RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.231.0 → 0.233.0 - Mend

dependabot-npm_and_yarn 0.231.0 → 0.233.0

Files changed (26) hide show

data/helpers/package.json CHANGED Viewed

@@ -11,9 +11,9 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.22.19",
-    "@npmcli/arborist": "^6.3.0",
+    "@npmcli/arborist": "^7.1.0",
     "detect-indent": "^6.1.0",
-    "nock": "^13.3.2",
+    "nock": "^13.3.3",
     "npm": "6.14.18",
     "@pnpm/lockfile-file": "^8.1.2",
     "@pnpm/dependency-path": "^2.1.1",

data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/utils"

data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "json"

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/errors"

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb CHANGED Viewed

@@ -17,9 +17,10 @@ module Dependabot
         SCOPED_REGISTRY = /^\s*@(?<scope>\S+):registry\s*=\s*(?<registry>\S+)/
-        def initialize(dependency_files:, credentials:)
+        def initialize(dependency_files:, credentials:, dependencies: [])
           @dependency_files = dependency_files
           @credentials = credentials
+          @dependencies = dependencies
         end
         # PROXY WORK
@@ -52,7 +53,7 @@ module Dependabot
         private
-        attr_reader :dependency_files, :credentials
+        attr_reader :dependency_files, :credentials, :dependencies
         def build_npmrc_content_from_lockfile
           return unless yarn_lock || package_lock
@@ -134,6 +135,17 @@ module Dependabot
           return @dependency_urls if defined?(@dependency_urls)
           @dependency_urls = []
+          if dependencies.any?
+            @dependency_urls = dependencies.map do |dependency|
+              UpdateChecker::RegistryFinder.new(
+                dependency: dependency,
+                credentials: credentials
+              ).dependency_url
+            end
+            return @dependency_urls
+          end
           if package_lock
             @dependency_urls +=
               package_lock.content.scan(/"resolved"\s*:\s*"(.*)"/)

data/lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/npm_and_yarn/file_updater"

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/npm_and_yarn/helpers"
@@ -9,6 +9,7 @@ module Dependabot
   module NpmAndYarn
     class FileUpdater
       class PnpmLockfileUpdater
+        require_relative "npmrc_builder"
         require_relative "package_json_updater"
         def initialize(dependencies:, dependency_files:, repo_contents_path:, credentials:)
@@ -38,6 +39,8 @@ module Dependabot
         def run_pnpm_update(pnpm_lock:)
           SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
+            File.write(".npmrc", npmrc_content(pnpm_lock))
             SharedHelpers.with_git_configured(credentials: credentials) do
               run_pnpm_updater
@@ -120,6 +123,14 @@ module Dependabot
           end
         end
+        def npmrc_content(pnpm_lock)
+          NpmrcBuilder.new(
+            credentials: credentials,
+            dependency_files: dependency_files,
+            dependencies: lockfile_dependencies(pnpm_lock)
+          ).npmrc_content
+        end
         def updated_package_json_content(file)
           @updated_package_json_content ||= {}
           @updated_package_json_content[file.name] ||=

data/lib/dependabot/npm_and_yarn/file_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/file_updaters"

data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 module Dependabot

data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "excon"

data/lib/dependabot/npm_and_yarn/native_helpers.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 module Dependabot

data/lib/dependabot/npm_and_yarn/package_manager.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 module Dependabot

data/lib/dependabot/npm_and_yarn/requirement.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/utils"

data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/utils"

data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/dependency"

data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/npm_and_yarn/file_updater/npmrc_builder"

data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "excon"

data/lib/dependabot/npm_and_yarn/update_checker/library_detector.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "excon"

data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 ################################################################################

data/lib/dependabot/npm_and_yarn/update_checker/vulnerability_auditor.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "stringio"

data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/git_commit_checker"

data/lib/dependabot/npm_and_yarn/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/version"
@@ -13,11 +13,15 @@ require "dependabot/utils"
 module Dependabot
   module NpmAndYarn
     class Version < Dependabot::Version
+      extend T::Sig
+      sig { returns(String) }
       attr_reader :build_info
-      VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
+      VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
+      sig { override.params(version: T.nilable(T.any(String, Gem::Version))).returns(T::Boolean) }
       def self.correct?(version)
         version = version.gsub(/^v/, "") if version.is_a?(String)
@@ -26,6 +30,7 @@ module Dependabot
         version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
+      sig { params(version: T.nilable(T.any(String, Gem::Version))).returns(T.nilable(T.any(String, Gem::Version))) }
       def self.semver_for(version)
         # The next two lines are to guard against improperly formatted
         # versions in a lockfile, such as an empty string or additional
@@ -37,8 +42,9 @@ module Dependabot
         version
       end
+      sig { override.params(version: T.any(String, Gem::Version)).void }
       def initialize(version)
-        @version_string = version.to_s
+        @version_string = T.let(version.to_s, String)
         version = version.gsub(/^v/, "") if version.is_a?(String)
         version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
@@ -46,18 +52,22 @@ module Dependabot
         super
       end
+      sig { returns(Integer) }
       def major
-        @major ||= segments[0] || 0
+        @major ||= T.let(segments[0] || 0, T.nilable(Integer))
       end
+      sig { returns(Integer) }
       def minor
-        @minor ||= segments[1] || 0
+        @minor ||= T.let(segments[1] || 0, T.nilable(Integer))
       end
+      sig { returns(Integer) }
       def patch
-        @patch ||= segments[2] || 0
+        @patch ||= T.let(segments[2] || 0, T.nilable(Integer))
       end
+      sig { params(other: Dependabot::NpmAndYarn::Version).returns(T::Boolean) }
       def backwards_compatible_with?(other)
         case major
         when 0
@@ -67,10 +77,12 @@ module Dependabot
         end
       end
+      sig { override.returns(String) }
       def to_s
         @version_string
       end
+      sig { override.returns(String) }
       def inspect
         "#<#{self.class} #{@version_string}>"
       end

data/lib/dependabot/npm_and_yarn.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 # These all need to be required so the various classes can be registered in a

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.231.0
+  version: 0.233.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-12 00:00:00.000000000 Z
+date: 2023-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.231.0
+        version: 0.233.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.231.0
+        version: 0.233.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -52,20 +52,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: parallel_tests
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.2.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +150,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.16
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -295,7 +295,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
 post_install_message:
 rdoc_options: []
 require_paths: