dependabot-npm_and_yarn 0.265.0 → 0.266.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c0d823ea2b39b19552cded5282fa2333c092db75e890b8f756a5ebe7ab0218aa
4
- data.tar.gz: 369f80174e159bd340a1bf69067be3e40081fec27c7960880e70bf5a1f19cdf4
3
+ metadata.gz: 67babb3510f025790b2e9806bd26290c658b66465bed55f41bbda6d2e4538551
4
+ data.tar.gz: cebb0aa37accd77075e95f2cbd6539aa01015a6d44f44cb7709eee40b04cde27
5
5
  SHA512:
6
- metadata.gz: 9a4b156fa67dd690b9f46ba11c609b2f8dd91b0d79650c8a3a94e5c7e12adeda65ddda30b7ae5870f59139290f0d3da4ed71a1afeeec7428f2a8723102ae2644
7
- data.tar.gz: 429e1cc39f303efcfbd8d72518c0e8e03477d7c000d671233ad3500455d6f3af29edd5a941ebcb769efc5e94114dbe4e3c27d5c3de1e500bfd0635421f948373
6
+ metadata.gz: eff4ddfd5d0945e47eadce0deb0c8e8a7b8571ac238b809e8a8a86d28a6926d66cdf3074111c41769d040bcd5ec8adbae14f9da0b1a58ba18262b35242695784
7
+ data.tar.gz: d5932088b9539ff88c1c43c59b5737de4e50e24222148af147fbea8d2ad068fae1aab6da8ea2bdc552272183afa84829a6900bb6c1c4b5a8e8a9f6680133a4ab
@@ -8,9 +8,9 @@
8
8
  "hasInstallScript": true,
9
9
  "dependencies": {
10
10
  "@dependabot/yarn-lib": "^1.22.22",
11
- "@npmcli/arborist": "^7.5.3",
11
+ "@npmcli/arborist": "^7.5.4",
12
12
  "@pnpm/dependency-path": "^5.1.1",
13
- "@pnpm/lockfile-file": "^9.1.1",
13
+ "@pnpm/lockfile-file": "^9.1.2",
14
14
  "detect-indent": "^6.1.0",
15
15
  "nock": "^13.5.4",
16
16
  "npm": "6.14.18",
@@ -1962,9 +1962,9 @@
1962
1962
  }
1963
1963
  },
1964
1964
  "node_modules/@npmcli/arborist": {
1965
- "version": "7.5.3",
1966
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.3.tgz",
1967
- "integrity": "sha512-7gbMdDNSYUzi0j2mpb6FoXRg3BxXWplMQZH1MZlvNjSdWFObaUz2Ssvo0Nlh2xmWks1OPo+gpsE6qxpT/5M7lQ==",
1965
+ "version": "7.5.4",
1966
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.4.tgz",
1967
+ "integrity": "sha512-nWtIc6QwwoUORCRNzKx4ypHqCk3drI+5aeYdMTQQiRCcn4lOOgfQh7WyZobGYTxXPSq1VwV53lkpN/BRlRk08g==",
1968
1968
  "dependencies": {
1969
1969
  "@isaacs/string-locale-compare": "^1.1.0",
1970
1970
  "@npmcli/fs": "^3.1.1",
@@ -2400,11 +2400,11 @@
2400
2400
  }
2401
2401
  },
2402
2402
  "node_modules/@pnpm/core-loggers": {
2403
- "version": "10.0.2",
2404
- "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.2.tgz",
2405
- "integrity": "sha512-UUqWV0wUrMvlNWMe8Ch+XFRI3u3K35T2rS5jofhCsqtZa9UlsJAFW4jjVzOBWkV0uVbt6mdy7IMBHvJsYaU94w==",
2403
+ "version": "10.0.3",
2404
+ "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.3.tgz",
2405
+ "integrity": "sha512-G038bkMTuvmgG3XtuajnfoBS/u2CoeywRzJZb3qxvcj1XpLFTDAhHyUv/2Rr+yh6KDOVAuTWqdk+WNfeNf6yrw==",
2406
2406
  "dependencies": {
2407
- "@pnpm/types": "10.1.1"
2407
+ "@pnpm/types": "11.0.0"
2408
2408
  },
2409
2409
  "engines": {
2410
2410
  "node": ">=18.12"
@@ -2431,12 +2431,12 @@
2431
2431
  }
2432
2432
  },
2433
2433
  "node_modules/@pnpm/dependency-path": {
2434
- "version": "5.1.1",
2435
- "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.1.tgz",
2436
- "integrity": "sha512-HskPO2yVpvb8NHnfmByqdkyqSVRaSBpMUSBzfLwzYLRiexs3zo2+NjUvGErjnmVDG8KgY/iQZtw+y+06vMWy/w==",
2434
+ "version": "5.1.2",
2435
+ "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.2.tgz",
2436
+ "integrity": "sha512-223YCb6SiCi2+112wHPiG+fWsnSpGINNYZKVwlNwZugheSRuda68SjpUbjc7JIkmceRUD8gbBguk8ynv8IS4TA==",
2437
2437
  "dependencies": {
2438
2438
  "@pnpm/crypto.base32-hash": "3.0.0",
2439
- "@pnpm/types": "10.1.1",
2439
+ "@pnpm/types": "11.0.0",
2440
2440
  "semver": "^7.6.2"
2441
2441
  },
2442
2442
  "engines": {
@@ -2461,14 +2461,14 @@
2461
2461
  }
2462
2462
  },
2463
2463
  "node_modules/@pnpm/fetch": {
2464
- "version": "8.0.2",
2465
- "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.2.tgz",
2466
- "integrity": "sha512-mh81jVdVzscYZcVyVRobv5mf/xPFFLIjnEqH6+4LrTHz0HqVRJd3Oknn7vRzXSx8k+xXUH44o3qroAq8KGJoSA==",
2464
+ "version": "8.0.3",
2465
+ "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.3.tgz",
2466
+ "integrity": "sha512-yUeoVCc/pPicpdU3s+2Vzl7VfLWDUblizRbglQaaXhAawLWOAYu5a/jMoIclN2dJzh5juRPhYowMX82oTG9Y0Q==",
2467
2467
  "dependencies": {
2468
- "@pnpm/core-loggers": "10.0.2",
2468
+ "@pnpm/core-loggers": "10.0.3",
2469
2469
  "@pnpm/fetching-types": "6.0.0",
2470
2470
  "@pnpm/network.agent": "^2.0.0",
2471
- "@pnpm/types": "10.1.1",
2471
+ "@pnpm/types": "11.0.0",
2472
2472
  "@zkochan/retry": "^0.2.0",
2473
2473
  "node-fetch": "npm:@pnpm/node-fetch@1.0.0"
2474
2474
  },
@@ -2498,13 +2498,13 @@
2498
2498
  }
2499
2499
  },
2500
2500
  "node_modules/@pnpm/git-resolver": {
2501
- "version": "9.0.3",
2502
- "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.3.tgz",
2503
- "integrity": "sha512-/4pxvDjtcTfnv2ElUr1TECRNmnOAx23eeZNKrSTkWOyI6I+J9f5M40M+jgTcVWS6l2L+I5gwemo3XKgCnX43Ag==",
2501
+ "version": "9.0.4",
2502
+ "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.4.tgz",
2503
+ "integrity": "sha512-k6jglET3h66oLwqoUBslfRWmL6ULXXIHjQoc1uLS0it+m1cI5toHWkrKJOwbI/9K3KQ88EhhulFP4tQQpS+1fg==",
2504
2504
  "dependencies": {
2505
- "@pnpm/fetch": "8.0.2",
2506
- "@pnpm/resolver-base": "12.0.2",
2507
- "graceful-git": "^3.1.2",
2505
+ "@pnpm/fetch": "8.0.3",
2506
+ "@pnpm/resolver-base": "13.0.0",
2507
+ "graceful-git": "^4.0.0",
2508
2508
  "hosted-git-info": "npm:@pnpm/hosted-git-info@1.0.0",
2509
2509
  "semver": "^7.6.2"
2510
2510
  },
@@ -2589,21 +2589,21 @@
2589
2589
  }
2590
2590
  },
2591
2591
  "node_modules/@pnpm/lockfile-file": {
2592
- "version": "9.1.1",
2593
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.1.tgz",
2594
- "integrity": "sha512-Ybs/QCWbN38EyIdpYVviSJR9/gc6LZ1iZDJbVatPL8l4Z4J6ikWh4i32kLqJHutM8McqeFegnTrUO3f65UTajw==",
2592
+ "version": "9.1.2",
2593
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.2.tgz",
2594
+ "integrity": "sha512-kQxQOTCTt8edqj1EOGzoGO+ef8iZCKN5GHY+KdZ54Mt8LThXVIu9LYTEuNXpaRdu9kH1wpfla5TbUDK0vMEvwg==",
2595
2595
  "dependencies": {
2596
2596
  "@pnpm/constants": "8.0.0",
2597
- "@pnpm/dependency-path": "5.1.1",
2597
+ "@pnpm/dependency-path": "5.1.2",
2598
2598
  "@pnpm/error": "6.0.1",
2599
- "@pnpm/git-resolver": "9.0.3",
2599
+ "@pnpm/git-resolver": "9.0.4",
2600
2600
  "@pnpm/git-utils": "2.0.0",
2601
- "@pnpm/lockfile-types": "7.1.1",
2602
- "@pnpm/lockfile-utils": "11.0.2",
2603
- "@pnpm/merge-lockfile-changes": "6.0.3",
2604
- "@pnpm/types": "10.1.1",
2601
+ "@pnpm/lockfile-types": "7.1.2",
2602
+ "@pnpm/lockfile-utils": "11.0.3",
2603
+ "@pnpm/merge-lockfile-changes": "6.0.4",
2604
+ "@pnpm/types": "11.0.0",
2605
2605
  "@pnpm/util.lex-comparator": "3.0.0",
2606
- "@zkochan/rimraf": "^2.1.3",
2606
+ "@zkochan/rimraf": "^3.0.2",
2607
2607
  "comver-to-semver": "^1.0.0",
2608
2608
  "js-yaml": "npm:@zkochan/js-yaml@0.0.7",
2609
2609
  "normalize-path": "^3.0.0",
@@ -2671,11 +2671,11 @@
2671
2671
  }
2672
2672
  },
2673
2673
  "node_modules/@pnpm/lockfile-types": {
2674
- "version": "7.1.1",
2675
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.1.tgz",
2676
- "integrity": "sha512-ODa3AiqOT/DbFOb+oRpfvB78pJOcrIaCQON30Y2Z/qS7Gs66trTMNl37KabnNTvAEpyvlVGw8rli215fFh1fSA==",
2674
+ "version": "7.1.2",
2675
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.2.tgz",
2676
+ "integrity": "sha512-+64KoK8gtTS5lxslW8ATtwwEbikW4e9i/OV5eaR+X+//5SeUA796uCN96sKu6q6OzpZi3/aVU4VgVe15MT9XKA==",
2677
2677
  "dependencies": {
2678
- "@pnpm/types": "10.1.1"
2678
+ "@pnpm/types": "11.0.0"
2679
2679
  },
2680
2680
  "engines": {
2681
2681
  "node": ">=18.12"
@@ -2685,15 +2685,15 @@
2685
2685
  }
2686
2686
  },
2687
2687
  "node_modules/@pnpm/lockfile-utils": {
2688
- "version": "11.0.2",
2689
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.2.tgz",
2690
- "integrity": "sha512-hbsLB52+/zK9ae4JPR8EnT5K6bB2eBaEx1Mei4IVxtvIRnj6XU7C95PXBX/4QmsRIkpr3PGaKg2GiQALE22WNg==",
2688
+ "version": "11.0.3",
2689
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.3.tgz",
2690
+ "integrity": "sha512-HQ3TjUd7TCRovi6wSJ8wcSe1BxXJVs3Hf1msHSZ3Ng1Bwd8rj2mQBNu022u3279Oe1kz35APN0yYciynWWlWkA==",
2691
2691
  "dependencies": {
2692
- "@pnpm/dependency-path": "5.1.1",
2693
- "@pnpm/lockfile-types": "7.1.1",
2692
+ "@pnpm/dependency-path": "5.1.2",
2693
+ "@pnpm/lockfile-types": "7.1.2",
2694
2694
  "@pnpm/pick-fetcher": "3.0.0",
2695
- "@pnpm/resolver-base": "12.0.2",
2696
- "@pnpm/types": "10.1.1",
2695
+ "@pnpm/resolver-base": "13.0.0",
2696
+ "@pnpm/types": "11.0.0",
2697
2697
  "get-npm-tarball-url": "^2.1.0",
2698
2698
  "ramda": "npm:@pnpm/ramda@0.28.1"
2699
2699
  },
@@ -2718,12 +2718,12 @@
2718
2718
  }
2719
2719
  },
2720
2720
  "node_modules/@pnpm/merge-lockfile-changes": {
2721
- "version": "6.0.3",
2722
- "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.3.tgz",
2723
- "integrity": "sha512-XFd+c1PzNK5TkLAqaG90RyA0RFIpwhvFxprEDxMVnu9d5Gq8ws4TWz0vy5oTZuKTPODmN7i01xZzEV2/+0KrOw==",
2721
+ "version": "6.0.4",
2722
+ "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.4.tgz",
2723
+ "integrity": "sha512-S15nSd/LPZKLArnMfHpQLgK7MvNYvSs9meb839Eh29pqp2wSPHLKOroK4Upbod6SOrGtihmgjmpLaFNAYschpg==",
2724
2724
  "dependencies": {
2725
- "@pnpm/lockfile-types": "7.1.1",
2726
- "@pnpm/types": "10.1.1",
2725
+ "@pnpm/lockfile-types": "7.1.2",
2726
+ "@pnpm/types": "11.0.0",
2727
2727
  "comver-to-semver": "^1.0.0",
2728
2728
  "ramda": "npm:@pnpm/ramda@0.28.1",
2729
2729
  "semver": "^7.6.2"
@@ -2803,11 +2803,11 @@
2803
2803
  }
2804
2804
  },
2805
2805
  "node_modules/@pnpm/resolver-base": {
2806
- "version": "12.0.2",
2807
- "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-12.0.2.tgz",
2808
- "integrity": "sha512-6Ged4cfUI+2RR6b/quphvuN8Tu+Sp0giMp9tqxqd8ls7P+A9qXGX6ATHUTl3jGfuOERYUWeYWrRrvxMmnYLy/g==",
2806
+ "version": "13.0.0",
2807
+ "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-13.0.0.tgz",
2808
+ "integrity": "sha512-hUAn2OqHEBB3MRLlbvtczI0KdNM9CJgd0hDRuLDrcaVrhZrhHDwgLywls+hWbgNvUpcdMR7k+uEIo+07Vu/Qvg==",
2809
2809
  "dependencies": {
2810
- "@pnpm/types": "10.1.1"
2810
+ "@pnpm/types": "11.0.0"
2811
2811
  },
2812
2812
  "engines": {
2813
2813
  "node": ">=18.12"
@@ -2817,9 +2817,9 @@
2817
2817
  }
2818
2818
  },
2819
2819
  "node_modules/@pnpm/types": {
2820
- "version": "10.1.1",
2821
- "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-10.1.1.tgz",
2822
- "integrity": "sha512-xF8/Trk+ucZa2rUwEk1WgMtlfWUQN5bu6bGHCho+suN2pYrTy+vN+HgZ2SO1oa+6WoyuN5yllMMADOEXaHTOmA==",
2820
+ "version": "11.0.0",
2821
+ "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-11.0.0.tgz",
2822
+ "integrity": "sha512-BSdk9nlYLHHHLrTFNpmdrXrXVc+1sY/E1Fs1zqR8pY/KjpjVhxkruLZuXitPRPxbk4jSqm7UnG5WCz008iiaig==",
2823
2823
  "engines": {
2824
2824
  "node": ">=18.12"
2825
2825
  },
@@ -3105,14 +3105,11 @@
3105
3105
  }
3106
3106
  },
3107
3107
  "node_modules/@zkochan/rimraf": {
3108
- "version": "2.1.3",
3109
- "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-2.1.3.tgz",
3110
- "integrity": "sha512-mCfR3gylCzPC+iqdxEA6z5SxJeOgzgbwmyxanKriIne5qZLswDe/M43aD3p5MNzwzXRhbZg/OX+MpES6Zk1a6A==",
3111
- "dependencies": {
3112
- "rimraf": "^3.0.2"
3113
- },
3108
+ "version": "3.0.2",
3109
+ "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-3.0.2.tgz",
3110
+ "integrity": "sha512-GBf4ua7ogWTr7fATnzk/JLowZDBnBJMm8RkMaC/KcvxZ9gxbMWix0/jImd815LmqKyIHZ7h7lADRddGMdGBuCA==",
3114
3111
  "engines": {
3115
- "node": ">=12.10"
3112
+ "node": ">=18.12"
3116
3113
  }
3117
3114
  },
3118
3115
  "node_modules/@zkochan/which": {
@@ -5452,15 +5449,23 @@
5452
5449
  "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
5453
5450
  },
5454
5451
  "node_modules/graceful-git": {
5455
- "version": "3.1.2",
5456
- "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-3.1.2.tgz",
5457
- "integrity": "sha512-Xyh9Y43yA23/KQ16mpwO4zkzVGUAXyzuSVZQxw9ddQklssIYIY0el24VYfJBFhyCWGriZPRAB2nCgsDizqna9g==",
5452
+ "version": "4.0.0",
5453
+ "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-4.0.0.tgz",
5454
+ "integrity": "sha512-zK/rCH/I0DMKpPBLCElXGI7za3EnXeQFdiK6CTP02Tt1N1L+bMLghZY7cXozlx9M2bx4Q0zrY9ADYP3eI8haIw==",
5458
5455
  "dependencies": {
5459
- "retry": "^0.12.0",
5460
- "safe-execa": "^0.1.0"
5456
+ "retry": "^0.13.1",
5457
+ "safe-execa": "^0.1.1"
5461
5458
  },
5462
5459
  "engines": {
5463
- "node": ">=10"
5460
+ "node": ">=18.12"
5461
+ }
5462
+ },
5463
+ "node_modules/graceful-git/node_modules/retry": {
5464
+ "version": "0.13.1",
5465
+ "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
5466
+ "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==",
5467
+ "engines": {
5468
+ "node": ">= 4"
5464
5469
  }
5465
5470
  },
5466
5471
  "node_modules/gunzip-maybe": {
@@ -14615,20 +14620,6 @@
14615
14620
  "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz",
14616
14621
  "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ=="
14617
14622
  },
14618
- "node_modules/rimraf": {
14619
- "version": "3.0.2",
14620
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
14621
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
14622
- "dependencies": {
14623
- "glob": "^7.1.3"
14624
- },
14625
- "bin": {
14626
- "rimraf": "bin.js"
14627
- },
14628
- "funding": {
14629
- "url": "https://github.com/sponsors/isaacs"
14630
- }
14631
- },
14632
14623
  "node_modules/rsvp": {
14633
14624
  "version": "3.2.1",
14634
14625
  "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-3.2.1.tgz",
@@ -17329,9 +17320,9 @@
17329
17320
  }
17330
17321
  },
17331
17322
  "@npmcli/arborist": {
17332
- "version": "7.5.3",
17333
- "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.3.tgz",
17334
- "integrity": "sha512-7gbMdDNSYUzi0j2mpb6FoXRg3BxXWplMQZH1MZlvNjSdWFObaUz2Ssvo0Nlh2xmWks1OPo+gpsE6qxpT/5M7lQ==",
17323
+ "version": "7.5.4",
17324
+ "resolved": "https://registry.npmjs.org/@npmcli/arborist/-/arborist-7.5.4.tgz",
17325
+ "integrity": "sha512-nWtIc6QwwoUORCRNzKx4ypHqCk3drI+5aeYdMTQQiRCcn4lOOgfQh7WyZobGYTxXPSq1VwV53lkpN/BRlRk08g==",
17335
17326
  "requires": {
17336
17327
  "@isaacs/string-locale-compare": "^1.1.0",
17337
17328
  "@npmcli/fs": "^3.1.1",
@@ -17654,11 +17645,11 @@
17654
17645
  "integrity": "sha512-yQosGUvYPpAjb1jOFcdbwekRjZRVxN6C0hHzfRCZrMKbxGjt/E0g0RcFlEDNVZ95tm4oMMcr7nEPa7H7LX3emw=="
17655
17646
  },
17656
17647
  "@pnpm/core-loggers": {
17657
- "version": "10.0.2",
17658
- "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.2.tgz",
17659
- "integrity": "sha512-UUqWV0wUrMvlNWMe8Ch+XFRI3u3K35T2rS5jofhCsqtZa9UlsJAFW4jjVzOBWkV0uVbt6mdy7IMBHvJsYaU94w==",
17648
+ "version": "10.0.3",
17649
+ "resolved": "https://registry.npmjs.org/@pnpm/core-loggers/-/core-loggers-10.0.3.tgz",
17650
+ "integrity": "sha512-G038bkMTuvmgG3XtuajnfoBS/u2CoeywRzJZb3qxvcj1XpLFTDAhHyUv/2Rr+yh6KDOVAuTWqdk+WNfeNf6yrw==",
17660
17651
  "requires": {
17661
- "@pnpm/types": "10.1.1"
17652
+ "@pnpm/types": "11.0.0"
17662
17653
  }
17663
17654
  },
17664
17655
  "@pnpm/crypto.base32-hash": {
@@ -17670,12 +17661,12 @@
17670
17661
  }
17671
17662
  },
17672
17663
  "@pnpm/dependency-path": {
17673
- "version": "5.1.1",
17674
- "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.1.tgz",
17675
- "integrity": "sha512-HskPO2yVpvb8NHnfmByqdkyqSVRaSBpMUSBzfLwzYLRiexs3zo2+NjUvGErjnmVDG8KgY/iQZtw+y+06vMWy/w==",
17664
+ "version": "5.1.2",
17665
+ "resolved": "https://registry.npmjs.org/@pnpm/dependency-path/-/dependency-path-5.1.2.tgz",
17666
+ "integrity": "sha512-223YCb6SiCi2+112wHPiG+fWsnSpGINNYZKVwlNwZugheSRuda68SjpUbjc7JIkmceRUD8gbBguk8ynv8IS4TA==",
17676
17667
  "requires": {
17677
17668
  "@pnpm/crypto.base32-hash": "3.0.0",
17678
- "@pnpm/types": "10.1.1",
17669
+ "@pnpm/types": "11.0.0",
17679
17670
  "semver": "^7.6.2"
17680
17671
  }
17681
17672
  },
@@ -17688,14 +17679,14 @@
17688
17679
  }
17689
17680
  },
17690
17681
  "@pnpm/fetch": {
17691
- "version": "8.0.2",
17692
- "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.2.tgz",
17693
- "integrity": "sha512-mh81jVdVzscYZcVyVRobv5mf/xPFFLIjnEqH6+4LrTHz0HqVRJd3Oknn7vRzXSx8k+xXUH44o3qroAq8KGJoSA==",
17682
+ "version": "8.0.3",
17683
+ "resolved": "https://registry.npmjs.org/@pnpm/fetch/-/fetch-8.0.3.tgz",
17684
+ "integrity": "sha512-yUeoVCc/pPicpdU3s+2Vzl7VfLWDUblizRbglQaaXhAawLWOAYu5a/jMoIclN2dJzh5juRPhYowMX82oTG9Y0Q==",
17694
17685
  "requires": {
17695
- "@pnpm/core-loggers": "10.0.2",
17686
+ "@pnpm/core-loggers": "10.0.3",
17696
17687
  "@pnpm/fetching-types": "6.0.0",
17697
17688
  "@pnpm/network.agent": "^2.0.0",
17698
- "@pnpm/types": "10.1.1",
17689
+ "@pnpm/types": "11.0.0",
17699
17690
  "@zkochan/retry": "^0.2.0",
17700
17691
  "node-fetch": "npm:@pnpm/node-fetch@1.0.0"
17701
17692
  }
@@ -17710,13 +17701,13 @@
17710
17701
  }
17711
17702
  },
17712
17703
  "@pnpm/git-resolver": {
17713
- "version": "9.0.3",
17714
- "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.3.tgz",
17715
- "integrity": "sha512-/4pxvDjtcTfnv2ElUr1TECRNmnOAx23eeZNKrSTkWOyI6I+J9f5M40M+jgTcVWS6l2L+I5gwemo3XKgCnX43Ag==",
17704
+ "version": "9.0.4",
17705
+ "resolved": "https://registry.npmjs.org/@pnpm/git-resolver/-/git-resolver-9.0.4.tgz",
17706
+ "integrity": "sha512-k6jglET3h66oLwqoUBslfRWmL6ULXXIHjQoc1uLS0it+m1cI5toHWkrKJOwbI/9K3KQ88EhhulFP4tQQpS+1fg==",
17716
17707
  "requires": {
17717
- "@pnpm/fetch": "8.0.2",
17718
- "@pnpm/resolver-base": "12.0.2",
17719
- "graceful-git": "^3.1.2",
17708
+ "@pnpm/fetch": "8.0.3",
17709
+ "@pnpm/resolver-base": "13.0.0",
17710
+ "graceful-git": "^4.0.0",
17720
17711
  "hosted-git-info": "npm:@pnpm/hosted-git-info@1.0.0",
17721
17712
  "semver": "^7.6.2"
17722
17713
  },
@@ -17778,21 +17769,21 @@
17778
17769
  }
17779
17770
  },
17780
17771
  "@pnpm/lockfile-file": {
17781
- "version": "9.1.1",
17782
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.1.tgz",
17783
- "integrity": "sha512-Ybs/QCWbN38EyIdpYVviSJR9/gc6LZ1iZDJbVatPL8l4Z4J6ikWh4i32kLqJHutM8McqeFegnTrUO3f65UTajw==",
17772
+ "version": "9.1.2",
17773
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-file/-/lockfile-file-9.1.2.tgz",
17774
+ "integrity": "sha512-kQxQOTCTt8edqj1EOGzoGO+ef8iZCKN5GHY+KdZ54Mt8LThXVIu9LYTEuNXpaRdu9kH1wpfla5TbUDK0vMEvwg==",
17784
17775
  "requires": {
17785
17776
  "@pnpm/constants": "8.0.0",
17786
- "@pnpm/dependency-path": "5.1.1",
17777
+ "@pnpm/dependency-path": "5.1.2",
17787
17778
  "@pnpm/error": "6.0.1",
17788
- "@pnpm/git-resolver": "9.0.3",
17779
+ "@pnpm/git-resolver": "9.0.4",
17789
17780
  "@pnpm/git-utils": "2.0.0",
17790
- "@pnpm/lockfile-types": "7.1.1",
17791
- "@pnpm/lockfile-utils": "11.0.2",
17792
- "@pnpm/merge-lockfile-changes": "6.0.3",
17793
- "@pnpm/types": "10.1.1",
17781
+ "@pnpm/lockfile-types": "7.1.2",
17782
+ "@pnpm/lockfile-utils": "11.0.3",
17783
+ "@pnpm/merge-lockfile-changes": "6.0.4",
17784
+ "@pnpm/types": "11.0.0",
17794
17785
  "@pnpm/util.lex-comparator": "3.0.0",
17795
- "@zkochan/rimraf": "^2.1.3",
17786
+ "@zkochan/rimraf": "^3.0.2",
17796
17787
  "comver-to-semver": "^1.0.0",
17797
17788
  "js-yaml": "npm:@zkochan/js-yaml@0.0.7",
17798
17789
  "normalize-path": "^3.0.0",
@@ -17837,23 +17828,23 @@
17837
17828
  }
17838
17829
  },
17839
17830
  "@pnpm/lockfile-types": {
17840
- "version": "7.1.1",
17841
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.1.tgz",
17842
- "integrity": "sha512-ODa3AiqOT/DbFOb+oRpfvB78pJOcrIaCQON30Y2Z/qS7Gs66trTMNl37KabnNTvAEpyvlVGw8rli215fFh1fSA==",
17831
+ "version": "7.1.2",
17832
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-types/-/lockfile-types-7.1.2.tgz",
17833
+ "integrity": "sha512-+64KoK8gtTS5lxslW8ATtwwEbikW4e9i/OV5eaR+X+//5SeUA796uCN96sKu6q6OzpZi3/aVU4VgVe15MT9XKA==",
17843
17834
  "requires": {
17844
- "@pnpm/types": "10.1.1"
17835
+ "@pnpm/types": "11.0.0"
17845
17836
  }
17846
17837
  },
17847
17838
  "@pnpm/lockfile-utils": {
17848
- "version": "11.0.2",
17849
- "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.2.tgz",
17850
- "integrity": "sha512-hbsLB52+/zK9ae4JPR8EnT5K6bB2eBaEx1Mei4IVxtvIRnj6XU7C95PXBX/4QmsRIkpr3PGaKg2GiQALE22WNg==",
17839
+ "version": "11.0.3",
17840
+ "resolved": "https://registry.npmjs.org/@pnpm/lockfile-utils/-/lockfile-utils-11.0.3.tgz",
17841
+ "integrity": "sha512-HQ3TjUd7TCRovi6wSJ8wcSe1BxXJVs3Hf1msHSZ3Ng1Bwd8rj2mQBNu022u3279Oe1kz35APN0yYciynWWlWkA==",
17851
17842
  "requires": {
17852
- "@pnpm/dependency-path": "5.1.1",
17853
- "@pnpm/lockfile-types": "7.1.1",
17843
+ "@pnpm/dependency-path": "5.1.2",
17844
+ "@pnpm/lockfile-types": "7.1.2",
17854
17845
  "@pnpm/pick-fetcher": "3.0.0",
17855
- "@pnpm/resolver-base": "12.0.2",
17856
- "@pnpm/types": "10.1.1",
17846
+ "@pnpm/resolver-base": "13.0.0",
17847
+ "@pnpm/types": "11.0.0",
17857
17848
  "get-npm-tarball-url": "^2.1.0",
17858
17849
  "ramda": "npm:@pnpm/ramda@0.28.1"
17859
17850
  }
@@ -17869,12 +17860,12 @@
17869
17860
  }
17870
17861
  },
17871
17862
  "@pnpm/merge-lockfile-changes": {
17872
- "version": "6.0.3",
17873
- "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.3.tgz",
17874
- "integrity": "sha512-XFd+c1PzNK5TkLAqaG90RyA0RFIpwhvFxprEDxMVnu9d5Gq8ws4TWz0vy5oTZuKTPODmN7i01xZzEV2/+0KrOw==",
17863
+ "version": "6.0.4",
17864
+ "resolved": "https://registry.npmjs.org/@pnpm/merge-lockfile-changes/-/merge-lockfile-changes-6.0.4.tgz",
17865
+ "integrity": "sha512-S15nSd/LPZKLArnMfHpQLgK7MvNYvSs9meb839Eh29pqp2wSPHLKOroK4Upbod6SOrGtihmgjmpLaFNAYschpg==",
17875
17866
  "requires": {
17876
- "@pnpm/lockfile-types": "7.1.1",
17877
- "@pnpm/types": "10.1.1",
17867
+ "@pnpm/lockfile-types": "7.1.2",
17868
+ "@pnpm/types": "11.0.0",
17878
17869
  "comver-to-semver": "^1.0.0",
17879
17870
  "ramda": "npm:@pnpm/ramda@0.28.1",
17880
17871
  "semver": "^7.6.2"
@@ -17931,17 +17922,17 @@
17931
17922
  "integrity": "sha512-2eisylRAU/jeuxFEPnS1gjLZKJGbYc4QEtEW6MVUYjO4Xi+2ttkSm7825S0J5IPpUIvln8HYPCUS0eQWSfpOaQ=="
17932
17923
  },
17933
17924
  "@pnpm/resolver-base": {
17934
- "version": "12.0.2",
17935
- "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-12.0.2.tgz",
17936
- "integrity": "sha512-6Ged4cfUI+2RR6b/quphvuN8Tu+Sp0giMp9tqxqd8ls7P+A9qXGX6ATHUTl3jGfuOERYUWeYWrRrvxMmnYLy/g==",
17925
+ "version": "13.0.0",
17926
+ "resolved": "https://registry.npmjs.org/@pnpm/resolver-base/-/resolver-base-13.0.0.tgz",
17927
+ "integrity": "sha512-hUAn2OqHEBB3MRLlbvtczI0KdNM9CJgd0hDRuLDrcaVrhZrhHDwgLywls+hWbgNvUpcdMR7k+uEIo+07Vu/Qvg==",
17937
17928
  "requires": {
17938
- "@pnpm/types": "10.1.1"
17929
+ "@pnpm/types": "11.0.0"
17939
17930
  }
17940
17931
  },
17941
17932
  "@pnpm/types": {
17942
- "version": "10.1.1",
17943
- "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-10.1.1.tgz",
17944
- "integrity": "sha512-xF8/Trk+ucZa2rUwEk1WgMtlfWUQN5bu6bGHCho+suN2pYrTy+vN+HgZ2SO1oa+6WoyuN5yllMMADOEXaHTOmA=="
17933
+ "version": "11.0.0",
17934
+ "resolved": "https://registry.npmjs.org/@pnpm/types/-/types-11.0.0.tgz",
17935
+ "integrity": "sha512-BSdk9nlYLHHHLrTFNpmdrXrXVc+1sY/E1Fs1zqR8pY/KjpjVhxkruLZuXitPRPxbk4jSqm7UnG5WCz008iiaig=="
17945
17936
  },
17946
17937
  "@pnpm/util.lex-comparator": {
17947
17938
  "version": "3.0.0",
@@ -18181,12 +18172,9 @@
18181
18172
  "integrity": "sha512-WhB+2B/ZPlW2Xy/kMJBrMbqecWXcbDDgn0K0wKBAgO2OlBTz1iLJrRWduo+DGGn0Akvz1Lu4Xvls7dJojximWw=="
18182
18173
  },
18183
18174
  "@zkochan/rimraf": {
18184
- "version": "2.1.3",
18185
- "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-2.1.3.tgz",
18186
- "integrity": "sha512-mCfR3gylCzPC+iqdxEA6z5SxJeOgzgbwmyxanKriIne5qZLswDe/M43aD3p5MNzwzXRhbZg/OX+MpES6Zk1a6A==",
18187
- "requires": {
18188
- "rimraf": "^3.0.2"
18189
- }
18175
+ "version": "3.0.2",
18176
+ "resolved": "https://registry.npmjs.org/@zkochan/rimraf/-/rimraf-3.0.2.tgz",
18177
+ "integrity": "sha512-GBf4ua7ogWTr7fATnzk/JLowZDBnBJMm8RkMaC/KcvxZ9gxbMWix0/jImd815LmqKyIHZ7h7lADRddGMdGBuCA=="
18190
18178
  },
18191
18179
  "@zkochan/which": {
18192
18180
  "version": "2.0.3",
@@ -19930,12 +19918,19 @@
19930
19918
  "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="
19931
19919
  },
19932
19920
  "graceful-git": {
19933
- "version": "3.1.2",
19934
- "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-3.1.2.tgz",
19935
- "integrity": "sha512-Xyh9Y43yA23/KQ16mpwO4zkzVGUAXyzuSVZQxw9ddQklssIYIY0el24VYfJBFhyCWGriZPRAB2nCgsDizqna9g==",
19921
+ "version": "4.0.0",
19922
+ "resolved": "https://registry.npmjs.org/graceful-git/-/graceful-git-4.0.0.tgz",
19923
+ "integrity": "sha512-zK/rCH/I0DMKpPBLCElXGI7za3EnXeQFdiK6CTP02Tt1N1L+bMLghZY7cXozlx9M2bx4Q0zrY9ADYP3eI8haIw==",
19936
19924
  "requires": {
19937
- "retry": "^0.12.0",
19938
- "safe-execa": "^0.1.0"
19925
+ "retry": "^0.13.1",
19926
+ "safe-execa": "^0.1.1"
19927
+ },
19928
+ "dependencies": {
19929
+ "retry": {
19930
+ "version": "0.13.1",
19931
+ "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
19932
+ "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg=="
19933
+ }
19939
19934
  }
19940
19935
  },
19941
19936
  "gunzip-maybe": {
@@ -26744,14 +26739,6 @@
26744
26739
  "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz",
26745
26740
  "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ=="
26746
26741
  },
26747
- "rimraf": {
26748
- "version": "3.0.2",
26749
- "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
26750
- "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
26751
- "requires": {
26752
- "glob": "^7.1.3"
26753
- }
26754
- },
26755
26742
  "rsvp": {
26756
26743
  "version": "3.2.1",
26757
26744
  "resolved": "https://registry.npmjs.org/rsvp/-/rsvp-3.2.1.tgz",
data/helpers/package.json CHANGED
@@ -11,11 +11,11 @@
11
11
  },
12
12
  "dependencies": {
13
13
  "@dependabot/yarn-lib": "^1.22.22",
14
- "@npmcli/arborist": "^7.5.3",
14
+ "@npmcli/arborist": "^7.5.4",
15
15
  "detect-indent": "^6.1.0",
16
16
  "nock": "^13.5.4",
17
17
  "npm": "6.14.18",
18
- "@pnpm/lockfile-file": "^9.1.1",
18
+ "@pnpm/lockfile-file": "^9.1.2",
19
19
  "@pnpm/dependency-path": "^5.1.1",
20
20
  "semver": "^7.6.2",
21
21
  "patch-package": "^8.0.0"
@@ -5,6 +5,7 @@ require "sorbet-runtime"
5
5
 
6
6
  require "dependabot/errors"
7
7
  require "dependabot/logger"
8
+ require "dependabot/npm_and_yarn/version"
8
9
  require "dependabot/npm_and_yarn/file_parser"
9
10
  require "dependabot/npm_and_yarn/file_updater"
10
11
  require "dependabot/npm_and_yarn/helpers"
@@ -45,6 +46,11 @@ module Dependabot
45
46
  updated_file
46
47
  end
47
48
 
49
+ sig { params(response: Exception).returns(T.noreturn) }
50
+ def updated_lockfile_reponse(response)
51
+ handle_npm_updater_error(response)
52
+ end
53
+
48
54
  private
49
55
 
50
56
  sig { returns(Dependabot::DependencyFile) }
@@ -66,6 +72,13 @@ module Dependabot
66
72
  -\sGET\shttps?://(?<source>[^/]+)/(?<package_req>[^/\s]+)}x
67
73
  MISSING_PACKAGE = %r{(?<package_req>[^/]+) - Not found}
68
74
  INVALID_PACKAGE = /Can't install (?<package_req>.*): Missing/
75
+ SOCKET_HANG_UP = /request to (?<url>.*) failed, reason: socket hang up/
76
+ UNABLE_TO_AUTH_NPMRC = /Unable to authenticate, need: Basic, Bearer/
77
+ UNABLE_TO_AUTH_REGISTRY = /Unable to authenticate, need: *.*(Basic|BASIC) *.*realm="(?<url>.*)"/
78
+ MISSING_AUTH_TOKEN = /401 Unauthorized - GET (?<url>.*) - authentication token not provided/
79
+ INVALID_AUTH_TOKEN =
80
+ /401 Unauthorized - GET (?<url>.*) - unauthenticated: User cannot be authenticated with the token provided./
81
+ NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
69
82
 
70
83
  # TODO: look into fixing this in npm, seems like a bug in the git
71
84
  # downloader introduced in npm 7
@@ -486,6 +499,30 @@ module Dependabot
486
499
  raise Dependabot::DependencyFileNotResolvable, msg
487
500
  end
488
501
 
502
+ if (git_source = error_message.match(SOCKET_HANG_UP))
503
+ msg = git_source.named_captures.fetch("url")
504
+ raise Dependabot::PrivateSourceTimedOut, T.must(msg)
505
+ end
506
+
507
+ # Error handled when no authentication info ( _auth = user:pass )
508
+ # is provided in config file (.npmrc) to access private registry
509
+ if error_message.match?(UNABLE_TO_AUTH_NPMRC)
510
+ msg = "check .npmrc config file"
511
+ raise Dependabot::PrivateSourceAuthenticationFailure, msg
512
+ end
513
+
514
+ if (registry_source = error_message.match(UNABLE_TO_AUTH_REGISTRY))
515
+ msg = registry_source.named_captures.fetch("url")
516
+ raise Dependabot::PrivateSourceAuthenticationFailure, msg
517
+ end
518
+
519
+ if (registry_source = error_message.match(INVALID_AUTH_TOKEN) ||
520
+ error_message.match(MISSING_AUTH_TOKEN)) &&
521
+ T.must(registry_source.named_captures.fetch("url")).include?(NPM_PACKAGE_REGISTRY)
522
+ msg = registry_source.named_captures.fetch("url")
523
+ raise Dependabot::InvalidGitAuthToken, T.must(msg)
524
+ end
525
+
489
526
  raise error
490
527
  end
491
528
  # rubocop:enable Metrics/AbcSize
@@ -677,7 +714,7 @@ module Dependabot
677
714
  json = JSON.parse(content)
678
715
 
679
716
  NpmAndYarn::FileParser.each_dependency(json) do |nm, requirement, type|
680
- next unless requirement == "latest"
717
+ next unless Version::VERSION_TAGS.include?(requirement)
681
718
 
682
719
  json[type][nm] = "*"
683
720
  end
@@ -760,16 +797,17 @@ module Dependabot
760
797
  # NOTE: This is a workaround for npm adding a `name` attribute to the
761
798
  # packages section in the lockfile because we install using
762
799
  # `--package-lock-only`
763
- if !original_name
764
- updated_lockfile_content = remove_lockfile_packages_name_attribute(
765
- current_name, updated_lockfile_content
766
- )
767
- elsif original_name && original_name != current_name
768
- updated_lockfile_content = replace_lockfile_packages_name_attribute(
769
- current_name, original_name, updated_lockfile_content
770
- )
800
+ if current_name
801
+ if !original_name
802
+ updated_lockfile_content = remove_lockfile_packages_name_attribute(
803
+ current_name, updated_lockfile_content
804
+ )
805
+ elsif original_name != current_name
806
+ updated_lockfile_content = replace_lockfile_packages_name_attribute(
807
+ current_name, original_name, updated_lockfile_content
808
+ )
809
+ end
771
810
  end
772
-
773
811
  updated_lockfile_content
774
812
  end
775
813
 
@@ -3,6 +3,7 @@
3
3
 
4
4
  require "uri"
5
5
 
6
+ require "dependabot/npm_and_yarn"
6
7
  require "dependabot/npm_and_yarn/file_updater"
7
8
  require "dependabot/npm_and_yarn/file_parser"
8
9
  require "dependabot/npm_and_yarn/helpers"
@@ -25,6 +26,10 @@ module Dependabot
25
26
  @dependency_files = dependency_files
26
27
  @repo_contents_path = repo_contents_path
27
28
  @credentials = credentials
29
+ @error_handler = YarnErrorHandler.new(
30
+ dependencies: dependencies,
31
+ dependency_files: dependency_files
32
+ )
28
33
  end
29
34
 
30
35
  def updated_yarn_lock_content(yarn_lock)
@@ -43,10 +48,7 @@ module Dependabot
43
48
  attr_reader :dependency_files
44
49
  attr_reader :repo_contents_path
45
50
  attr_reader :credentials
46
-
47
- UNREACHABLE_GIT = /ls-remote --tags --heads (?<url>.*)/
48
- TIMEOUT_FETCHING_PACKAGE = %r{(?<url>.+)/(?<package>[^/]+): ETIMEDOUT}
49
- INVALID_PACKAGE = /Can't add "(?<package_req>.*)": invalid/
51
+ attr_reader :error_handler
50
52
 
51
53
  def top_level_dependencies
52
54
  dependencies.select(&:top_level?)
@@ -129,19 +131,18 @@ module Dependabot
129
131
  end
130
132
  rescue SharedHelpers::HelperSubprocessFailed => e
131
133
  # package.json name cannot contain characters like empty string or @.
132
- if e.message.include?("Name contains illegal characters")
133
- raise Dependabot::DependencyFileNotParseable, e.message
134
- end
134
+ raise Dependabot::DependencyFileNotParseable, e.message if e.message.include?(INVALID_NAME_IN_PACKAGE_JSON)
135
135
 
136
136
  names = dependencies.map(&:name)
137
137
  package_missing = names.any? do |name|
138
138
  e.message.include?("find package \"#{name}")
139
139
  end
140
140
 
141
- raise unless e.message.include?("The registry may be down") ||
142
- e.message.include?("ETIMEDOUT") ||
143
- e.message.include?("ENOBUFS") ||
144
- package_missing
141
+ package_missing = e.message.match(PACKAGE_MISSING_REGEX) || package_missing
142
+
143
+ error_handler.handle_error(e) unless package_missing
144
+
145
+ raise unless package_missing
145
146
 
146
147
  retry_count ||= 0
147
148
  retry_count += 1
@@ -233,16 +234,18 @@ module Dependabot
233
234
  # rubocop:disable Metrics/MethodLength
234
235
  def handle_yarn_lock_updater_error(error, yarn_lock)
235
236
  error_message = error.message
237
+
236
238
  # Invalid package: When package.json doesn't include a name or version
237
239
  # Local path error: When installing a git dependency which
238
240
  # is using local file paths for sub-dependencies (e.g. unbuilt yarn
239
241
  # workspace project)
240
- sub_dep_local_path_err = "refers to a non-existing file"
241
- if error_message.match?(INVALID_PACKAGE) ||
242
- error_message.include?(sub_dep_local_path_err)
243
- raise_resolvability_error(error_message, yarn_lock)
242
+ if error_message.match?(INVALID_PACKAGE_REGEX) ||
243
+ error_message.include?(SUB_DEP_LOCAL_PATH_TEXT)
244
+ error_handler.raise_resolvability_error(error_message, yarn_lock)
244
245
  end
245
246
 
247
+ error_handler.handle_error(error)
248
+
246
249
  if error_message.include?("Couldn't find package")
247
250
  package_name = error_message.match(/package "(?<package_req>.*?)"/)
248
251
  .named_captures["package_req"]
@@ -290,24 +293,28 @@ module Dependabot
290
293
  raise Dependabot::InconsistentRegistryResponse, error_message
291
294
  end
292
295
 
293
- if error_message.include?("Workspaces can only be enabled in priva")
296
+ if error_message.include?(ONLY_PRIVATE_WORKSPACE_TEXT)
294
297
  raise Dependabot::DependencyFileNotEvaluatable, error_message
295
298
  end
296
299
 
297
- if error_message.match?(UNREACHABLE_GIT)
298
- dependency_url = error_message.match(UNREACHABLE_GIT)
300
+ if error_message.match?(UNREACHABLE_GIT_CHECK_REGEX)
301
+ dependency_url = error_message.match(UNREACHABLE_GIT_CHECK_REGEX)
299
302
  .named_captures.fetch("url")
300
303
 
301
304
  raise Dependabot::GitDependenciesNotReachable, dependency_url
302
305
  end
303
306
 
304
- handle_timeout(error_message, yarn_lock) if error_message.match?(TIMEOUT_FETCHING_PACKAGE)
307
+ handle_timeout(error_message, yarn_lock) if error_message.match?(
308
+ TIMEOUT_FETCHING_PACKAGE_REGEX
309
+ )
305
310
 
306
311
  if error_message.start_with?("Couldn't find any versions") ||
307
312
  error_message.include?(": Not found") ||
308
313
  error_message.include?("Couldn't find match for")
309
314
 
310
- raise_resolvability_error(error_message, yarn_lock) unless resolvable_before_update?(yarn_lock)
315
+ unless resolvable_before_update?(yarn_lock)
316
+ error_handler.raise_resolvability_error(error_message, yarn_lock)
317
+ end
311
318
 
312
319
  # Dependabot has probably messed something up with the update and we
313
320
  # want to hear about it
@@ -457,7 +464,7 @@ module Dependabot
457
464
  missing_dep = lockfile_dependencies(yarn_lock)
458
465
  .find { |dep| dep.name == package_name }
459
466
 
460
- raise_resolvability_error(error_message, yarn_lock) unless missing_dep
467
+ error_handler.raise_resolvability_error(error_message, yarn_lock) unless missing_dep
461
468
 
462
469
  reg = NpmAndYarn::UpdateChecker::RegistryFinder.new(
463
470
  dependency: missing_dep,
@@ -472,19 +479,11 @@ module Dependabot
472
479
  raise PrivateSourceAuthenticationFailure, reg
473
480
  end
474
481
 
475
- def raise_resolvability_error(error_message, yarn_lock)
476
- dependency_names = dependencies.map(&:name).join(", ")
477
- msg = "Error whilst updating #{dependency_names} in " \
478
- "#{yarn_lock.path}:\n#{error_message}"
479
- raise Dependabot::DependencyFileNotResolvable, msg
480
- end
481
-
482
482
  def handle_timeout(error_message, yarn_lock)
483
- url = error_message.match(TIMEOUT_FETCHING_PACKAGE)
484
- .named_captures["url"]
485
- raise if URI(url).host == "registry.npmjs.org"
483
+ url = error_message.match(TIMEOUT_FETCHING_PACKAGE_REGEX)
484
+ .named_ # rubocop:enable Metrics/ClassLength#RI(url).host == NPM_REGISTERY
486
485
 
487
- package_name = error_message.match(TIMEOUT_FETCHING_PACKAGE)
486
+ package_name = error_message.match(TIMEOUT_FETCHING_PACKAGE_REGEX)
488
487
  .named_captures["package"]
489
488
  sanitized_name = sanitize_package_name(package_name)
490
489
 
@@ -492,7 +491,10 @@ module Dependabot
492
491
  .find { |d| d.name == sanitized_name }
493
492
  return unless dep
494
493
 
495
- raise PrivateSourceTimedOut, url.gsub(%r{https?://}, "")
494
+ raise PrivateSourceTimedOut, url.gsub(
495
+ HTTP_CHECK_REGEX,
496
+ ""
497
+ )
496
498
  end
497
499
 
498
500
  def npmrc_content
@@ -577,6 +579,146 @@ module Dependabot
577
579
  end
578
580
  end
579
581
  end
582
+
583
+ class YarnErrorHandler
584
+ extend T::Sig
585
+
586
+ sig do
587
+ params(
588
+ dependencies: T::Array[Dependabot::Dependency],
589
+ dependency_files: T::Array[Dependabot::DependencyFile]
590
+ ).void
591
+ end
592
+ def initialize(dependencies:, dependency_files:)
593
+ @dependencies = dependencies
594
+ @dependency_files = dependency_files
595
+ end
596
+
597
+ private
598
+
599
+ sig { returns(T::Array[Dependabot::Dependency]) }
600
+ attr_reader :dependencies
601
+
602
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
603
+ attr_reader :dependency_files
604
+
605
+ public
606
+
607
+ # Extracts "Usage Error:" messages from error messages
608
+ sig { params(error_message: String).returns(T.nilable(String)) }
609
+ def find_usage_error(error_message)
610
+ start_index = error_message.rindex(YARN_USAGE_ERROR_TEXT)
611
+ return nil unless start_index
612
+
613
+ error_details = error_message[start_index..-1]
614
+ error_details&.strip
615
+ end
616
+
617
+ # Main error handling method
618
+ sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
619
+ def handle_error(error)
620
+ # Check if defined yarn error codes contained in the error message
621
+ # and raise the corresponding error class
622
+ handle_yarn_error(error)
623
+
624
+ # Extract the usage error message from the raw error message
625
+ usage_error_message = find_usage_error(error.message) || ""
626
+
627
+ # Check if the error message contains any group patterns and raise
628
+ # the corresponding error class
629
+ handle_group_patterns(error, usage_error_message)
630
+ end
631
+
632
+ # Handles errors with specific to yarn error codes
633
+ sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
634
+ def handle_yarn_error(error)
635
+ error_message = error.message
636
+ regex = YARN_CODE_REGEX
637
+ matches = error_message.scan(regex)
638
+ return if matches.empty?
639
+
640
+ # Go through each match backwards in the error message and raise the corresponding error class
641
+ matches.reverse_each do |match|
642
+ code = match[0]
643
+ next unless code
644
+
645
+ yarn_error = YARN_ERROR_CODES[code]
646
+ next unless yarn_error.is_a?(Hash)
647
+
648
+ message = yarn_error[:message]
649
+ new_error = yarn_error[:new_error]
650
+ next unless new_error
651
+
652
+ modified_error_message = if message
653
+ "[#{code}]: #{message}, Detail: #{error_message}"
654
+ else
655
+ "[#{code}]: #{error_message}"
656
+ end
657
+
658
+ raise new_error.call(error, modified_error_message)
659
+ end
660
+ end
661
+
662
+ # Handles errors based on group patterns
663
+ sig do
664
+ params(
665
+ error: SharedHelpers::HelperSubprocessFailed,
666
+ usage_error_message: String
667
+ ).void
668
+ end
669
+ def handle_group_patterns(error, usage_error_message) # rubocop:disable Metrics/PerceivedComplexity
670
+ error_message = error.message
671
+ VALIDATION_GROUP_PATTERNS.each do |group|
672
+ patterns = group[:patterns]
673
+ matchfn = group[:matchfn]
674
+ new_error = group[:new_error]
675
+ in_usage = group[:in_usage] || false
676
+
677
+ next unless (patterns || matchfn) && new_error
678
+
679
+ message = usage_error_message.empty? ? error_message : usage_error_message
680
+ if in_usage && pattern_in_message(patterns, usage_error_message)
681
+ raise new_error.call(error, message)
682
+ elsif !in_usage && pattern_in_message(patterns, error_message)
683
+ raise new_error.call(error, error.message)
684
+ end
685
+
686
+ raise new_error.call(error, message) if matchfn&.call(usage_error_message, error_message)
687
+ end
688
+ end
689
+
690
+ # Raises a resolvability error for a dependency file
691
+ sig do
692
+ params(
693
+ error_message: String,
694
+ yarn_lock: Dependabot::DependencyFile
695
+ ).void
696
+ end
697
+ def raise_resolvability_error(error_message, yarn_lock)
698
+ dependency_names = dependencies.map(&:name).join(", ")
699
+ msg = "Error whilst updating #{dependency_names} in #{yarn_lock.path}:\n#{error_message}"
700
+ raise Dependabot::DependencyFileNotResolvable, msg
701
+ end
702
+
703
+ # Checks if a pattern is in a message
704
+ sig do
705
+ params(
706
+ patterns: T::Array[T.any(String, Regexp)],
707
+ message: String
708
+ ).returns(T::Boolean)
709
+ end
710
+ def pattern_in_message(patterns, message)
711
+ patterns.any? do |pattern|
712
+ if pattern.is_a?(String)
713
+ return message.include?(pattern)
714
+ elsif pattern.is_a?(Regexp)
715
+ message = message.gsub(/\e\[[\d;]*[A-Za-z]/, "")
716
+ return message.match?(pattern)
717
+ end
718
+ end
719
+ false
720
+ end
721
+ end
580
722
  end
581
723
  end
582
724
  # rubocop:enable Metrics/ClassLength
@@ -14,7 +14,6 @@ module Dependabot
14
14
 
15
15
  AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
16
16
  OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/
17
- LATEST_REQUIREMENT = "latest"
18
17
 
19
18
  # Override the version pattern to allow a 'v' prefix
20
19
  quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
@@ -24,7 +23,7 @@ module Dependabot
24
23
  PATTERN = /\A#{PATTERN_RAW}\z/
25
24
 
26
25
  def self.parse(obj)
27
- return ["=", nil] if obj.is_a?(String) && obj.strip == LATEST_REQUIREMENT
26
+ return ["=", nil] if obj.is_a?(String) && Version::VERSION_TAGS.include?(obj.strip)
28
27
  return ["=", NpmAndYarn::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
29
28
 
30
29
  unless (matches = PATTERN.match(obj.to_s))
@@ -19,6 +19,23 @@ module Dependabot
19
19
  sig { returns(T.nilable(String)) }
20
20
  attr_reader :build_info
21
21
 
22
+ # These are possible npm versioning tags that can be used in place of a version.
23
+ # See https://docs.npmjs.com/cli/v10/commands/npm-dist-tag#purpose for more details.
24
+ VERSION_TAGS = T.let([
25
+ "alpha", # Alpha version, early testing phase
26
+ "beta", # Beta version, more stable than alpha
27
+ "canary", # Canary version, often used for cutting-edge builds
28
+ "dev", # Development version, ongoing development
29
+ "experimental", # Experimental version, unstable and new features
30
+ "latest", # Latest stable version, used by npm to identify the current version of a package
31
+ "legacy", # Legacy version, older version maintained for compatibility
32
+ "next", # Next version, used by some projects to identify the upcoming version
33
+ "nightly", # Nightly build, daily builds often including latest changes
34
+ "rc", # Release candidate, potential final version
35
+ "release", # General release version
36
+ "stable" # Stable version, thoroughly tested and stable
37
+ ].freeze.map(&:freeze), T::Array[String])
38
+
22
39
  VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
23
40
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
24
41
 
@@ -25,3 +25,179 @@ Dependabot::Dependency.register_production_check(
25
25
  groups.include?("dependencies")
26
26
  end
27
27
  )
28
+
29
+ module Dependabot
30
+ module NpmAndYarn
31
+ NODE_VERSION_NOT_SATISFY_REGEX = /The current Node version (?<current_version>v?\d+\.\d+\.\d+) does not satisfy the required version (?<required_version>v?\d+\.\d+\.\d+)\./ # rubocop:disable Layout/LineLength
32
+
33
+ # Used to check if package manager registry is public npm registry
34
+ NPM_REGISTRY = "registry.npmjs.org"
35
+
36
+ # Used to check if url is http or https
37
+ HTTP_CHECK_REGEX = %r{https?://}
38
+
39
+ # Error message when a package.json name include invalid characters
40
+ INVALID_NAME_IN_PACKAGE_JSON = "Name contains illegal characters"
41
+
42
+ # Used to identify error messages indicating a package is missing, unreachable,
43
+ # or there are network issues (e.g., ENOBUFS, ETIMEDOUT, registry down).
44
+ PACKAGE_MISSING_REGEX = /(ENOBUFS|ETIMEDOUT|The registry may be down)/
45
+
46
+ # Used to check if error message contains timeout fetching package
47
+ TIMEOUT_FETCHING_PACKAGE_REGEX = %r{(?<url>.+)/(?<package>[^/]+): ETIMEDOUT}
48
+
49
+ # Used to identify git unreachable error
50
+ UNREACHABLE_GIT_CHECK_REGEX = /ls-remote --tags --heads (?<url>.*)/
51
+
52
+ # Used to check if yarn workspace is enabled in non-private workspace
53
+ ONLY_PRIVATE_WORKSPACE_TEXT = "Workspaces can only be enabled in priva"
54
+
55
+ # Used to identify local path error in yarn when installing sub-dependency
56
+ SUB_DEP_LOCAL_PATH_TEXT = "refers to a non-existing file"
57
+
58
+ # Used to identify invalid package error when package is not found in registry
59
+ INVALID_PACKAGE_REGEX = /Can't add "(?<package_req>.*)": invalid/
60
+
61
+ # Used to identify error if node_modules state file not resolved
62
+ NODE_MODULES_STATE_FILE_NOT_FOUND = "Couldn't find the node_modules state file"
63
+
64
+ # Used to find error message in yarn error output
65
+ YARN_USAGE_ERROR_TEXT = "Usage Error:"
66
+
67
+ # Used to identify error if tarball is not in network
68
+ TARBALL_IS_NOT_IN_NETWORK = "Tarball is not in network and can not be located in cache"
69
+
70
+ # Used to identify if authentication failure error
71
+ AUTHENTICATION_TOKEN_NOT_PROVIDED = "authentication token not provided"
72
+ AUTHENTICATION_IS_NOT_CONFIGURED = "No authentication configured for request"
73
+
74
+ # Used to identify if error message is related to yarn workspaces
75
+ DEPENDENCY_FILE_NOT_RESOLVABLE = "conflicts with direct dependency"
76
+
77
+ class Utils
78
+ extend T::Sig
79
+
80
+ sig { params(error_message: String).returns(T::Hash[Symbol, String]) }
81
+ def self.extract_node_versions(error_message)
82
+ match_data = error_message.match(NODE_VERSION_NOT_SATISFY_REGEX)
83
+ return {} unless match_data
84
+
85
+ {
86
+ current_version: match_data[:current_version],
87
+ required_version: match_data[:required_version]
88
+ }
89
+ end
90
+ end
91
+
92
+ YARN_CODE_REGEX = /(YN\d{4})/
93
+ YARN_ERROR_CODES = T.let({
94
+ "YN0001" => {
95
+ message: "Exception error",
96
+ new_error: ->(_error, message) { Dependabot::DependabotError.new(message) }
97
+ },
98
+ "YN0002" => {
99
+ message: "Missing peer dependency",
100
+ new_error: ->(_error, message) { Dependabot::DependencyFileNotResolvable.new(message) }
101
+ },
102
+ "YN0016" => {
103
+ message: "Remote not found",
104
+ new_error: ->(_error, message) { Dependabot::GitDependenciesNotReachable.new(message) }
105
+ },
106
+ "YN0020" => {
107
+ message: "Missing lockfile entry",
108
+ new_error: ->(_error, message) { Dependabot::DependencyFileNotFound.new(message) }
109
+ },
110
+ "YN0046" => {
111
+ message: "Automerge failed to parse",
112
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
113
+ },
114
+ "YN0047" => {
115
+ message: "Automerge immutable",
116
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
117
+ },
118
+ "YN0062" => {
119
+ message: "Incompatible OS",
120
+ new_error: ->(_error, message) { Dependabot::DependabotError.new(message) }
121
+ },
122
+ "YN0063" => {
123
+ message: "Incompatible CPU",
124
+ new_error: ->(_error, message) { Dependabot::IncompatibleCPU.new(message) }
125
+ },
126
+ "YN0071" => {
127
+ message: "NM can't install external soft link",
128
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
129
+ },
130
+ "YN0072" => {
131
+ message: "NM preserve symlinks required",
132
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
133
+ },
134
+ "YN0075" => {
135
+ message: "Prolog instantiation error",
136
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
137
+ },
138
+ "YN0077" => {
139
+ message: "Ghost architecture",
140
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
141
+ },
142
+ "YN0080" => {
143
+ message: "Network disabled",
144
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) }
145
+ },
146
+ "YN0081" => {
147
+ message: "Network unsafe HTTP",
148
+ new_error: ->(_error, message) { Dependabot::NetworkUnsafeHTTP.new(message) }
149
+ }
150
+ }.freeze, T::Hash[String, {
151
+ message: T.any(String, NilClass),
152
+ new_error: T.proc.params(error: Dependabot::DependabotError, message: String).returns(Dependabot::DependabotError)
153
+ }])
154
+
155
+ # Group of patterns to validate error message and raise specific error
156
+ VALIDATION_GROUP_PATTERNS = T.let([
157
+ {
158
+ patterns: [NODE_MODULES_STATE_FILE_NOT_FOUND],
159
+ new_error: ->(_error, message) { Dependabot::MisconfiguredTooling.new("Yarn", message) },
160
+ in_usage: true,
161
+ matchfn: nil
162
+ },
163
+ {
164
+ patterns: [TARBALL_IS_NOT_IN_NETWORK],
165
+ new_error: ->(_error, message) { Dependabot::DependencyFileNotResolvable.new(message) },
166
+ in_usage: false,
167
+ matchfn: nil
168
+ },
169
+ {
170
+ patterns: [NODE_VERSION_NOT_SATISFY_REGEX],
171
+ new_error: lambda { |_error, message|
172
+ versions = Utils.extract_node_versions(message)
173
+ current_version = versions[:current_version]
174
+ required_version = versions[:required_version]
175
+
176
+ return Dependabot::DependabotError.new(message) unless current_version && required_version
177
+
178
+ Dependabot::ToolVersionNotSupported.new("Yarn", current_version, required_version)
179
+ },
180
+ in_usage: false,
181
+ matchfn: nil
182
+ },
183
+ {
184
+ patterns: [AUTHENTICATION_TOKEN_NOT_PROVIDED, AUTHENTICATION_IS_NOT_CONFIGURED],
185
+ new_error: ->(_error, message) { Dependabot::PrivateSourceAuthenticationFailure.new(message) },
186
+ in_usage: false,
187
+ matchfn: nil
188
+ },
189
+ {
190
+ patterns: [DEPENDENCY_FILE_NOT_RESOLVABLE],
191
+ new_error: ->(_error, message) { DependencyFileNotResolvable.new(message) },
192
+ in_usage: false,
193
+ matchfn: nil
194
+ }
195
+ ].freeze, T::Array[{
196
+ patterns: T::Array[T.any(String, Regexp)],
197
+ new_error: T.proc.params(error: Dependabot::DependabotError,
198
+ message: String).returns(Dependabot::DependabotError),
199
+ in_usage: T.nilable(T::Boolean),
200
+ matchfn: T.nilable(T.proc.params(usage: String, message: String).returns(T::Boolean))
201
+ }])
202
+ end
203
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.265.0
4
+ version: 0.266.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-11 00:00:00.000000000 Z
11
+ date: 2024-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.265.0
19
+ version: 0.266.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.265.0
26
+ version: 0.266.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.63.2
117
+ version: 1.65.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.63.2
124
+ version: 1.65.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: