dependabot-npm_and_yarn 0.291.0 → 0.292.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e406eab7c13be2bea1200de0103017da062fcd4eda7b30652cc697cf2529c2de
|
|
4
|
+
data.tar.gz: c41b184b80a82577f5ed87eb4df0c0c4bff862350afe5f992b75f04ac6e69f96
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 535024739c08d5e33e7a53a300a75f16009c8227a27b27c8c758501b6328865db2ebeaaace0bc8ae94d5f199d93bd63f76f98164e1524df7896c22784aa04975
|
|
7
|
+
data.tar.gz: e12a28a7d0933ad3fc4ccff35d36948e42b9ea9c884a132f7aed5bd9c33b67ad61037f0b29975c5fc04329a64ef7bcc8703ce3c684e4e278168706eecd1a37a7
|
|
@@ -41,9 +41,7 @@ module Dependabot
|
|
|
41
41
|
# Otherwise, we are going to use old versionining npm 6
|
|
42
42
|
sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) }
|
|
43
43
|
def self.npm_version_numeric(lockfile)
|
|
44
|
-
if Dependabot::Experiments.enabled?(:
|
|
45
|
-
return npm_version_numeric_latest(lockfile)
|
|
46
|
-
end
|
|
44
|
+
return npm_version_numeric_latest(lockfile) if Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
|
|
47
45
|
|
|
48
46
|
fallback_version_npm8 = Dependabot::Experiments.enabled?(:npm_fallback_version_above_v6)
|
|
49
47
|
|
|
@@ -174,7 +172,7 @@ module Dependabot
|
|
|
174
172
|
def self.npm8?(package_lock)
|
|
175
173
|
return true unless package_lock&.content
|
|
176
174
|
|
|
177
|
-
if Dependabot::Experiments.enabled?(:
|
|
175
|
+
if Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
|
|
178
176
|
return npm_version_numeric_latest(package_lock) >= NPM_V8
|
|
179
177
|
end
|
|
180
178
|
|
|
@@ -72,33 +72,40 @@ module Dependabot
|
|
|
72
72
|
|
|
73
73
|
sig do
|
|
74
74
|
params(
|
|
75
|
-
|
|
75
|
+
detected_version: T.nilable(String),
|
|
76
|
+
raw_version: T.nilable(String),
|
|
76
77
|
requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
|
|
77
78
|
).void
|
|
78
79
|
end
|
|
79
|
-
def initialize(raw_version, requirement: nil)
|
|
80
|
+
def initialize(detected_version: nil, raw_version: nil, requirement: nil)
|
|
80
81
|
super(
|
|
81
|
-
NAME,
|
|
82
|
-
Version.new(
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
82
|
+
name: NAME,
|
|
83
|
+
detected_version: detected_version ? Version.new(detected_version) : nil,
|
|
84
|
+
version: raw_version ? Version.new(raw_version) : nil,
|
|
85
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
86
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
87
|
+
requirement: requirement
|
|
86
88
|
)
|
|
87
89
|
end
|
|
88
90
|
|
|
89
91
|
sig { override.returns(T::Boolean) }
|
|
90
92
|
def deprecated?
|
|
93
|
+
return false unless detected_version
|
|
94
|
+
|
|
91
95
|
return false if unsupported?
|
|
96
|
+
|
|
92
97
|
return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
|
|
93
98
|
|
|
94
|
-
deprecated_versions.include?(
|
|
99
|
+
deprecated_versions.include?(detected_version)
|
|
95
100
|
end
|
|
96
101
|
|
|
97
102
|
sig { override.returns(T::Boolean) }
|
|
98
103
|
def unsupported?
|
|
104
|
+
return false unless detected_version
|
|
105
|
+
|
|
99
106
|
return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error)
|
|
100
107
|
|
|
101
|
-
supported_versions.all? { |supported| supported >
|
|
108
|
+
supported_versions.all? { |supported| supported > detected_version }
|
|
102
109
|
end
|
|
103
110
|
end
|
|
104
111
|
|
|
@@ -123,17 +130,19 @@ module Dependabot
|
|
|
123
130
|
|
|
124
131
|
sig do
|
|
125
132
|
params(
|
|
126
|
-
|
|
127
|
-
|
|
133
|
+
detected_version: T.nilable(String),
|
|
134
|
+
raw_version: T.nilable(String),
|
|
135
|
+
requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
|
|
128
136
|
).void
|
|
129
137
|
end
|
|
130
|
-
def initialize(raw_version, requirement: nil)
|
|
138
|
+
def initialize(detected_version: nil, raw_version: nil, requirement: nil)
|
|
131
139
|
super(
|
|
132
|
-
NAME,
|
|
133
|
-
Version.new(
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
140
|
+
name: NAME,
|
|
141
|
+
detected_version: detected_version ? Version.new(detected_version) : nil,
|
|
142
|
+
version: raw_version ? Version.new(raw_version) : nil,
|
|
143
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
144
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
145
|
+
requirement: requirement
|
|
137
146
|
)
|
|
138
147
|
end
|
|
139
148
|
|
|
@@ -168,17 +177,19 @@ module Dependabot
|
|
|
168
177
|
|
|
169
178
|
sig do
|
|
170
179
|
params(
|
|
171
|
-
|
|
172
|
-
|
|
180
|
+
detected_version: T.nilable(String),
|
|
181
|
+
raw_version: T.nilable(String),
|
|
182
|
+
requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
|
|
173
183
|
).void
|
|
174
184
|
end
|
|
175
|
-
def initialize(raw_version, requirement: nil)
|
|
185
|
+
def initialize(detected_version: nil, raw_version: nil, requirement: nil)
|
|
176
186
|
super(
|
|
177
|
-
NAME,
|
|
178
|
-
Version.new(
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
187
|
+
name: NAME,
|
|
188
|
+
detected_version: detected_version ? Version.new(detected_version) : nil,
|
|
189
|
+
version: raw_version ? Version.new(raw_version) : nil,
|
|
190
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
191
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
192
|
+
requirement: requirement
|
|
182
193
|
)
|
|
183
194
|
end
|
|
184
195
|
|
|
@@ -284,17 +295,19 @@ module Dependabot
|
|
|
284
295
|
|
|
285
296
|
sig do
|
|
286
297
|
params(
|
|
298
|
+
detected_version: T.nilable(String),
|
|
287
299
|
raw_version: T.nilable(String),
|
|
288
|
-
requirement: T.nilable(Requirement)
|
|
300
|
+
requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
|
|
289
301
|
).void
|
|
290
302
|
end
|
|
291
|
-
def initialize(raw_version, requirement: nil)
|
|
303
|
+
def initialize(detected_version: nil, raw_version: nil, requirement: nil)
|
|
292
304
|
super(
|
|
293
|
-
NAME,
|
|
294
|
-
Version.new(
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
305
|
+
name: NAME,
|
|
306
|
+
detected_version: detected_version ? Version.new(detected_version) : nil,
|
|
307
|
+
version: raw_version ? Version.new(raw_version) : nil,
|
|
308
|
+
deprecated_versions: DEPRECATED_VERSIONS,
|
|
309
|
+
supported_versions: SUPPORTED_VERSIONS,
|
|
310
|
+
requirement: requirement
|
|
298
311
|
)
|
|
299
312
|
end
|
|
300
313
|
|
|
@@ -349,7 +362,7 @@ module Dependabot
|
|
|
349
362
|
sig { returns(Ecosystem::VersionManager) }
|
|
350
363
|
def language
|
|
351
364
|
@language ||= Language.new(
|
|
352
|
-
Helpers.node_version,
|
|
365
|
+
raw_version: Helpers.node_version,
|
|
353
366
|
requirement: language_requirement
|
|
354
367
|
)
|
|
355
368
|
end
|
|
@@ -393,6 +406,7 @@ module Dependabot
|
|
|
393
406
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
394
407
|
# rubocop:disable Metrics/AbcSize
|
|
395
408
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
409
|
+
# rubocop:disable Metrics/MethodLength
|
|
396
410
|
sig { params(name: String).returns(T.nilable(T.any(Integer, String))) }
|
|
397
411
|
def setup(name)
|
|
398
412
|
# we prioritize version mentioned in "packageManager" instead of "engines"
|
|
@@ -405,6 +419,8 @@ module Dependabot
|
|
|
405
419
|
return
|
|
406
420
|
end
|
|
407
421
|
|
|
422
|
+
return package_manager.version.to_s if package_manager.deprecated? || package_manager.unsupported?
|
|
423
|
+
|
|
408
424
|
if @engines && @manifest_package_manager.nil?
|
|
409
425
|
# if "packageManager" doesn't exists in manifest file,
|
|
410
426
|
# we check if we can extract "engines" information
|
|
@@ -453,6 +469,24 @@ module Dependabot
|
|
|
453
469
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
454
470
|
# rubocop:enable Metrics/AbcSize
|
|
455
471
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
472
|
+
# rubocop:enable Metrics/MethodLength
|
|
473
|
+
|
|
474
|
+
sig { params(name: String).returns(T.nilable(String)) }
|
|
475
|
+
def detect_version(name)
|
|
476
|
+
# we prioritize version mentioned in "packageManager" instead of "engines"
|
|
477
|
+
if @manifest_package_manager&.start_with?("#{name}@")
|
|
478
|
+
detected_version = @manifest_package_manager.split("@").last.to_s
|
|
479
|
+
end
|
|
480
|
+
|
|
481
|
+
# if "packageManager" have no version specified, we check if we can extract "engines" information
|
|
482
|
+
detected_version = check_engine_version(name) if !detected_version || detected_version.empty?
|
|
483
|
+
|
|
484
|
+
# if "packageManager" and "engines" both are not present, we check if we can infer the version
|
|
485
|
+
# from the manifest file lockfileVersion
|
|
486
|
+
detected_version = guessed_version(name) if !detected_version || detected_version.empty?
|
|
487
|
+
|
|
488
|
+
detected_version&.to_s
|
|
489
|
+
end
|
|
456
490
|
|
|
457
491
|
sig { params(name: T.nilable(String)).returns(Ecosystem::VersionManager) }
|
|
458
492
|
def package_manager_by_name(name)
|
|
@@ -461,6 +495,16 @@ module Dependabot
|
|
|
461
495
|
name = ensure_valid_package_manager(name)
|
|
462
496
|
package_manager_class = T.must(PACKAGE_MANAGER_CLASSES[name])
|
|
463
497
|
|
|
498
|
+
detected_version = detect_version(name)
|
|
499
|
+
|
|
500
|
+
# if we have a detected version, we check if it is deprecated or unsupported
|
|
501
|
+
if detected_version
|
|
502
|
+
package_manager = package_manager_class.new(
|
|
503
|
+
detected_version: detected_version.to_s
|
|
504
|
+
)
|
|
505
|
+
return package_manager if package_manager.deprecated? || package_manager.unsupported?
|
|
506
|
+
end
|
|
507
|
+
|
|
464
508
|
installed_version = installed_version(name)
|
|
465
509
|
Dependabot.logger.info("Installed version for #{name}: #{installed_version}")
|
|
466
510
|
|
|
@@ -472,7 +516,8 @@ module Dependabot
|
|
|
472
516
|
end
|
|
473
517
|
|
|
474
518
|
package_manager_class.new(
|
|
475
|
-
|
|
519
|
+
detected_version: detected_version.to_s,
|
|
520
|
+
raw_version: installed_version,
|
|
476
521
|
requirement: package_manager_requirement
|
|
477
522
|
)
|
|
478
523
|
rescue StandardError => e
|
|
@@ -62,8 +62,10 @@ module Dependabot
|
|
|
62
62
|
|
|
63
63
|
sig { override.params(version: VersionParameter).void }
|
|
64
64
|
def initialize(version)
|
|
65
|
+
version = clean_version(version)
|
|
66
|
+
|
|
65
67
|
@version_string = T.let(version.to_s, String)
|
|
66
|
-
|
|
68
|
+
|
|
67
69
|
@build_info = T.let(nil, T.nilable(String))
|
|
68
70
|
|
|
69
71
|
version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
|
|
@@ -71,6 +73,20 @@ module Dependabot
|
|
|
71
73
|
super(T.must(version))
|
|
72
74
|
end
|
|
73
75
|
|
|
76
|
+
sig { params(version: VersionParameter).returns(VersionParameter) }
|
|
77
|
+
def clean_version(version)
|
|
78
|
+
# Check if version is a string before attempting to match
|
|
79
|
+
if version.is_a?(String)
|
|
80
|
+
# Matches @ followed by x.y.z (digits separated by dots)
|
|
81
|
+
if (match = version.match(/@(\d+\.\d+\.\d+)/))
|
|
82
|
+
version = match[1] # Just "4.5.3"
|
|
83
|
+
end
|
|
84
|
+
version = version&.gsub(/^v/, "")
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
version
|
|
88
|
+
end
|
|
89
|
+
|
|
74
90
|
sig { override.params(version: VersionParameter).returns(Dependabot::NpmAndYarn::Version) }
|
|
75
91
|
def self.new(version)
|
|
76
92
|
T.cast(super, Dependabot::NpmAndYarn::Version)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.292.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.292.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.292.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -347,7 +347,7 @@ licenses:
|
|
|
347
347
|
- MIT
|
|
348
348
|
metadata:
|
|
349
349
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
350
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
|
351
351
|
post_install_message:
|
|
352
352
|
rdoc_options: []
|
|
353
353
|
require_paths:
|
|
@@ -363,7 +363,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
363
363
|
- !ruby/object:Gem::Version
|
|
364
364
|
version: 3.1.0
|
|
365
365
|
requirements: []
|
|
366
|
-
rubygems_version: 3.5.
|
|
366
|
+
rubygems_version: 3.5.22
|
|
367
367
|
signing_key:
|
|
368
368
|
specification_version: 4
|
|
369
369
|
summary: Provides Dependabot support for Javascript (npm and yarn)
|