dependabot-npm_and_yarn 0.262.0 → 0.264.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +693 -765
- data/helpers/package.json +5 -5
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +225 -74
- data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb +11 -3
- data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker.rb +1 -1
- metadata +5 -5
@@ -39,9 +39,10 @@ module Dependabot
|
|
39
39
|
|
40
40
|
IRRESOLVABLE_PACKAGE = "ERR_PNPM_NO_MATCHING_VERSION"
|
41
41
|
INVALID_REQUIREMENT = "ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER"
|
42
|
-
UNREACHABLE_GIT = %r{
|
42
|
+
UNREACHABLE_GIT = %r{Command failed with exit code 128: git ls-remote (?<url>.*github\.com/[^/]+/[^ ]+)}
|
43
|
+
UNREACHABLE_GIT_V8 = %r{ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<url>https://codeload\.github\.com/[^/]+/[^/]+)/}
|
43
44
|
FORBIDDEN_PACKAGE = /ERR_PNPM_FETCH_403[ [^:print:]]+GET (?<dependency_url>.*): Forbidden - 403/
|
44
|
-
MISSING_PACKAGE = /ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<dependency_url>.*): Not Found - 404/
|
45
|
+
MISSING_PACKAGE = /ERR_PNPM_FETCH_404[ [^:print:]]+GET (?<dependency_url>.*): (?:Not Found)? - 404/
|
45
46
|
UNAUTHORIZED_PACKAGE = /ERR_PNPM_FETCH_401[ [^:print:]]+GET (?<dependency_url>.*): Unauthorized - 401/
|
46
47
|
|
47
48
|
def run_pnpm_update(pnpm_lock:)
|
@@ -95,7 +96,13 @@ module Dependabot
|
|
95
96
|
end
|
96
97
|
|
97
98
|
if error_message.match?(UNREACHABLE_GIT)
|
98
|
-
url = error_message.match(UNREACHABLE_GIT).named_captures.fetch("url")
|
99
|
+
url = error_message.match(UNREACHABLE_GIT).named_captures.fetch("url").gsub("git+ssh://git@", "https://").delete_suffix(".git")
|
100
|
+
|
101
|
+
raise Dependabot::GitDependenciesNotReachable, url
|
102
|
+
end
|
103
|
+
|
104
|
+
if error_message.match?(UNREACHABLE_GIT_V8)
|
105
|
+
url = error_message.match(UNREACHABLE_GIT_V8).named_captures.fetch("url").gsub("codeload.", "")
|
99
106
|
|
100
107
|
raise Dependabot::GitDependenciesNotReachable, url
|
101
108
|
end
|
@@ -122,6 +129,7 @@ module Dependabot
|
|
122
129
|
package_name = RegistryParser.new(resolved_url: dependency_url, credentials: credentials).dependency_name
|
123
130
|
missing_dep = lockfile_dependencies(pnpm_lock)
|
124
131
|
.find { |dep| dep.name == package_name }
|
132
|
+
raise DependencyNotFound, package_name unless missing_dep
|
125
133
|
|
126
134
|
reg = NpmAndYarn::UpdateChecker::RegistryFinder.new(
|
127
135
|
dependency: missing_dep,
|
@@ -42,7 +42,7 @@ module Dependabot
|
|
42
42
|
end
|
43
43
|
|
44
44
|
def updated_requirements
|
45
|
-
return requirements if update_strategy
|
45
|
+
return requirements if update_strategy.lockfile_only?
|
46
46
|
|
47
47
|
requirements.map do |req|
|
48
48
|
req = req.merge(source: updated_source)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.264.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.264.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.264.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,7 +345,7 @@ licenses:
|
|
345
345
|
- MIT
|
346
346
|
metadata:
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
|
349
349
|
post_install_message:
|
350
350
|
rdoc_options: []
|
351
351
|
require_paths:
|