dependabot-npm_and_yarn 0.319.1 → 0.320.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/helpers.rb +41 -11
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d73a564255c059d9eb35b03d5628f88bffabdd2b9f1fc59ea11fe73f1ee8b0c3
4
- data.tar.gz: 3538d93dbc952b9773f9bfa9e8a3e8c9038d94f794d624a18d94ab0d92e9a03f
3
+ metadata.gz: 2b2c6f3862ecd36711defe92e03ef9285a84a01ac96fb33251e3e440acd33cef
4
+ data.tar.gz: 9a80eef7de9376bf571b00a1603c52d95e64ad7c3f493d0720113dbb43c525a6
5
5
  SHA512:
6
- metadata.gz: 5d9d78d8b94bdbd6ce40b5cae073dfa065163a126a6239fa3d879c375f2e923654431b9da0f4d62362f6cec703d412a982eca49ef652b9fbc1d3cdc88c9f144e
7
- data.tar.gz: 76681332af9e4306942f6002bdaa6ff50fa3652e62e271a9b47043e3bc4e7c65c75d10b39e035b4a357185c3a15d24dd6f0f51b7378a6aa71ca3ca72e9c16b0a
6
+ metadata.gz: 0b730addc3df2974a8fe0a6ab23bf648bcc31bf61d3384defad79f308cde03d3bdc061ba390f49b2de4316ee02ff123939ddef4be37abc3c62999b83d1637be9
7
+ data.tar.gz: 24d35bfba57c04f6a7e8858379dd1847d8cd4b3d987d691ebbcb2dc9ad4c3d4fef095881dc62c666c3ea17744582313fbd178f9e7ce3b70d40967f703f58f5ea
data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED
@@ -271,15 +271,35 @@ module Dependabot
271
271
  sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
272
272
  def self.run_npm_command(command, fingerprint: command)
273
273
  if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
274
- package_manager_run_command(NpmPackageManager::NAME, command, fingerprint: fingerprint)
274
+ package_manager_run_command(
275
+ NpmPackageManager::NAME,
276
+ command,
277
+ fingerprint: fingerprint,
278
+ output_observer: ->(output) { command_observer(output) }
279
+ )
275
280
  else
276
281
  Dependabot::SharedHelpers.run_shell_command(
277
282
  "npm #{command}",
278
- fingerprint: "npm #{fingerprint}"
283
+ fingerprint: "npm #{fingerprint}",
284
+ output_observer: ->(output) { command_observer(output) }
279
285
  )
280
286
  end
281
287
  end
282
288
 
289
+ sig do
290
+ params(output: String)
291
+ .returns(T::Hash[Symbol, T.untyped])
292
+ end
293
+ def self.command_observer(output)
294
+ # Observe the output for specific error
295
+ return {} unless output.include?("npm ERR! ERESOLVE")
296
+
297
+ {
298
+ gracefully_stop: true, # value must be a String
299
+ reason: "NPM Resolution Error"
300
+ }
301
+ end
302
+
283
303
  sig { returns(T.nilable(String)) }
284
304
  def self.node_version
285
305
  version = run_node_command("-v", fingerprint: "-v").strip
@@ -486,20 +506,30 @@ module Dependabot
486
506
  params(
487
507
  name: String,
488
508
  command: String,
489
- fingerprint: T.nilable(String)
509
+ fingerprint: T.nilable(String),
510
+ output_observer: CommandHelpers::OutputObserver
490
511
  ).returns(String)
491
512
  end
492
- def self.package_manager_run_command(name, command, fingerprint: nil)
513
+ def self.package_manager_run_command(
514
+ name,
515
+ command,
516
+ fingerprint: nil,
517
+ output_observer: nil
518
+ )
493
519
  return run_bun_command(command, fingerprint: fingerprint) if name == BunPackageManager::NAME
494
520
 
495
521
  full_command = "corepack #{name} #{command}"
496
-
497
- result = Dependabot::SharedHelpers.run_shell_command(
498
- full_command,
499
- fingerprint: "corepack #{name} #{fingerprint || command}"
500
- ).strip
501
-
502
- result
522
+ fingerprint = "corepack #{name} #{fingerprint || command}"
523
+
524
+ if output_observer
525
+ return Dependabot::SharedHelpers.run_shell_command(
526
+ full_command,
527
+ fingerprint: fingerprint,
528
+ output_observer: output_observer
529
+ ).strip
530
+ else
531
+ Dependabot::SharedHelpers.run_shell_command(full_command, fingerprint: fingerprint)
532
+ end.strip
503
533
  rescue StandardError => e
504
534
  Dependabot.logger.error("Error running package manager command: #{full_command}, Error: #{e.message}")
505
535
  if e.message.match?(/Response Code.*:.*404.*\(Not Found\)/) &&
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.319.1
4
+ version: 0.320.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.319.1
18
+ version: 0.320.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.319.1
25
+ version: 0.320.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -356,7 +356,7 @@ licenses:
356
356
  - MIT
357
357
  metadata:
358
358
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
359
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.319.1
359
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.320.0
360
360
  rdoc_options: []
361
361
  require_paths:
362
362
  - lib