dependabot-npm_and_yarn 0.174.0 → 0.176.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +15 -2
  3. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +8 -5
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 310ddc6ca311265c2939288f67964159593c655aaff93f529fd56d3886a1bddb
4
- data.tar.gz: b73e69ca3122abda9c5d5af520a80345db472f6c4142ef398facdb6daeaea3b1
3
+ metadata.gz: 584536d769129c8c4ec7b91ed6f3e3b61a67480202507c1fb8f447cf92597123
4
+ data.tar.gz: 787fea358f2e07bf4e1633034bdf4a88e1a35f9451d5fb0154466a49dd18d103
5
5
  SHA512:
6
- metadata.gz: b9337905afb5485c58966ddf6f534ef61cdfd4d75daa6fb0893081d2ff4fa0f094403f9a4185bba852e44cfc3d8e39f21cc3cb69651cba1e406d9294879d74b6
7
- data.tar.gz: 241872a4e3f6ef0538c9d96585012db2bb00e85fad93689cfd61cb0ed3d451df31f38aef08723e9b05e2a3003e04e71a8cc6cb5be4443dfa0c071c9f7fafdfdb
6
+ metadata.gz: c76654e95d7337e5d3200e84598d6f06a8cd3ecdbba511ed20b703727e9b08a2542ae8b587bc23d8ce4c533d111a9b1c1bcc30eb663506f918610e212f4370a5
7
+ data.tar.gz: 16aa94ffcd7a1209e8c8ec520421de5d1d52362a644ac19129788433ad118ca749da51eed4c58003690d8a9f59c8a48f57001ec08a71bb222e4935f50d02db47
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED
@@ -476,6 +476,7 @@ module Dependabot
476
476
  updated_content = lock_deps_with_latest_reqs(updated_content)
477
477
 
478
478
  updated_content = sanitized_package_json_content(updated_content)
479
+
479
480
  File.write(file.name, updated_content)
480
481
  end
481
482
  end
@@ -495,6 +496,16 @@ module Dependabot
495
496
  end
496
497
  end
497
498
 
499
+ # Takes a JSON string and detects if it is spaces or tabs and how many
500
+ # levels deep it is indented.
501
+ def detect_indentation(json)
502
+ indentation = json.scan(/^\s+/).min_by(&:length)
503
+ indentation_size = indentation.length
504
+ indentation_type = indentation.scan(/\t/).any? ? "\t" : " "
505
+
506
+ indentation_type * indentation_size
507
+ end
508
+
498
509
  def lock_git_deps(content)
499
510
  return content if git_dependencies_to_lock.empty?
500
511
 
@@ -508,7 +519,8 @@ module Dependabot
508
519
  end
509
520
  end
510
521
 
511
- json.to_json
522
+ indent = detect_indentation(content)
523
+ JSON.pretty_generate(json, indent: indent)
512
524
  end
513
525
 
514
526
  def git_dependencies_to_lock
@@ -549,7 +561,8 @@ module Dependabot
549
561
  end
550
562
  end
551
563
 
552
- json.to_json
564
+ indent = detect_indentation(content)
565
+ JSON.pretty_generate(json, indent: indent)
553
566
  end
554
567
 
555
568
  def replace_ssh_sources(content)
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -56,8 +56,8 @@ module Dependabot
56
56
  # npm ERR! peer @opentelemetry/api@">=1.0.0 <1.1.0" from @opentelemetry/context-async-hooks@1.0.1
57
57
  NPM7_PEER_DEP_ERROR_REGEX =
58
58
  /
59
- npm\sERR!\sCould\snot\sresolve\sdependency:\n
60
- npm\sERR!\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
59
+ npm\s(?:WARN|ERR!)\sCould\snot\sresolve\sdependency:\n
60
+ npm\s(?:WARN|ERR!)\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
61
61
  /x.freeze
62
62
 
63
63
  def initialize(dependency:, credentials:, dependency_files:,
@@ -458,10 +458,13 @@ module Dependabot
458
458
  end
459
459
 
460
460
  def run_npm7_checker(version:)
461
- SharedHelpers.run_shell_command(
461
+ cmd =
462
462
  "npm install #{version_install_arg(version: version)} --package-lock-only --dry-run=true --ignore-scripts"
463
- )
464
- nil
463
+ output = SharedHelpers.run_shell_command(cmd)
464
+ if output.match?(NPM7_PEER_DEP_ERROR_REGEX)
465
+ error_context = { command: cmd, process_exit_value: 1 }
466
+ raise SharedHelpers::HelperSubprocessFailed.new(message: output, error_context: error_context)
467
+ end
465
468
  rescue SharedHelpers::HelperSubprocessFailed => e
466
469
  raise if e.message.match?(NPM7_PEER_DEP_ERROR_REGEX)
467
470
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.174.0
4
+ version: 0.176.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-18 00:00:00.000000000 Z
11
+ date: 2022-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.174.0
19
+ version: 0.176.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.174.0
26
+ version: 0.176.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement