dependabot-npm_and_yarn 0.278.0 → 0.279.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/package_manager.rb +17 -28
  3. data/lib/dependabot/npm_and_yarn/version_selector.rb +1 -10
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 60b649d3a84bb124014b8aa86163c59837eb3898c90cad22b261ea0174e226b9
4
- data.tar.gz: 1fbd3de6f3d9f097c1fe4ed1e70530e42dd0d489fa30db685c103a3b6321c3f2
3
+ metadata.gz: fc1831a7fd0ce199df4dd0a3cf181a9f98a77bc9afdbef011edcf39d6ebabc32
4
+ data.tar.gz: 2c674ec57330ef559f09cd3f9dff509f326b9da9e48f4af535a19a1e9841e236
5
5
  SHA512:
6
- metadata.gz: 8113aa1183c527768427e25d0c4eca5d05734959d3f0e3c88e9560e7f7735e98bb9ae47b1ba8674398d23fe91ddeffae6cda88ac2ddca2a27b1411651b15c686
7
- data.tar.gz: 30d6064f7b950659ab01ef1ecc8dae54be57db49bebf560f7ce8c5cda65772e0289b40ba31a58368305853481e1e2f9cb0b235a838b0614a87abc12a9b509697
6
+ metadata.gz: e3658b8c3d8168dcd7728e95b6642bc415c54905bc540fa54ce77c0d6081c90a4236b88dbf05fcf52ffbacc476120ea68a9b99953ca6fb71e8dbdd9176103f1a
7
+ data.tar.gz: 1d7ce4d6a12e28747b5781c7a87c9396de229da85ff57b3a2af340d495aa396b67de27be1f09eec99452db931d756767cf745202bcf019443f88c6b83e7314f6
data/lib/dependabot/npm_and_yarn/package_manager.rb CHANGED
@@ -23,31 +23,24 @@ module Dependabot
23
23
  # i.e. if { engines : "pnpm" : "6" } and { packageManager: "pnpm@6.0.2" },
24
24
  # we go for the specificity mentioned in packageManager (6.0.2)
25
25
 
26
- if Dependabot::Experiments.enabled?(:enable_pnpm_yarn_dynamic_engine)
26
+ unless @package_manager&.start_with?("#{name}@") || (@package_manager&.==name.to_s) || @package_manager.nil?
27
+ return
28
+ end
27
29
 
28
- unless @package_manager&.start_with?("#{name}@") || (@package_manager&.==name.to_s) || @package_manager.nil?
29
- return
30
- end
30
+ if @engines && @package_manager.nil?
31
+ # if "packageManager" doesn't exists in manifest file,
32
+ # we check if we can extract "engines" information
33
+ version = check_engine_version(name)
31
34
 
32
- if @engines && @package_manager.nil?
33
- # if "packageManager" doesn't exists in manifest file,
34
- # we check if we can extract "engines" information
35
- Dependabot.logger.info("No \"packageManager\" info found for \"#{name}\"")
36
- version = check_engine_version(name)
37
-
38
- elsif @package_manager&.==name.to_s
39
- # if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
40
- # we check if we can get "engines" info to override default version
41
- Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\"")
42
- version = check_engine_version(name) if @engines
43
-
44
- elsif @package_manager&.start_with?("#{name}@")
45
- # if "packageManager" info has version specification i.e. yarn@3.3.1
46
- # we go with the version in "packageManager"
47
- Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
48
- end
49
- else
50
- return unless @package_manager.nil? || @package_manager&.start_with?("#{name}@")
35
+ elsif @package_manager&.==name.to_s
36
+ # if "packageManager" is found but no version is specified (i.e. pnpm@1.2.3),
37
+ # we check if we can get "engines" info to override default version
38
+ version = check_engine_version(name) if @engines
39
+
40
+ elsif @package_manager&.start_with?("#{name}@")
41
+ # if "packageManager" info has version specification i.e. yarn@3.3.1
42
+ # we go with the version in "packageManager"
43
+ Dependabot.logger.info("Found \"packageManager\" : \"#{@package_manager}\". Skipped checking \"engines\".")
51
44
  end
52
45
 
53
46
  version ||= requested_version(name)
@@ -103,7 +96,6 @@ module Dependabot
103
96
  lockfile = @lockfiles[name.to_sym]
104
97
  return unless lockfile
105
98
 
106
- Dependabot.logger.info("Estimating version")
107
99
  Helpers.send(:"#{name}_version_numeric", lockfile)
108
100
  end
109
101
 
@@ -112,10 +104,7 @@ module Dependabot
112
104
  version_selector = VersionSelector.new
113
105
  engine_versions = version_selector.setup(@package_json, name)
114
106
 
115
- if engine_versions.empty?
116
- Dependabot.logger.info("No relevant (engines) info for \"#{name}\"")
117
- return
118
- end
107
+ return if engine_versions.empty?
119
108
 
120
109
  version = engine_versions[name]
121
110
  Dependabot.logger.info("Returned (engines) info \"#{name}\" : \"#{version}\"")
data/lib/dependabot/npm_and_yarn/version_selector.rb CHANGED
@@ -17,16 +17,7 @@ module Dependabot
17
17
  def setup(manifest_json, name)
18
18
  engine_versions = manifest_json["engines"]
19
19
 
20
- if engine_versions.nil?
21
- Dependabot.logger.info("No info (engines) found")
22
- return {}
23
- end
24
-
25
- # logs entries for analysis purposes
26
- log = engine_versions.select do |engine, _value|
27
- engine.to_s.match(name)
28
- end
29
- Dependabot.logger.info("Found engine info #{log}") unless log.empty?
20
+ return {} if engine_versions.nil?
30
21
 
31
22
  # Only keep matching specs versions i.e. "20.21.2", "7.1.2",
32
23
  # Additional specs can be added later
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.278.0
4
+ version: 0.279.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-26 00:00:00.000000000 Z
11
+ date: 2024-10-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.278.0
19
+ version: 0.279.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.278.0
26
+ version: 0.279.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -346,7 +346,7 @@ licenses:
346
346
  - MIT
347
347
  metadata:
348
348
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
349
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.278.0
349
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
350
350
  post_install_message:
351
351
  rdoc_options: []
352
352
  require_paths: