
  "npm-package-arg": "^8.1.0",
@@ -1590,7 +1591,9 @@
1590
1591
  "promise-call-limit": "^1.0.1",
1591
1592
  "read-package-json-fast": "^2.0.2",
1592
1593
  "readdir-scoped-modules": "^1.1.0",
1594
+ "rimraf": "^3.0.2",
1593
1595
  "semver": "^7.3.5",
1596
+ "ssri": "^8.0.1",
1594
1597
  "tar": "^6.1.0",
1595
1598
  "treeverse": "^1.0.4",
1596
1599
  "walk-up-path": "^1.0.0"
@@ -1628,6 +1631,17 @@
1628
1631
  "node": ">= 10"
1629
1632
  }
1630
1633
  },
1634
+ "node_modules/@npmcli/arborist/node_modules/mkdirp": {
1635
+ "version": "1.0.4",
1636
+ "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
1637
+ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
1638
+ "bin": {
1639
+ "mkdirp": "bin/cmd.js"
1640
+ },
1641
+ "engines": {
1642
+ "node": ">=10"
1643
+ }
1644
+ },
1631
1645
  "node_modules/@npmcli/arborist/node_modules/npm-registry-fetch": {
1632
1646
  "version": "11.0.0",
1633
1647
  "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-11.0.0.tgz",
@@ -1968,9 +1982,9 @@
1968
1982
  }
1969
1983
  },
1970
1984
  "node_modules/acorn-jsx": {
1971
- "version": "5.3.1",
1972
- "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.1.tgz",
1973
- "integrity": "sha512-K0Ptm/47OKfQRpNQ2J/oIN/3QYiK6FwW+eJbILhsdxh2WTLdl+30o8aGdTbm5JbffpFFAg/g+zi1E+jvJha5ng==",
1985
+ "version": "5.3.2",
1986
+ "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
1987
+ "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
1974
1988
  "dev": true,
1975
1989
  "peerDependencies": {
1976
1990
  "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
@@ -3401,13 +3415,13 @@
3401
3415
  }
3402
3416
  },
3403
3417
  "node_modules/eslint": {
3404
- "version": "7.30.0",
3405
- "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.30.0.tgz",
3406
- "integrity": "sha512-VLqz80i3as3NdloY44BQSJpFw534L9Oh+6zJOUaViV4JPd+DaHwutqP7tcpkW3YiXbK6s05RZl7yl7cQn+lijg==",
3418
+ "version": "7.31.0",
3419
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.31.0.tgz",
3420
+ "integrity": "sha512-vafgJpSh2ia8tnTkNUkwxGmnumgckLh5aAbLa1xRmIn9+owi8qBNGKL+B881kNKNTy7FFqTEkpNkUvmw0n6PkA==",
3407
3421
  "dev": true,
3408
3422
  "dependencies": {
3409
3423
  "@babel/code-frame": "7.12.11",
3410
- "@eslint/eslintrc": "^0.4.2",
3424
+ "@eslint/eslintrc": "^0.4.3",
3411
3425
  "@humanwhocodes/config-array": "^0.5.0",
3412
3426
  "ajv": "^6.10.0",
3413
3427
  "chalk": "^4.0.0",
@@ -4209,9 +4223,9 @@
4209
4223
  }
4210
4224
  },
4211
4225
  "node_modules/globals": {
4212
- "version": "13.9.0",
4213
- "resolved": "https://registry.npmjs.org/globals/-/globals-13.9.0.tgz",
4214
- "integrity": "sha512-74/FduwI/JaIrr1H8e71UbDE+5x7pIPs1C2rrwC52SszOo043CsWOZEMW7o2Y58xwm9b+0RBKDxY5n2sUpEFxA==",
4226
+ "version": "13.10.0",
4227
+ "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
4228
+ "integrity": "sha512-piHC3blgLGFjvOuMmWZX60f+na1lXFDhQXBf1UYp2fXPXqvEUbOhNwi6BsQ0bQishwedgnjkwv1d9zKf+MWw3g==",
4215
4229
  "dev": true,
4216
4230
  "dependencies": {
4217
4231
  "type-fest": "^0.20.2"
@@ -15047,9 +15061,9 @@
15047
15061
  }
15048
15062
  },
15049
15063
  "@eslint/eslintrc": {
15050
- "version": "0.4.2",
15051
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.2.tgz",
15052
- "integrity": "sha512-8nmGq/4ycLpIwzvhI4tNDmQztZ8sp+hI7cyG8i1nQDhkAbRzHpXPidRAHlNvCZQpJTKw5ItIpMw9RSToGF00mg==",
15064
+ "version": "0.4.3",
15065
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
15066
+ "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
15053
15067
  "dev": true,
15054
15068
  "requires": {
15055
15069
  "ajv": "^6.12.4",
@@ -15064,9 +15078,9 @@
