dependabot-npm_and_yarn 0.192.0 → 0.194.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +7 -7
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/package_name.rb +21 -12
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 84d86e305584a9618478b577321f23f3deb822ec60f1e202dddef4e92a69bfda
4
- data.tar.gz: 6aabe28b029811df4cba03a6b3a4476e5d520c87a36257ecfc9d51200f049015
3
+ metadata.gz: e0d51c9b925807c1a111f06b7c6261768977e9a1507e2172d0d687f135ea7dfc
4
+ data.tar.gz: 077d6d0b952070d41b80ab103873bf36a006b9fcdde1acd7c8d0525ef078668d
5
5
  SHA512:
6
- metadata.gz: 50554ba9711f1b3b07e22d813696e17967984c70295a09b9a542a6515bd2083b162bd6225d539c239baf2860ca4c8dfc5b8a258625261cd8e909ebeb24c2332e
7
- data.tar.gz: 26c338472ad8d98aa47da37e2f0a3a20f3a68167c6281356dfe6a37e3bb35d7e9ff74cb74f2dab4f5470e4d81e6c61ad0a2e0a3db7a6fef32eb4f7d79585ec11
6
+ metadata.gz: f60d6507d628f1bb68c671f8e0c33f903b2921d637bf10cff2d89dfa7d07ae360c9d7e0089fc519bad0f513973914dd29fab7e12f9e8a9482a91b5c1b18cf4b9
7
+ data.tar.gz: c448465b1ed7721d586cb267563c31ef7ffe3ccef21ce3662fb7f7a68b56d5712a2e8dce7c4967aa85c3387934f9849a0abaa607e94c6143f823236ac14800b4
data/helpers/package-lock.json CHANGED
@@ -19,7 +19,7 @@
19
19
  "eslint": "^8.15.0",
20
20
  "eslint-config-prettier": "^8.5.0",
21
21
  "jest": "^28.1.0",
22
- "prettier": "^2.6.2",
22
+ "prettier": "^2.7.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  },
@@ -12167,9 +12167,9 @@
12167
12167
  }
12168
12168
  },
12169
12169
  "node_modules/prettier": {
12170
- "version": "2.6.2",
12171
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
12172
- "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
12170
+ "version": "2.7.1",
12171
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
12172
+ "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
12173
12173
  "dev": true,
12174
12174
  "bin": {
12175
12175
  "prettier": "bin-prettier.js"
@@ -22908,9 +22908,9 @@
22908
22908
  "integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
22909
22909
  },
22910
22910
  "prettier": {
22911
- "version": "2.6.2",
22912
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
22913
- "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
22911
+ "version": "2.7.1",
22912
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
22913
+ "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
22914
22914
  "dev": true
22915
22915
  },
22916
22916
  "pretty-format": {
data/helpers/package.json CHANGED
@@ -19,7 +19,7 @@
19
19
  "eslint": "^8.15.0",
20
20
  "eslint-config-prettier": "^8.5.0",
21
21
  "jest": "^28.1.0",
22
- "prettier": "^2.6.2",
22
+ "prettier": "^2.7.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  }
data/lib/dependabot/npm_and_yarn/package_name.rb CHANGED
@@ -3,21 +3,30 @@
3
3
  module Dependabot
4
4
  module NpmAndYarn
5
5
  class PackageName
6
+ # NPM package naming rules are defined by the following projects:
7
+ # - https://github.com/npm/npm-user-validate
8
+ # - https://github.com/npm/validate-npm-package-name
6
9
  PACKAGE_NAME_REGEX = %r{
7
- \A # beginning of string
8
- (?=.{1,214}\z) # enforce length (1 - 214)
9
- (@(?<scope>[a-z0-9\-~][a-z0-9\-\._~]*)\/)? # capture 'scope' if present
10
- (?<name>[a-z0-9\-~][a-z0-9\-._~]*) # capture package name
11
- \z # end of string
12
- }xi.freeze # multi-line/case-insensitive
10
+ \A # beginning of string
11
+ (?=.{1,214}\z) # enforce length (1 - 214)
12
+ (@(?<scope> # capture 'scope' if present
13
+ (?=[^\.]) # reject leading dot
14
+ [a-z0-9\-\_\.\!\~\*\'\(\)]+ # URL-safe characters
15
+ )\/)?
16
+ (?<name> # capture package name
17
+ (?=[^\.\_]) # reject leading dot or underscore
18
+ [a-z0-9\-\_\.\!\~\*\'\(\)]+ # URL-safe characters
19
+ )
20
+ \z # end of string
21
+ }xi.freeze # multi-line/case-insensitive
13
22
 
14
23
  TYPES_PACKAGE_NAME_REGEX = %r{
15
- \A # beginning of string
16
- @types\/ # starts with @types/
17
- ((?<scope>.+)__)? # capture scope
18
- (?<name>.+) # capture name
19
- \z # end of string
20
- }xi.freeze # multi-line/case-insensitive
24
+ \A # beginning of string
25
+ @types\/ # starts with @types/
26
+ ((?<scope>.+)__)? # capture scope
27
+ (?<name>.+) # capture name
28
+ \z # end of string
29
+ }xi.freeze # multi-line/case-insensitive
21
30
 
22
31
  class InvalidPackageName < StandardError; end
23
32
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.192.0
4
+ version: 0.194.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-13 00:00:00.000000000 Z
11
+ date: 2022-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.192.0
19
+ version: 0.194.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.192.0
26
+ version: 0.194.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement