dependabot-npm_and_yarn 0.277.0 → 0.279.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/package_manager.rb +17 -28
  3. data/lib/dependabot/npm_and_yarn/registry_parser.rb +4 -1
  4. data/lib/dependabot/npm_and_yarn/version_selector.rb +1 -10
  5. data/lib/dependabot/npm_and_yarn.rb +1 -1
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 380c540d4ed17ab150738fc8390ce8bc995135c3c19bea687ebcca74d8f0010d
4
- data.tar.gz: 294ba80ed94f2fb0981719516ce3eb44ccd537200c144507aac9903749db0f76
3
+ metadata.gz: fc1831a7fd0ce199df4dd0a3cf181a9f98a77bc9afdbef011edcf39d6ebabc32
4
+ data.tar.gz: 2c674ec57330ef559f09cd3f9dff509f326b9da9e48f4af535a19a1e9841e236
5
5
  SHA512:
6
- metadata.gz: 1525c5afa58bf9db6b4729e2c27c8b7efce4ba96e14fe2aee965e516da6baaee9a42e81a9339124adf307c3e314592b82bad971ab65f2d56b811b9705a018adf
7
- data.tar.gz: 77e389af97a5f61b4ff3916826e46fc944c005e45f1485fd94c623e6a94d90a65d84997c4db215aa1262340a21ed0ecac1374faaddb45ea6bd8cad94f8dbdd82
6
+ metadata.gz: e3658b8c3d8168dcd7728e95b6642bc415c54905bc540fa54ce77c0d6081c90a4236b88dbf05fcf52ffbacc476120ea68a9b99953ca6fb71e8dbdd9176103f1a
7
+ data.tar.gz: 1d7ce4d6a12e28747b5781c7a87c9396de229da85ff57b3a2af340d495aa396b67de27be1f09eec99452db931d756767cf745202bcf019443f88c6b83e7314f6
data/lib/dependabot/npm_and_yarn/package_manager.rb CHANGED
@@ -23,31 +23,24 @@ module Dependabot
23
23
  # i.e. if { engines : "pnpm" : "6" } and { packageManager: "pnpm@6.0.2" },
24
24
  # we go for the specificity mentioned in packageManager (6.0.2)
25
25
 
26
- if Dependabot::Experiments.enabled?(:enable_pnpm_yarn_dynamic_engine)
26
+ unless @package_manager&.start_with?("#{name}@") || (@package_manager&.==name.to_s) || @package_manager.nil?
27
+ return
28
+ end
27
29
 
28
- unless @package_manager&.start_with?("#{name}@") || (@package_manager&.==name.to_s) || @package_manager.nil?
29
- return
30
- end
30
+ if @engines && @package_manager.nil?
31
+ # if "packageManager" doesn't exists in manifest file,
32
+ # we check if we can extract "engines" information
33
+ version = check_engine_version(name)
31
34
 
32
- if @engines && @package_manager.nil?
33
- # if "packageManager" doesn't exists in manifest file,
34
- # we check if we can extract "engines" information
35
- Dependabot.logger.info("No \"packageManager\" info found for \"#{name}\"")
36
- version = check_engine_version(name)
37
-
38
- elsif @package_manager&.==name.to_s
39
- # if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
40
- # we check if we can get "engines" info to override default version
41
- Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\"")
42
- version = check_engine_version(name) if @engines
43
-
44
- elsif @package_manager&.start_with?("#{name}@")
45
- # if "packageManager" info has version specification i.e. yarn@3.3.1
46
- # we go with the version in "packageManager"
47
- Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
48
- end
49
- else
50
- return unless @package_manager.nil? || @package_manager&.start_with?("#{name}@")
35
+ elsif @package_manager&.==name.to_s
36
+ # if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
37
+ # we check if we can get "engines" info to override default version
38
+ version = check_engine_version(name) if @engines
39
+
40
+ elsif @package_manager&.start_with?("#{name}@")
41
+ # if "packageManager" info has version specification i.e. yarn@3.3.1
42
+ # we go with the version in "packageManager"
43
+ Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
51
44
  end
52
45
 
53
46
  version ||= requested_version(name)
@@ -103,7 +96,6 @@ module Dependabot
103
96
  lockfile = @lockfiles[name.to_sym]
104
97
  return unless lockfile
105
98
 
106
- Dependabot.logger.info("Estimating version")
107
99
  Helpers.send(:"#{name}_version_numeric", lockfile)
108
100
  end
109
101
 
@@ -112,10 +104,7 @@ module Dependabot
112
104
  version_selector = VersionSelector.new
113
105
  engine_versions = version_selector.setup(@package_json, name)
114
106
 
115
- if engine_versions.empty?
116
- Dependabot.logger.info("No relevant (engines) info for \"#{name}\"")
117
- return
118
- end
107
+ return if engine_versions.empty?
119
108
 
120
109
  version = engine_versions[name]
121
110
  Dependabot.logger.info("Returned (engines) info \"#{name}\" : \"#{version}\"")
data/lib/dependabot/npm_and_yarn/registry_parser.rb CHANGED
@@ -46,7 +46,10 @@ module Dependabot
46
46
  end
47
47
 
48
48
  package_name = url_base.gsub("%2F", "/").match(%r{@.*/})
49
- "#{T.must(package_name)}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
49
+
50
+ return T.must(url_base.gsub("%2F", "/").split("/").last) unless package_name
51
+
52
+ "#{package_name}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
50
53
  end
51
54
 
52
55
  private
data/lib/dependabot/npm_and_yarn/version_selector.rb CHANGED
@@ -17,16 +17,7 @@ module Dependabot
17
17
  def setup(manifest_json, name)
18
18
  engine_versions = manifest_json["engines"]
19
19
 
20
- if engine_versions.nil?
21
- Dependabot.logger.info("No info (engines) found")
22
- return {}
23
- end
24
-
25
- # logs entries for analysis purposes
26
- log = engine_versions.select do |engine, _value|
27
- engine.to_s.match(name)
28
- end
29
- Dependabot.logger.info("Found engine info #{log}") unless log.empty?
20
+ return {} if engine_versions.nil?
30
21
 
31
22
  # Only keep matching specs versions i.e. "20.21.2", "7.1.2",
32
23
  # Additional specs can be added later
data/lib/dependabot/npm_and_yarn.rb CHANGED
@@ -362,7 +362,7 @@ module Dependabot
362
362
  {
363
363
  patterns: [INVALID_NAME_IN_PACKAGE_JSON],
364
364
  handler: lambda { |message, _error, _params|
365
- Dependabot::DependencyFileNotParseable.new(message)
365
+ Dependabot::DependencyFileNotResolvable.new(message)
366
366
  },
367
367
  in_usage: false,
368
368
  matchfn: nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.277.0
4
+ version: 0.279.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-23 00:00:00.000000000 Z
11
+ date: 2024-10-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.277.0
19
+ version: 0.279.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.277.0
26
+ version: 0.279.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -346,7 +346,7 @@ licenses:
346
346
  - MIT
347
347
  metadata:
348
348
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
349
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
349
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
350
350
  post_install_message:
351
351
  rdoc_options: []
352
352
  require_paths: