dependabot-npm_and_yarn 0.250.0 → 0.252.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +3 -2
  3. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9720ff3635c00dcd1ea68e9f898b8e5a716f0379f19ffd345605df678f0626a2
4
- data.tar.gz: a5a3aaa35195696fc1016dae1d6eefb374a8a4e017a3278f17162a337fe00551
3
+ metadata.gz: e0ff6c62e39f63003756cfcfe4d82fc03e9a0abe3ea0d52a38bfac6f2fa31eb6
4
+ data.tar.gz: 649164d06d81d932b8dccdb4c34b47ba84c7643646eb9a9e91c69dad2bef0a02
5
5
  SHA512:
6
- metadata.gz: 2accb24fcb1bcb4032641a3ff5dd8b8dcb817f1727f380dc686fa0e4f95221ad4c1c271a33b1709e70aa355ec2f4f1348e9e5c501369be49e0620ce56d1f72b9
7
- data.tar.gz: 7e1dfeb34efcf438d6dab402fa678eca690f9631df8efbbf1cc0efdab8e95bbacff814fe714bcf614dafaf0281cbc32d97b67d0187744994991ae70de57b1d89
6
+ metadata.gz: dfb6b077b8432491384c7911253273b5e25058dbf9fb422965112352db0a9156140c44adb54c0a6cfcd448c8a1c813b742d258cffcfe56618875d222ce69e194
7
+ data.tar.gz: 1279b961fb72bb77c4f9cd9e38ec49b8900e5dd54d166856cec735fbdc844b01393edfbce0d1792277289127bcd0ea85aceeec23a965870753169a33b9d10ac3
data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED
@@ -372,8 +372,9 @@ module Dependabot
372
372
  end
373
373
 
374
374
  def sanitize_yarnrc_content(content)
375
- # Replace all "${...}" and ${...} occurrences with empty strings
376
- content.gsub(/\"\$\{.*?\}\"/, '""').gsub(/\$\{.*?\}/, '""')
375
+ # Replace all "${...}" and ${...} occurrences with dummy strings. We use
376
+ # dummy strings instead of empty strings to prevent issues with npmAlwaysAuth
377
+ content.gsub(/"\$\{.*?}"/, '"DUMMYCREDS"').gsub(/\$\{.*?}/, '"DUMMYCREDS"')
377
378
  end
378
379
 
379
380
  def clean_npmrc_in_path(yarn_lock)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.250.0
4
+ version: 0.252.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-02 00:00:00.000000000 Z
11
+ date: 2024-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.250.0
19
+ version: 0.252.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.250.0
26
+ version: 0.252.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -338,7 +338,7 @@ licenses:
338
338
  - Nonstandard
339
339
  metadata:
340
340
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
341
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.250.0
341
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.252.0
342
342
  post_install_message:
343
343
  rdoc_options: []
344
344
  require_paths: