RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.216.1 → 0.217.0 - Mend

dependabot-npm_and_yarn 0.216.1 → 0.217.0

Files changed (9) hide show

checksums.yaml +4 -4
data/helpers/package-lock.json +33 -30
data/helpers/package.json +2 -2
data/lib/dependabot/npm_and_yarn/file_fetcher.rb +54 -19
data/lib/dependabot/npm_and_yarn/helpers.rb +8 -0
data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -2
data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +1 -1
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -2
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 239ea74bfa12a1156995f658945575829fd543be7c7db2986fe00ad6124b111d
-  data.tar.gz: 9f65a09fc63f0579d77ce551c1e1929edfe347598741d311112a27f44d020252
+  metadata.gz: a823eeb3c53a01ed5def55c048e922f0d7a0321b3c0e3a5fb72a6d6a00fbf46b
+  data.tar.gz: '086d8ec9bd1a36a0fb1c65f2eba91e8b5f6d6c64a3cf700774a275eeb07f3767'
 SHA512:
-  metadata.gz: 3d81beca1ebbdc44ced78f2f375dc9f1ef39558021dba7c1982fea116bce47a906926d429c38787354439b8828efa12516d165e3781f215cb83a30c99c375ea9
-  data.tar.gz: 200a5946ddd36daa5b687a634f79cb5c84718f94b771c1b6e5a04d6ab8654d82362d6b4c6c8c1016e313dd12a633452116dfe9329c5dc8248fdecd47d25dc735
+  metadata.gz: a0d9706d209830b65e374334508f962a93442f48e7fd024f0a0436edb8381e3388e52f08ce1acaef7b39fc4a72a5a1df05813128e03c429a90ab971ef37969a7
+  data.tar.gz: cd710eb25983ce630ddfd87e816ab7c0f99264f78f2251c96393ebc32eba4b6c844a319c4f4b25113e46a1c4b2b48ff65a5f00a3a3f9d9b6601c4b71cb8c8e94

data/helpers/package-lock.json CHANGED Viewed

@@ -17,10 +17,10 @@
         "helper": "run.js"
       },
       "devDependencies": {
-        "eslint": "^8.38.0",
+        "eslint": "^8.39.0",
         "eslint-config-prettier": "^8.8.0",
         "jest": "^29.5.0",
-        "prettier": "^2.8.7"
+        "prettier": "^2.8.8"
       }
     },
     "node_modules/@ampproject/remapping": {
@@ -799,9 +799,9 @@
       "dev": true
     },
     "node_modules/@eslint/js": {
-      "version": "8.38.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz",
-      "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==",
+      "version": "8.39.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.39.0.tgz",
+      "integrity": "sha512-kf9RB0Fg7NZfap83B3QOqOGg9QmD9yBudqQXzzOtn3i4y7ZUXe5ONeW34Gwi+TxhH4mvj72R1Zc300KUMa9Bng==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -3675,15 +3675,15 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.38.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz",
-      "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==",
+      "version": "8.39.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.39.0.tgz",
+      "integrity": "sha512-mwiok6cy7KTW7rBpo05k6+p4YVZByLNjAZ/ACB9DRCu4YDRwjXI01tWHp6KAUWelsBetTxKK/2sHB0vdS8Z2Og==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.4.0",
         "@eslint/eslintrc": "^2.0.2",
-        "@eslint/js": "8.38.0",
+        "@eslint/js": "8.39.0",
         "@humanwhocodes/config-array": "^0.11.8",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -3693,7 +3693,7 @@
         "debug": "^4.3.2",
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^7.1.1",
+        "eslint-scope": "^7.2.0",
         "eslint-visitor-keys": "^3.4.0",
         "espree": "^9.5.1",
         "esquery": "^1.4.2",
@@ -3744,9 +3744,9 @@
       }
     },
     "node_modules/eslint-scope": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz",
-      "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.0.tgz",
+      "integrity": "sha512-DYj5deGlHBfMt15J7rdtyKNq/Nqlv5KfU4iodrQ019XESsRnwXH9KAE0y3cwtUHDo2ob7CypAnCqefh6vioWRw==",
       "dev": true,
       "dependencies": {
         "esrecurse": "^4.3.0",
@@ -3754,6 +3754,9 @@
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
       }
     },
     "node_modules/eslint-visitor-keys": {
@@ -13227,9 +13230,9 @@
       }
     },
     "node_modules/prettier": {
-      "version": "2.8.7",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz",
-      "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==",
+      "version": "2.8.8",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz",
+      "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==",
       "dev": true,
       "bin": {
         "prettier": "bin-prettier.js"
@@ -15637,9 +15640,9 @@
       }
     },
     "@eslint/js": {
-      "version": "8.38.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.38.0.tgz",
-      "integrity": "sha512-IoD2MfUnOV58ghIHCiil01PcohxjbYR/qCxsoC+xNgUwh1EY8jOOrYmu3d3a71+tJJ23uscEV4X2HJWMsPJu4g==",
+      "version": "8.39.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.39.0.tgz",
+      "integrity": "sha512-kf9RB0Fg7NZfap83B3QOqOGg9QmD9yBudqQXzzOtn3i4y7ZUXe5ONeW34Gwi+TxhH4mvj72R1Zc300KUMa9Bng==",
       "dev": true
     },
     "@gar/promisify": {
@@ -17850,15 +17853,15 @@
       "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
     },
     "eslint": {
-      "version": "8.38.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.38.0.tgz",
-      "integrity": "sha512-pIdsD2jwlUGf/U38Jv97t8lq6HpaU/G9NKbYmpWpZGw3LdTNhZLbJePqxOXGB5+JEKfOPU/XLxYxFh03nr1KTg==",
+      "version": "8.39.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.39.0.tgz",
+      "integrity": "sha512-mwiok6cy7KTW7rBpo05k6+p4YVZByLNjAZ/ACB9DRCu4YDRwjXI01tWHp6KAUWelsBetTxKK/2sHB0vdS8Z2Og==",
       "dev": true,
       "requires": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.4.0",
         "@eslint/eslintrc": "^2.0.2",
-        "@eslint/js": "8.38.0",
+        "@eslint/js": "8.39.0",
         "@humanwhocodes/config-array": "^0.11.8",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
@@ -17868,7 +17871,7 @@
         "debug": "^4.3.2",
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^7.1.1",
+        "eslint-scope": "^7.2.0",
         "eslint-visitor-keys": "^3.4.0",
         "espree": "^9.5.1",
         "esquery": "^1.4.2",
@@ -18029,9 +18032,9 @@
       "requires": {}
     },
     "eslint-scope": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz",
-      "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.0.tgz",
+      "integrity": "sha512-DYj5deGlHBfMt15J7rdtyKNq/Nqlv5KfU4iodrQ019XESsRnwXH9KAE0y3cwtUHDo2ob7CypAnCqefh6vioWRw==",
       "dev": true,
       "requires": {
         "esrecurse": "^4.3.0",
@@ -24977,9 +24980,9 @@
       "integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
     },
     "prettier": {
-      "version": "2.8.7",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz",
-      "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==",
+      "version": "2.8.8",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz",
+      "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==",
       "dev": true
     },
     "pretty-format": {

data/helpers/package.json CHANGED Viewed

@@ -17,9 +17,9 @@
     "semver": "^7.4.0"
   },
   "devDependencies": {
-    "eslint": "^8.38.0",
+    "eslint": "^8.39.0",
     "eslint-config-prettier": "^8.8.0",
     "jest": "^29.5.0",
-    "prettier": "^2.8.7"
+    "prettier": "^2.8.8"
   }
 }

data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED Viewed

@@ -10,7 +10,7 @@ require "dependabot/npm_and_yarn/file_parser/lockfile_parser"
 module Dependabot
   module NpmAndYarn
-    class FileFetcher < Dependabot::FileFetchers::Base
+    class FileFetcher < Dependabot::FileFetchers::Base # rubocop:disable Metrics/ClassLength
       require_relative "file_fetcher/path_dependency_builder"
       # Npm always prefixes file paths in the lockfile "version" with "file:"
@@ -22,6 +22,7 @@ module Dependabot
       # "yarn link", e.g. "link:react"
       PATH_DEPENDENCY_STARTS = %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze
       PATH_DEPENDENCY_CLEAN_REGEX = /^file:|^link:/
+      DEFAULT_NPM_REGISTRY = "https://registry.npmjs.org"
       def self.required_files_in?(filenames)
         filenames.include?("package.json")
@@ -55,6 +56,7 @@ module Dependabot
         package_managers["npm"] = Helpers.npm_version_numeric(package_lock.content) if package_lock
         package_managers["yarn"] = yarn_version if yarn_version
         package_managers["shrinkwrap"] = 1 if shrinkwrap
+        package_managers["unknown"] = 1 if package_managers.empty?
         {
           ecosystem: "npm",
@@ -67,43 +69,76 @@ module Dependabot
       def fetch_files
         fetched_files = []
         fetched_files << package_json
-        fetched_files << package_lock if package_lock && !ignore_package_lock?
-        fetched_files << yarn_lock if yarn_lock
-        fetched_files << shrinkwrap if shrinkwrap
-        fetched_files << lerna_json if lerna_json
-        fetched_files << npmrc if npmrc
-        fetched_files << yarnrc if yarnrc
-        fetched_files << yarnrc_yml if yarnrc_yml
+        fetched_files += npm_files
+        fetched_files += yarn_files
+        fetched_files += lerna_files
         fetched_files += workspace_package_jsons
-        fetched_files += lerna_packages
         fetched_files += path_dependencies(fetched_files)
-        fetched_files << inferred_npmrc if inferred_npmrc
         fetched_files.uniq
       end
+      def npm_files
+        fetched_npm_files = []
+        fetched_npm_files << package_lock if package_lock && !ignore_package_lock?
+        fetched_npm_files << shrinkwrap if shrinkwrap
+        fetched_npm_files << npmrc if npmrc
+        fetched_npm_files << inferred_npmrc if inferred_npmrc
+        fetched_npm_files
+      end
+      def yarn_files
+        fetched_yarn_files = []
+        fetched_yarn_files << yarn_lock if yarn_lock
+        fetched_yarn_files << yarnrc if yarnrc
+        fetched_yarn_files << yarnrc_yml if yarnrc_yml
+        fetched_yarn_files
+      end
+      def lerna_files
+        fetched_lerna_files = []
+        fetched_lerna_files << lerna_json if lerna_json
+        fetched_lerna_files += lerna_packages
+        fetched_lerna_files
+      end
       # If every entry in the lockfile uses the same registry, we can infer
       # that there is a global .npmrc file, so add it here as if it were in the repo.
-      def inferred_npmrc
+      def inferred_npmrc # rubocop:disable Metrics/PerceivedComplexity
         return @inferred_npmrc if defined?(@inferred_npmrc)
         return @inferred_npmrc = nil unless npmrc.nil? && package_lock
         known_registries = []
-        JSON.parse(package_lock.content).fetch("dependencies", {}).each do |_name, details|
-          resolved = details.fetch("resolved", "https://registry.npmjs.org")
+        JSON.parse(package_lock.content).fetch("dependencies", {}).each do |dependency_name, details|
+          resolved = details.fetch("resolved", DEFAULT_NPM_REGISTRY)
           begin
             uri = URI.parse(resolved)
           rescue URI::InvalidURIError
             # Ignoring non-URIs since they're not registries.
-            # This can happen if resolved is false, for instance.
+            # This can happen if resolved is `false`, for instance
+            # npm6 bug https://github.com/npm/cli/issues/1138
             next
           end
-          # Check for scheme since path dependencies will not have one
-          known_registries << "#{uri.scheme}://#{uri.host}" if uri.scheme && uri.host
+          next unless uri.scheme && uri.host
+          known_registry = "#{uri.scheme}://#{uri.host}"
+          path = uri.path
+          next unless path
+          index = path.index(dependency_name)
+          if index
+            registry_base_path = path[0...index].delete_suffix("/")
+            known_registry << registry_base_path
+          end
+          known_registries << known_registry
         end
-        if known_registries.uniq.length == 1 && known_registries.first != "https://registry.npmjs.org"
+        if known_registries.uniq.length == 1 && known_registries.first != DEFAULT_NPM_REGISTRY
           Dependabot.logger.info("Inferred global NPM registry is: #{known_registries.first}")
           return @inferred_npmrc = Dependabot::DependencyFile.new(
             name: ".npmrc",
@@ -121,7 +156,7 @@ module Dependabot
         if (package_manager = package.fetch("packageManager", nil))
           get_yarn_version_from_package_json(package_manager)
         elsif yarn_lock
-          1
+          Helpers.yarn_version_numeric(yarn_lock)
         end
       end

data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED Viewed

@@ -16,6 +16,14 @@ module Dependabot
         6
       end
+      def self.yarn_version_numeric(yarn_lock)
+        if yarn_berry?(yarn_lock)
+          3
+        else
+          1
+        end
+      end
       def self.fetch_yarnrc_yml_value(key, default_value)
         if File.exist?(".yarnrc.yml") && (yarnrc = YAML.load_file(".yarnrc.yml"))
           yarnrc.fetch(key, default_value)

data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -375,11 +375,11 @@ module Dependabot
         end
         def version_class
-          NpmAndYarn::Version
+          dependency.version_class
         end
         def requirement_class
-          NpmAndYarn::Requirement
+          dependency.requirement_class
         end
         def npmrc_file

data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb CHANGED Viewed

@@ -145,7 +145,7 @@ module Dependabot
         end
         def version_class
-          NpmAndYarn::Version
+          dependency.version_class
         end
         def updated_dependency

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED Viewed

@@ -642,11 +642,11 @@ module Dependabot
         end
         def version_class
-          NpmAndYarn::Version
+          dependency.version_class
         end
         def requirement_class
-          NpmAndYarn::Requirement
+          dependency.requirement_class
         end
         def version_regex

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.216.1
+  version: 0.217.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-14 00:00:00.000000000 Z
+date: 2023-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.216.1
+        version: 0.217.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.216.1
+        version: 0.217.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement