dependabot-npm_and_yarn 0.169.2 → 0.169.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +1255 -1337
  3. data/helpers/package.json +4 -4
  4. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +4 -2
  5. data/lib/dependabot/npm_and_yarn/file_parser.rb +4 -2
  6. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +2 -1
  7. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -1
  8. data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb +2 -1
  9. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +2 -1
  10. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +4 -2
  11. data/lib/dependabot/npm_and_yarn/requirement.rb +4 -2
  12. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -1
  13. data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +2 -1
  14. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -1
  15. metadata +7 -7
data/helpers/package.json CHANGED
@@ -10,16 +10,16 @@
10
10
  },
11
11
  "dependencies": {
12
12
  "@dependabot/yarn-lib": "^1.21.1",
13
- "@npmcli/arborist": "^4.0.5",
13
+ "@npmcli/arborist": "^4.1.1",
14
14
  "detect-indent": "^6.1.0",
15
15
  "npm": "6.14.14",
16
16
  "semver": "^7.3.4"
17
17
  },
18
18
  "devDependencies": {
19
- "eslint": "^8.3.0",
19
+ "eslint": "^8.4.1",
20
20
  "eslint-config-prettier": "^8.3.0",
21
- "jest": "^27.2.5",
22
- "prettier": "^2.4.1",
21
+ "jest": "^27.4.3",
22
+ "prettier": "^2.5.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  }
data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED
@@ -288,14 +288,16 @@ module Dependabot
288
288
  if workspace_object.is_a?(Hash)
289
289
  workspace_object.values_at("packages", "nohoist").flatten.compact
290
290
  elsif workspace_object.is_a?(Array) then workspace_object
291
- else [] # Invalid lerna.json, which must not be in use
291
+ else
292
+ [] # Invalid lerna.json, which must not be in use
292
293
  end
293
294
 
294
295
  paths_array.flat_map do |path|
295
296
  # The packages/!(not-this-package) syntax is unique to Yarn
296
297
  if path.include?("*") || path.include?("!(")
297
298
  expanded_paths(path)
298
- else path
299
+ else
300
+ path
299
301
  end
300
302
  end
301
303
  end
data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED
@@ -270,7 +270,8 @@ module Dependabot
270
270
  split("#").first
271
271
  elsif prefix.include?("bitbucket") then "bitbucket.org"
272
272
  elsif prefix.include?("gitlab") then "gitlab.com"
273
- else "github.com"
273
+ else
274
+ "github.com"
274
275
  end
275
276
 
276
277
  {
@@ -296,7 +297,8 @@ module Dependabot
296
297
  # Sonatype Nexus / Artifactory JFrog format
297
298
  resolved_url.split("/#{name}/-/#{name.split('/').last}").first
298
299
  elsif (cred_url = url_for_relevant_cred(resolved_url)) then cred_url
299
- else resolved_url.split("/")[0..2].join("/")
300
+ else
301
+ resolved_url.split("/")[0..2].join("/")
300
302
  end
301
303
 
302
304
  { type: "registry", url: url }
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED
@@ -750,7 +750,8 @@ module Dependabot
750
750
  trimmed_url = url.gsub(/(\d+\.)*tgz$/, "")
751
751
  incorrect_url = if url.start_with?("https")
752
752
  trimmed_url.gsub(/^https:/, "http:")
753
- else trimmed_url.gsub(/^http:/, "https:")
753
+ else
754
+ trimmed_url.gsub(/^http:/, "https:")
754
755
  end
755
756
  updated_lockfile_content = updated_lockfile_content.gsub(
756
757
  /#{Regexp.quote(incorrect_url)}(?=(\d+\.)*tgz")/,
data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb CHANGED
@@ -25,7 +25,8 @@ module Dependabot
25
25
  initial_content =
26
26
  if npmrc_file then complete_npmrc_from_credentials
27
27
  elsif yarnrc_file then build_npmrc_from_yarnrc
28
- else build_npmrc_content_from_lockfile
28
+ else
29
+ build_npmrc_content_from_lockfile
29
30
  end
30
31
 
31
32
  return initial_content || "" unless registry_credentials.any?
data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb CHANGED
@@ -42,7 +42,8 @@ module Dependabot
42
42
  workspace_object.values_at("packages", "nohoist").
43
43
  flatten.compact
44
44
  elsif workspace_object.is_a?(Array) then workspace_object
45
- else raise "Unexpected workspace object"
45
+ else
46
+ raise "Unexpected workspace object"
46
47
  end
47
48
 
48
49
  paths_array.each { |path| path.gsub!(%r{^\./}, "") }
data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED
@@ -336,7 +336,8 @@ module Dependabot
336
336
  workspace_object.values_at("packages", "nohoist").
337
337
  flatten.compact
338
338
  elsif workspace_object.is_a?(Array) then workspace_object
339
- else raise "Unexpected workspace object"
339
+ else
340
+ raise "Unexpected workspace object"
340
341
  end
341
342
 
342
343
  paths_array.each { |path| path.gsub!(%r{^\./}, "") }
data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED
@@ -197,7 +197,8 @@ module Dependabot
197
197
  def dependency_url
198
198
  registry_url =
199
199
  if new_source.nil? then "https://registry.npmjs.org"
200
- else new_source.fetch(:url)
200
+ else
201
+ new_source.fetch(:url)
201
202
  end
202
203
 
203
204
  # NPM registries expect slashes to be escaped
@@ -213,7 +214,8 @@ module Dependabot
213
214
 
214
215
  def dependency_registry
215
216
  if new_source.nil? then "registry.npmjs.org"
216
- else new_source.fetch(:url).gsub("https://", "").gsub("http://", "")
217
+ else
218
+ new_source.fetch(:url).gsub("https://", "").gsub("http://", "")
217
219
  end
218
220
  end
219
221
 
data/lib/dependabot/npm_and_yarn/requirement.rb CHANGED
@@ -68,7 +68,8 @@ module Dependabot
68
68
  elsif req_string.start_with?("^") then convert_caret_req(req_string)
69
69
  elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
70
70
  elsif req_string.match?(/[<>]/) then req_string
71
- else ruby_range(req_string)
71
+ else
72
+ ruby_range(req_string)
72
73
  end
73
74
  end
74
75
 
@@ -122,7 +123,8 @@ module Dependabot
122
123
  if i < first_non_zero_index then part
123
124
  elsif i == first_non_zero_index then (part.to_i + 1).to_s
124
125
  elsif i > first_non_zero_index && i == 2 then "0.a"
125
- else 0
126
+ else
127
+ 0
126
128
  end
127
129
  end.join(".")
128
130
 
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED
@@ -62,7 +62,8 @@ module Dependabot
62
62
  secure_versions =
63
63
  if specified_dist_tag_requirement?
64
64
  [version_from_dist_tags].compact
65
- else possible_versions(filter_ignored: false)
65
+ else
66
+ possible_versions(filter_ignored: false)
66
67
  end
67
68
 
68
69
  secure_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(secure_versions,
data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb CHANGED
@@ -178,7 +178,8 @@ module Dependabot
178
178
  version_to_be_permitted.segments[index]
179
179
  elsif index == index_to_update
180
180
  version_to_be_permitted.segments[index] + 1
181
- else 0
181
+ else
182
+ 0
182
183
  end
183
184
  end.join(".")
184
185
  end
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -262,7 +262,8 @@ module Dependabot
262
262
  e.message.scan(YARN_PEER_DEP_ERROR_REGEX) do
263
263
  errors << Regexp.last_match.named_captures
264
264
  end
265
- else raise
265
+ else
266
+ raise
266
267
  end
267
268
  errors
268
269
  end.compact
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.2
4
+ version: 0.169.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-30 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.2
19
+ version: 0.169.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.2
26
+ version: 0.169.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 2.5.0
286
286
  requirements: []
287
- rubygems_version: 3.2.22
287
+ rubygems_version: 3.2.32
288
288
  signing_key:
289
289
  specification_version: 4
290
290
  summary: JS support for dependabot