dependabot-npm_and_yarn 0.261.1 → 0.263.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +372 -411
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -1
  5. data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb +11 -3
  6. data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +1 -1
  7. data/lib/dependabot/npm_and_yarn/update_checker.rb +1 -1
  8. metadata +5 -5
data/helpers/package.json CHANGED
@@ -11,7 +11,7 @@
11
11
  },
12
12
  "dependencies": {
13
13
  "@dependabot/yarn-lib": "^1.22.22",
14
- "@npmcli/arborist": "^7.5.1",
14
+ "@npmcli/arborist": "^7.5.3",
15
15
  "detect-indent": "^6.1.0",
16
16
  "nock": "^13.5.4",
17
17
  "npm": "6.14.18",
data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED
@@ -421,7 +421,7 @@ module Dependabot
421
421
  end
422
422
 
423
423
  if error_message.include?("EBADENGINE")
424
- msg = "Dependabot uses Node.js #{`node --version`} and NPM #{`npm --version`}. " \
424
+ msg = "Dependabot uses Node.js #{`node --version`.strip} and NPM #{`npm --version`.strip}. " \
425
425
  "Due to the engine-strict setting, the update will not succeed."
426
426
  raise Dependabot::DependencyFileNotResolvable, msg
427
427
  end
data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb CHANGED
@@ -39,9 +39,10 @@ module Dependabot
39
39
 
40
40
  IRRESOLVABLE_PACKAGE = "ERR_PNPM_NO_MATCHING_VERSION"
41
41
  INVALID_REQUIREMENT = "ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER"
42
- UNREACHABLE_GIT = %r{ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<url>https://codeload\.github\.com/[^/]+/[^/]+)/}
42
+ UNREACHABLE_GIT = %r{Command failed with exit code 128: git ls-remote (?<url>.*github\.com/[^/]+/[^ ]+)}
43
+ UNREACHABLE_GIT_V8 = %r{ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<url>https://codeload\.github\.com/[^/]+/[^/]+)/}
43
44
  FORBIDDEN_PACKAGE = /ERR_PNPM_FETCH_403[ [^:print:]]+GET (?<dependency_url>.*): Forbidden - 403/
44
- MISSING_PACKAGE = /ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<dependency_url>.*): Not Found - 404/
45
+ MISSING_PACKAGE = /ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<dependency_url>.*): (?:Not Found)? - 404/
45
46
  UNAUTHORIZED_PACKAGE = /ERR_PNPM_FETCH_401[ [^:print:]]+GET (?<dependency_url>.*): Unauthorized - 401/
46
47
 
47
48
  def run_pnpm_update(pnpm_lock:)
@@ -95,7 +96,13 @@ module Dependabot
95
96
  end
96
97
 
97
98
  if error_message.match?(UNREACHABLE_GIT)
98
- url = error_message.match(UNREACHABLE_GIT).named_captures.fetch("url")
99
+ url = error_message.match(UNREACHABLE_GIT).named_captures.fetch("url").gsub("git+ssh://git@", "https://").delete_suffix(".git")
100
+
101
+ raise Dependabot::GitDependenciesNotReachable, url
102
+ end
103
+
104
+ if error_message.match?(UNREACHABLE_GIT_V8)
105
+ url = error_message.match(UNREACHABLE_GIT_V8).named_captures.fetch("url").gsub("codeload.", "")
99
106
 
100
107
  raise Dependabot::GitDependenciesNotReachable, url
101
108
  end
@@ -122,6 +129,7 @@ module Dependabot
122
129
  package_name = RegistryParser.new(resolved_url: dependency_url, credentials: credentials).dependency_name
123
130
  missing_dep = lockfile_dependencies(pnpm_lock)
124
131
  .find { |dep| dep.name == package_name }
132
+ raise DependencyNotFound, package_name unless missing_dep
125
133
 
126
134
  reg = NpmAndYarn::UpdateChecker::RegistryFinder.new(
127
135
  dependency: missing_dep,
data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb CHANGED
@@ -42,7 +42,7 @@ module Dependabot
42
42
  end
43
43
 
44
44
  def updated_requirements
45
- return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
45
+ return requirements if update_strategy.lockfile_only?
46
46
 
47
47
  requirements.map do |req|
48
48
  req = req.merge(source: updated_source)
data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED
@@ -106,7 +106,7 @@ module Dependabot
106
106
  end
107
107
 
108
108
  def requirements_unlocked_or_can_be?
109
- requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
109
+ !requirements_update_strategy.lockfile_only?
110
110
  end
111
111
 
112
112
  def requirements_update_strategy
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.261.1
4
+ version: 0.263.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-17 00:00:00.000000000 Z
11
+ date: 2024-06-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.261.1
19
+ version: 0.263.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.261.1
26
+ version: 0.263.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.1
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.263.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: