dependabot-npm_and_yarn 0.264.0 → 0.266.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 726b988b47afb3006b538903b3391077f032ddcb013db44a5592a9a4dcf11dc0
-  data.tar.gz: ad01e1ff2ad790edc0d83565910a49d2d52a955cee710237a03fc803665888c3
+  metadata.gz: 67babb3510f025790b2e9806bd26290c658b66465bed55f41bbda6d2e4538551
+  data.tar.gz: cebb0aa37accd77075e95f2cbd6539aa01015a6d44f44cb7709eee40b04cde27
 SHA512:
-  metadata.gz: c2b8d4886fc5a9fcdee821293d267efa05a198657e96ea30243ef8636ecef73fd87989e4bddc1832502a8e714fa62c5a2211954943b3b8808366aa25b40d88ed
-  data.tar.gz: 85525a38d0eaaeca5784a1a9d7dbe6def71286ceb7b5036b22ca5ffe619435744540bccd0238abca904bf3ad768d005f21061be291aac38af619f5384c3a3ca6
+  metadata.gz: eff4ddfd5d0945e47eadce0deb0c8e8a7b8571ac238b809e8a8a86d28a6926d66cdf3074111c41769d040bcd5ec8adbae14f9da0b1a58ba18262b35242695784
+  data.tar.gz: d5932088b9539ff88c1c43c59b5737de4e50e24222148af147fbea8d2ad068fae1aab6da8ea2bdc552272183afa84829a6900bb6c1c4b5a8e8a9f6680133a4ab

data/helpers/package-lock.json

@@ -8,9 +8,9 @@
       "hasInstallScript": true,
       "dependencies": {
         "@dependabot/yarn-lib": "^1.22.22",
-        "@npmcli/arborist": "^7.5.3",
+        "@npmcli/arborist": "^7.5.4",
         "@pnpm/dependency-path": "^5.1.1",
-        "@pnpm/lockfile-file": "^9.1.1",
+        "@pnpm/lockfile-file": "^9.1.2",
         "detect-indent": "^6.1.0",
         "nock": "^13.5.4",
         "npm": "6.14.18",
@@ -1962,9 +1962,9 @@
       }
     },
     "node_modules/@npmcli/arborist": {
-      "version": "7.5.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.3.tgz",
-      "integrity": "sha512-7gbMdDNSYUzi0j2mpb6FoXRg3BxXWplMQZH1MZlvNjSdWFObaUz2Ssvo0Nlh2xmWks1OPo+gpsE6qxpT/5M7lQ==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.4.tgz",
+      "integrity": "sha512-nWtIc6QwwoUORCRNzKx4ypHqCk3drI+5aeYdMTQQiRCcn4lOOgfQh7WyZobGYTxXPSq1VwV53lkpN/BRlRk08g==",
       "dependencies": {
         "@isaacs/string-locale-compare": "^1.1.0",
         "@npmcli/fs": "^3.1.1",
@@ -2400,11 +2400,11 @@
       }
     },
     "node_modules/@pnpm/core-loggers": {
-      "version": "10.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.2.tgz",
-      "integrity": "sha512-UUqWV0wUrMvlNWMe8Ch+XFRI3u3K35T2rS5jofhCsqtZa9UlsJAFW4jjVzOBWkV0uVbt6mdy7IMBHvJsYaU94w==",
+      "version": "10.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.3.tgz",
+      "integrity": "sha512-G038bkMTuvmgG3XtuajnfoBS/u2CoeywRzJZb3qxvcj1XpLFTDAhHyUv/2Rr+yh6KDOVAuTWqdk+WNfeNf6yrw==",
       "dependencies": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       },
       "engines": {
         "node": ">=18.12"
@@ -2431,12 +2431,12 @@
       }
     },
     "node_modules/@pnpm/dependency-path": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.1.tgz",
-      "integrity": "sha512-HskPO2yVpvb8NHnfmByqdkyqSVRaSBpMUSBzfLwzYLRiexs3zo2+NjUvGErjnmVDG8KgY/iQZtw+y+06vMWy/w==",
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.2.tgz",
+      "integrity": "sha512-223YCb6SiCi2+112wHPiG+fWsnSpGINNYZKVwlNwZugheSRuda68SjpUbjc7JIkmceRUD8gbBguk8ynv8IS4TA==",
       "dependencies": {
         "@pnpm/crypto.base32-hash": "3.0.0",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/types": "11.0.0",
         "semver": "^7.6.2"
       },
       "engines": {
@@ -2461,14 +2461,14 @@
       }
     },
     "node_modules/@pnpm/fetch": {
-      "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.2.tgz",
-      "integrity": "sha512-mh81jVdVzscYZcVyVRobv5mf/xPFFLIjnEqH6+4LrTHz0HqVRJd3Oknn7vRzXSx8k+xXUH44o3qroAq8KGJoSA==",
+      "version": "8.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.3.tgz",
+      "integrity": "sha512-yUeoVCc/pPicpdU3s+2Vzl7VfLWDUblizRbglQaaXhAawLWOAYu5a/jMoIclN2dJzh5juRPhYowMX82oTG9Y0Q==",
       "dependencies": {
-        "@pnpm/core-loggers": "10.0.2",
+        "@pnpm/core-loggers": "10.0.3",
         "@pnpm/fetching-types": "6.0.0",
         "@pnpm/network.agent": "^2.0.0",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/types": "11.0.0",
         "@zkochan/retry": "^0.2.0",
         "node-fetch": "npm:@pnpm/node-fetch@1.0.0"
       },
@@ -2498,13 +2498,13 @@
       }
     },
     "node_modules/@pnpm/git-resolver": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.3.tgz",
-      "integrity": "sha512-/4pxvDjtcTfnv2ElUr1TECRNmnOAx23eeZNKrSTkWOyI6I+J9f5M40M+jgTcVWS6l2L+I5gwemo3XKgCnX43Ag==",
+      "version": "9.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.4.tgz",
+      "integrity": "sha512-k6jglET3h66oLwqoUBslfRWmL6ULXXIHjQoc1uLS0it+m1cI5toHWkrKJOwbI/9K3KQ88EhhulFP4tQQpS+1fg==",
       "dependencies": {
-        "@pnpm/fetch": "8.0.2",
-        "@pnpm/resolver-base": "12.0.2",
-        "graceful-git": "^3.1.2",
+        "@pnpm/fetch": "8.0.3",
+        "@pnpm/resolver-base": "13.0.0",
+        "graceful-git": "^4.0.0",
         "hosted-git-info": "npm:@pnpm/hosted-git-info@1.0.0",
         "semver": "^7.6.2"
       },
@@ -2589,21 +2589,21 @@
       }
     },
     "node_modules/@pnpm/lockfile-file": {
-      "version": "9.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.1.tgz",
-      "integrity": "sha512-Ybs/QCWbN38EyIdpYVviSJR9/gc6LZ1iZDJbVatPL8l4Z4J6ikWh4i32kLqJHutM8McqeFegnTrUO3f65UTajw==",
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.2.tgz",
+      "integrity": "sha512-kQxQOTCTt8edqj1EOGzoGO+ef8iZCKN5GHY+KdZ54Mt8LThXVIu9LYTEuNXpaRdu9kH1wpfla5TbUDK0vMEvwg==",
       "dependencies": {
         "@pnpm/constants": "8.0.0",
-        "@pnpm/dependency-path": "5.1.1",
+        "@pnpm/dependency-path": "5.1.2",
         "@pnpm/error": "6.0.1",
-        "@pnpm/git-resolver": "9.0.3",
+        "@pnpm/git-resolver": "9.0.4",
         "@pnpm/git-utils": "2.0.0",
-        "@pnpm/lockfile-types": "7.1.1",
-        "@pnpm/lockfile-utils": "11.0.2",
-        "@pnpm/merge-lockfile-changes": "6.0.3",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/lockfile-types": "7.1.2",
+        "@pnpm/lockfile-utils": "11.0.3",
+        "@pnpm/merge-lockfile-changes": "6.0.4",
+        "@pnpm/types": "11.0.0",
         "@pnpm/util.lex-comparator": "3.0.0",
-        "@zkochan/rimraf": "^2.1.3",
+        "@zkochan/rimraf": "^3.0.2",
         "comver-to-semver": "^1.0.0",
         "js-yaml": "npm:@zkochan/js-yaml@0.0.7",
         "normalize-path": "^3.0.0",
@@ -2671,11 +2671,11 @@
       }
     },
     "node_modules/@pnpm/lockfile-types": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.1.tgz",
-      "integrity": "sha512-ODa3AiqOT/DbFOb+oRpfvB78pJOcrIaCQON30Y2Z/qS7Gs66trTMNl37KabnNTvAEpyvlVGw8rli215fFh1fSA==",
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.2.tgz",
+      "integrity": "sha512-+64KoK8gtTS5lxslW8ATtwwEbikW4e9i/OV5eaR+X+//5SeUA796uCN96sKu6q6OzpZi3/aVU4VgVe15MT9XKA==",
       "dependencies": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       },
       "engines": {
         "node": ">=18.12"
@@ -2685,15 +2685,15 @@
       }
     },
     "node_modules/@pnpm/lockfile-utils": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.2.tgz",
-      "integrity": "sha512-hbsLB52+/zK9ae4JPR8EnT5K6bB2eBaEx1Mei4IVxtvIRnj6XU7C95PXBX/4QmsRIkpr3PGaKg2GiQALE22WNg==",
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.3.tgz",
+      "integrity": "sha512-HQ3TjUd7TCRovi6wSJ8wcSe1BxXJVs3Hf1msHSZ3Ng1Bwd8rj2mQBNu022u3279Oe1kz35APN0yYciynWWlWkA==",
       "dependencies": {
-        "@pnpm/dependency-path": "5.1.1",
-        "@pnpm/lockfile-types": "7.1.1",
+        "@pnpm/dependency-path": "5.1.2",
+        "@pnpm/lockfile-types": "7.1.2",
         "@pnpm/pick-fetcher": "3.0.0",
-        "@pnpm/resolver-base": "12.0.2",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/resolver-base": "13.0.0",
+        "@pnpm/types": "11.0.0",
         "get-npm-tarball-url": "^2.1.0",
         "ramda": "npm:@pnpm/ramda@0.28.1"
       },
@@ -2718,12 +2718,12 @@
       }
     },
     "node_modules/@pnpm/merge-lockfile-changes": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.3.tgz",
-      "integrity": "sha512-XFd+c1PzNK5TkLAqaG90RyA0RFIpwhvFxprEDxMVnu9d5Gq8ws4TWz0vy5oTZuKTPODmN7i01xZzEV2/+0KrOw==",
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.4.tgz",
+      "integrity": "sha512-S15nSd/LPZKLArnMfHpQLgK7MvNYvSs9meb839Eh29pqp2wSPHLKOroK4Upbod6SOrGtihmgjmpLaFNAYschpg==",
       "dependencies": {
-        "@pnpm/lockfile-types": "7.1.1",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/lockfile-types": "7.1.2",
+        "@pnpm/types": "11.0.0",
         "comver-to-semver": "^1.0.0",
         "ramda": "npm:@pnpm/ramda@0.28.1",
         "semver": "^7.6.2"
@@ -2803,11 +2803,11 @@
       }
     },
     "node_modules/@pnpm/resolver-base": {
-      "version": "12.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-12.0.2.tgz",
-      "integrity": "sha512-6Ged4cfUI+2RR6b/quphvuN8Tu+Sp0giMp9tqxqd8ls7P+A9qXGX6ATHUTl3jGfuOERYUWeYWrRrvxMmnYLy/g==",
+      "version": "13.0.0",
+      "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-13.0.0.tgz",
+      "integrity": "sha512-hUAn2OqHEBB3MRLlbvtczI0KdNM9CJgd0hDRuLDrcaVrhZrhHDwgLywls+hWbgNvUpcdMR7k+uEIo+07Vu/Qvg==",
       "dependencies": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       },
       "engines": {
         "node": ">=18.12"
@@ -2817,9 +2817,9 @@
       }
     },
     "node_modules/@pnpm/types": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-10.1.1.tgz",
-      "integrity": "sha512-xF8/Trk+ucZa2rUwEk1WgMtlfWUQN5bu6bGHCho+suN2pYrTy+vN+HgZ2SO1oa+6WoyuN5yllMMADOEXaHTOmA==",
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-11.0.0.tgz",
+      "integrity": "sha512-BSdk9nlYLHHHLrTFNpmdrXrXVc+1sY/E1Fs1zqR8pY/KjpjVhxkruLZuXitPRPxbk4jSqm7UnG5WCz008iiaig==",
       "engines": {
         "node": ">=18.12"
       },
@@ -3105,14 +3105,11 @@
       }
     },
     "node_modules/@zkochan/rimraf": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-2.1.3.tgz",
-      "integrity": "sha512-mCfR3gylCzPC+iqdxEA6z5SxJeOgzgbwmyxanKriIne5qZLswDe/M43aD3p5MNzwzXRhbZg/OX+MpES6Zk1a6A==",
-      "dependencies": {
-        "rimraf": "^3.0.2"
-      },
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-GBf4ua7ogWTr7fATnzk/JLowZDBnBJMm8RkMaC/KcvxZ9gxbMWix0/jImd815LmqKyIHZ7h7lADRddGMdGBuCA==",
       "engines": {
-        "node": ">=12.10"
+        "node": ">=18.12"
       }
     },
     "node_modules/@zkochan/which": {
@@ -5452,15 +5449,23 @@
       "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
     "node_modules/graceful-git": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-3.1.2.tgz",
-      "integrity": "sha512-Xyh9Y43yA23/KQ16mpwO4zkzVGUAXyzuSVZQxw9ddQklssIYIY0el24VYfJBFhyCWGriZPRAB2nCgsDizqna9g==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-4.0.0.tgz",
+      "integrity": "sha512-zK/rCH/I0DMKpPBLCElXGI7za3EnXeQFdiK6CTP02Tt1N1L+bMLghZY7cXozlx9M2bx4Q0zrY9ADYP3eI8haIw==",
       "dependencies": {
-        "retry": "^0.12.0",
-        "safe-execa": "^0.1.0"
+        "retry": "^0.13.1",
+        "safe-execa": "^0.1.1"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=18.12"
+      }
+    },
+    "node_modules/graceful-git/node_modules/retry": {
+      "version": "0.13.1",
+      "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
+      "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==",
+      "engines": {
+        "node": ">= 4"
       }
     },
     "node_modules/gunzip-maybe": {
@@ -14615,20 +14620,6 @@
       "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz",
       "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ=="
     },
-    "node_modules/rimraf": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
-      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
-      "dependencies": {
-        "glob": "^7.1.3"
-      },
-      "bin": {
-        "rimraf": "bin.js"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/rsvp": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-3.2.1.tgz",
@@ -17329,9 +17320,9 @@
       }
     },
     "@npmcli/arborist": {
-      "version": "7.5.3",
-      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.3.tgz",
-      "integrity": "sha512-7gbMdDNSYUzi0j2mpb6FoXRg3BxXWplMQZH1MZlvNjSdWFObaUz2Ssvo0Nlh2xmWks1OPo+gpsE6qxpT/5M7lQ==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.4.tgz",
+      "integrity": "sha512-nWtIc6QwwoUORCRNzKx4ypHqCk3drI+5aeYdMTQQiRCcn4lOOgfQh7WyZobGYTxXPSq1VwV53lkpN/BRlRk08g==",
       "requires": {
         "@isaacs/string-locale-compare": "^1.1.0",
         "@npmcli/fs": "^3.1.1",
@@ -17654,11 +17645,11 @@
       "integrity": "sha512-yQosGUvYPpAjb1jOFcdbwekRjZRVxN6C0hHzfRCZrMKbxGjt/E0g0RcFlEDNVZ95tm4oMMcr7nEPa7H7LX3emw=="
     },
     "@pnpm/core-loggers": {
-      "version": "10.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.2.tgz",
-      "integrity": "sha512-UUqWV0wUrMvlNWMe8Ch+XFRI3u3K35T2rS5jofhCsqtZa9UlsJAFW4jjVzOBWkV0uVbt6mdy7IMBHvJsYaU94w==",
+      "version": "10.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.3.tgz",
+      "integrity": "sha512-G038bkMTuvmgG3XtuajnfoBS/u2CoeywRzJZb3qxvcj1XpLFTDAhHyUv/2Rr+yh6KDOVAuTWqdk+WNfeNf6yrw==",
       "requires": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       }
     },
     "@pnpm/crypto.base32-hash": {
@@ -17670,12 +17661,12 @@
       }
     },
     "@pnpm/dependency-path": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.1.tgz",
-      "integrity": "sha512-HskPO2yVpvb8NHnfmByqdkyqSVRaSBpMUSBzfLwzYLRiexs3zo2+NjUvGErjnmVDG8KgY/iQZtw+y+06vMWy/w==",
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.2.tgz",
+      "integrity": "sha512-223YCb6SiCi2+112wHPiG+fWsnSpGINNYZKVwlNwZugheSRuda68SjpUbjc7JIkmceRUD8gbBguk8ynv8IS4TA==",
       "requires": {
         "@pnpm/crypto.base32-hash": "3.0.0",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/types": "11.0.0",
         "semver": "^7.6.2"
       }
     },
@@ -17688,14 +17679,14 @@
       }
     },
     "@pnpm/fetch": {
-      "version": "8.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.2.tgz",
-      "integrity": "sha512-mh81jVdVzscYZcVyVRobv5mf/xPFFLIjnEqH6+4LrTHz0HqVRJd3Oknn7vRzXSx8k+xXUH44o3qroAq8KGJoSA==",
+      "version": "8.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.3.tgz",
+      "integrity": "sha512-yUeoVCc/pPicpdU3s+2Vzl7VfLWDUblizRbglQaaXhAawLWOAYu5a/jMoIclN2dJzh5juRPhYowMX82oTG9Y0Q==",
       "requires": {
-        "@pnpm/core-loggers": "10.0.2",
+        "@pnpm/core-loggers": "10.0.3",
         "@pnpm/fetching-types": "6.0.0",
         "@pnpm/network.agent": "^2.0.0",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/types": "11.0.0",
         "@zkochan/retry": "^0.2.0",
         "node-fetch": "npm:@pnpm/node-fetch@1.0.0"
       }
@@ -17710,13 +17701,13 @@
       }
     },
     "@pnpm/git-resolver": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.3.tgz",
-      "integrity": "sha512-/4pxvDjtcTfnv2ElUr1TECRNmnOAx23eeZNKrSTkWOyI6I+J9f5M40M+jgTcVWS6l2L+I5gwemo3XKgCnX43Ag==",
+      "version": "9.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.4.tgz",
+      "integrity": "sha512-k6jglET3h66oLwqoUBslfRWmL6ULXXIHjQoc1uLS0it+m1cI5toHWkrKJOwbI/9K3KQ88EhhulFP4tQQpS+1fg==",
       "requires": {
-        "@pnpm/fetch": "8.0.2",
-        "@pnpm/resolver-base": "12.0.2",
-        "graceful-git": "^3.1.2",
+        "@pnpm/fetch": "8.0.3",
+        "@pnpm/resolver-base": "13.0.0",
+        "graceful-git": "^4.0.0",
         "hosted-git-info": "npm:@pnpm/hosted-git-info@1.0.0",
         "semver": "^7.6.2"
       },
@@ -17778,21 +17769,21 @@
       }
     },
     "@pnpm/lockfile-file": {
-      "version": "9.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.1.tgz",
-      "integrity": "sha512-Ybs/QCWbN38EyIdpYVviSJR9/gc6LZ1iZDJbVatPL8l4Z4J6ikWh4i32kLqJHutM8McqeFegnTrUO3f65UTajw==",
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.2.tgz",
+      "integrity": "sha512-kQxQOTCTt8edqj1EOGzoGO+ef8iZCKN5GHY+KdZ54Mt8LThXVIu9LYTEuNXpaRdu9kH1wpfla5TbUDK0vMEvwg==",
       "requires": {
         "@pnpm/constants": "8.0.0",
-        "@pnpm/dependency-path": "5.1.1",
+        "@pnpm/dependency-path": "5.1.2",
         "@pnpm/error": "6.0.1",
-        "@pnpm/git-resolver": "9.0.3",
+        "@pnpm/git-resolver": "9.0.4",
         "@pnpm/git-utils": "2.0.0",
-        "@pnpm/lockfile-types": "7.1.1",
-        "@pnpm/lockfile-utils": "11.0.2",
-        "@pnpm/merge-lockfile-changes": "6.0.3",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/lockfile-types": "7.1.2",
+        "@pnpm/lockfile-utils": "11.0.3",
+        "@pnpm/merge-lockfile-changes": "6.0.4",
+        "@pnpm/types": "11.0.0",
         "@pnpm/util.lex-comparator": "3.0.0",
-        "@zkochan/rimraf": "^2.1.3",
+        "@zkochan/rimraf": "^3.0.2",
         "comver-to-semver": "^1.0.0",
         "js-yaml": "npm:@zkochan/js-yaml@0.0.7",
         "normalize-path": "^3.0.0",
@@ -17837,23 +17828,23 @@
       }
     },
     "@pnpm/lockfile-types": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.1.tgz",
-      "integrity": "sha512-ODa3AiqOT/DbFOb+oRpfvB78pJOcrIaCQON30Y2Z/qS7Gs66trTMNl37KabnNTvAEpyvlVGw8rli215fFh1fSA==",
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.2.tgz",
+      "integrity": "sha512-+64KoK8gtTS5lxslW8ATtwwEbikW4e9i/OV5eaR+X+//5SeUA796uCN96sKu6q6OzpZi3/aVU4VgVe15MT9XKA==",
       "requires": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       }
     },
     "@pnpm/lockfile-utils": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.2.tgz",
-      "integrity": "sha512-hbsLB52+/zK9ae4JPR8EnT5K6bB2eBaEx1Mei4IVxtvIRnj6XU7C95PXBX/4QmsRIkpr3PGaKg2GiQALE22WNg==",
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.3.tgz",
+      "integrity": "sha512-HQ3TjUd7TCRovi6wSJ8wcSe1BxXJVs3Hf1msHSZ3Ng1Bwd8rj2mQBNu022u3279Oe1kz35APN0yYciynWWlWkA==",
       "requires": {
-        "@pnpm/dependency-path": "5.1.1",
-        "@pnpm/lockfile-types": "7.1.1",
+        "@pnpm/dependency-path": "5.1.2",
+        "@pnpm/lockfile-types": "7.1.2",
         "@pnpm/pick-fetcher": "3.0.0",
-        "@pnpm/resolver-base": "12.0.2",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/resolver-base": "13.0.0",
+        "@pnpm/types": "11.0.0",
         "get-npm-tarball-url": "^2.1.0",
         "ramda": "npm:@pnpm/ramda@0.28.1"
       }
@@ -17869,12 +17860,12 @@
       }
     },
     "@pnpm/merge-lockfile-changes": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.3.tgz",
-      "integrity": "sha512-XFd+c1PzNK5TkLAqaG90RyA0RFIpwhvFxprEDxMVnu9d5Gq8ws4TWz0vy5oTZuKTPODmN7i01xZzEV2/+0KrOw==",
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.4.tgz",
+      "integrity": "sha512-S15nSd/LPZKLArnMfHpQLgK7MvNYvSs9meb839Eh29pqp2wSPHLKOroK4Upbod6SOrGtihmgjmpLaFNAYschpg==",
       "requires": {
-        "@pnpm/lockfile-types": "7.1.1",
-        "@pnpm/types": "10.1.1",
+        "@pnpm/lockfile-types": "7.1.2",
+        "@pnpm/types": "11.0.0",
         "comver-to-semver": "^1.0.0",
         "ramda": "npm:@pnpm/ramda@0.28.1",
         "semver": "^7.6.2"
@@ -17931,17 +17922,17 @@
       "integrity": "sha512-2eisylRAU/jeuxFEPnS1gjLZKJGbYc4QEtEW6MVUYjO4Xi+2ttkSm7825S0J5IPpUIvln8HYPCUS0eQWSfpOaQ=="
     },
     "@pnpm/resolver-base": {
-      "version": "12.0.2",
-      "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-12.0.2.tgz",
-      "integrity": "sha512-6Ged4cfUI+2RR6b/quphvuN8Tu+Sp0giMp9tqxqd8ls7P+A9qXGX6ATHUTl3jGfuOERYUWeYWrRrvxMmnYLy/g==",
+      "version": "13.0.0",
+      "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-13.0.0.tgz",
+      "integrity": "sha512-hUAn2OqHEBB3MRLlbvtczI0KdNM9CJgd0hDRuLDrcaVrhZrhHDwgLywls+hWbgNvUpcdMR7k+uEIo+07Vu/Qvg==",
       "requires": {
-        "@pnpm/types": "10.1.1"
+        "@pnpm/types": "11.0.0"
       }
     },
     "@pnpm/types": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-10.1.1.tgz",
-      "integrity": "sha512-xF8/Trk+ucZa2rUwEk1WgMtlfWUQN5bu6bGHCho+suN2pYrTy+vN+HgZ2SO1oa+6WoyuN5yllMMADOEXaHTOmA=="
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-11.0.0.tgz",
+      "integrity": "sha512-BSdk9nlYLHHHLrTFNpmdrXrXVc+1sY/E1Fs1zqR8pY/KjpjVhxkruLZuXitPRPxbk4jSqm7UnG5WCz008iiaig=="
     },
     "@pnpm/util.lex-comparator": {
       "version": "3.0.0",
@@ -18181,12 +18172,9 @@
       "integrity": "sha512-WhB+2B/ZPlW2Xy/kMJBrMbqecWXcbDDgn0K0wKBAgO2OlBTz1iLJrRWduo+DGGn0Akvz1Lu4Xvls7dJojximWw=="
     },
     "@zkochan/rimraf": {
-      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-2.1.3.tgz",
-      "integrity": "sha512-mCfR3gylCzPC+iqdxEA6z5SxJeOgzgbwmyxanKriIne5qZLswDe/M43aD3p5MNzwzXRhbZg/OX+MpES6Zk1a6A==",
-      "requires": {
-        "rimraf": "^3.0.2"
-      }
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-GBf4ua7ogWTr7fATnzk/JLowZDBnBJMm8RkMaC/KcvxZ9gxbMWix0/jImd815LmqKyIHZ7h7lADRddGMdGBuCA=="
     },
     "@zkochan/which": {
       "version": "2.0.3",
@@ -19930,12 +19918,19 @@
       "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
     },
     "graceful-git": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-3.1.2.tgz",
-      "integrity": "sha512-Xyh9Y43yA23/KQ16mpwO4zkzVGUAXyzuSVZQxw9ddQklssIYIY0el24VYfJBFhyCWGriZPRAB2nCgsDizqna9g==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-4.0.0.tgz",
+      "integrity": "sha512-zK/rCH/I0DMKpPBLCElXGI7za3EnXeQFdiK6CTP02Tt1N1L+bMLghZY7cXozlx9M2bx4Q0zrY9ADYP3eI8haIw==",
       "requires": {
-        "retry": "^0.12.0",
-        "safe-execa": "^0.1.0"
+        "retry": "^0.13.1",
+        "safe-execa": "^0.1.1"
+      },
+      "dependencies": {
+        "retry": {
+          "version": "0.13.1",
+          "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
+          "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg=="
+        }
       }
     },
     "gunzip-maybe": {
@@ -26744,14 +26739,6 @@
       "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz",
       "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ=="
     },
-    "rimraf": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
-      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
-      "requires": {
-        "glob": "^7.1.3"
-      }
-    },
     "rsvp": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-3.2.1.tgz",

data/helpers/package.json

@@ -11,11 +11,11 @@
   },
   "dependencies": {
     "@dependabot/yarn-lib": "^1.22.22",
-    "@npmcli/arborist": "^7.5.3",
+    "@npmcli/arborist": "^7.5.4",
     "detect-indent": "^6.1.0",
     "nock": "^13.5.4",
     "npm": "6.14.18",
-    "@pnpm/lockfile-file": "^9.1.1",
+    "@pnpm/lockfile-file": "^9.1.2",
     "@pnpm/dependency-path": "^5.1.1",
     "semver": "^7.6.2",
     "patch-package": "^8.0.0"

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -5,6 +5,7 @@ require "sorbet-runtime"
 
 require "dependabot/errors"
 require "dependabot/logger"
+require "dependabot/npm_and_yarn/version"
 require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/file_updater"
 require "dependabot/npm_and_yarn/helpers"
@@ -45,6 +46,11 @@ module Dependabot
           updated_file
         end
 
+        sig { params(response: Exception).returns(T.noreturn) }
+        def updated_lockfile_reponse(response)
+          handle_npm_updater_error(response)
+        end
+
         private
 
         sig { returns(Dependabot::DependencyFile) }
@@ -66,6 +72,13 @@ module Dependabot
           -\sGET\shttps?://(?<source>[^/]+)/(?<package_req>[^/\s]+)}x
         MISSING_PACKAGE = %r{(?<package_req>[^/]+) - Not found}
         INVALID_PACKAGE = /Can't install (?<package_req>.*): Missing/
+        SOCKET_HANG_UP = /request to (?<url>.*) failed, reason: socket hang up/
+        UNABLE_TO_AUTH_NPMRC = /Unable to authenticate, need: Basic, Bearer/
+        UNABLE_TO_AUTH_REGISTRY = /Unable to authenticate, need: *.*(Basic|BASIC) *.*realm="(?<url>.*)"/
+        MISSING_AUTH_TOKEN = /401 Unauthorized - GET (?<url>.*) - authentication token not provided/
+        INVALID_AUTH_TOKEN =
+          /401 Unauthorized - GET (?<url>.*) - unauthenticated: User cannot be authenticated with the token provided./
+        NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
 
         # TODO: look into fixing this in npm, seems like a bug in the git
         # downloader introduced in npm 7
@@ -486,6 +499,30 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, msg
           end
 
+          if (git_source = error_message.match(SOCKET_HANG_UP))
+            msg = git_source.named_captures.fetch("url")
+            raise Dependabot::PrivateSourceTimedOut, T.must(msg)
+          end
+
+          # Error handled when no authentication info ( _auth = user:pass )
+          # is provided in config file (.npmrc) to access private registry
+          if error_message.match?(UNABLE_TO_AUTH_NPMRC)
+            msg = "check .npmrc config file"
+            raise Dependabot::PrivateSourceAuthenticationFailure, msg
+          end
+
+          if (registry_source = error_message.match(UNABLE_TO_AUTH_REGISTRY))
+            msg = registry_source.named_captures.fetch("url")
+            raise Dependabot::PrivateSourceAuthenticationFailure, msg
+          end
+
+          if (registry_source = error_message.match(INVALID_AUTH_TOKEN) ||
+            error_message.match(MISSING_AUTH_TOKEN)) &&
+             T.must(registry_source.named_captures.fetch("url")).include?(NPM_PACKAGE_REGISTRY)
+            msg = registry_source.named_captures.fetch("url")
+            raise Dependabot::InvalidGitAuthToken, T.must(msg)
+          end
+
           raise error
         end
         # rubocop:enable Metrics/AbcSize
@@ -677,7 +714,7 @@ module Dependabot
           json = JSON.parse(content)
 
           NpmAndYarn::FileParser.each_dependency(json) do |nm, requirement, type|
-            next unless requirement == "latest"
+            next unless Version::VERSION_TAGS.include?(requirement)
 
             json[type][nm] = "*"
           end
@@ -760,16 +797,17 @@ module Dependabot
           # NOTE: This is a workaround for npm adding a `name` attribute to the
           # packages section in the lockfile because we install using
           # `--package-lock-only`
-          if !original_name
-            updated_lockfile_content = remove_lockfile_packages_name_attribute(
-              current_name, updated_lockfile_content
-            )
-          elsif original_name && original_name != current_name
-            updated_lockfile_content = replace_lockfile_packages_name_attribute(
-              current_name, original_name, updated_lockfile_content
-            )
+          if current_name
+            if !original_name
+              updated_lockfile_content = remove_lockfile_packages_name_attribute(
+                current_name, updated_lockfile_content
+              )
+            elsif original_name != current_name
+              updated_lockfile_content = replace_lockfile_packages_name_attribute(
+                current_name, original_name, updated_lockfile_content
+              )
+            end
           end
-
           updated_lockfile_content
         end
 

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

@@ -214,8 +214,11 @@ module Dependabot
 
         sig { returns(String) }
         def complete_npmrc_from_credentials
+          # removes attribute timeout to allow for job update,
+          # having a timeout=xxxxx value is causing some jobs to fail
           initial_content = T.must(T.must(npmrc_file).content)
-                             .gsub(/^.*\$\{.*\}.*/, "").strip + "\n"
+                             .gsub(/^.*\$\{.*\}.*/, "").strip.gsub(/^timeout.*/, "").strip + "\n"
+
           return initial_content unless yarn_lock || package_lock
           return initial_content unless global_registry
 

data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb

@@ -3,6 +3,7 @@
 
 require "uri"
 
+require "dependabot/npm_and_yarn"
 require "dependabot/npm_and_yarn/file_updater"
 require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/helpers"
@@ -25,6 +26,10 @@ module Dependabot
           @dependency_files = dependency_files
           @repo_contents_path = repo_contents_path
           @credentials = credentials
+          @error_handler = YarnErrorHandler.new(
+            dependencies: dependencies,
+            dependency_files: dependency_files
+          )
         end
 
         def updated_yarn_lock_content(yarn_lock)
@@ -43,10 +48,7 @@ module Dependabot
         attr_reader :dependency_files
         attr_reader :repo_contents_path
         attr_reader :credentials
-
-        UNREACHABLE_GIT = /ls-remote --tags --heads (?<url>.*)/
-        TIMEOUT_FETCHING_PACKAGE = %r{(?<url>.+)/(?<package>[^/]+): ETIMEDOUT}
-        INVALID_PACKAGE = /Can't add "(?<package_req>.*)": invalid/
+        attr_reader :error_handler
 
         def top_level_dependencies
           dependencies.select(&:top_level?)
@@ -129,19 +131,18 @@ module Dependabot
           end
         rescue SharedHelpers::HelperSubprocessFailed => e
           # package.json name cannot contain characters like empty string or @.
-          if e.message.include?("Name contains illegal characters")
-            raise Dependabot::DependencyFileNotParseable, e.message
-          end
+          raise Dependabot::DependencyFileNotParseable, e.message if e.message.include?(INVALID_NAME_IN_PACKAGE_JSON)
 
           names = dependencies.map(&:name)
           package_missing = names.any? do |name|
             e.message.include?("find package \"#{name}")
           end
 
-          raise unless e.message.include?("The registry may be down") ||
-                       e.message.include?("ETIMEDOUT") ||
-                       e.message.include?("ENOBUFS") ||
-                       package_missing
+          package_missing = e.message.match(PACKAGE_MISSING_REGEX) || package_missing
+
+          error_handler.handle_error(e) unless package_missing
+
+          raise unless package_missing
 
           retry_count ||= 0
           retry_count += 1
@@ -233,16 +234,18 @@ module Dependabot
         # rubocop:disable Metrics/MethodLength
         def handle_yarn_lock_updater_error(error, yarn_lock)
           error_message = error.message
+
           # Invalid package: When package.json doesn't include a name or version
           # Local path error: When installing a git dependency which
           # is using local file paths for sub-dependencies (e.g. unbuilt yarn
           # workspace project)
-          sub_dep_local_path_err = "refers to a non-existing file"
-          if error_message.match?(INVALID_PACKAGE) ||
-             error_message.include?(sub_dep_local_path_err)
-            raise_resolvability_error(error_message, yarn_lock)
+          if error_message.match?(INVALID_PACKAGE_REGEX) ||
+             error_message.include?(SUB_DEP_LOCAL_PATH_TEXT)
+            error_handler.raise_resolvability_error(error_message, yarn_lock)
           end
 
+          error_handler.handle_error(error)
+
           if error_message.include?("Couldn't find package")
             package_name = error_message.match(/package "(?<package_req>.*?)"/)
                                         .named_captures["package_req"]
@@ -290,24 +293,28 @@ module Dependabot
             raise Dependabot::InconsistentRegistryResponse, error_message
           end
 
-          if error_message.include?("Workspaces can only be enabled in priva")
+          if error_message.include?(ONLY_PRIVATE_WORKSPACE_TEXT)
             raise Dependabot::DependencyFileNotEvaluatable, error_message
           end
 
-          if error_message.match?(UNREACHABLE_GIT)
-            dependency_url = error_message.match(UNREACHABLE_GIT)
+          if error_message.match?(UNREACHABLE_GIT_CHECK_REGEX)
+            dependency_url = error_message.match(UNREACHABLE_GIT_CHECK_REGEX)
                                           .named_captures.fetch("url")
 
             raise Dependabot::GitDependenciesNotReachable, dependency_url
           end
 
-          handle_timeout(error_message, yarn_lock) if error_message.match?(TIMEOUT_FETCHING_PACKAGE)
+          handle_timeout(error_message, yarn_lock) if error_message.match?(
+            TIMEOUT_FETCHING_PACKAGE_REGEX
+          )
 
           if error_message.start_with?("Couldn't find any versions") ||
              error_message.include?(": Not found") ||
              error_message.include?("Couldn't find match for")
 
-            raise_resolvability_error(error_message, yarn_lock) unless resolvable_before_update?(yarn_lock)
+            unless resolvable_before_update?(yarn_lock)
+              error_handler.raise_resolvability_error(error_message, yarn_lock)
+            end
 
             # Dependabot has probably messed something up with the update and we
             # want to hear about it
@@ -457,7 +464,7 @@ module Dependabot
           missing_dep = lockfile_dependencies(yarn_lock)
                         .find { |dep| dep.name == package_name }
 
-          raise_resolvability_error(error_message, yarn_lock) unless missing_dep
+          error_handler.raise_resolvability_error(error_message, yarn_lock) unless missing_dep
 
           reg = NpmAndYarn::UpdateChecker::RegistryFinder.new(
             dependency: missing_dep,
@@ -472,19 +479,11 @@ module Dependabot
           raise PrivateSourceAuthenticationFailure, reg
         end
 
-        def raise_resolvability_error(error_message, yarn_lock)
-          dependency_names = dependencies.map(&:name).join(", ")
-          msg = "Error whilst updating #{dependency_names} in " \
-                "#{yarn_lock.path}:\n#{error_message}"
-          raise Dependabot::DependencyFileNotResolvable, msg
-        end
-
         def handle_timeout(error_message, yarn_lock)
-          url = error_message.match(TIMEOUT_FETCHING_PACKAGE)
-                             .named_captures["url"]
-          raise if URI(url).host == "registry.npmjs.org"
+          url = error_message.match(TIMEOUT_FETCHING_PACKAGE_REGEX)
+                             .named_ # rubocop:enable Metrics/ClassLength#RI(url).host == NPM_REGISTERY
 
-          package_name = error_message.match(TIMEOUT_FETCHING_PACKAGE)
+          package_name = error_message.match(TIMEOUT_FETCHING_PACKAGE_REGEX)
                                       .named_captures["package"]
           sanitized_name = sanitize_package_name(package_name)
 
@@ -492,7 +491,10 @@ module Dependabot
                 .find { |d| d.name == sanitized_name }
           return unless dep
 
-          raise PrivateSourceTimedOut, url.gsub(%r{https?://}, "")
+          raise PrivateSourceTimedOut, url.gsub(
+            HTTP_CHECK_REGEX,
+            ""
+          )
         end
 
         def npmrc_content
@@ -577,6 +579,146 @@ module Dependabot
         end
       end
     end
+
+    class YarnErrorHandler
+      extend T::Sig
+
+      sig do
+        params(
+          dependencies: T::Array[Dependabot::Dependency],
+          dependency_files: T::Array[Dependabot::DependencyFile]
+        ).void
+      end
+      def initialize(dependencies:, dependency_files:)
+        @dependencies = dependencies
+        @dependency_files = dependency_files
+      end
+
+      private
+
+      sig { returns(T::Array[Dependabot::Dependency]) }
+      attr_reader :dependencies
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      attr_reader :dependency_files
+
+      public
+
+      # Extracts "Usage Error:" messages from error messages
+      sig { params(error_message: String).returns(T.nilable(String)) }
+      def find_usage_error(error_message)
+        start_index = error_message.rindex(YARN_USAGE_ERROR_TEXT)
+        return nil unless start_index
+
+        error_details = error_message[start_index..-1]
+        error_details&.strip
+      end
+
+      # Main error handling method
+      sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
+      def handle_error(error)
+        # Check if defined yarn error codes contained in the error message
+        # and raise the corresponding error class
+        handle_yarn_error(error)
+
+        # Extract the usage error message from the raw error message
+        usage_error_message = find_usage_error(error.message) || ""
+
+        # Check if the error message contains any group patterns and raise
+        # the corresponding error class
+        handle_group_patterns(error, usage_error_message)
+      end
+
+      # Handles errors with specific to yarn error codes
+      sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
+      def handle_yarn_error(error)
+        error_message = error.message
+        regex = YARN_CODE_REGEX
+        matches = error_message.scan(regex)
+        return if matches.empty?
+
+        # Go through each match backwards in the error message and raise the corresponding error class
+        matches.reverse_each do |match|
+          code = match[0]
+          next unless code
+
+          yarn_error = YARN_ERROR_CODES[code]
+          next unless yarn_error.is_a?(Hash)
+
+          message = yarn_error[:message]
+          new_error = yarn_error[:new_error]
+          next unless new_error
+
+          modified_error_message = if message
+                                     "[#{code}]: #{message}, Detail: #{error_message}"
+                                   else
+                                     "[#{code}]: #{error_message}"
+                                   end
+
+          raise new_error.call(error, modified_error_message)
+        end
+      end
+
+      # Handles errors based on group patterns
+      sig do
+        params(
+          error: SharedHelpers::HelperSubprocessFailed,
+          usage_error_message: String
+        ).void
+      end
+      def handle_group_patterns(error, usage_error_message) # rubocop:disable Metrics/PerceivedComplexity
+        error_message = error.message
+        VALIDATION_GROUP_PATTERNS.each do |group|
+          patterns = group[:patterns]
+          matchfn = group[:matchfn]
+          new_error = group[:new_error]
+          in_usage = group[:in_usage] || false
+
+          next unless (patterns || matchfn) && new_error
+
+          message = usage_error_message.empty? ? error_message : usage_error_message
+          if in_usage && pattern_in_message(patterns, usage_error_message)
+            raise new_error.call(error, message)
+          elsif !in_usage && pattern_in_message(patterns, error_message)
+            raise new_error.call(error, error.message)
+          end
+
+          raise new_error.call(error, message) if matchfn&.call(usage_error_message, error_message)
+        end
+      end
+
+      # Raises a resolvability error for a dependency file
+      sig do
+        params(
+          error_message: String,
+          yarn_lock: Dependabot::DependencyFile
+        ).void
+      end
+      def raise_resolvability_error(error_message, yarn_lock)
+        dependency_names = dependencies.map(&:name).join(", ")
+        msg = "Error whilst updating #{dependency_names} in #{yarn_lock.path}:\n#{error_message}"
+        raise Dependabot::DependencyFileNotResolvable, msg
+      end
+
+      # Checks if a pattern is in a message
+      sig do
+        params(
+          patterns: T::Array[T.any(String, Regexp)],
+          message: String
+        ).returns(T::Boolean)
+      end
+      def pattern_in_message(patterns, message)
+        patterns.any? do |pattern|
+          if pattern.is_a?(String)
+            return message.include?(pattern)
+          elsif pattern.is_a?(Regexp)
+            message = message.gsub(/\e\[[\d;]*[A-Za-z]/, "")
+            return message.match?(pattern)
+          end
+        end
+        false
+      end
+    end
   end
 end
 # rubocop:enable Metrics/ClassLength

data/lib/dependabot/npm_and_yarn/requirement.rb

@@ -14,7 +14,6 @@ module Dependabot
 
       AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
       OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/
-      LATEST_REQUIREMENT = "latest"
 
       # Override the version pattern to allow a 'v' prefix
       quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
@@ -24,7 +23,7 @@ module Dependabot
       PATTERN = /\A#{PATTERN_RAW}\z/
 
       def self.parse(obj)
-        return ["=", nil] if obj.is_a?(String) && obj.strip == LATEST_REQUIREMENT
+        return ["=", nil] if obj.is_a?(String) && Version::VERSION_TAGS.include?(obj.strip)
         return ["=", NpmAndYarn::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
 
         unless (matches = PATTERN.match(obj.to_s))

data/lib/dependabot/npm_and_yarn/version.rb

@@ -19,6 +19,23 @@ module Dependabot
       sig { returns(T.nilable(String)) }
       attr_reader :build_info
 
+      # These are possible npm versioning tags that can be used in place of a version.
+      # See https://docs.npmjs.com/cli/v10/commands/npm-dist-tag#purpose for more details.
+      VERSION_TAGS = T.let([
+        "alpha",        # Alpha version, early testing phase
+        "beta",         # Beta version, more stable than alpha
+        "canary",       # Canary version, often used for cutting-edge builds
+        "dev",          # Development version, ongoing development
+        "experimental", # Experimental version, unstable and new features
+        "latest",       # Latest stable version, used by npm to identify the current version of a package
+        "legacy",       # Legacy version, older version maintained for compatibility
+        "next",         # Next version, used by some projects to identify the upcoming version
+        "nightly",      # Nightly build, daily builds often including latest changes
+        "rc",           # Release candidate, potential final version
+        "release",      # General release version
+        "stable"        # Stable version, thoroughly tested and stable
+      ].freeze.map(&:freeze), T::Array[String])
+
       VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 

data/lib/dependabot/npm_and_yarn.rb

@@ -25,3 +25,179 @@ Dependabot::Dependency.register_production_check(
     groups.include?("dependencies")
   end
 )
+
+module Dependabot
+  module NpmAndYarn
+    NODE_VERSION_NOT_SATISFY_REGEX = /The current Node version (?<current_version>v?\d+\.\d+\.\d+) does not satisfy the required version (?<required_version>v?\d+\.\d+\.\d+)\./ # rubocop:disable Layout/LineLength
+
+    # Used to check if package manager registry is public npm registry
+    NPM_REGISTRY = "registry.npmjs.org"
+
+    # Used to check if url is http or https
+    HTTP_CHECK_REGEX = %r{https?://}
+
+    # Error message when a package.json name include invalid characters
+    INVALID_NAME_IN_PACKAGE_JSON = "Name contains illegal characters"
+
+    # Used to identify error messages indicating a package is missing, unreachable,
+    # or there are network issues (e.g., ENOBUFS, ETIMEDOUT, registry down).
+    PACKAGE_MISSING_REGEX = /(ENOBUFS|ETIMEDOUT|The registry may be down)/
+
+    # Used to check if error message contains timeout fetching package
+    TIMEOUT_FETCHING_PACKAGE_REGEX = %r{(?<url>.+)/(?<package>[^/]+): ETIMEDOUT}
+
+    # Used to identify git unreachable error
+    UNREACHABLE_GIT_CHECK_REGEX = /ls-remote --tags --heads (?<url>.*)/
+
+    # Used to check if yarn workspace is enabled in non-private workspace
+    ONLY_PRIVATE_WORKSPACE_TEXT = "Workspaces can only be enabled in priva"
+
+    # Used to identify local path error in yarn when installing sub-dependency
+    SUB_DEP_LOCAL_PATH_TEXT = "refers to a non-existing file"
+
+    # Used to identify invalid package error when package is not found in registry
+    INVALID_PACKAGE_REGEX = /Can't add "(?<package_req>.*)": invalid/
+
+    # Used to identify error if node_modules state file not resolved
+    NODE_MODULES_STATE_FILE_NOT_FOUND = "Couldn't find the node_modules state file"
+
+    # Used to find error message in yarn error output
+    YARN_USAGE_ERROR_TEXT = "Usage Error:"
+
+    # Used to identify error if tarball is not in network
+    TARBALL_IS_NOT_IN_NETWORK = "Tarball is not in network and can not be located in cache"
+
+    # Used to identify if authentication failure error
+    AUTHENTICATION_TOKEN_NOT_PROVIDED = "authentication token not provided"
+    AUTHENTICATION_IS_NOT_CONFIGURED = "No authentication configured for request"
+
+    # Used to identify if error message is related to yarn workspaces
+    DEPENDENCY_FILE_NOT_RESOLVABLE = "conflicts with direct dependency"
+
+    class Utils
+      extend T::Sig
+
+      sig { params(error_message: String).returns(T::Hash[Symbol, String]) }
+      def self.extract_node_versions(error_message)
+        match_data = error_message.match(NODE_VERSION_NOT_SATISFY_REGEX)
+        return {} unless match_data
+
+        {
+          current_version: match_data[:current_version],
+          required_version: match_data[:required_version]
+        }
+      end
+    end
+
+    YARN_CODE_REGEX = /(YN\d{4})/
+    YARN_ERROR_CODES = T.let({
+      "YN0001" => {
+        message: "Exception error",
+        new_error: ->(_error, message) { Dependabot::DependabotError.new(message) }
+      },
+      "YN0002" => {
+        message: "Missing peer dependency",
+        new_error: ->(_error, message) { Dependabot::DependencyFileNotResolvable.new(message) }
+      },
+      "YN0016" => {
+        message: "Remote not found",
+        new_error: ->(_error, message) { Dependabot::GitDependenciesNotReachable.new(message) }
+      },
+      "YN0020" => {
+        message: "Missing lockfile entry",
+        new_error: ->(_error, message) { Dependabot::DependencyFileNotFound.new(message) }
+      },
+      "YN0046" => {
+        message: "Automerge failed to parse",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0047" => {
+        message: "Automerge immutable",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0062" => {
+        message: "Incompatible OS",
+        new_error: ->(_error, message) { Dependabot::DependabotError.new(message) }
+      },
+      "YN0063" => {
+        message: "Incompatible CPU",
+        new_error: ->(_error, message) { Dependabot::IncompatibleCPU.new(message) }
+      },
+      "YN0071" => {
+        message: "NM can't install external soft link",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0072" => {
+        message: "NM preserve symlinks required",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0075" => {
+        message: "Prolog instantiation error",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0077" => {
+        message: "Ghost architecture",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0080" => {
+        message: "Network disabled",
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
+      },
+      "YN0081" => {
+        message: "Network unsafe HTTP",
+        new_error: ->(_error, message) { Dependabot::NetworkUnsafeHTTP.new(message) }
+      }
+    }.freeze, T::Hash[String, {
+      message: T.any(String, NilClass),
+      new_error: T.proc.params(error: Dependabot::DependabotError, message: String).returns(Dependabot::DependabotError)
+    }])
+
+    # Group of patterns to validate error message and raise specific error
+    VALIDATION_GROUP_PATTERNS = T.let([
+      {
+        patterns: [NODE_MODULES_STATE_FILE_NOT_FOUND],
+        new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) },
+        in_usage: true,
+        matchfn: nil
+      },
+      {
+        patterns: [TARBALL_IS_NOT_IN_NETWORK],
+        new_error: ->(_error, message) { Dependabot::DependencyFileNotResolvable.new(message) },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [NODE_VERSION_NOT_SATISFY_REGEX],
+        new_error: lambda { |_error, message|
+          versions = Utils.extract_node_versions(message)
+          current_version = versions[:current_version]
+          required_version = versions[:required_version]
+
+          return Dependabot::DependabotError.new(message) unless current_version && required_version
+
+          Dependabot::ToolVersionNotSupported.new("Yarn", current_version, required_version)
+        },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [AUTHENTICATION_TOKEN_NOT_PROVIDED, AUTHENTICATION_IS_NOT_CONFIGURED],
+        new_error: ->(_error, message) { Dependabot::PrivateSourceAuthenticationFailure.new(message) },
+        in_usage: false,
+        matchfn: nil
+      },
+      {
+        patterns: [DEPENDENCY_FILE_NOT_RESOLVABLE],
+        new_error: ->(_error, message) { DependencyFileNotResolvable.new(message) },
+        in_usage: false,
+        matchfn: nil
+      }
+    ].freeze, T::Array[{
+      patterns: T::Array[T.any(String, Regexp)],
+      new_error: T.proc.params(error: Dependabot::DependabotError,
+                               message: String).returns(Dependabot::DependabotError),
+      in_usage: T.nilable(T::Boolean),
+      matchfn: T.nilable(T.proc.params(usage: String, message: String).returns(T::Boolean))
+    }])
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.264.0
+  version: 0.266.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-07-05 00:00:00.000000000 Z
+date: 2024-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.264.0
+        version: 0.266.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.264.0
+        version: 0.266.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.63.2
+        version: 1.65.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.63.2
+        version: 1.65.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
 post_install_message: 
 rdoc_options: []
 require_paths: