RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.319.1 → 0.320.1 - Mend

dependabot-npm_and_yarn 0.319.1 → 0.320.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/npm_and_yarn/helpers.rb +45 -16
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d73a564255c059d9eb35b03d5628f88bffabdd2b9f1fc59ea11fe73f1ee8b0c3
-  data.tar.gz: 3538d93dbc952b9773f9bfa9e8a3e8c9038d94f794d624a18d94ab0d92e9a03f
+  metadata.gz: e8d6f1d107d110d67d7bbfc67768a6c1afe62d22e7b327a9a495d5caf0535703
+  data.tar.gz: 2f3a64b55706976119011580025b65b199bc3e2e2e1fd7c54dd1f6506414fa9d
 SHA512:
-  metadata.gz: 5d9d78d8b94bdbd6ce40b5cae073dfa065163a126a6239fa3d879c375f2e923654431b9da0f4d62362f6cec703d412a982eca49ef652b9fbc1d3cdc88c9f144e
-  data.tar.gz: 76681332af9e4306942f6002bdaa6ff50fa3652e62e271a9b47043e3bc4e7c65c75d10b39e035b4a357185c3a15d24dd6f0f51b7378a6aa71ca3ca72e9c16b0a
+  metadata.gz: 7913cc686f742a69ec86a9f8835079c159fd159bcff483e62d8bc6162d4ae93a498d50ead60886b254d1c714060bfed0e92d31b907b74814f0e663c806241b76
+  data.tar.gz: f60d5b3bc19476bf60b85203a7441f694e557f1fe9b9419dfce2369fc271e1e4fad7f76a78f0885453c8aa0e98512ff06af816292f25c6e06a8a7fe89466e5dd

data/lib/dependabot/npm_and_yarn/helpers.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Dependabot
       NPM_V10 = 10
       NPM_V8 = 8
       NPM_V6 = 6
-      NPM_DEFAULT_VERSION = NPM_V8
+      NPM_DEFAULT_VERSION = NPM_V10
       # PNPM Version Constants
       PNPM_V9 = 9
@@ -56,26 +56,25 @@ module Dependabot
       def self.detect_npm_version(lockfile)
         lockfile_content = lockfile&.content
-        # Return default NPM version if there's no lockfile or it's empty
+        # Return npm 10 as the default if the lockfile is missing or empty
         return NPM_DEFAULT_VERSION if lockfile_content.nil? || lockfile_content.strip.empty?
         parsed_lockfile = JSON.parse(lockfile_content)
         lockfile_version_str = parsed_lockfile["lockfileVersion"]
-        # Default to npm default version if lockfileVersion is missing or empty
         return NPM_DEFAULT_VERSION if lockfile_version_str.nil? || lockfile_version_str.to_s.strip.empty?
         lockfile_version = lockfile_version_str.to_i
         # Using npm 8 as the default for lockfile_version > 2.
-        # Update needed to support npm 9+ based on lockfile version.
+        return NPM_V10 if lockfile_version >= 3
         return NPM_V8 if lockfile_version >= 2
         NPM_V6 if lockfile_version >= 1
         # Return nil if can't capture
       rescue JSON::ParserError
-        NPM_DEFAULT_VERSION # Fallback to default npm version if parsing fails
+        NPM_DEFAULT_VERSION # Fallback to npm 8 if the lockfile content cannot be parsed
       end
       private_class_method :detect_npm_version
@@ -271,15 +270,35 @@ module Dependabot
       sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
       def self.run_npm_command(command, fingerprint: command)
         if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
-          package_manager_run_command(NpmPackageManager::NAME, command, fingerprint: fingerprint)
+          package_manager_run_command(
+            NpmPackageManager::NAME,
+            command,
+            fingerprint: fingerprint,
+            output_observer: ->(output) { command_observer(output) }
+          )
         else
           Dependabot::SharedHelpers.run_shell_command(
             "npm #{command}",
-            fingerprint: "npm #{fingerprint}"
+            fingerprint: "npm #{fingerprint}",
+            output_observer: ->(output) { command_observer(output) }
           )
         end
       end
+      sig do
+        params(output: String)
+          .returns(T::Hash[Symbol, T.untyped])
+      end
+      def self.command_observer(output)
+        # Observe the output for specific error
+        return {} unless output.include?("npm ERR! ERESOLVE")
+        {
+          gracefully_stop: true, # value must be a String
+          reason: "NPM Resolution Error"
+        }
+      end
       sig { returns(T.nilable(String)) }
       def self.node_version
         version = run_node_command("-v", fingerprint: "-v").strip
@@ -486,20 +505,30 @@ module Dependabot
         params(
           name: String,
           command: String,
-          fingerprint: T.nilable(String)
+          fingerprint: T.nilable(String),
+          output_observer: CommandHelpers::OutputObserver
         ).returns(String)
       end
-      def self.package_manager_run_command(name, command, fingerprint: nil)
+      def self.package_manager_run_command(
+        name,
+        command,
+        fingerprint: nil,
+        output_observer: nil
+      )
         return run_bun_command(command, fingerprint: fingerprint) if name == BunPackageManager::NAME
         full_command = "corepack #{name} #{command}"
-        result = Dependabot::SharedHelpers.run_shell_command(
-          full_command,
-          fingerprint: "corepack #{name} #{fingerprint || command}"
-        ).strip
-        result
+        fingerprint =  "corepack #{name} #{fingerprint || command}"
+        if output_observer
+          return Dependabot::SharedHelpers.run_shell_command(
+            full_command,
+            fingerprint: fingerprint,
+            output_observer: output_observer
+          ).strip
+        else
+          Dependabot::SharedHelpers.run_shell_command(full_command, fingerprint: fingerprint)
+        end.strip
       rescue StandardError => e
         Dependabot.logger.error("Error running package manager command: #{full_command}, Error: #{e.message}")
         if e.message.match?(/Response Code.*:.*404.*\(Not Found\)/) &&

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.319.1
+  version: 0.320.1
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.319.1
+        version: 0.320.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.319.1
+        version: 0.320.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -356,7 +356,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.319.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.320.1
 rdoc_options: []
 require_paths:
 - lib