dependabot-npm_and_yarn 0.305.0 → 0.308.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +8 -7
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/package/registry_finder.rb +22 -10
  5. metadata +6 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29f8a6417f34cb02e78ced5b82afc2a542a47544d5aa37d363e588567c843b23
4
- data.tar.gz: ff7f7d7c8715850f1a65e2ca66c81e03dca0e9ed741f5908dc6e0a2e951f9140
3
+ metadata.gz: 38e3ede894c344c07233f9f1e893ef8f9d497944c8311302ded6f1c096460fe4
4
+ data.tar.gz: fb4fc3782548f557b7b7567c6a2d427cd681963277a8e42bc237eac6bdaea9da
5
5
  SHA512:
6
- metadata.gz: d17166b9cb9fd4e320dbf0d70ad3c134d5b2872a7600eabc38c64db6f78284a1b6ad60fe799ad33f09073f8d0aa1e5186ce8e88cad89759ef666b02cd7f05247
7
- data.tar.gz: e10961478b7b3e7e45b06f8f8f1238cea5f7a2775a655b270a0e489fa2d1cf1ad5cf121c2c9e0a5e77a874d167217f17d32623f9fcd643e3554178b417d98511
6
+ metadata.gz: 54d52371f3ef36d9bf09438f60eac3ccb69bba24d71fd4768f7b265f99c761d3d468ab67d4373d8339646425c2d82e01634ae9bad104ebd24eceb8038b60f315
7
+ data.tar.gz: b06bda3f35dc5a3eb9dccd1651b6ff2cb54b2bce11f84220a5085923fa21f1a96eeb90756b56a2eba6f1f029bd8a8b2037e35a0b7e3dfbd3e990a432b3a7a827
data/helpers/package-lock.json CHANGED
@@ -22,7 +22,7 @@
22
22
  },
23
23
  "devDependencies": {
24
24
  "eslint": "^9.22.0",
25
- "eslint-config-prettier": "^9.1.0",
25
+ "eslint-config-prettier": "^10.1.1",
26
26
  "jest": "^29.7.0",
27
27
  "prettier": "^3.5.3"
28
28
  }
@@ -4675,10 +4675,11 @@
4675
4675
  }
4676
4676
  },
4677
4677
  "node_modules/eslint-config-prettier": {
4678
- "version": "9.1.0",
4679
- "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz",
4680
- "integrity": "sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==",
4678
+ "version": "10.1.1",
4679
+ "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-10.1.1.tgz",
4680
+ "integrity": "sha512-4EQQr6wXwS+ZJSzaR5ZCrYgLxqvUjdXctaEtBqHcbkW944B1NQyO4qpdHQbXBONfwxXdkAY81HH4+LUfrg+zPw==",
4681
4681
  "dev": true,
4682
+ "license": "MIT",
4682
4683
  "bin": {
4683
4684
  "eslint-config-prettier": "bin/cli.js"
4684
4685
  },
@@ -19960,9 +19961,9 @@
19960
19961
  }
19961
19962
  },
19962
19963
  "eslint-config-prettier": {
19963
- "version": "9.1.0",
19964
- "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz",
19965
- "integrity": "sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==",
19964
+ "version": "10.1.1",
19965
+ "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-10.1.1.tgz",
19966
+ "integrity": "sha512-4EQQr6wXwS+ZJSzaR5ZCrYgLxqvUjdXctaEtBqHcbkW944B1NQyO4qpdHQbXBONfwxXdkAY81HH4+LUfrg+zPw==",
19966
19967
  "dev": true,
19967
19968
  "requires": {}
19968
19969
  },
data/helpers/package.json CHANGED
@@ -22,7 +22,7 @@
22
22
  },
23
23
  "devDependencies": {
24
24
  "eslint": "^9.22.0",
25
- "eslint-config-prettier": "^9.1.0",
25
+ "eslint-config-prettier": "^10.1.1",
26
26
  "jest": "^29.7.0",
27
27
  "prettier": "^3.5.3"
28
28
  }
data/lib/dependabot/npm_and_yarn/package/registry_finder.rb CHANGED
@@ -221,7 +221,12 @@ module Dependabot
221
221
  registries = []
222
222
  registries += credentials
223
223
  .select { |cred| cred["type"] == "npm_registry" && cred["registry"] }
224
- .tap { |arr| arr.each { |c| c["token"] ||= nil } }
224
+ .tap do |arr|
225
+ arr.each do |c|
226
+ c["registry"] = prepare_registry_url(c["registry"])
227
+ c["token"] ||= nil
228
+ end
229
+ end
225
230
  registries += npmrc_registries
226
231
  registries += yarnrc_registries
227
232
 
@@ -238,12 +243,12 @@ module Dependabot
238
243
  npmrc_file&.content&.scan(NPM_AUTH_TOKEN_REGEX) do
239
244
  next if Regexp.last_match&.[](:registry)&.include?("${")
240
245
 
241
- registry = T.must(Regexp.last_match)[:registry]
246
+ registry = prepare_registry_url(T.must(Regexp.last_match)[:registry])
242
247
  token = T.must(Regexp.last_match)[:token]&.strip
243
248
 
244
249
  registries << {
245
250
  "type" => "npm_registry",
246
- "registry" => registry&.gsub(/\s+/, "%20"),
251
+ "registry" => registry,
247
252
  "token" => token
248
253
  }
249
254
  end
@@ -291,14 +296,14 @@ module Dependabot
291
296
  return @configured_global_registry if @configured_global_registry
292
297
 
293
298
  if parsed_yarnrc_yml&.key?("npmRegistryServer")
294
- return @configured_global_registry = T.must(parsed_yarnrc_yml)["npmRegistryServer"]
299
+ return @configured_global_registry = prepare_registry_url(T.must(parsed_yarnrc_yml)["npmRegistryServer"])
295
300
  end
296
301
 
297
302
  replaces_base = credentials.find { |cred| cred["type"] == "npm_registry" && cred.replaces_base? }
298
303
  if replaces_base
299
304
  registry = replaces_base["registry"]
300
305
  registry = "https://#{registry}" unless registry&.start_with?("http")
301
- return @configured_global_registry = registry
306
+ return @configured_global_registry = prepare_registry_url(registry)
302
307
  end
303
308
 
304
309
  @configured_global_registry = nil
@@ -323,7 +328,7 @@ module Dependabot
323
328
 
324
329
  if parsed_yarnrc_yml
325
330
  yarn_berry_registry = parsed_yarnrc_yml&.dig("npmScopes", scope.delete_prefix("@"), "npmRegistryServer")
326
- return yarn_berry_registry if yarn_berry_registry
331
+ return prepare_registry_url(yarn_berry_registry) if yarn_berry_registry
327
332
  end
328
333
 
329
334
  nil
@@ -341,7 +346,7 @@ module Dependabot
341
346
  file&.content&.scan(syntax) do
342
347
  next if Regexp.last_match&.[](:registry)&.include?("${")
343
348
 
344
- url = T.must(T.must(Regexp.last_match)[:registry]).strip
349
+ url = T.must(prepare_registry_url(T.must(T.must(Regexp.last_match)[:registry])))
345
350
  registry = normalize_configured_registry(url)
346
351
  registries << {
347
352
  "type" => "npm_registry",
@@ -365,7 +370,7 @@ module Dependabot
365
370
  file&.content.to_s.scan(syntax) do
366
371
  next if Regexp.last_match&.[](:registry)&.include?("${") || Regexp.last_match&.[](:scope) != scope
367
372
 
368
- return T.must(T.must(Regexp.last_match)[:registry]).strip
373
+ return prepare_registry_url(T.must(T.must(Regexp.last_match)[:registry]))
369
374
  end
370
375
 
371
376
  nil
@@ -388,7 +393,9 @@ module Dependabot
388
393
  &.map { |r| r.fetch(:source) }&.uniq&.compact
389
394
  &.sort_by { |source| self.class.central_registry?(source[:url]) ? 1 : 0 }
390
395
 
391
- sources&.find { |s| s[:type] == "registry" }&.fetch(:url)
396
+ sources&.find { |s| s[:type] == "registry" }
397
+ &.fetch(:url)
398
+ &.then { |url| prepare_registry_url(url) }
392
399
  end
393
400
 
394
401
  sig { returns(T.nilable(T::Hash[String, T.untyped])) }
@@ -405,7 +412,12 @@ module Dependabot
405
412
  def normalize_configured_registry(url)
406
413
  url.sub(%r{/+$}, "")
407
414
  .sub(%r{^.*?//}, "")
408
- .gsub(/\s+/, "%20")
415
+ end
416
+
417
+ sig { params(url: T.nilable(String)).returns(T.nilable(String)) }
418
+ def prepare_registry_url(url)
419
+ url&.strip
420
+ &.gsub(/\s+/, "%20")
409
421
  end
410
422
  end
411
423
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.305.0
4
+ version: 0.308.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2025-04-06 00:00:00.000000000 Z
10
+ date: 2025-04-12 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: dependabot-common
@@ -16,14 +15,14 @@ dependencies:
16
15
  requirements:
17
16
  - - '='
18
17
  - !ruby/object:Gem::Version
19
- version: 0.305.0
18
+ version: 0.308.0
20
19
  type: :runtime
21
20
  prerelease: false
22
21
  version_requirements: !ruby/object:Gem::Requirement
23
22
  requirements:
24
23
  - - '='
25
24
  - !ruby/object:Gem::Version
26
- version: 0.305.0
25
+ version: 0.308.0
27
26
  - !ruby/object:Gem::Dependency
28
27
  name: debug
29
28
  requirement: !ruby/object:Gem::Requirement
@@ -357,8 +356,7 @@ licenses:
357
356
  - MIT
358
357
  metadata:
359
358
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
360
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.305.0
361
- post_install_message:
359
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.308.0
362
360
  rdoc_options: []
363
361
  require_paths:
364
362
  - lib
@@ -373,8 +371,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
373
371
  - !ruby/object:Gem::Version
374
372
  version: 3.1.0
375
373
  requirements: []
376
- rubygems_version: 3.5.22
377
- signing_key:
374
+ rubygems_version: 3.6.3
378
375
  specification_version: 4
379
376
  summary: Provides Dependabot support for Javascript (npm and yarn)
380
377
  test_files: []