dependabot-npm_and_yarn 0.289.0 → 0.291.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/package-lock.json +114 -134
- data/helpers/package.json +3 -3
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +18 -2
- data/lib/dependabot/npm_and_yarn/file_parser.rb +33 -1
- data/lib/dependabot/npm_and_yarn/helpers.rb +70 -18
- data/lib/dependabot/npm_and_yarn/package_manager.rb +30 -16
- data/lib/dependabot/npm_and_yarn/registry_helper.rb +188 -0
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02635cf238f21d329717cb8590e2c779109f30e53edb5a18d0af02c2eb1b7b52
|
|
4
|
+
data.tar.gz: 05a8982b1c132c4560dbde94a72575a7ba62d9e9b1b3e6524d2cbcb2042f3eae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 69d8f7352749ea26e0aeee9ca63943fc6d46eccf927ec217fd9d5b072b60a405b5b7a4515c120e8e05145870ac1c0bc196c27ad38d4733c15e693af40d0055fa
|
|
7
|
+
data.tar.gz: e5f8ad4e72213b0620785369b37c6cbf4d2200eea2a2ec521df6f6240694527216da0450af39cb86b7d9650d4d04649d5fc3bb4136163574ae29f2a3dc6db539
|
data/helpers/package-lock.json
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
"@pnpm/dependency-path": "^5.1.1",
|
|
13
13
|
"@pnpm/lockfile-file": "^9.1.2",
|
|
14
14
|
"detect-indent": "^6.1.0",
|
|
15
|
-
"nock": "^13.5.
|
|
15
|
+
"nock": "^13.5.6",
|
|
16
16
|
"npm": "6.14.18",
|
|
17
17
|
"patch-package": "^8.0.0",
|
|
18
18
|
"semver": "^7.6.3"
|
|
@@ -21,10 +21,10 @@
|
|
|
21
21
|
"helper": "run.js"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
|
-
"eslint": "^9.
|
|
24
|
+
"eslint": "^9.16.0",
|
|
25
25
|
"eslint-config-prettier": "^9.1.0",
|
|
26
26
|
"jest": "^29.7.0",
|
|
27
|
-
"prettier": "^3.
|
|
27
|
+
"prettier": "^3.4.2"
|
|
28
28
|
}
|
|
29
29
|
},
|
|
30
30
|
"node_modules/@aashutoshrathi/word-wrap": {
|
|
@@ -732,12 +732,12 @@
|
|
|
732
732
|
}
|
|
733
733
|
},
|
|
734
734
|
"node_modules/@eslint/config-array": {
|
|
735
|
-
"version": "0.
|
|
736
|
-
"resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.
|
|
737
|
-
"integrity": "sha512-
|
|
735
|
+
"version": "0.19.1",
|
|
736
|
+
"resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.19.1.tgz",
|
|
737
|
+
"integrity": "sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==",
|
|
738
738
|
"dev": true,
|
|
739
739
|
"dependencies": {
|
|
740
|
-
"@eslint/object-schema": "^2.1.
|
|
740
|
+
"@eslint/object-schema": "^2.1.5",
|
|
741
741
|
"debug": "^4.3.1",
|
|
742
742
|
"minimatch": "^3.1.2"
|
|
743
743
|
},
|
|
@@ -746,9 +746,9 @@
|
|
|
746
746
|
}
|
|
747
747
|
},
|
|
748
748
|
"node_modules/@eslint/config-array/node_modules/debug": {
|
|
749
|
-
"version": "4.
|
|
750
|
-
"resolved": "https://registry.npmjs.org/debug/-/debug-4.
|
|
751
|
-
"integrity": "sha512-
|
|
749
|
+
"version": "4.4.0",
|
|
750
|
+
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
|
|
751
|
+
"integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
|
|
752
752
|
"dev": true,
|
|
753
753
|
"dependencies": {
|
|
754
754
|
"ms": "^2.1.3"
|
|
@@ -763,18 +763,21 @@
|
|
|
763
763
|
}
|
|
764
764
|
},
|
|
765
765
|
"node_modules/@eslint/core": {
|
|
766
|
-
"version": "0.
|
|
767
|
-
"resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.
|
|
768
|
-
"integrity": "sha512-
|
|
766
|
+
"version": "0.9.1",
|
|
767
|
+
"resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.9.1.tgz",
|
|
768
|
+
"integrity": "sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==",
|
|
769
769
|
"dev": true,
|
|
770
|
+
"dependencies": {
|
|
771
|
+
"@types/json-schema": "^7.0.15"
|
|
772
|
+
},
|
|
770
773
|
"engines": {
|
|
771
774
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
772
775
|
}
|
|
773
776
|
},
|
|
774
777
|
"node_modules/@eslint/eslintrc": {
|
|
775
|
-
"version": "3.
|
|
776
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.
|
|
777
|
-
"integrity": "sha512-
|
|
778
|
+
"version": "3.2.0",
|
|
779
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz",
|
|
780
|
+
"integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==",
|
|
778
781
|
"dev": true,
|
|
779
782
|
"dependencies": {
|
|
780
783
|
"ajv": "^6.12.4",
|
|
@@ -801,12 +804,12 @@
|
|
|
801
804
|
"dev": true
|
|
802
805
|
},
|
|
803
806
|
"node_modules/@eslint/eslintrc/node_modules/debug": {
|
|
804
|
-
"version": "4.
|
|
805
|
-
"resolved": "https://registry.npmjs.org/debug/-/debug-4.
|
|
806
|
-
"integrity": "sha512-
|
|
807
|
+
"version": "4.4.0",
|
|
808
|
+
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
|
|
809
|
+
"integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
|
|
807
810
|
"dev": true,
|
|
808
811
|
"dependencies": {
|
|
809
|
-
"ms": "2.1.
|
|
812
|
+
"ms": "^2.1.3"
|
|
810
813
|
},
|
|
811
814
|
"engines": {
|
|
812
815
|
"node": ">=6.0"
|
|
@@ -829,34 +832,28 @@
|
|
|
829
832
|
"js-yaml": "bin/js-yaml.js"
|
|
830
833
|
}
|
|
831
834
|
},
|
|
832
|
-
"node_modules/@eslint/eslintrc/node_modules/ms": {
|
|
833
|
-
"version": "2.1.2",
|
|
834
|
-
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
|
|
835
|
-
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
|
|
836
|
-
"dev": true
|
|
837
|
-
},
|
|
838
835
|
"node_modules/@eslint/js": {
|
|
839
|
-
"version": "9.
|
|
840
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.
|
|
841
|
-
"integrity": "sha512-
|
|
836
|
+
"version": "9.16.0",
|
|
837
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.16.0.tgz",
|
|
838
|
+
"integrity": "sha512-tw2HxzQkrbeuvyj1tG2Yqq+0H9wGoI2IMk4EOsQeX+vmd75FtJAzf+gTA69WF+baUKRYQ3x2kbLE08js5OsTVg==",
|
|
842
839
|
"dev": true,
|
|
843
840
|
"engines": {
|
|
844
841
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
845
842
|
}
|
|
846
843
|
},
|
|
847
844
|
"node_modules/@eslint/object-schema": {
|
|
848
|
-
"version": "2.1.
|
|
849
|
-
"resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.
|
|
850
|
-
"integrity": "sha512-
|
|
845
|
+
"version": "2.1.5",
|
|
846
|
+
"resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.5.tgz",
|
|
847
|
+
"integrity": "sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==",
|
|
851
848
|
"dev": true,
|
|
852
849
|
"engines": {
|
|
853
850
|
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
|
854
851
|
}
|
|
855
852
|
},
|
|
856
853
|
"node_modules/@eslint/plugin-kit": {
|
|
857
|
-
"version": "0.2.
|
|
858
|
-
"resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.
|
|
859
|
-
"integrity": "sha512-
|
|
854
|
+
"version": "0.2.4",
|
|
855
|
+
"resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.4.tgz",
|
|
856
|
+
"integrity": "sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==",
|
|
860
857
|
"dev": true,
|
|
861
858
|
"dependencies": {
|
|
862
859
|
"levn": "^0.4.1"
|
|
@@ -914,9 +911,9 @@
|
|
|
914
911
|
}
|
|
915
912
|
},
|
|
916
913
|
"node_modules/@humanwhocodes/retry": {
|
|
917
|
-
"version": "0.4.
|
|
918
|
-
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.
|
|
919
|
-
"integrity": "sha512-
|
|
914
|
+
"version": "0.4.1",
|
|
915
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz",
|
|
916
|
+
"integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==",
|
|
920
917
|
"dev": true,
|
|
921
918
|
"engines": {
|
|
922
919
|
"node": ">=18.18"
|
|
@@ -4286,9 +4283,9 @@
|
|
|
4286
4283
|
}
|
|
4287
4284
|
},
|
|
4288
4285
|
"node_modules/cross-spawn": {
|
|
4289
|
-
"version": "7.0.
|
|
4290
|
-
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.
|
|
4291
|
-
"integrity": "sha512-
|
|
4286
|
+
"version": "7.0.6",
|
|
4287
|
+
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
|
|
4288
|
+
"integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
|
|
4292
4289
|
"dependencies": {
|
|
4293
4290
|
"path-key": "^3.1.0",
|
|
4294
4291
|
"shebang-command": "^2.0.0",
|
|
@@ -4592,26 +4589,26 @@
|
|
|
4592
4589
|
}
|
|
4593
4590
|
},
|
|
4594
4591
|
"node_modules/eslint": {
|
|
4595
|
-
"version": "9.
|
|
4596
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.
|
|
4597
|
-
"integrity": "sha512-
|
|
4592
|
+
"version": "9.16.0",
|
|
4593
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.16.0.tgz",
|
|
4594
|
+
"integrity": "sha512-whp8mSQI4C8VXd+fLgSM0lh3UlmcFtVwUQjyKCFfsp+2ItAIYhlq/hqGahGqHE6cv9unM41VlqKk2VtKYR2TaA==",
|
|
4598
4595
|
"dev": true,
|
|
4599
4596
|
"dependencies": {
|
|
4600
4597
|
"@eslint-community/eslint-utils": "^4.2.0",
|
|
4601
4598
|
"@eslint-community/regexpp": "^4.12.1",
|
|
4602
|
-
"@eslint/config-array": "^0.
|
|
4603
|
-
"@eslint/core": "^0.
|
|
4604
|
-
"@eslint/eslintrc": "^3.
|
|
4605
|
-
"@eslint/js": "9.
|
|
4606
|
-
"@eslint/plugin-kit": "^0.2.
|
|
4599
|
+
"@eslint/config-array": "^0.19.0",
|
|
4600
|
+
"@eslint/core": "^0.9.0",
|
|
4601
|
+
"@eslint/eslintrc": "^3.2.0",
|
|
4602
|
+
"@eslint/js": "9.16.0",
|
|
4603
|
+
"@eslint/plugin-kit": "^0.2.3",
|
|
4607
4604
|
"@humanfs/node": "^0.16.6",
|
|
4608
4605
|
"@humanwhocodes/module-importer": "^1.0.1",
|
|
4609
|
-
"@humanwhocodes/retry": "^0.4.
|
|
4606
|
+
"@humanwhocodes/retry": "^0.4.1",
|
|
4610
4607
|
"@types/estree": "^1.0.6",
|
|
4611
4608
|
"@types/json-schema": "^7.0.15",
|
|
4612
4609
|
"ajv": "^6.12.4",
|
|
4613
4610
|
"chalk": "^4.0.0",
|
|
4614
|
-
"cross-spawn": "^7.0.
|
|
4611
|
+
"cross-spawn": "^7.0.5",
|
|
4615
4612
|
"debug": "^4.3.2",
|
|
4616
4613
|
"escape-string-regexp": "^4.0.0",
|
|
4617
4614
|
"eslint-scope": "^8.2.0",
|
|
@@ -4630,8 +4627,7 @@
|
|
|
4630
4627
|
"lodash.merge": "^4.6.2",
|
|
4631
4628
|
"minimatch": "^3.1.2",
|
|
4632
4629
|
"natural-compare": "^1.4.0",
|
|
4633
|
-
"optionator": "^0.9.3"
|
|
4634
|
-
"text-table": "^0.2.0"
|
|
4630
|
+
"optionator": "^0.9.3"
|
|
4635
4631
|
},
|
|
4636
4632
|
"bin": {
|
|
4637
4633
|
"eslint": "bin/eslint.js"
|
|
@@ -5755,9 +5751,9 @@
|
|
|
5755
5751
|
}
|
|
5756
5752
|
},
|
|
5757
5753
|
"node_modules/ignore": {
|
|
5758
|
-
"version": "5.3.
|
|
5759
|
-
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.
|
|
5760
|
-
"integrity": "sha512-
|
|
5754
|
+
"version": "5.3.2",
|
|
5755
|
+
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
|
|
5756
|
+
"integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
|
|
5761
5757
|
"dev": true,
|
|
5762
5758
|
"engines": {
|
|
5763
5759
|
"node": ">= 4"
|
|
@@ -9007,9 +9003,9 @@
|
|
|
9007
9003
|
"integrity": "sha512-EZSPZB70jiVsivaBLYDCyntd5eH8NTSMOn3rB+HxwdmKThGELLdYv8qVIMWvZEFy9w8ZZpW9h9OB32l1rGtj7g=="
|
|
9008
9004
|
},
|
|
9009
9005
|
"node_modules/nock": {
|
|
9010
|
-
"version": "13.5.
|
|
9011
|
-
"resolved": "https://registry.npmjs.org/nock/-/nock-13.5.
|
|
9012
|
-
"integrity": "sha512-
|
|
9006
|
+
"version": "13.5.6",
|
|
9007
|
+
"resolved": "https://registry.npmjs.org/nock/-/nock-13.5.6.tgz",
|
|
9008
|
+
"integrity": "sha512-o2zOYiCpzRqSzPj0Zt/dQ/DqZeYoaQ7TUonc/xUPjCGl9WeHpNbxgVvOquXYAaJzI0M9BXV3HTzG0p8IUAbBTQ==",
|
|
9013
9009
|
"dependencies": {
|
|
9014
9010
|
"debug": "^4.1.0",
|
|
9015
9011
|
"json-stringify-safe": "^5.0.1",
|
|
@@ -14557,9 +14553,9 @@
|
|
|
14557
14553
|
}
|
|
14558
14554
|
},
|
|
14559
14555
|
"node_modules/prettier": {
|
|
14560
|
-
"version": "3.
|
|
14561
|
-
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.
|
|
14562
|
-
"integrity": "sha512-
|
|
14556
|
+
"version": "3.4.2",
|
|
14557
|
+
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz",
|
|
14558
|
+
"integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==",
|
|
14563
14559
|
"dev": true,
|
|
14564
14560
|
"bin": {
|
|
14565
14561
|
"prettier": "bin/prettier.cjs"
|
|
@@ -15729,12 +15725,6 @@
|
|
|
15729
15725
|
"node": ">=8"
|
|
15730
15726
|
}
|
|
15731
15727
|
},
|
|
15732
|
-
"node_modules/text-table": {
|
|
15733
|
-
"version": "0.2.0",
|
|
15734
|
-
"resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
|
|
15735
|
-
"integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
|
|
15736
|
-
"dev": true
|
|
15737
|
-
},
|
|
15738
15728
|
"node_modules/thenify": {
|
|
15739
15729
|
"version": "3.3.1",
|
|
15740
15730
|
"resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz",
|
|
@@ -16895,20 +16885,20 @@
|
|
|
16895
16885
|
"dev": true
|
|
16896
16886
|
},
|
|
16897
16887
|
"@eslint/config-array": {
|
|
16898
|
-
"version": "0.
|
|
16899
|
-
"resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.
|
|
16900
|
-
"integrity": "sha512-
|
|
16888
|
+
"version": "0.19.1",
|
|
16889
|
+
"resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.19.1.tgz",
|
|
16890
|
+
"integrity": "sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==",
|
|
16901
16891
|
"dev": true,
|
|
16902
16892
|
"requires": {
|
|
16903
|
-
"@eslint/object-schema": "^2.1.
|
|
16893
|
+
"@eslint/object-schema": "^2.1.5",
|
|
16904
16894
|
"debug": "^4.3.1",
|
|
16905
16895
|
"minimatch": "^3.1.2"
|
|
16906
16896
|
},
|
|
16907
16897
|
"dependencies": {
|
|
16908
16898
|
"debug": {
|
|
16909
|
-
"version": "4.
|
|
16910
|
-
"resolved": "https://registry.npmjs.org/debug/-/debug-4.
|
|
16911
|
-
"integrity": "sha512-
|
|
16899
|
+
"version": "4.4.0",
|
|
16900
|
+
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
|
|
16901
|
+
"integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
|
|
16912
16902
|
"dev": true,
|
|
16913
16903
|
"requires": {
|
|
16914
16904
|
"ms": "^2.1.3"
|
|
@@ -16917,15 +16907,18 @@
|
|
|
16917
16907
|
}
|
|
16918
16908
|
},
|
|
16919
16909
|
"@eslint/core": {
|
|
16920
|
-
"version": "0.
|
|
16921
|
-
"resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.
|
|
16922
|
-
"integrity": "sha512-
|
|
16923
|
-
"dev": true
|
|
16910
|
+
"version": "0.9.1",
|
|
16911
|
+
"resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.9.1.tgz",
|
|
16912
|
+
"integrity": "sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==",
|
|
16913
|
+
"dev": true,
|
|
16914
|
+
"requires": {
|
|
16915
|
+
"@types/json-schema": "^7.0.15"
|
|
16916
|
+
}
|
|
16924
16917
|
},
|
|
16925
16918
|
"@eslint/eslintrc": {
|
|
16926
|
-
"version": "3.
|
|
16927
|
-
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.
|
|
16928
|
-
"integrity": "sha512-
|
|
16919
|
+
"version": "3.2.0",
|
|
16920
|
+
"resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz",
|
|
16921
|
+
"integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==",
|
|
16929
16922
|
"dev": true,
|
|
16930
16923
|
"requires": {
|
|
16931
16924
|
"ajv": "^6.12.4",
|
|
@@ -16946,12 +16939,12 @@
|
|
|
16946
16939
|
"dev": true
|
|
16947
16940
|
},
|
|
16948
16941
|
"debug": {
|
|
16949
|
-
"version": "4.
|
|
16950
|
-
"resolved": "https://registry.npmjs.org/debug/-/debug-4.
|
|
16951
|
-
"integrity": "sha512-
|
|
16942
|
+
"version": "4.4.0",
|
|
16943
|
+
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
|
|
16944
|
+
"integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
|
|
16952
16945
|
"dev": true,
|
|
16953
16946
|
"requires": {
|
|
16954
|
-
"ms": "2.1.
|
|
16947
|
+
"ms": "^2.1.3"
|
|
16955
16948
|
}
|
|
16956
16949
|
},
|
|
16957
16950
|
"js-yaml": {
|
|
@@ -16962,31 +16955,25 @@
|
|
|
16962
16955
|
"requires": {
|
|
16963
16956
|
"argparse": "^2.0.1"
|
|
16964
16957
|
}
|
|
16965
|
-
},
|
|
16966
|
-
"ms": {
|
|
16967
|
-
"version": "2.1.2",
|
|
16968
|
-
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
|
|
16969
|
-
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
|
|
16970
|
-
"dev": true
|
|
16971
16958
|
}
|
|
16972
16959
|
}
|
|
16973
16960
|
},
|
|
16974
16961
|
"@eslint/js": {
|
|
16975
|
-
"version": "9.
|
|
16976
|
-
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.
|
|
16977
|
-
"integrity": "sha512-
|
|
16962
|
+
"version": "9.16.0",
|
|
16963
|
+
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.16.0.tgz",
|
|
16964
|
+
"integrity": "sha512-tw2HxzQkrbeuvyj1tG2Yqq+0H9wGoI2IMk4EOsQeX+vmd75FtJAzf+gTA69WF+baUKRYQ3x2kbLE08js5OsTVg==",
|
|
16978
16965
|
"dev": true
|
|
16979
16966
|
},
|
|
16980
16967
|
"@eslint/object-schema": {
|
|
16981
|
-
"version": "2.1.
|
|
16982
|
-
"resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.
|
|
16983
|
-
"integrity": "sha512-
|
|
16968
|
+
"version": "2.1.5",
|
|
16969
|
+
"resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.5.tgz",
|
|
16970
|
+
"integrity": "sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==",
|
|
16984
16971
|
"dev": true
|
|
16985
16972
|
},
|
|
16986
16973
|
"@eslint/plugin-kit": {
|
|
16987
|
-
"version": "0.2.
|
|
16988
|
-
"resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.
|
|
16989
|
-
"integrity": "sha512-
|
|
16974
|
+
"version": "0.2.4",
|
|
16975
|
+
"resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.4.tgz",
|
|
16976
|
+
"integrity": "sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==",
|
|
16990
16977
|
"dev": true,
|
|
16991
16978
|
"requires": {
|
|
16992
16979
|
"levn": "^0.4.1"
|
|
@@ -17023,9 +17010,9 @@
|
|
|
17023
17010
|
"dev": true
|
|
17024
17011
|
},
|
|
17025
17012
|
"@humanwhocodes/retry": {
|
|
17026
|
-
"version": "0.4.
|
|
17027
|
-
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.
|
|
17028
|
-
"integrity": "sha512-
|
|
17013
|
+
"version": "0.4.1",
|
|
17014
|
+
"resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz",
|
|
17015
|
+
"integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==",
|
|
17029
17016
|
"dev": true
|
|
17030
17017
|
},
|
|
17031
17018
|
"@isaacs/cliui": {
|
|
@@ -19545,9 +19532,9 @@
|
|
|
19545
19532
|
}
|
|
19546
19533
|
},
|
|
19547
19534
|
"cross-spawn": {
|
|
19548
|
-
"version": "7.0.
|
|
19549
|
-
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.
|
|
19550
|
-
"integrity": "sha512-
|
|
19535
|
+
"version": "7.0.6",
|
|
19536
|
+
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
|
|
19537
|
+
"integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
|
|
19551
19538
|
"requires": {
|
|
19552
19539
|
"path-key": "^3.1.0",
|
|
19553
19540
|
"shebang-command": "^2.0.0",
|
|
@@ -19780,26 +19767,26 @@
|
|
|
19780
19767
|
"integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
|
|
19781
19768
|
},
|
|
19782
19769
|
"eslint": {
|
|
19783
|
-
"version": "9.
|
|
19784
|
-
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.
|
|
19785
|
-
"integrity": "sha512-
|
|
19770
|
+
"version": "9.16.0",
|
|
19771
|
+
"resolved": "https://registry.npmjs.org/eslint/-/eslint-9.16.0.tgz",
|
|
19772
|
+
"integrity": "sha512-whp8mSQI4C8VXd+fLgSM0lh3UlmcFtVwUQjyKCFfsp+2ItAIYhlq/hqGahGqHE6cv9unM41VlqKk2VtKYR2TaA==",
|
|
19786
19773
|
"dev": true,
|
|
19787
19774
|
"requires": {
|
|
19788
19775
|
"@eslint-community/eslint-utils": "^4.2.0",
|
|
19789
19776
|
"@eslint-community/regexpp": "^4.12.1",
|
|
19790
|
-
"@eslint/config-array": "^0.
|
|
19791
|
-
"@eslint/core": "^0.
|
|
19792
|
-
"@eslint/eslintrc": "^3.
|
|
19793
|
-
"@eslint/js": "9.
|
|
19794
|
-
"@eslint/plugin-kit": "^0.2.
|
|
19777
|
+
"@eslint/config-array": "^0.19.0",
|
|
19778
|
+
"@eslint/core": "^0.9.0",
|
|
19779
|
+
"@eslint/eslintrc": "^3.2.0",
|
|
19780
|
+
"@eslint/js": "9.16.0",
|
|
19781
|
+
"@eslint/plugin-kit": "^0.2.3",
|
|
19795
19782
|
"@humanfs/node": "^0.16.6",
|
|
19796
19783
|
"@humanwhocodes/module-importer": "^1.0.1",
|
|
19797
|
-
"@humanwhocodes/retry": "^0.4.
|
|
19784
|
+
"@humanwhocodes/retry": "^0.4.1",
|
|
19798
19785
|
"@types/estree": "^1.0.6",
|
|
19799
19786
|
"@types/json-schema": "^7.0.15",
|
|
19800
19787
|
"ajv": "^6.12.4",
|
|
19801
19788
|
"chalk": "^4.0.0",
|
|
19802
|
-
"cross-spawn": "^7.0.
|
|
19789
|
+
"cross-spawn": "^7.0.5",
|
|
19803
19790
|
"debug": "^4.3.2",
|
|
19804
19791
|
"escape-string-regexp": "^4.0.0",
|
|
19805
19792
|
"eslint-scope": "^8.2.0",
|
|
@@ -19818,8 +19805,7 @@
|
|
|
19818
19805
|
"lodash.merge": "^4.6.2",
|
|
19819
19806
|
"minimatch": "^3.1.2",
|
|
19820
19807
|
"natural-compare": "^1.4.0",
|
|
19821
|
-
"optionator": "^0.9.3"
|
|
19822
|
-
"text-table": "^0.2.0"
|
|
19808
|
+
"optionator": "^0.9.3"
|
|
19823
19809
|
},
|
|
19824
19810
|
"dependencies": {
|
|
19825
19811
|
"ansi-styles": {
|
|
@@ -20629,9 +20615,9 @@
|
|
|
20629
20615
|
}
|
|
20630
20616
|
},
|
|
20631
20617
|
"ignore": {
|
|
20632
|
-
"version": "5.3.
|
|
20633
|
-
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.
|
|
20634
|
-
"integrity": "sha512-
|
|
20618
|
+
"version": "5.3.2",
|
|
20619
|
+
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
|
|
20620
|
+
"integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
|
|
20635
20621
|
"dev": true
|
|
20636
20622
|
},
|
|
20637
20623
|
"ignore-walk": {
|
|
@@ -23068,9 +23054,9 @@
|
|
|
23068
23054
|
"integrity": "sha512-EZSPZB70jiVsivaBLYDCyntd5eH8NTSMOn3rB+HxwdmKThGELLdYv8qVIMWvZEFy9w8ZZpW9h9OB32l1rGtj7g=="
|
|
23069
23055
|
},
|
|
23070
23056
|
"nock": {
|
|
23071
|
-
"version": "13.5.
|
|
23072
|
-
"resolved": "https://registry.npmjs.org/nock/-/nock-13.5.
|
|
23073
|
-
"integrity": "sha512-
|
|
23057
|
+
"version": "13.5.6",
|
|
23058
|
+
"resolved": "https://registry.npmjs.org/nock/-/nock-13.5.6.tgz",
|
|
23059
|
+
"integrity": "sha512-o2zOYiCpzRqSzPj0Zt/dQ/DqZeYoaQ7TUonc/xUPjCGl9WeHpNbxgVvOquXYAaJzI0M9BXV3HTzG0p8IUAbBTQ==",
|
|
23074
23060
|
"requires": {
|
|
23075
23061
|
"debug": "^4.1.0",
|
|
23076
23062
|
"json-stringify-safe": "^5.0.1",
|
|
@@ -27170,9 +27156,9 @@
|
|
|
27170
27156
|
"integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
|
|
27171
27157
|
},
|
|
27172
27158
|
"prettier": {
|
|
27173
|
-
"version": "3.
|
|
27174
|
-
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.
|
|
27175
|
-
"integrity": "sha512-
|
|
27159
|
+
"version": "3.4.2",
|
|
27160
|
+
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz",
|
|
27161
|
+
"integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==",
|
|
27176
27162
|
"dev": true
|
|
27177
27163
|
},
|
|
27178
27164
|
"pretty-format": {
|
|
@@ -28069,12 +28055,6 @@
|
|
|
28069
28055
|
"minimatch": "^3.0.4"
|
|
28070
28056
|
}
|
|
28071
28057
|
},
|
|
28072
|
-
"text-table": {
|
|
28073
|
-
"version": "0.2.0",
|
|
28074
|
-
"resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
|
|
28075
|
-
"integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
|
|
28076
|
-
"dev": true
|
|
28077
|
-
},
|
|
28078
28058
|
"thenify": {
|
|
28079
28059
|
"version": "3.3.1",
|
|
28080
28060
|
"resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz",
|
data/helpers/package.json
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"@dependabot/yarn-lib": "^1.22.22",
|
|
14
14
|
"@npmcli/arborist": "^8.0.0",
|
|
15
15
|
"detect-indent": "^6.1.0",
|
|
16
|
-
"nock": "^13.5.
|
|
16
|
+
"nock": "^13.5.6",
|
|
17
17
|
"npm": "6.14.18",
|
|
18
18
|
"@pnpm/lockfile-file": "^9.1.2",
|
|
19
19
|
"@pnpm/dependency-path": "^5.1.1",
|
|
@@ -21,9 +21,9 @@
|
|
|
21
21
|
"patch-package": "^8.0.0"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
|
-
"eslint": "^9.
|
|
24
|
+
"eslint": "^9.16.0",
|
|
25
25
|
"eslint-config-prettier": "^9.1.0",
|
|
26
26
|
"jest": "^29.7.0",
|
|
27
|
-
"prettier": "^3.
|
|
27
|
+
"prettier": "^3.4.2"
|
|
28
28
|
}
|
|
29
29
|
}
|
|
@@ -207,7 +207,9 @@ module Dependabot
|
|
|
207
207
|
@package_manager_helper ||= T.let(
|
|
208
208
|
PackageManagerHelper.new(
|
|
209
209
|
parsed_package_json,
|
|
210
|
-
lockfiles
|
|
210
|
+
lockfiles,
|
|
211
|
+
registry_config_files,
|
|
212
|
+
credentials
|
|
211
213
|
), T.nilable(PackageManagerHelper)
|
|
212
214
|
)
|
|
213
215
|
end
|
|
@@ -221,6 +223,17 @@ module Dependabot
|
|
|
221
223
|
}
|
|
222
224
|
end
|
|
223
225
|
|
|
226
|
+
# Returns the .npmrc, and .yarnrc files for the repository.
|
|
227
|
+
# @return [Hash{Symbol => Dependabot::DependencyFile}]
|
|
228
|
+
sig { returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
|
|
229
|
+
def registry_config_files
|
|
230
|
+
{
|
|
231
|
+
npmrc: npmrc,
|
|
232
|
+
yarnrc: yarnrc,
|
|
233
|
+
yarnrc_yml: yarnrc_yml
|
|
234
|
+
}
|
|
235
|
+
end
|
|
236
|
+
|
|
224
237
|
sig { returns(DependencyFile) }
|
|
225
238
|
def package_json
|
|
226
239
|
@package_json ||= T.let(fetch_file_from_host(MANIFEST_FILENAME), T.nilable(DependencyFile))
|
|
@@ -601,7 +614,10 @@ module Dependabot
|
|
|
601
614
|
|
|
602
615
|
sig { returns(T.untyped) }
|
|
603
616
|
def parsed_package_json
|
|
604
|
-
JSON.parse(T.must(package_json.content))
|
|
617
|
+
parsed = JSON.parse(T.must(package_json.content))
|
|
618
|
+
raise Dependabot::DependencyFileNotParseable, package_json.path unless parsed.is_a?(Hash)
|
|
619
|
+
|
|
620
|
+
parsed
|
|
605
621
|
rescue JSON::ParserError
|
|
606
622
|
raise Dependabot::DependencyFileNotParseable, package_json.path
|
|
607
623
|
end
|
|
@@ -98,7 +98,9 @@ module Dependabot
|
|
|
98
98
|
@package_manager_helper ||= T.let(
|
|
99
99
|
PackageManagerHelper.new(
|
|
100
100
|
parsed_package_json,
|
|
101
|
-
lockfiles
|
|
101
|
+
lockfiles,
|
|
102
|
+
registry_config_files,
|
|
103
|
+
credentials
|
|
102
104
|
), T.nilable(PackageManagerHelper)
|
|
103
105
|
)
|
|
104
106
|
end
|
|
@@ -112,6 +114,15 @@ module Dependabot
|
|
|
112
114
|
}
|
|
113
115
|
end
|
|
114
116
|
|
|
117
|
+
sig { returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
|
|
118
|
+
def registry_config_files
|
|
119
|
+
{
|
|
120
|
+
npmrc: npmrc,
|
|
121
|
+
yarnrc: yarnrc,
|
|
122
|
+
yarnrc_yml: yarnrc_yml
|
|
123
|
+
}
|
|
124
|
+
end
|
|
125
|
+
|
|
115
126
|
sig { returns(T.untyped) }
|
|
116
127
|
def parsed_package_json
|
|
117
128
|
JSON.parse(T.must(package_json.content))
|
|
@@ -156,6 +167,27 @@ module Dependabot
|
|
|
156
167
|
end, T.nilable(Dependabot::DependencyFile))
|
|
157
168
|
end
|
|
158
169
|
|
|
170
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
171
|
+
def npmrc
|
|
172
|
+
@npmrc ||= T.let(dependency_files.find do |f|
|
|
173
|
+
f.name == NpmPackageManager::RC_FILENAME
|
|
174
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
178
|
+
def yarnrc
|
|
179
|
+
@yarnrc ||= T.let(dependency_files.find do |f|
|
|
180
|
+
f.name == YarnPackageManager::RC_FILENAME
|
|
181
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
sig { returns(T.nilable(DependencyFile)) }
|
|
185
|
+
def yarnrc_yml
|
|
186
|
+
@yarnrc_yml ||= T.let(dependency_files.find do |f|
|
|
187
|
+
f.name == YarnPackageManager::RC_YML_FILENAME
|
|
188
|
+
end, T.nilable(Dependabot::DependencyFile))
|
|
189
|
+
end
|
|
190
|
+
|
|
159
191
|
sig { returns(Dependabot::FileParsers::Base::DependencySet) }
|
|
160
192
|
def manifest_dependencies
|
|
161
193
|
dependency_set = DependencySet.new
|
|
@@ -9,7 +9,7 @@ require "sorbet-runtime"
|
|
|
9
9
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module NpmAndYarn
|
|
12
|
-
module Helpers
|
|
12
|
+
module Helpers # rubocop:disable Metrics/ModuleLength
|
|
13
13
|
extend T::Sig
|
|
14
14
|
|
|
15
15
|
YARN_PATH_NOT_FOUND =
|
|
@@ -332,7 +332,7 @@ module Dependabot
|
|
|
332
332
|
version.strip.delete_prefix("v") # Remove the "v" prefix if present
|
|
333
333
|
end
|
|
334
334
|
rescue StandardError => e
|
|
335
|
-
|
|
335
|
+
Dependabot.logger.error("Error retrieving Node.js version: #{e.message}")
|
|
336
336
|
nil
|
|
337
337
|
end
|
|
338
338
|
|
|
@@ -388,35 +388,89 @@ module Dependabot
|
|
|
388
388
|
end
|
|
389
389
|
|
|
390
390
|
# Install the package manager for specified version by using corepack
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
391
|
+
sig do
|
|
392
|
+
params(
|
|
393
|
+
name: String,
|
|
394
|
+
version: String,
|
|
395
|
+
env: T.nilable(T::Hash[String, String])
|
|
396
|
+
)
|
|
397
|
+
.returns(String)
|
|
398
|
+
end
|
|
399
|
+
def self.install(name, version, env: {})
|
|
394
400
|
Dependabot.logger.info("Installing \"#{name}@#{version}\"")
|
|
395
401
|
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
402
|
+
begin
|
|
403
|
+
# Try to install the specified version
|
|
404
|
+
output = package_manager_install(name, version, env: env)
|
|
405
|
+
|
|
406
|
+
# Confirm success based on the output
|
|
407
|
+
if output.match?(/Adding #{name}@.* to the cache/)
|
|
408
|
+
Dependabot.logger.info("#{name}@#{version} successfully installed.")
|
|
399
409
|
|
|
400
|
-
|
|
410
|
+
Dependabot.logger.info("Activating currently installed version of #{name}: #{version}")
|
|
411
|
+
package_manager_activate(name, version)
|
|
412
|
+
|
|
413
|
+
else
|
|
414
|
+
Dependabot.logger.error("Corepack installation output unexpected: #{output}")
|
|
415
|
+
fallback_to_local_version(name)
|
|
416
|
+
end
|
|
417
|
+
rescue StandardError => e
|
|
418
|
+
Dependabot.logger.error("Error installing #{name}@#{version}: #{e.message}")
|
|
419
|
+
fallback_to_local_version(name)
|
|
420
|
+
end
|
|
421
|
+
|
|
422
|
+
# Verify the installed version
|
|
423
|
+
installed_version = package_manager_version(name)
|
|
401
424
|
|
|
402
425
|
installed_version
|
|
403
426
|
end
|
|
404
427
|
|
|
428
|
+
# Attempt to activate the local version of the package manager
|
|
429
|
+
sig { params(name: String).void }
|
|
430
|
+
def self.fallback_to_local_version(name)
|
|
431
|
+
Dependabot.logger.info("Falling back to activate the currently installed version of #{name}.")
|
|
432
|
+
|
|
433
|
+
# Fetch the currently installed version directly from the environment
|
|
434
|
+
current_version = local_package_manager_version(name)
|
|
435
|
+
Dependabot.logger.info("Activating currently installed version of #{name}: #{current_version}")
|
|
436
|
+
|
|
437
|
+
# Prepare the existing version
|
|
438
|
+
package_manager_activate(name, current_version)
|
|
439
|
+
end
|
|
440
|
+
|
|
405
441
|
# Install the package manager for specified version by using corepack
|
|
406
|
-
sig
|
|
407
|
-
|
|
442
|
+
sig do
|
|
443
|
+
params(
|
|
444
|
+
name: String,
|
|
445
|
+
version: String,
|
|
446
|
+
env: T.nilable(T::Hash[String, String])
|
|
447
|
+
)
|
|
448
|
+
.returns(String)
|
|
449
|
+
end
|
|
450
|
+
def self.package_manager_install(name, version, env: {})
|
|
408
451
|
Dependabot::SharedHelpers.run_shell_command(
|
|
409
452
|
"corepack install #{name}@#{version} --global --cache-only",
|
|
410
|
-
fingerprint: "corepack install <name>@<version> --global --cache-only"
|
|
453
|
+
fingerprint: "corepack install <name>@<version> --global --cache-only",
|
|
454
|
+
env: env
|
|
411
455
|
).strip
|
|
412
456
|
end
|
|
413
457
|
|
|
414
458
|
# Prepare the package manager for use by using corepack
|
|
415
|
-
sig { params(name: String, version: String).
|
|
459
|
+
sig { params(name: String, version: String).returns(String) }
|
|
416
460
|
def self.package_manager_activate(name, version)
|
|
417
461
|
Dependabot::SharedHelpers.run_shell_command(
|
|
418
462
|
"corepack prepare #{name}@#{version} --activate",
|
|
419
|
-
fingerprint: "corepack prepare --activate"
|
|
463
|
+
fingerprint: "corepack prepare <name>@<version> --activate"
|
|
464
|
+
).strip
|
|
465
|
+
end
|
|
466
|
+
|
|
467
|
+
# Fetch the currently installed version of the package manager directly
|
|
468
|
+
# from the system without involving Corepack
|
|
469
|
+
sig { params(name: String).returns(String) }
|
|
470
|
+
def self.local_package_manager_version(name)
|
|
471
|
+
Dependabot::SharedHelpers.run_shell_command(
|
|
472
|
+
"#{name} -v",
|
|
473
|
+
fingerprint: "#{name} -v"
|
|
420
474
|
).strip
|
|
421
475
|
end
|
|
422
476
|
|
|
@@ -427,7 +481,8 @@ module Dependabot
|
|
|
427
481
|
|
|
428
482
|
version = package_manager_run_command(name, "-v").strip
|
|
429
483
|
|
|
430
|
-
Dependabot.logger.info("
|
|
484
|
+
Dependabot.logger.info("Installed version of #{name}: #{version}")
|
|
485
|
+
|
|
431
486
|
version
|
|
432
487
|
rescue StandardError => e
|
|
433
488
|
Dependabot.logger.error("Error fetching version for package manager #{name}: #{e.message}")
|
|
@@ -445,14 +500,11 @@ module Dependabot
|
|
|
445
500
|
def self.package_manager_run_command(name, command, fingerprint: nil)
|
|
446
501
|
full_command = "corepack #{name} #{command}"
|
|
447
502
|
|
|
448
|
-
Dependabot.logger.info("Running package manager command: #{full_command}")
|
|
449
|
-
|
|
450
503
|
result = Dependabot::SharedHelpers.run_shell_command(
|
|
451
504
|
full_command,
|
|
452
505
|
fingerprint: "corepack #{name} #{fingerprint || command}"
|
|
453
506
|
).strip
|
|
454
507
|
|
|
455
|
-
Dependabot.logger.info("Command executed successfully: #{full_command}")
|
|
456
508
|
result
|
|
457
509
|
rescue StandardError => e
|
|
458
510
|
Dependabot.logger.error("Error running package manager command: #{full_command}, Error: #{e.message}")
|
|
@@ -5,6 +5,7 @@ require "dependabot/shared_helpers"
|
|
|
5
5
|
require "dependabot/ecosystem"
|
|
6
6
|
require "dependabot/npm_and_yarn/requirement"
|
|
7
7
|
require "dependabot/npm_and_yarn/version_selector"
|
|
8
|
+
require "dependabot/npm_and_yarn/registry_helper"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module NpmAndYarn
|
|
@@ -61,14 +62,13 @@ module Dependabot
|
|
|
61
62
|
|
|
62
63
|
# Keep versions in ascending order
|
|
63
64
|
SUPPORTED_VERSIONS = T.let([
|
|
64
|
-
Version.new(NPM_V6),
|
|
65
65
|
Version.new(NPM_V7),
|
|
66
66
|
Version.new(NPM_V8),
|
|
67
67
|
Version.new(NPM_V9),
|
|
68
68
|
Version.new(NPM_V10)
|
|
69
69
|
].freeze, T::Array[Dependabot::Version])
|
|
70
70
|
|
|
71
|
-
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
71
|
+
DEPRECATED_VERSIONS = T.let([Version.new(NPM_V6)].freeze, T::Array[Dependabot::Version])
|
|
72
72
|
|
|
73
73
|
sig do
|
|
74
74
|
params(
|
|
@@ -88,12 +88,17 @@ module Dependabot
|
|
|
88
88
|
|
|
89
89
|
sig { override.returns(T::Boolean) }
|
|
90
90
|
def deprecated?
|
|
91
|
-
false
|
|
91
|
+
return false if unsupported?
|
|
92
|
+
return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
|
|
93
|
+
|
|
94
|
+
deprecated_versions.include?(version)
|
|
92
95
|
end
|
|
93
96
|
|
|
94
97
|
sig { override.returns(T::Boolean) }
|
|
95
98
|
def unsupported?
|
|
96
|
-
false
|
|
99
|
+
return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error)
|
|
100
|
+
|
|
101
|
+
supported_versions.all? { |supported| supported > version }
|
|
97
102
|
end
|
|
98
103
|
end
|
|
99
104
|
|
|
@@ -311,17 +316,24 @@ module Dependabot
|
|
|
311
316
|
sig do
|
|
312
317
|
params(
|
|
313
318
|
package_json: T.nilable(T::Hash[String, T.untyped]),
|
|
314
|
-
lockfiles: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]
|
|
319
|
+
lockfiles: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)],
|
|
320
|
+
registry_config_files: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)],
|
|
321
|
+
credentials: T.nilable(T::Array[Dependabot::Credential])
|
|
315
322
|
).void
|
|
316
323
|
end
|
|
317
|
-
def initialize(package_json, lockfiles
|
|
324
|
+
def initialize(package_json, lockfiles, registry_config_files, credentials)
|
|
318
325
|
@package_json = package_json
|
|
319
326
|
@lockfiles = lockfiles
|
|
327
|
+
@registry_helper = T.let(
|
|
328
|
+
RegistryHelper.new(registry_config_files, credentials),
|
|
329
|
+
Dependabot::NpmAndYarn::RegistryHelper
|
|
330
|
+
)
|
|
320
331
|
@package_manager_detector = T.let(PackageManagerDetector.new(lockfiles, package_json), PackageManagerDetector)
|
|
321
332
|
@manifest_package_manager = T.let(package_json&.fetch(MANIFEST_PACKAGE_MANAGER_KEY, nil), T.nilable(String))
|
|
322
333
|
@engines = T.let(package_json&.fetch(MANIFEST_ENGINES_KEY, nil), T.nilable(T::Hash[String, T.untyped]))
|
|
323
334
|
|
|
324
335
|
@installed_versions = T.let({}, T::Hash[String, String])
|
|
336
|
+
@registries = T.let({}, T::Hash[String, String])
|
|
325
337
|
|
|
326
338
|
@language = T.let(nil, T.nilable(Ecosystem::VersionManager))
|
|
327
339
|
@language_requirement = T.let(nil, T.nilable(Requirement))
|
|
@@ -379,8 +391,8 @@ module Dependabot
|
|
|
379
391
|
end
|
|
380
392
|
|
|
381
393
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
382
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
383
394
|
# rubocop:disable Metrics/AbcSize
|
|
395
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
384
396
|
sig { params(name: String).returns(T.nilable(T.any(Integer, String))) }
|
|
385
397
|
def setup(name)
|
|
386
398
|
# we prioritize version mentioned in "packageManager" instead of "engines"
|
|
@@ -438,6 +450,9 @@ module Dependabot
|
|
|
438
450
|
end
|
|
439
451
|
version
|
|
440
452
|
end
|
|
453
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
454
|
+
# rubocop:enable Metrics/AbcSize
|
|
455
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
441
456
|
|
|
442
457
|
sig { params(name: T.nilable(String)).returns(Ecosystem::VersionManager) }
|
|
443
458
|
def package_manager_by_name(name)
|
|
@@ -456,21 +471,15 @@ module Dependabot
|
|
|
456
471
|
Dependabot.logger.info("No version requirement found for #{name}")
|
|
457
472
|
end
|
|
458
473
|
|
|
459
|
-
|
|
474
|
+
package_manager_class.new(
|
|
460
475
|
installed_version,
|
|
461
476
|
requirement: package_manager_requirement
|
|
462
477
|
)
|
|
463
|
-
|
|
464
|
-
Dependabot.logger.info("Package manager resolved for #{name}: #{package_manager_instance}")
|
|
465
|
-
package_manager_instance
|
|
466
478
|
rescue StandardError => e
|
|
467
479
|
Dependabot.logger.error("Error resolving package manager for #{name || 'default'}: #{e.message}")
|
|
468
480
|
raise
|
|
469
481
|
end
|
|
470
482
|
|
|
471
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
|
472
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
473
|
-
# rubocop:enable Metrics/AbcSize
|
|
474
483
|
# Retrieve the installed version of the package manager by executing
|
|
475
484
|
# the "corepack <name> -v" command and using the output.
|
|
476
485
|
# If the output does not match the expected version format (PACKAGE_MANAGER_VERSION_REGEX),
|
|
@@ -504,13 +513,18 @@ module Dependabot
|
|
|
504
513
|
return unless name == PNPMPackageManager::NAME
|
|
505
514
|
return unless Version.new(version) < Version.new("7")
|
|
506
515
|
|
|
507
|
-
raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*")
|
|
516
|
+
raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*, 9.*")
|
|
508
517
|
end
|
|
509
518
|
|
|
510
519
|
sig { params(name: String, version: T.nilable(String)).void }
|
|
511
520
|
def install(name, version)
|
|
512
521
|
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
513
|
-
|
|
522
|
+
env = {}
|
|
523
|
+
if Dependabot::Experiments.enabled?(:enable_private_registry_for_corepack)
|
|
524
|
+
env = @registry_helper.find_corepack_env_variables
|
|
525
|
+
end
|
|
526
|
+
# Use the Helpers.install method to install the package manager
|
|
527
|
+
return Helpers.install(name, version.to_s, env: env)
|
|
514
528
|
end
|
|
515
529
|
|
|
516
530
|
Dependabot.logger.info("Installing \"#{name}@#{version}\"")
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "yaml"
|
|
5
|
+
require "dependabot/dependency_file"
|
|
6
|
+
require "sorbet-runtime"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module NpmAndYarn
|
|
10
|
+
class RegistryHelper
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
# Keys for configurations
|
|
14
|
+
REGISTRY_KEY = "registry"
|
|
15
|
+
AUTH_KEY = "authToken"
|
|
16
|
+
|
|
17
|
+
# Yarn-specific keys
|
|
18
|
+
NPM_AUTH_TOKEN_KEY_FOR_YARN = "npmAuthToken"
|
|
19
|
+
NPM_SCOPE_KEY_FOR_YARN = "npmScopes"
|
|
20
|
+
NPM_REGISTER_KEY_FOR_YARN = "npmRegistryServer"
|
|
21
|
+
|
|
22
|
+
# Environment variable keys
|
|
23
|
+
COREPACK_NPM_REGISTRY_ENV = "COREPACK_NPM_REGISTRY"
|
|
24
|
+
COREPACK_NPM_TOKEN_ENV = "COREPACK_NPM_TOKEN"
|
|
25
|
+
|
|
26
|
+
sig do
|
|
27
|
+
params(
|
|
28
|
+
registry_config_files: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)],
|
|
29
|
+
credentials: T.nilable(T::Array[Dependabot::Credential])
|
|
30
|
+
).void
|
|
31
|
+
end
|
|
32
|
+
def initialize(registry_config_files, credentials)
|
|
33
|
+
@registry_config_files = T.let(registry_config_files, T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)])
|
|
34
|
+
@credentials = T.let(credentials, T.nilable(T::Array[Dependabot::Credential]))
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
sig { returns(T::Hash[String, String]) }
|
|
38
|
+
def find_corepack_env_variables
|
|
39
|
+
registry_info = find_registry_and_token
|
|
40
|
+
|
|
41
|
+
env_variables = {}
|
|
42
|
+
env_variables[COREPACK_NPM_REGISTRY_ENV] = registry_info[:registry] if registry_info[:registry]
|
|
43
|
+
env_variables[COREPACK_NPM_TOKEN_ENV] = registry_info[:auth_token] if registry_info[:auth_token]
|
|
44
|
+
|
|
45
|
+
env_variables
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
private
|
|
49
|
+
|
|
50
|
+
sig { returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
51
|
+
def find_registry_and_token
|
|
52
|
+
# Step 1: Check dependabot.yml configuration
|
|
53
|
+
dependabot_config = config_npm_registry_and_token
|
|
54
|
+
return dependabot_config if dependabot_config[:registry]
|
|
55
|
+
|
|
56
|
+
# Step 2: Check .npmrc
|
|
57
|
+
npmrc_config = @registry_config_files[:npmrc]
|
|
58
|
+
npmrc_result = parse_registry_from_npmrc_yarnrc(npmrc_config, "=", "npm")
|
|
59
|
+
|
|
60
|
+
return npmrc_result if npmrc_result[:registry]
|
|
61
|
+
|
|
62
|
+
# Step 3: Check .yarnrc
|
|
63
|
+
yarnrc_config = @registry_config_files[:yarnrc]
|
|
64
|
+
yarnrc_result = parse_registry_from_npmrc_yarnrc(yarnrc_config, " ", "npm")
|
|
65
|
+
return yarnrc_result if yarnrc_result[:registry]
|
|
66
|
+
|
|
67
|
+
# Step 4: Check yarnrc.yml
|
|
68
|
+
yarnrc_yml_config = @registry_config_files[:yarnrc_yml]
|
|
69
|
+
yarnrc_yml_result = parse_npm_from_yarnrc_yml(yarnrc_yml_config)
|
|
70
|
+
return yarnrc_yml_result if yarnrc_yml_result[:registry]
|
|
71
|
+
|
|
72
|
+
# Default values if no registry is found
|
|
73
|
+
{}
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
sig { returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
77
|
+
def config_npm_registry_and_token
|
|
78
|
+
registries = {}
|
|
79
|
+
|
|
80
|
+
return registries unless @credentials&.any?
|
|
81
|
+
|
|
82
|
+
@credentials.each do |cred|
|
|
83
|
+
next unless cred["type"] == "npm_registry" # Skip if not an npm registry
|
|
84
|
+
next unless cred["replaces-base"] # Skip if not a reverse-proxy registry
|
|
85
|
+
|
|
86
|
+
# Set the registry if it's not already set
|
|
87
|
+
registries[:registry] ||= cred["registry"]
|
|
88
|
+
|
|
89
|
+
# Set the token if it's not already set
|
|
90
|
+
registries[:auth_token] ||= cred["token"]
|
|
91
|
+
end
|
|
92
|
+
registries
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
# Find registry and token in .npmrc or .yarnrc file
|
|
96
|
+
sig do
|
|
97
|
+
params(
|
|
98
|
+
file: T.nilable(Dependabot::DependencyFile),
|
|
99
|
+
separator: String
|
|
100
|
+
).returns(T::Hash[Symbol, T.nilable(String)])
|
|
101
|
+
end
|
|
102
|
+
def parse_npm_from_npm_or_yarn_rc(file, separator = "=")
|
|
103
|
+
parse_registry_from_npmrc_yarnrc(file, separator, NpmPackageManager::NAME)
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
# Find registry and token in .npmrc or .yarnrc file
|
|
107
|
+
sig do
|
|
108
|
+
params(
|
|
109
|
+
file: T.nilable(Dependabot::DependencyFile),
|
|
110
|
+
separator: String,
|
|
111
|
+
scope: T.nilable(String)
|
|
112
|
+
).returns(T::Hash[Symbol, T.nilable(String)])
|
|
113
|
+
end
|
|
114
|
+
def parse_registry_from_npmrc_yarnrc(file, separator = "=", scope = nil)
|
|
115
|
+
content = file&.content
|
|
116
|
+
return { registry: nil, auth_token: nil } unless content
|
|
117
|
+
|
|
118
|
+
global_registry = T.let(nil, T.nilable(String))
|
|
119
|
+
scoped_registry = T.let(nil, T.nilable(String))
|
|
120
|
+
auth_token = T.let(nil, T.nilable(String))
|
|
121
|
+
|
|
122
|
+
content.split("\n").each do |line|
|
|
123
|
+
# Split using the provided separator
|
|
124
|
+
key, value = line.strip.split(separator, 2)
|
|
125
|
+
next unless key && value
|
|
126
|
+
|
|
127
|
+
# Remove surrounding quotes from keys and values
|
|
128
|
+
cleaned_key = key.strip.gsub(/\A["']|["']\z/, "")
|
|
129
|
+
cleaned_value = value.strip.gsub(/\A["']|["']\z/, "")
|
|
130
|
+
|
|
131
|
+
case cleaned_key
|
|
132
|
+
when "registry"
|
|
133
|
+
# Case 1: Found a global registry
|
|
134
|
+
global_registry = cleaned_value
|
|
135
|
+
when "_authToken"
|
|
136
|
+
# Case 2: Found an auth token
|
|
137
|
+
auth_token = cleaned_value
|
|
138
|
+
else
|
|
139
|
+
# Handle scoped registry if a scope is provided
|
|
140
|
+
scoped_registry = cleaned_value if scope && cleaned_key == "@#{scope}:registry"
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
# Determine the registry to return (global first, fallback to scoped)
|
|
145
|
+
registry = global_registry || scoped_registry
|
|
146
|
+
|
|
147
|
+
{ registry: registry, auth_token: auth_token }
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
151
|
+
sig { params(file: T.nilable(Dependabot::DependencyFile)).returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
152
|
+
def parse_npm_from_yarnrc_yml(file)
|
|
153
|
+
content = file&.content
|
|
154
|
+
return { registry: nil, auth_token: nil } unless content
|
|
155
|
+
|
|
156
|
+
result = {}
|
|
157
|
+
yaml_data = safe_load_yaml(content)
|
|
158
|
+
|
|
159
|
+
# Step 1: Extract global registry and auth token
|
|
160
|
+
result[:registry] = yaml_data[NPM_REGISTER_KEY_FOR_YARN] if yaml_data.key?(NPM_REGISTER_KEY_FOR_YARN)
|
|
161
|
+
result[:auth_token] = yaml_data[NPM_AUTH_TOKEN_KEY_FOR_YARN] if yaml_data.key?(NPM_AUTH_TOKEN_KEY_FOR_YARN)
|
|
162
|
+
|
|
163
|
+
# Step 2: Fallback to any scoped registry and auth token if global is missing
|
|
164
|
+
if result[:registry].nil? && yaml_data.key?(NPM_SCOPE_KEY_FOR_YARN)
|
|
165
|
+
yaml_data[NPM_SCOPE_KEY_FOR_YARN].each do |_current_scope, config|
|
|
166
|
+
next unless config.is_a?(Hash)
|
|
167
|
+
|
|
168
|
+
result[:registry] ||= config[NPM_REGISTER_KEY_FOR_YARN]
|
|
169
|
+
result[:auth_token] ||= config[NPM_AUTH_TOKEN_KEY_FOR_YARN]
|
|
170
|
+
end
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
result
|
|
174
|
+
end
|
|
175
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
176
|
+
|
|
177
|
+
# Safely loads the YAML content and logs any parsing errors
|
|
178
|
+
sig { params(content: String).returns(T::Hash[String, T.untyped]) }
|
|
179
|
+
def safe_load_yaml(content)
|
|
180
|
+
YAML.safe_load(content, permitted_classes: [Symbol, String]) || {}
|
|
181
|
+
rescue Psych::SyntaxError => e
|
|
182
|
+
# Log the error instead of raising it
|
|
183
|
+
Dependabot.logger.error("YAML parsing error: #{e.message}")
|
|
184
|
+
{}
|
|
185
|
+
end
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.291.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-12-
|
|
11
|
+
date: 2024-12-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.291.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.291.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -326,6 +326,7 @@ files:
|
|
|
326
326
|
- lib/dependabot/npm_and_yarn/native_helpers.rb
|
|
327
327
|
- lib/dependabot/npm_and_yarn/package_manager.rb
|
|
328
328
|
- lib/dependabot/npm_and_yarn/package_name.rb
|
|
329
|
+
- lib/dependabot/npm_and_yarn/registry_helper.rb
|
|
329
330
|
- lib/dependabot/npm_and_yarn/registry_parser.rb
|
|
330
331
|
- lib/dependabot/npm_and_yarn/requirement.rb
|
|
331
332
|
- lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
|
|
@@ -346,8 +347,8 @@ licenses:
|
|
|
346
347
|
- MIT
|
|
347
348
|
metadata:
|
|
348
349
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
350
|
-
post_install_message:
|
|
350
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
|
|
351
|
+
post_install_message:
|
|
351
352
|
rdoc_options: []
|
|
352
353
|
require_paths:
|
|
353
354
|
- lib
|
|
@@ -363,7 +364,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
363
364
|
version: 3.1.0
|
|
364
365
|
requirements: []
|
|
365
366
|
rubygems_version: 3.5.9
|
|
366
|
-
signing_key:
|
|
367
|
+
signing_key:
|
|
367
368
|
specification_version: 4
|
|
368
369
|
summary: Provides Dependabot support for Javascript (npm and yarn)
|
|
369
370
|
test_files: []
|