15064
15078
  },
15065
15079
  "dependencies": {
15066
15080
  "debug": {
15067
- "version": "4.3.1",
15068
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
15069
- "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
15081
+ "version": "4.3.2",
15082
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
15083
+ "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
15070
15084
  "dev": true,
15071
15085
  "requires": {
15072
15086
  "ms": "2.1.2"
@@ -15674,9 +15688,9 @@
15674
15688
  }
15675
15689
  },
15676
15690
  "@npmcli/arborist": {
15677
- "version": "2.6.4",
15678
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.6.4.tgz",
15679
- "integrity": "sha512-A/pDQ/VZpdxaqsQS5XOWrhrPuC+ER7HLq+4ZkEmnO2yo/USFCWEsiUPYKhfY+sWXK3pgKjN7B7CEFmAnSoAt3g==",
15691
+ "version": "2.7.1",
15692
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.1.tgz",
15693
+ "integrity": "sha512-EGDHJs6dna/52BrStr/6aaRcMLrYxGbSjT4V3JzvoTBY9/w5i2+1KNepmsG80CAsGADdo6nuNnFwb7sDRm8ZAw==",
15680
15694
  "requires": {
15681
15695
  "@npmcli/installed-package-contents": "^1.0.7",
15682
15696
  "@npmcli/map-workspaces": "^1.0.2",
@@ -15691,6 +15705,7 @@
15691
15705
  "common-ancestor-path": "^1.0.1",
15692
15706
  "json-parse-even-better-errors": "^2.3.1",
15693
15707
  "json-stringify-nice": "^1.1.4",
15708
+ "mkdirp": "^1.0.4",
15694
15709
  "mkdirp-infer-owner": "^2.0.0",
15695
15710
  "npm-install-checks": "^4.0.0",
15696
15711
  "npm-package-arg": "^8.1.0",
@@ -15703,7 +15718,9 @@
15703
15718
  "promise-call-limit": "^1.0.1",
15704
15719
  "read-package-json-fast": "^2.0.2",
15705
15720
  "readdir-scoped-modules": "^1.1.0",
15721
+ "rimraf": "^3.0.2",
15706
15722
  "semver": "^7.3.5",
15723
+ "ssri": "^8.0.1",
15707
15724
  "tar": "^6.1.0",
15708
15725
  "treeverse": "^1.0.4",
15709
15726
  "walk-up-path": "^1.0.0"
@@ -15732,6 +15749,11 @@
15732
15749
  "ssri": "^8.0.0"
15733
15750
  }
15734
15751
  },
15752
+ "mkdirp": {
15753
+ "version": "1.0.4",
15754
+ "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
15755
+ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
15756
+ },
15735
15757
  "npm-registry-fetch": {
15736
15758
  "version": "11.0.0",
15737
15759
  "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-11.0.0.tgz",
@@ -16036,9 +16058,9 @@
16036
16058
  }
16037
16059
  },
16038
16060
  "acorn-jsx": {
16039
- "version": "5.3.1",
16040
- "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.1.tgz",
16041
- "integrity": "sha512-K0Ptm/47OKfQRpNQ2J/oIN/3QYiK6FwW+eJbILhsdxh2WTLdl+30o8aGdTbm5JbffpFFAg/g+zi1E+jvJha5ng==",
16061
+ "version": "5.3.2",
16062
+ "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
16063
+ "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
16042
16064
  "dev": true,
16043
16065
  "requires": {}
16044
16066
  },
@@ -17174,13 +17196,13 @@
17174
17196
  }
17175
17197
  },
17176
17198
  "eslint": {
17177
- "version": "7.30.0",
17178
- "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.30.0.tgz",
17179
- "integrity": "sha512-VLqz80i3as3NdloY44BQSJpFw534L9Oh+6zJOUaViV4JPd+DaHwutqP7tcpkW3YiXbK6s05RZl7yl7cQn+lijg==",
17199
+ "version": "7.31.0",
17200
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.31.0.tgz",
17201
+ "integrity": "sha512-vafgJpSh2ia8tnTkNUkwxGmnumgckLh5aAbLa1xRmIn9+owi8qBNGKL+B881kNKNTy7FFqTEkpNkUvmw0n6PkA==",
17180
17202
  "dev": true,
17181
17203
  "requires": {
17182
17204
  "@babel/code-frame": "7.12.11",
17183
- "@eslint/eslintrc": "^0.4.2",
17205
+ "@eslint/eslintrc": "^0.4.3",
17184
17206
  "@humanwhocodes/config-array": "^0.5.0",
17185
17207
  "ajv": "^6.10.0",
17186
17208
  "chalk": "^4.0.0",
@@ -17784,9 +17806,9 @@
17784
17806
  }
17785
17807
  },
17786
17808
  "globals": {
17787
- "version": "13.9.0",
17788
- "resolved": "https://registry.npmjs.org/globals/-/globals-13.9.0.tgz",
17789
- "integrity": "sha512-74/FduwI/JaIrr1H8e71UbDE+5x7pIPs1C2rrwC52SszOo043CsWOZEMW7o2Y58xwm9b+0RBKDxY5n2sUpEFxA==",
17809
+ "version": "13.10.0",
17810
+ "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
17811
+ "integrity": "sha512-piHC3blgLGFjvOuMmWZX60f+na1lXFDhQXBf1UYp2fXPXqvEUbOhNwi6BsQ0bQishwedgnjkwv1d9zKf+MWw3g==",
17790
17812
  "dev": true,
17791
17813
  "requires": {
17792
17814
  "type-fest": "^0.20.2"
data/helpers/package.json CHANGED
@@ -10,13 +10,13 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^2.6.4",
13
+ "@npmcli/arborist": "^2.7.1",
14
14
  "detect-indent": "^6.1.0",
15
15
  "npm": "6.14.13",
16
16
  "semver": "^7.3.4"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^7.30.0",
19
+ "eslint": "^7.31.0",
20
20
  "eslint-config-prettier": "^8.3.0",
21
21
  "jest": "^27.0.6",
22
22
  "prettier": "^2.3.2",
data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb CHANGED
@@ -13,6 +13,8 @@ module Dependabot
13
13
  registry.yarnpkg.com
14
14
  ).freeze
15
15
 
16
+ SCOPED_REGISTRY = /^\s*@(?<scope>\S+):registry\s*=\s*(?<registry>\S+)/.freeze
17
+
16
18
  def initialize(dependency_files:, credentials:)
17
19
  @dependency_files = dependency_files
18
20
  @credentials = credentials
@@ -44,7 +46,7 @@ module Dependabot
44
46
  "always-auth = true"
45
47
  end
46
48
 
47
- def global_registry
49
+ def global_registry # rubocop:disable Metrics/PerceivedComplexity
48
50
  @global_registry ||=
49
51
  registry_credentials.find do |cred|
50
52
  next false if CENTRAL_REGISTRIES.include?(cred["registry"])
@@ -52,7 +54,10 @@ module Dependabot
52
54
  # If all the URLs include this registry, it's global
53
55
  next true if dependency_urls.all? { |url| url.include?(cred["registry"]) }
54
56
 
55
- # If any unscoped URLs include this registry, it's global
57
+ # Check if this registry has already been defined in .npmrc as a scoped registry
58
+ next false if npmrc_scoped_registries.any? { |sr| sr.include?(cred["registry"]) }
59
+
60
+ # If any unscoped URLs include this registry, assume it's global
56
61
  dependency_urls.
57
62
  reject { |u| u.include?("@") || u.include?("%40") }.
58
63
  any? { |url| url.include?(cred["registry"]) }
@@ -150,6 +155,15 @@ module Dependabot
150
155
  ["always-auth = true"] + lines
151
156
  end
152
157
 
158
+ def npmrc_scoped_registries
159
+ return [] unless npmrc_file
160
+
161
+ @npmrc_scoped_registries ||=
162
+ npmrc_file.content.lines.select { |line| line.match?(SCOPED_REGISTRY) }.
163
+ map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") }.
164
+ compact
165
+ end
166
+
153
167
  # rubocop:disable Metrics/PerceivedComplexity
154
168
  def registry_scopes(registry)
155
169
  # Central registries don't just apply to scopes
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.156.6
4
+ version: 0.157.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-13 00:00:00.000000000 Z
11
+ date: 2021-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.156.6
19
+ version: 0.157.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.156.6
26
+ version: 0.157.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 2.5.0
286
286
  requirements: []
287
- rubygems_version: 3.2.15
287
+ rubygems_version: 3.2.22
288
288
  signing_key:
289
289
  specification_version: 4
290
290
  summary: JS support for dependabot