dependabot-npm_and_yarn 0.169.1 → 0.169.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +1255 -1337
  3. data/helpers/package.json +4 -4
  4. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +4 -2
  5. data/lib/dependabot/npm_and_yarn/file_parser.rb +4 -2
  6. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +2 -1
  7. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -1
  8. data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb +2 -1
  9. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +2 -1
  10. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +4 -2
  11. data/lib/dependabot/npm_and_yarn/requirement.rb +4 -2
  12. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -1
  13. data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +2 -1
  14. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -1
  15. metadata +7 -7
data/helpers/package.json CHANGED
@@ -10,16 +10,16 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^4.0.5",
13
+ "@npmcli/arborist": "^4.1.1",
14
14
  "detect-indent": "^6.1.0",
15
15
  "npm": "6.14.14",
16
16
  "semver": "^7.3.4"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^8.3.0",
19
+ "eslint": "^8.4.1",
20
20
  "eslint-config-prettier": "^8.3.0",
21
- "jest": "^27.2.5",
22
- "prettier": "^2.4.1",
21
+ "jest": "^27.4.3",
22
+ "prettier": "^2.5.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  }
data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED
@@ -288,14 +288,16 @@ module Dependabot
288
288
  if workspace_object.is_a?(Hash)
289
289
  workspace_object.values_at("packages", "nohoist").flatten.compact
290
290
  elsif workspace_object.is_a?(Array) then workspace_object
291
- else [] # Invalid lerna.json, which must not be in use
291
+ else
292
+ [] # Invalid lerna.json, which must not be in use
292
293
  end
293
294
 
294
295
  paths_array.flat_map do |path|
295
296
  # The packages/!(not-this-package) syntax is unique to Yarn
296
297
  if path.include?("*") || path.include?("!(")
297
298
  expanded_paths(path)
298
- else path
299
+ else
300
+ path
299
301
  end
300
302
  end
301
303
  end
data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED
@@ -270,7 +270,8 @@ module Dependabot
270
270
  split("#").first
271
271
  elsif prefix.include?("bitbucket") then "bitbucket.org"
272
272
  elsif prefix.include?("gitlab") then "gitlab.com"
273
- else "github.com"
273
+ else
274
+ "github.com"
274
275
  end
275
276
 
276
277
  {
@@ -296,7 +297,8 @@ module Dependabot
296
297
  # Sonatype Nexus / Artifactory JFrog format
297
298
  resolved_url.split("/#{name}/-/#{name.split('/').last}").first
298
299
  elsif (cred_url = url_for_relevant_cred(resolved_url)) then cred_url
299
- else resolved_url.split("/")[0..2].join("/")
300
+ else
301
+ resolved_url.split("/")[0..2].join("/")
300
302
  end
301
303
 
302
304
  { type: "registry", url: url }
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED
@@ -750,7 +750,8 @@ module Dependabot
750
750
  trimmed_url = url.gsub(/(\d+\.)*tgz$/, "")
751
751
  incorrect_url = if url.start_with?("https")
752
752
  trimmed_url.gsub(/^https:/, "http:")
753
- else trimmed_url.gsub(/^http:/, "https:")
753
+ else
754
+ trimmed_url.gsub(/^http:/, "https:")
754
755
  end
755
756
  updated_lockfile_content = updated_lockfile_content.gsub(
756
757
  /#{Regexp.quote(incorrect_url)}(?=(\d+\.)*tgz")/,
data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb CHANGED
@@ -25,7 +25,8 @@ module Dependabot
25
25
  initial_content =
26
26
  if npmrc_file then complete_npmrc_from_credentials
27
27
  elsif yarnrc_file then build_npmrc_from_yarnrc
28
- else build_npmrc_content_from_lockfile
28
+ else
29
+ build_npmrc_content_from_lockfile
29
30
  end
30
31
 
31
32
  return initial_content || "" unless registry_credentials.any?
data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb CHANGED
@@ -42,7 +42,8 @@ module Dependabot
42
42
  workspace_object.values_at("packages", "nohoist").
43
43
  flatten.compact
44
44
  elsif workspace_object.is_a?(Array) then workspace_object
45
- else raise "Unexpected workspace object"
45
+ else
46
+ raise "Unexpected workspace object"
46
47
  end
47
48
 
48
49
  paths_array.each { |path| path.gsub!(%r{^\./}, "") }
data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED
@@ -336,7 +336,8 @@ module Dependabot
336
336
  workspace_object.values_at("packages", "nohoist").
337
337
  flatten.compact
338
338
  elsif workspace_object.is_a?(Array) then workspace_object
339
- else raise "Unexpected workspace object"
339
+ else
340
+ raise "Unexpected workspace object"
340
341
  end
341
342
 
342
343
  paths_array.each { |path| path.gsub!(%r{^\./}, "") }
data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED
@@ -197,7 +197,8 @@ module Dependabot
197
197
  def dependency_url
198
198
  registry_url =
199
199
  if new_source.nil? then "https://registry.npmjs.org"
200
- else new_source.fetch(:url)
200
+ else
201
+ new_source.fetch(:url)
201
202
  end
202
203
 
203
204
  # NPM registries expect slashes to be escaped
@@ -213,7 +214,8 @@ module Dependabot
213
214
 
214
215
  def dependency_registry
215
216
  if new_source.nil? then "registry.npmjs.org"
216
- else new_source.fetch(:url).gsub("https://", "").gsub("http://", "")
217
+ else
218
+ new_source.fetch(:url).gsub("https://", "").gsub("http://", "")
217
219
  end
218
220
  end
219
221
 
data/lib/dependabot/npm_and_yarn/requirement.rb CHANGED
@@ -68,7 +68,8 @@ module Dependabot
68
68
  elsif req_string.start_with?("^") then convert_caret_req(req_string)
69
69
  elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
70
70
  elsif req_string.match?(/[<>]/) then req_string
71
- else ruby_range(req_string)
71
+ else
72
+ ruby_range(req_string)
72
73
  end
73
74
  end
74
75
 
@@ -122,7 +123,8 @@ module Dependabot
122
123
  if i < first_non_zero_index then part
123
124
  elsif i == first_non_zero_index then (part.to_i + 1).to_s
124
125
  elsif i > first_non_zero_index && i == 2 then "0.a"
125
- else 0
126
+ else
127
+ 0
126
128
  end
127
129
  end.join(".")
128
130
 
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -62,7 +62,8 @@ module Dependabot
62
62
  secure_versions =
63
63
  if specified_dist_tag_requirement?
64
64
  [version_from_dist_tags].compact
65
- else possible_versions(filter_ignored: false)
65
+ else
66
+ possible_versions(filter_ignored: false)
66
67
  end
67
68
 
68
69
  secure_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(secure_versions,
data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb CHANGED
@@ -178,7 +178,8 @@ module Dependabot
178
178
  version_to_be_permitted.segments[index]
179
179
  elsif index == index_to_update
180
180
  version_to_be_permitted.segments[index] + 1
181
- else 0
181
+ else
182
+ 0
182
183
  end
183
184
  end.join(".")
184
185
  end
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -262,7 +262,8 @@ module Dependabot
262
262
  e.message.scan(YARN_PEER_DEP_ERROR_REGEX) do
263
263
  errors << Regexp.last_match.named_captures
264
264
  end
265
- else raise
265
+ else
266
+ raise
266
267
  end
267
268
  errors
268
269
  end.compact
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.1
4
+ version: 0.169.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-29 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.1
19
+ version: 0.169.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.1
26
+ version: 0.169.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 2.5.0
286
286
  requirements: []
287
- rubygems_version: 3.2.22
287
+ rubygems_version: 3.2.32
288
288
  signing_key:
289
289
  specification_version: 4
290
290
  summary: JS support for dependabot