dependabot-npm_and_yarn 0.275.0 → 0.277.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 380c540d4ed17ab150738fc8390ce8bc995135c3c19bea687ebcca74d8f0010d
|
|
4
|
+
data.tar.gz: 294ba80ed94f2fb0981719516ce3eb44ccd537200c144507aac9903749db0f76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1525c5afa58bf9db6b4729e2c27c8b7efce4ba96e14fe2aee965e516da6baaee9a42e81a9339124adf307c3e314592b82bad971ab65f2d56b811b9705a018adf
|
|
7
|
+
data.tar.gz: 77e389af97a5f61b4ff3916826e46fc944c005e45f1485fd94c623e6a94d90a65d84997c4db215aa1262340a21ed0ecac1374faaddb45ea6bd8cad94f8dbdd82
|
|
@@ -107,6 +107,12 @@ module Dependabot
|
|
|
107
107
|
# issue related when dependency url is not mentioned correctly
|
|
108
108
|
UNRESOLVED_REFERENCE = /Unable to resolve reference (?<deps>.*)/
|
|
109
109
|
|
|
110
|
+
# npm git related error for dependencies
|
|
111
|
+
GIT_CHECKOUT_ERROR_REGEX = /Command failed: git checkout (?<sha>.*)/
|
|
112
|
+
|
|
113
|
+
# Invalid version format found for dependency in package.json file
|
|
114
|
+
INVALID_VERSION = /Invalid Version: (?<ver>.*)/
|
|
115
|
+
|
|
110
116
|
# TODO: look into fixing this in npm, seems like a bug in the git
|
|
111
117
|
# downloader introduced in npm 7
|
|
112
118
|
#
|
|
@@ -616,6 +622,15 @@ module Dependabot
|
|
|
616
622
|
raise Dependabot::DependencyFileNotResolvable, msg
|
|
617
623
|
end
|
|
618
624
|
|
|
625
|
+
if (error_msg = error_message.match(GIT_CHECKOUT_ERROR_REGEX))
|
|
626
|
+
raise Dependabot::DependencyFileNotResolvable, error_msg
|
|
627
|
+
end
|
|
628
|
+
|
|
629
|
+
if (error_msg = error_message.match(INVALID_VERSION))
|
|
630
|
+
msg = "Found invalid version \"#{error_msg.named_captures.fetch('ver')}\" while updating"
|
|
631
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
|
632
|
+
end
|
|
633
|
+
|
|
619
634
|
raise error
|
|
620
635
|
end
|
|
621
636
|
# rubocop:enable Metrics/AbcSize
|
|
@@ -45,7 +45,8 @@ module Dependabot
|
|
|
45
45
|
resolved_url
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
|
|
48
|
+
package_name = url_base.gsub("%2F", "/").match(%r{@.*/})
|
|
49
|
+
"#{T.must(package_name)}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
|
|
49
50
|
end
|
|
50
51
|
|
|
51
52
|
private
|
|
@@ -17,15 +17,6 @@ module Dependabot
|
|
|
17
17
|
class LatestVersionFinder
|
|
18
18
|
extend T::Sig
|
|
19
19
|
|
|
20
|
-
class RegistryError < StandardError
|
|
21
|
-
attr_reader :status
|
|
22
|
-
|
|
23
|
-
def initialize(status, msg)
|
|
24
|
-
@status = status
|
|
25
|
-
super(msg)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
20
|
def initialize(dependency:, credentials:, dependency_files:,
|
|
30
21
|
ignored_versions:, security_advisories:,
|
|
31
22
|
raise_on_ignored: false)
|
|
@@ -165,6 +165,9 @@ module Dependabot
|
|
|
165
165
|
REQUIREMENT_NOT_PROVIDED: /(?<dep>.*)(.*?)doesn't provide (?<pkg>.*)(.*?), requested by (?<parent>.*)/
|
|
166
166
|
}.freeze, T::Hash[String, Regexp])
|
|
167
167
|
|
|
168
|
+
# registry returns malformed response
|
|
169
|
+
REGISTRY_NOT_REACHABLE = /Received malformed response from registry for "(?<ver>.*)". The registry may be down./
|
|
170
|
+
|
|
168
171
|
class Utils
|
|
169
172
|
extend T::Sig
|
|
170
173
|
|
|
@@ -580,6 +583,15 @@ module Dependabot
|
|
|
580
583
|
},
|
|
581
584
|
in_usage: false,
|
|
582
585
|
matchfn: nil
|
|
586
|
+
},
|
|
587
|
+
{
|
|
588
|
+
patterns: [REGISTRY_NOT_REACHABLE],
|
|
589
|
+
handler: lambda { |message, _error, _params|
|
|
590
|
+
msg = message.match(REGISTRY_NOT_REACHABLE)
|
|
591
|
+
Dependabot::DependencyFileNotResolvable.new(msg)
|
|
592
|
+
},
|
|
593
|
+
in_usage: false,
|
|
594
|
+
matchfn: nil
|
|
583
595
|
}
|
|
584
596
|
].freeze, T::Array[{
|
|
585
597
|
patterns: T::Array[T.any(String, Regexp)],
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.277.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-09-
|
|
11
|
+
date: 2024-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.277.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.277.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,7 +346,7 @@ licenses:
|
|
|
346
346
|
- MIT
|
|
347
347
|
metadata:
|
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
|
|
350
350
|
post_install_message:
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|