dependabot-npm_and_yarn 0.156.8 → 0.156.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 61beba853245451aeee98da26519b2a2260b9d20b3221740f177660591b3429d
4
- data.tar.gz: d0636ba924b45e54c799dbca1a6e5db249a334fed5cdcb102d833a0b405f8302
3
+ metadata.gz: ff99c5b7d64a989aaeb8980175102f47308e573f40ce61947cc70a67346e4511
4
+ data.tar.gz: 9bf6f9fd9fe27d00118f4ac8fdbfe7f4dc1a2de84639c2ed2d0efebfbfe34525
5
5
  SHA512:
6
- metadata.gz: 7f6c1fc2f7ba8d278f15dad617af8f47fd4987702e813eef4a7fbf62417e3caebd65b13844beed2b6d0307ee6c8c2ddb6bc6db884cda8641360cd2278a73115c
7
- data.tar.gz: d4d8ee0d51a16a01b90588be6f5b782e94332aea018ea0ca318cbf519eadfb446b90d8750b55b41dbb12ec059372efabaca6f44e7641be63afaa46a582ab3c8a
6
+ metadata.gz: 077d52576decdc849596f645e8f826a105b8d045ebafd924f20febf4a2e88e62461b00509b31695125e33d910bb191f31737bc67b9d034b85e8eaf3d0fefbe28
7
+ data.tar.gz: af4b80f82695e9cbeeb9f6440c244a7c2aca8ef0aa04c2976527c404087e9ffab09981fefcc36ad4fd343ec0bbeab20795078d8969b9bdad104ccda96fff3df1
@@ -7,7 +7,7 @@
7
7
  "name": "@dependabot/helper",
8
8
  "dependencies": {
9
9
  "@dependabot/yarn-lib": "^1.21.1",
10
- "@npmcli/arborist": "^2.7.0",
10
+ "@npmcli/arborist": "^2.7.1",
11
11
  "detect-indent": "^6.1.0",
12
12
  "npm": "6.14.13",
13
13
  "semver": "^7.3.4"
@@ -16,7 +16,7 @@
16
16
  "helper": "run.js"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^7.30.0",
19
+ "eslint": "^7.31.0",
20
20
  "eslint-config-prettier": "^8.3.0",
21
21
  "jest": "^27.0.6",
22
22
  "prettier": "^2.3.2",
@@ -729,9 +729,9 @@
729
729
  }
730
730
  },
731
731
  "node_modules/@eslint/eslintrc": {
732
- "version": "0.4.2",
733
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.2.tgz",
734
- "integrity": "sha512-8nmGq/4ycLpIwzvhI4tNDmQztZ8sp+hI7cyG8i1nQDhkAbRzHpXPidRAHlNvCZQpJTKw5ItIpMw9RSToGF00mg==",
732
+ "version": "0.4.3",
733
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
734
+ "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
735
735
  "dev": true,
736
736
  "dependencies": {
737
737
  "ajv": "^6.12.4",
@@ -749,9 +749,9 @@
749
749
  }
750
750
  },
751
751
  "node_modules/@eslint/eslintrc/node_modules/debug": {
752
- "version": "4.3.1",
753
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
754
- "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
752
+ "version": "4.3.2",
753
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
754
+ "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
755
755
  "dev": true,
756
756
  "dependencies": {
757
757
  "ms": "2.1.2"
@@ -1561,9 +1561,9 @@
1561
1561
  }
1562
1562
  },
1563
1563
  "node_modules/@npmcli/arborist": {
1564
- "version": "2.7.0",
1565
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.0.tgz",
1566
- "integrity": "sha512-wWYXW3aGdLygc5b1MGEMliVZ1fEQb8zAtz7PuIwb0gHoc1u9X3RItpIomvA4zCQsVWrlFYnQHc87aAvlD08Ekg==",
1564
+ "version": "2.7.1",
1565
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.1.tgz",
1566
+ "integrity": "sha512-EGDHJs6dna/52BrStr/6aaRcMLrYxGbSjT4V3JzvoTBY9/w5i2+1KNepmsG80CAsGADdo6nuNnFwb7sDRm8ZAw==",
1567
1567
  "dependencies": {
1568
1568
  "@npmcli/installed-package-contents": "^1.0.7",
1569
1569
  "@npmcli/map-workspaces": "^1.0.2",
@@ -1578,6 +1578,7 @@
1578
1578
  "common-ancestor-path": "^1.0.1",
1579
1579
  "json-parse-even-better-errors": "^2.3.1",
1580
1580
  "json-stringify-nice": "^1.1.4",
1581
+ "mkdirp": "^1.0.4",
1581
1582
  "mkdirp-infer-owner": "^2.0.0",
1582
1583
  "npm-install-checks": "^4.0.0",
1583
1584
  "npm-package-arg": "^8.1.0",
@@ -1590,7 +1591,9 @@
1590
1591
  "promise-call-limit": "^1.0.1",
1591
1592
  "read-package-json-fast": "^2.0.2",
1592
1593
  "readdir-scoped-modules": "^1.1.0",
1594
+ "rimraf": "^3.0.2",
1593
1595
  "semver": "^7.3.5",
1596
+ "ssri": "^8.0.1",
1594
1597
  "tar": "^6.1.0",
1595
1598
  "treeverse": "^1.0.4",
1596
1599
  "walk-up-path": "^1.0.0"
@@ -1628,6 +1631,17 @@
1628
1631
  "node": ">= 10"
1629
1632
  }
1630
1633
  },
1634
+ "node_modules/@npmcli/arborist/node_modules/mkdirp": {
1635
+ "version": "1.0.4",
1636
+ "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
1637
+ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
1638
+ "bin": {
1639
+ "mkdirp": "bin/cmd.js"
1640
+ },
1641
+ "engines": {
1642
+ "node": ">=10"
1643
+ }
1644
+ },
1631
1645
  "node_modules/@npmcli/arborist/node_modules/npm-registry-fetch": {
1632
1646
  "version": "11.0.0",
1633
1647
  "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-11.0.0.tgz",
@@ -1968,9 +1982,9 @@
1968
1982
  }
1969
1983
  },
1970
1984
  "node_modules/acorn-jsx": {
1971
- "version": "5.3.1",
1972
- "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.1.tgz",
1973
- "integrity": "sha512-K0Ptm/47OKfQRpNQ2J/oIN/3QYiK6FwW+eJbILhsdxh2WTLdl+30o8aGdTbm5JbffpFFAg/g+zi1E+jvJha5ng==",
1985
+ "version": "5.3.2",
1986
+ "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
1987
+ "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
1974
1988
  "dev": true,
1975
1989
  "peerDependencies": {
1976
1990
  "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
@@ -3401,13 +3415,13 @@
3401
3415
  }
3402
3416
  },
3403
3417
  "node_modules/eslint": {
3404
- "version": "7.30.0",
3405
- "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.30.0.tgz",
3406
- "integrity": "sha512-VLqz80i3as3NdloY44BQSJpFw534L9Oh+6zJOUaViV4JPd+DaHwutqP7tcpkW3YiXbK6s05RZl7yl7cQn+lijg==",
3418
+ "version": "7.31.0",
3419
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.31.0.tgz",
3420
+ "integrity": "sha512-vafgJpSh2ia8tnTkNUkwxGmnumgckLh5aAbLa1xRmIn9+owi8qBNGKL+B881kNKNTy7FFqTEkpNkUvmw0n6PkA==",
3407
3421
  "dev": true,
3408
3422
  "dependencies": {
3409
3423
  "@babel/code-frame": "7.12.11",
3410
- "@eslint/eslintrc": "^0.4.2",
3424
+ "@eslint/eslintrc": "^0.4.3",
3411
3425
  "@humanwhocodes/config-array": "^0.5.0",
3412
3426
  "ajv": "^6.10.0",
3413
3427
  "chalk": "^4.0.0",
@@ -4209,9 +4223,9 @@
4209
4223
  }
4210
4224
  },
4211
4225
  "node_modules/globals": {
4212
- "version": "13.9.0",
4213
- "resolved": "https://registry.npmjs.org/globals/-/globals-13.9.0.tgz",
4214
- "integrity": "sha512-74/FduwI/JaIrr1H8e71UbDE+5x7pIPs1C2rrwC52SszOo043CsWOZEMW7o2Y58xwm9b+0RBKDxY5n2sUpEFxA==",
4226
+ "version": "13.10.0",
4227
+ "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
4228
+ "integrity": "sha512-piHC3blgLGFjvOuMmWZX60f+na1lXFDhQXBf1UYp2fXPXqvEUbOhNwi6BsQ0bQishwedgnjkwv1d9zKf+MWw3g==",
4215
4229
  "dev": true,
4216
4230
  "dependencies": {
4217
4231
  "type-fest": "^0.20.2"
@@ -15047,9 +15061,9 @@
15047
15061
  }
15048
15062
  },
15049
15063
  "@eslint/eslintrc": {
15050
- "version": "0.4.2",
15051
- "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.2.tgz",
15052
- "integrity": "sha512-8nmGq/4ycLpIwzvhI4tNDmQztZ8sp+hI7cyG8i1nQDhkAbRzHpXPidRAHlNvCZQpJTKw5ItIpMw9RSToGF00mg==",
15064
+ "version": "0.4.3",
15065
+ "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz",
15066
+ "integrity": "sha512-J6KFFz5QCYUJq3pf0mjEcCJVERbzv71PUIDczuh9JkwGEzced6CO5ADLHB1rbf/+oPBtoPfMYNOpGDzCANlbXw==",
15053
15067
  "dev": true,
15054
15068
  "requires": {
15055
15069
  "ajv": "^6.12.4",
@@ -15064,9 +15078,9 @@
15064
15078
  },
15065
15079
  "dependencies": {
15066
15080
  "debug": {
15067
- "version": "4.3.1",
15068
- "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
15069
- "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
15081
+ "version": "4.3.2",
15082
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
15083
+ "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
15070
15084
  "dev": true,
15071
15085
  "requires": {
15072
15086
  "ms": "2.1.2"
@@ -15674,9 +15688,9 @@
15674
15688
  }
15675
15689
  },
15676
15690
  "@npmcli/arborist": {
15677
- "version": "2.7.0",
15678
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.0.tgz",
15679
- "integrity": "sha512-wWYXW3aGdLygc5b1MGEMliVZ1fEQb8zAtz7PuIwb0gHoc1u9X3RItpIomvA4zCQsVWrlFYnQHc87aAvlD08Ekg==",
15691
+ "version": "2.7.1",
15692
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-2.7.1.tgz",
15693
+ "integrity": "sha512-EGDHJs6dna/52BrStr/6aaRcMLrYxGbSjT4V3JzvoTBY9/w5i2+1KNepmsG80CAsGADdo6nuNnFwb7sDRm8ZAw==",
15680
15694
  "requires": {
15681
15695
  "@npmcli/installed-package-contents": "^1.0.7",
15682
15696
  "@npmcli/map-workspaces": "^1.0.2",
@@ -15691,6 +15705,7 @@
15691
15705
  "common-ancestor-path": "^1.0.1",
15692
15706
  "json-parse-even-better-errors": "^2.3.1",
15693
15707
  "json-stringify-nice": "^1.1.4",
15708
+ "mkdirp": "^1.0.4",
15694
15709
  "mkdirp-infer-owner": "^2.0.0",
15695
15710
  "npm-install-checks": "^4.0.0",
15696
15711
  "npm-package-arg": "^8.1.0",
@@ -15703,7 +15718,9 @@
15703
15718
  "promise-call-limit": "^1.0.1",
15704
15719
  "read-package-json-fast": "^2.0.2",
15705
15720
  "readdir-scoped-modules": "^1.1.0",
15721
+ "rimraf": "^3.0.2",
15706
15722
  "semver": "^7.3.5",
15723
+ "ssri": "^8.0.1",
15707
15724
  "tar": "^6.1.0",
15708
15725
  "treeverse": "^1.0.4",
15709
15726
  "walk-up-path": "^1.0.0"
@@ -15732,6 +15749,11 @@
15732
15749
  "ssri": "^8.0.0"
15733
15750
  }
15734
15751
  },
15752
+ "mkdirp": {
15753
+ "version": "1.0.4",
15754
+ "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
15755
+ "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw=="
15756
+ },
15735
15757
  "npm-registry-fetch": {
15736
15758
  "version": "11.0.0",
15737
15759
  "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-11.0.0.tgz",
@@ -16036,9 +16058,9 @@
16036
16058
  }
16037
16059
  },
16038
16060
  "acorn-jsx": {
16039
- "version": "5.3.1",
16040
- "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.1.tgz",
16041
- "integrity": "sha512-K0Ptm/47OKfQRpNQ2J/oIN/3QYiK6FwW+eJbILhsdxh2WTLdl+30o8aGdTbm5JbffpFFAg/g+zi1E+jvJha5ng==",
16061
+ "version": "5.3.2",
16062
+ "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
16063
+ "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
16042
16064
  "dev": true,
16043
16065
  "requires": {}
16044
16066
  },
@@ -17174,13 +17196,13 @@
17174
17196
  }
17175
17197
  },
17176
17198
  "eslint": {
17177
- "version": "7.30.0",
17178
- "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.30.0.tgz",
17179
- "integrity": "sha512-VLqz80i3as3NdloY44BQSJpFw534L9Oh+6zJOUaViV4JPd+DaHwutqP7tcpkW3YiXbK6s05RZl7yl7cQn+lijg==",
17199
+ "version": "7.31.0",
17200
+ "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.31.0.tgz",
17201
+ "integrity": "sha512-vafgJpSh2ia8tnTkNUkwxGmnumgckLh5aAbLa1xRmIn9+owi8qBNGKL+B881kNKNTy7FFqTEkpNkUvmw0n6PkA==",
17180
17202
  "dev": true,
17181
17203
  "requires": {
17182
17204
  "@babel/code-frame": "7.12.11",
17183
- "@eslint/eslintrc": "^0.4.2",
17205
+ "@eslint/eslintrc": "^0.4.3",
17184
17206
  "@humanwhocodes/config-array": "^0.5.0",
17185
17207
  "ajv": "^6.10.0",
17186
17208
  "chalk": "^4.0.0",
@@ -17784,9 +17806,9 @@
17784
17806
  }
17785
17807
  },
17786
17808
  "globals": {
17787
- "version": "13.9.0",
17788
- "resolved": "https://registry.npmjs.org/globals/-/globals-13.9.0.tgz",
17789
- "integrity": "sha512-74/FduwI/JaIrr1H8e71UbDE+5x7pIPs1C2rrwC52SszOo043CsWOZEMW7o2Y58xwm9b+0RBKDxY5n2sUpEFxA==",
17809
+ "version": "13.10.0",
17810
+ "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
17811
+ "integrity": "sha512-piHC3blgLGFjvOuMmWZX60f+na1lXFDhQXBf1UYp2fXPXqvEUbOhNwi6BsQ0bQishwedgnjkwv1d9zKf+MWw3g==",
17790
17812
  "dev": true,
17791
17813
  "requires": {
17792
17814
  "type-fest": "^0.20.2"
data/helpers/package.json CHANGED
@@ -10,13 +10,13 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^2.7.0",
13
+ "@npmcli/arborist": "^2.7.1",
14
14
  "detect-indent": "^6.1.0",
15
15
  "npm": "6.14.13",
16
16
  "semver": "^7.3.4"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^7.30.0",
19
+ "eslint": "^7.31.0",
20
20
  "eslint-config-prettier": "^8.3.0",
21
21
  "jest": "^27.0.6",
22
22
  "prettier": "^2.3.2",
@@ -13,6 +13,8 @@ module Dependabot
13
13
  registry.yarnpkg.com
14
14
  ).freeze
15
15
 
16
+ SCOPED_REGISTRY = /^\s*@(?<scope>\S+):registry\s*=\s*(?<registry>\S+)/.freeze
17
+
16
18
  def initialize(dependency_files:, credentials:)
17
19
  @dependency_files = dependency_files
18
20
  @credentials = credentials
@@ -44,7 +46,7 @@ module Dependabot
44
46
  "always-auth = true"
45
47
  end
46
48
 
47
- def global_registry
49
+ def global_registry # rubocop:disable Metrics/PerceivedComplexity
48
50
  @global_registry ||=
49
51
  registry_credentials.find do |cred|
50
52
  next false if CENTRAL_REGISTRIES.include?(cred["registry"])
@@ -52,7 +54,10 @@ module Dependabot
52
54
  # If all the URLs include this registry, it's global
53
55
  next true if dependency_urls.all? { |url| url.include?(cred["registry"]) }
54
56
 
55
- # If any unscoped URLs include this registry, it's global
57
+ # Check if this registry has already been defined in .npmrc as a scoped registry
58
+ next false if npmrc_scoped_registries.any? { |sr| sr.include?(cred["registry"]) }
59
+
60
+ # If any unscoped URLs include this registry, assume it's global
56
61
  dependency_urls.
57
62
  reject { |u| u.include?("@") || u.include?("%40") }.
58
63
  any? { |url| url.include?(cred["registry"]) }
@@ -150,6 +155,15 @@ module Dependabot
150
155
  ["always-auth = true"] + lines
151
156
  end
152
157
 
158
+ def npmrc_scoped_registries
159
+ return [] unless npmrc_file
160
+
161
+ @npmrc_scoped_registries ||=
162
+ npmrc_file.content.lines.select { |line| line.match?(SCOPED_REGISTRY) }.
163
+ map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") }.
164
+ compact
165
+ end
166
+
153
167
  # rubocop:disable Metrics/PerceivedComplexity
154
168
  def registry_scopes(registry)
155
169
  # Central registries don't just apply to scopes
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.156.8
4
+ version: 0.156.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-15 00:00:00.000000000 Z
11
+ date: 2021-07-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.156.8
19
+ version: 0.156.9
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.156.8
26
+ version: 0.156.9
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement