dependabot-npm_and_yarn 0.257.0 → 0.259.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +7 -34
- data/helpers/package.json +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +103 -29
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +3 -2
- data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +9 -9
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +3 -2
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +18 -10
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 024b19beaf0d762bc2fe8cad90bff1e09aebca6a52bafea7b7b26c88dbd2fe1c
|
4
|
+
data.tar.gz: 4adb0bca67c832c849fb1f6b19ed5c82c3e416034b8380212e7bf53fcd6b4657
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d3b0cef0359420c836f30f4ce67bd167e409bbc03a837e1da347c9c1d7ae5d95c4042b5c38bdf1170b6cc7b2be484337e1eda7d8fc5652a7c694d4deb595cb9
|
7
|
+
data.tar.gz: 6819198a70bdae964d3791d7ed39c2ecc97b9fae8fe831de79a33baccb7b643ba2292c7fc3ea1896981334033081b7695065f2e3752eb81d7c0914e5d9ae27ac
|
data/helpers/package-lock.json
CHANGED
@@ -15,7 +15,7 @@
|
|
15
15
|
"nock": "^13.5.4",
|
16
16
|
"npm": "6.14.18",
|
17
17
|
"patch-package": "^8.0.0",
|
18
|
-
"semver": "^7.6.
|
18
|
+
"semver": "^7.6.2"
|
19
19
|
},
|
20
20
|
"bin": {
|
21
21
|
"helper": "run.js"
|
@@ -14738,12 +14738,9 @@
|
|
14738
14738
|
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
|
14739
14739
|
},
|
14740
14740
|
"node_modules/semver": {
|
14741
|
-
"version": "7.6.
|
14742
|
-
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.
|
14743
|
-
"integrity": "sha512-
|
14744
|
-
"dependencies": {
|
14745
|
-
"lru-cache": "^6.0.0"
|
14746
|
-
},
|
14741
|
+
"version": "7.6.2",
|
14742
|
+
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz",
|
14743
|
+
"integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==",
|
14747
14744
|
"bin": {
|
14748
14745
|
"semver": "bin/semver.js"
|
14749
14746
|
},
|
@@ -14751,17 +14748,6 @@
|
|
14751
14748
|
"node": ">=10"
|
14752
14749
|
}
|
14753
14750
|
},
|
14754
|
-
"node_modules/semver/node_modules/lru-cache": {
|
14755
|
-
"version": "6.0.0",
|
14756
|
-
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
|
14757
|
-
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
|
14758
|
-
"dependencies": {
|
14759
|
-
"yallist": "^4.0.0"
|
14760
|
-
},
|
14761
|
-
"engines": {
|
14762
|
-
"node": ">=10"
|
14763
|
-
}
|
14764
|
-
},
|
14765
14751
|
"node_modules/shebang-command": {
|
14766
14752
|
"version": "2.0.0",
|
14767
14753
|
"resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
|
@@ -26883,22 +26869,9 @@
|
|
26883
26869
|
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
|
26884
26870
|
},
|
26885
26871
|
"semver": {
|
26886
|
-
"version": "7.6.
|
26887
|
-
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.
|
26888
|
-
"integrity": "sha512-
|
26889
|
-
"requires": {
|
26890
|
-
"lru-cache": "^6.0.0"
|
26891
|
-
},
|
26892
|
-
"dependencies": {
|
26893
|
-
"lru-cache": {
|
26894
|
-
"version": "6.0.0",
|
26895
|
-
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
|
26896
|
-
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
|
26897
|
-
"requires": {
|
26898
|
-
"yallist": "^4.0.0"
|
26899
|
-
}
|
26900
|
-
}
|
26901
|
-
}
|
26872
|
+
"version": "7.6.2",
|
26873
|
+
"resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz",
|
26874
|
+
"integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w=="
|
26902
26875
|
},
|
26903
26876
|
"shebang-command": {
|
26904
26877
|
"version": "2.0.0",
|
data/helpers/package.json
CHANGED
@@ -1,17 +1,28 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/npm_and_yarn/file_updater"
|
5
7
|
|
6
8
|
module Dependabot
|
7
9
|
module NpmAndYarn
|
8
10
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
9
11
|
class PackageJsonUpdater
|
12
|
+
extend T::Sig
|
13
|
+
|
14
|
+
sig do
|
15
|
+
params(
|
16
|
+
package_json: Dependabot::DependencyFile,
|
17
|
+
dependencies: T::Array[Dependabot::Dependency]
|
18
|
+
) .void
|
19
|
+
end
|
10
20
|
def initialize(package_json:, dependencies:)
|
11
21
|
@package_json = package_json
|
12
22
|
@dependencies = dependencies
|
13
23
|
end
|
14
24
|
|
25
|
+
sig { returns(Dependabot::DependencyFile) }
|
15
26
|
def updated_package_json
|
16
27
|
updated_file = package_json.dup
|
17
28
|
updated_file.content = updated_package_json_content
|
@@ -20,16 +31,20 @@ module Dependabot
|
|
20
31
|
|
21
32
|
private
|
22
33
|
|
34
|
+
sig { returns(Dependabot::DependencyFile) }
|
23
35
|
attr_reader :package_json
|
36
|
+
|
37
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
24
38
|
attr_reader :dependencies
|
25
39
|
|
40
|
+
sig { returns(T.nilable(String)) }
|
26
41
|
def updated_package_json_content
|
27
42
|
dependencies.reduce(package_json.content.dup) do |content, dep|
|
28
|
-
updated_requirements(dep)
|
43
|
+
updated_requirements(dep)&.each do |new_req|
|
29
44
|
old_req = old_requirement(dep, new_req)
|
30
45
|
|
31
46
|
new_content = update_package_json_declaration(
|
32
|
-
package_json_content: content,
|
47
|
+
package_json_content: T.must(content),
|
33
48
|
dependency_name: dep.name,
|
34
49
|
old_req: old_req,
|
35
50
|
new_req: new_req
|
@@ -44,7 +59,7 @@ module Dependabot
|
|
44
59
|
old_req = old_requirement(dep, new_req)
|
45
60
|
|
46
61
|
content = update_package_json_resolutions(
|
47
|
-
package_json_content: content,
|
62
|
+
package_json_content: T.must(content),
|
48
63
|
new_req: new_req,
|
49
64
|
dependency: dep,
|
50
65
|
old_req: old_req
|
@@ -55,24 +70,35 @@ module Dependabot
|
|
55
70
|
end
|
56
71
|
end
|
57
72
|
|
73
|
+
sig do
|
74
|
+
params(
|
75
|
+
dependency: Dependabot::Dependency,
|
76
|
+
new_requirement: T::Hash[Symbol, T.untyped]
|
77
|
+
)
|
78
|
+
.returns(T.nilable(T::Hash[Symbol, T.untyped]))
|
79
|
+
end
|
58
80
|
def old_requirement(dependency, new_requirement)
|
59
|
-
dependency.previous_requirements
|
60
|
-
|
61
|
-
|
81
|
+
T.must(dependency.previous_requirements)
|
82
|
+
.select { |r| r[:file] == package_json.name }
|
83
|
+
.find { |r| r[:groups] == new_requirement[:groups] }
|
62
84
|
end
|
63
85
|
|
86
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
64
87
|
def new_requirements(dependency)
|
65
88
|
dependency.requirements.select { |r| r[:file] == package_json.name }
|
66
89
|
end
|
67
90
|
|
91
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(T::Array[T::Hash[Symbol, T.untyped]])) }
|
68
92
|
def updated_requirements(dependency)
|
93
|
+
return unless dependency.previous_requirements
|
94
|
+
|
69
95
|
updated_requirement_pairs =
|
70
|
-
dependency.requirements.zip(dependency.previous_requirements)
|
96
|
+
dependency.requirements.zip(T.must(dependency.previous_requirements))
|
71
97
|
.reject do |new_req, old_req|
|
72
98
|
next true if new_req == old_req
|
73
|
-
next false unless old_req
|
99
|
+
next false unless old_req&.fetch(:source).nil?
|
74
100
|
|
75
|
-
new_req[:requirement] == old_req
|
101
|
+
new_req[:requirement] == old_req&.fetch(:requirement)
|
76
102
|
end
|
77
103
|
|
78
104
|
updated_requirement_pairs
|
@@ -80,8 +106,16 @@ module Dependabot
|
|
80
106
|
.select { |r| r[:file] == package_json.name }
|
81
107
|
end
|
82
108
|
|
83
|
-
|
84
|
-
|
109
|
+
sig do
|
110
|
+
params(
|
111
|
+
package_json_content: String,
|
112
|
+
new_req: T::Hash[Symbol, T.untyped],
|
113
|
+
dependency_name: String,
|
114
|
+
old_req: T.nilable(T::Hash[Symbol, T.untyped])
|
115
|
+
)
|
116
|
+
.returns(String)
|
117
|
+
end
|
118
|
+
def update_package_json_declaration(package_json_content:, new_req:, dependency_name:, old_req:)
|
85
119
|
original_line = declaration_line(
|
86
120
|
dependency_name: dependency_name,
|
87
121
|
dependency_req: old_req,
|
@@ -107,8 +141,16 @@ module Dependabot
|
|
107
141
|
# For full details on how Yarn resolutions work, see
|
108
142
|
# https://github.com/yarnpkg/rfcs/blob/master/implemented/
|
109
143
|
# 0000-selective-versions-resolutions.md
|
110
|
-
|
111
|
-
|
144
|
+
sig do
|
145
|
+
params(
|
146
|
+
package_json_content: String,
|
147
|
+
new_req: T::Hash[Symbol, T.untyped],
|
148
|
+
dependency: Dependabot::Dependency,
|
149
|
+
old_req: T.nilable(T::Hash[Symbol, T.untyped])
|
150
|
+
)
|
151
|
+
.returns(String)
|
152
|
+
end
|
153
|
+
def update_package_json_resolutions(package_json_content:, new_req:, dependency:, old_req:)
|
112
154
|
dep = dependency
|
113
155
|
parsed_json_content = JSON.parse(package_json_content)
|
114
156
|
resolutions =
|
@@ -141,17 +183,25 @@ module Dependabot
|
|
141
183
|
content
|
142
184
|
end
|
143
185
|
|
186
|
+
sig do
|
187
|
+
params(
|
188
|
+
dependency_name: String,
|
189
|
+
dependency_req: T.nilable(T::Hash[Symbol, T.untyped]),
|
190
|
+
content: String
|
191
|
+
)
|
192
|
+
.returns(String)
|
193
|
+
end
|
144
194
|
def declaration_line(dependency_name:, dependency_req:, content:)
|
145
|
-
git_dependency = dependency_req
|
195
|
+
git_dependency = dependency_req&.dig(:source, :type) == "git"
|
146
196
|
|
147
197
|
unless git_dependency
|
148
|
-
requirement = dependency_req
|
198
|
+
requirement = dependency_req&.fetch(:requirement)
|
149
199
|
return content.match(/"#{Regexp.escape(dependency_name)}"\s*:\s*
|
150
200
|
"#{Regexp.escape(requirement)}"/x).to_s
|
151
201
|
end
|
152
202
|
|
153
203
|
username, repo =
|
154
|
-
dependency_req
|
204
|
+
dependency_req&.dig(:source, :url)&.split("/")&.last(2)
|
155
205
|
|
156
206
|
content.match(
|
157
207
|
%r{"#{Regexp.escape(dependency_name)}"\s*:\s*
|
@@ -159,13 +209,21 @@ module Dependabot
|
|
159
209
|
).to_s
|
160
210
|
end
|
161
211
|
|
212
|
+
sig do
|
213
|
+
params(
|
214
|
+
original_line: String,
|
215
|
+
old_req: T.nilable(T::Hash[Symbol, T.untyped]),
|
216
|
+
new_req: T::Hash[Symbol, T.untyped]
|
217
|
+
)
|
218
|
+
.returns(String)
|
219
|
+
end
|
162
220
|
def replacement_declaration_line(original_line:, old_req:, new_req:)
|
163
|
-
was_git_dependency = old_req
|
221
|
+
was_git_dependency = old_req&.dig(:source, :type) == "git"
|
164
222
|
now_git_dependency = new_req.dig(:source, :type) == "git"
|
165
223
|
|
166
224
|
unless was_git_dependency
|
167
225
|
return original_line.gsub(
|
168
|
-
%("#{old_req
|
226
|
+
%("#{old_req&.fetch(:requirement)}"),
|
169
227
|
%("#{new_req.fetch(:requirement)}")
|
170
228
|
)
|
171
229
|
end
|
@@ -186,15 +244,23 @@ module Dependabot
|
|
186
244
|
end
|
187
245
|
|
188
246
|
original_line.gsub(
|
189
|
-
%(##{old_req
|
247
|
+
%(##{old_req&.dig(:source, :ref)}"),
|
190
248
|
%(##{new_req.dig(:source, :ref)}")
|
191
249
|
)
|
192
250
|
end
|
193
251
|
|
252
|
+
sig do
|
253
|
+
params(
|
254
|
+
original_line: String,
|
255
|
+
old_req: T.nilable(T::Hash[Symbol, String]),
|
256
|
+
new_req: T::Hash[Symbol, String]
|
257
|
+
)
|
258
|
+
.returns(String)
|
259
|
+
end
|
194
260
|
def update_git_semver_requirement(original_line:, old_req:, new_req:)
|
195
261
|
if original_line.include?("semver:")
|
196
262
|
return original_line.gsub(
|
197
|
-
%(semver:#{old_req
|
263
|
+
%(semver:#{old_req&.fetch(:requirement)}"),
|
198
264
|
%(semver:#{new_req.fetch(:requirement)}")
|
199
265
|
)
|
200
266
|
end
|
@@ -202,13 +268,21 @@ module Dependabot
|
|
202
268
|
raise "Not a semver req!" unless original_line.match?(/#[\^~=<>]/)
|
203
269
|
|
204
270
|
original_line.gsub(
|
205
|
-
%(##{old_req
|
271
|
+
%(##{old_req&.fetch(:requirement)}"),
|
206
272
|
%(##{new_req.fetch(:requirement)}")
|
207
273
|
)
|
208
274
|
end
|
209
275
|
|
210
|
-
|
211
|
-
|
276
|
+
sig do
|
277
|
+
params(
|
278
|
+
sections: T::Array[String],
|
279
|
+
content: String,
|
280
|
+
old_line: String,
|
281
|
+
new_line: String
|
282
|
+
)
|
283
|
+
.returns(String)
|
284
|
+
end
|
285
|
+
def update_package_json_sections(sections, content, old_line, new_line)
|
212
286
|
# Currently, Dependabot doesn't update peerDependencies. However,
|
213
287
|
# if a development dependency is being updated and its requirement
|
214
288
|
# matches the requirement on a peer dependency we probably want to
|
@@ -218,21 +292,21 @@ module Dependabot
|
|
218
292
|
sections += ["peerDependencies"]
|
219
293
|
sections_regex = /#{sections.join('|')}/
|
220
294
|
|
221
|
-
declaration_blocks = []
|
295
|
+
declaration_blocks = T.let([], T::Array[String])
|
222
296
|
|
223
297
|
content.scan(/['"]#{sections_regex}['"]\s*:\s*\{/m) do
|
224
|
-
mtch = Regexp.last_match
|
298
|
+
mtch = T.must(Regexp.last_match)
|
225
299
|
declaration_blocks <<
|
226
|
-
(mtch.to_s +
|
227
|
-
mtch.post_match[0..closing_bracket_index(mtch.post_match)])
|
300
|
+
(mtch.to_s + T.must(mtch.post_match[0..closing_bracket_index(mtch.post_match)]))
|
228
301
|
end
|
229
302
|
|
230
303
|
declaration_blocks.reduce(content.dup) do |new_content, block|
|
231
304
|
updated_block = block.sub(old_line, new_line)
|
232
|
-
new_content.sub
|
305
|
+
new_content.sub(block, updated_block)
|
233
306
|
end
|
234
307
|
end
|
235
308
|
|
309
|
+
sig { params(string: String).returns(Integer) }
|
236
310
|
def closing_bracket_index(string)
|
237
311
|
closes_required = 1
|
238
312
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "uri"
|
@@ -147,7 +147,8 @@ module Dependabot
|
|
147
147
|
retry_count += 1
|
148
148
|
raise if retry_count > 2
|
149
149
|
|
150
|
-
sleep(rand(3.0..10.0))
|
150
|
+
sleep(rand(3.0..10.0))
|
151
|
+
retry
|
151
152
|
end
|
152
153
|
|
153
154
|
# rubocop:enable Metrics/PerceivedComplexity
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "excon"
|
@@ -174,14 +174,14 @@ module Dependabot
|
|
174
174
|
|
175
175
|
registries = []
|
176
176
|
npmrc_file.content.scan(NPM_AUTH_TOKEN_REGEX) do
|
177
|
-
next if Regexp.last_match[:registry
|
177
|
+
next if Regexp.last_match&.[](:registry)&.include?("${")
|
178
178
|
|
179
|
-
registry = Regexp.last_match[:registry]
|
180
|
-
token = Regexp.last_match[:token]&.strip
|
179
|
+
registry = T.must(Regexp.last_match)[:registry]
|
180
|
+
token = T.must(Regexp.last_match)[:token]&.strip
|
181
181
|
|
182
182
|
registries << {
|
183
183
|
"type" => "npm_registry",
|
184
|
-
"registry" => registry
|
184
|
+
"registry" => registry&.gsub(/\s+/, "%20"),
|
185
185
|
"token" => token
|
186
186
|
}
|
187
187
|
end
|
@@ -260,9 +260,9 @@ module Dependabot
|
|
260
260
|
registries = []
|
261
261
|
|
262
262
|
file.content.scan(syntax) do
|
263
|
-
next if Regexp.last_match[:registry
|
263
|
+
next if Regexp.last_match&.[](:registry)&.include?("${")
|
264
264
|
|
265
|
-
url = Regexp.last_match[:registry].strip
|
265
|
+
url = T.must(T.must(Regexp.last_match)[:registry]).strip
|
266
266
|
registry = normalize_configured_registry(url)
|
267
267
|
registries << {
|
268
268
|
"type" => "npm_registry",
|
@@ -277,9 +277,9 @@ module Dependabot
|
|
277
277
|
|
278
278
|
def scoped_rc_registry(file, syntax:, scope:)
|
279
279
|
file&.content.to_s.scan(syntax) do
|
280
|
-
next if Regexp.last_match[:registry
|
280
|
+
next if Regexp.last_match&.[](:registry)&.include?("${") || Regexp.last_match&.[](:scope) != scope
|
281
281
|
|
282
|
-
return Regexp.last_match[:registry].strip
|
282
|
+
return T.must(T.must(Regexp.last_match)[:registry]).strip
|
283
283
|
end
|
284
284
|
|
285
285
|
nil
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/dependency"
|
@@ -115,7 +115,8 @@ module Dependabot
|
|
115
115
|
retry_count += 1
|
116
116
|
raise if retry_count > 2
|
117
117
|
|
118
|
-
sleep(rand(3.0..10.0))
|
118
|
+
sleep(rand(3.0..10.0))
|
119
|
+
retry
|
119
120
|
end
|
120
121
|
|
121
122
|
def run_yarn_berry_updater(path, lockfile_name)
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/errors"
|
5
7
|
require "dependabot/git_commit_checker"
|
6
8
|
require "dependabot/logger"
|
@@ -21,6 +23,8 @@ module Dependabot
|
|
21
23
|
module NpmAndYarn
|
22
24
|
class UpdateChecker
|
23
25
|
class VersionResolver
|
26
|
+
extend T::Sig
|
27
|
+
|
24
28
|
require_relative "latest_version_finder"
|
25
29
|
|
26
30
|
TIGHTLY_COUPLED_MONOREPOS = {
|
@@ -162,6 +166,7 @@ module Dependabot
|
|
162
166
|
|
163
167
|
private
|
164
168
|
|
169
|
+
sig { returns(Dependabot::Dependency) }
|
165
170
|
attr_reader :dependency
|
166
171
|
attr_reader :credentials
|
167
172
|
attr_reader :dependency_files
|
@@ -356,32 +361,34 @@ module Dependabot
|
|
356
361
|
[]
|
357
362
|
end
|
358
363
|
|
364
|
+
# rubocop:disable Metrics/AbcSize
|
365
|
+
sig { params(message: String).returns(T::Array[T::Hash[String, T.nilable(String)]]) }
|
359
366
|
def handle_peer_dependency_errors(message)
|
360
367
|
errors = []
|
361
368
|
if message.match?(NPM6_PEER_DEP_ERROR_REGEX)
|
362
369
|
message.scan(NPM6_PEER_DEP_ERROR_REGEX) do
|
363
|
-
errors << Regexp.last_match
|
370
|
+
errors << Regexp.last_match&.named_captures
|
364
371
|
end
|
365
372
|
elsif message.match?(NPM8_PEER_DEP_ERROR_REGEX)
|
366
373
|
message.scan(NPM8_PEER_DEP_ERROR_REGEX) do
|
367
|
-
errors << Regexp.last_match.named_captures
|
374
|
+
errors << T.must(Regexp.last_match).named_captures
|
368
375
|
end
|
369
376
|
elsif message.match?(YARN_PEER_DEP_ERROR_REGEX)
|
370
377
|
message.scan(YARN_PEER_DEP_ERROR_REGEX) do
|
371
|
-
errors << Regexp.last_match.named_captures
|
378
|
+
errors << T.must(Regexp.last_match).named_captures
|
372
379
|
end
|
373
380
|
elsif message.match?(YARN_BERRY_PEER_DEP_ERROR_REGEX)
|
374
381
|
message.scan(YARN_BERRY_PEER_DEP_ERROR_REGEX) do
|
375
|
-
errors << Regexp.last_match.named_captures
|
382
|
+
errors << T.must(Regexp.last_match).named_captures
|
376
383
|
end
|
377
384
|
elsif message.match?(YARN_BERRY_V4_PEER_DEP_ERROR_REGEX)
|
378
385
|
message.scan(YARN_BERRY_V4_PEER_DEP_ERROR_REGEX) do
|
379
|
-
errors << Regexp.last_match.named_captures
|
386
|
+
errors << T.must(Regexp.last_match).named_captures
|
380
387
|
end
|
381
388
|
elsif message.match?(PNPM_PEER_DEP_ERROR_REGEX)
|
382
389
|
message.scan(PNPM_PEER_DEP_ERROR_REGEX) do
|
383
|
-
captures = Regexp.last_match.named_captures
|
384
|
-
captures["requiring_dep"].tr!(" ", "@")
|
390
|
+
captures = T.must(Regexp.last_match).named_captures
|
391
|
+
T.must(captures["requiring_dep"]).tr!(" ", "@")
|
385
392
|
errors << captures
|
386
393
|
end
|
387
394
|
else
|
@@ -389,6 +396,7 @@ module Dependabot
|
|
389
396
|
end
|
390
397
|
errors
|
391
398
|
end
|
399
|
+
# rubocop:enable Metrics/AbcSize
|
392
400
|
|
393
401
|
def unmet_peer_dependencies
|
394
402
|
peer_dependency_errors
|
@@ -650,7 +658,7 @@ module Dependabot
|
|
650
658
|
git_source = dependency.requirements.find { |req| req[:source] && req[:source][:type] == "git" }
|
651
659
|
|
652
660
|
if git_source
|
653
|
-
"#{dependency.name}@#{
|
661
|
+
"#{dependency.name}@#{git_source[:source][:url]}##{version}"
|
654
662
|
else
|
655
663
|
"#{dependency.name}@#{version}"
|
656
664
|
end
|
@@ -715,7 +723,7 @@ module Dependabot
|
|
715
723
|
end
|
716
724
|
|
717
725
|
def version_regex
|
718
|
-
|
726
|
+
Dependabot::NpmAndYarn::Version::VERSION_PATTERN
|
719
727
|
end
|
720
728
|
end
|
721
729
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.259.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-05-
|
11
|
+
date: 2024-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.259.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.259.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,7 +345,7 @@ licenses:
|
|
345
345
|
- MIT
|
346
346
|
metadata:
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
|
349
349
|
post_install_message:
|
350
350
|
rdoc_options: []
|
351
351
|
require_paths:
|