dependabot-npm_and_yarn 0.335.0 → 0.336.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c1f5a7696197e8b084dc928539e2e30ea83a4de52d3904cf0052ce396a56d614
|
|
4
|
+
data.tar.gz: d842f8c004efa137cce0ffe05e490a82c0e5765bf10fbcefb04e6a14b4288334
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 195a8dedb0d44acfd79a04d36bd874e954fa56ec327d1d099dae7dc3366913670710afbeba27db66a26ea60b5d4f5aeb9bfa3f7fc92041635894fc2f0ddfccbb
|
|
7
|
+
data.tar.gz: 852daa4c744e2565e3ae4fe4595d0065cbe472dc8275d5b4b3030f1ede85eb33b7bd5fe4a06fbe7cb04715fffac4b87baae448064c70e71bddae58c3bb5dc214
|
|
@@ -119,6 +119,13 @@ module Dependabot
|
|
|
119
119
|
# Invalid version format found for dependency in package.json file
|
|
120
120
|
INVALID_VERSION = /Invalid Version: (?<ver>.*)/
|
|
121
121
|
|
|
122
|
+
# Invalid package manager specification in package.json
|
|
123
|
+
INVALID_PACKAGE_MANAGER_SPEC = /Invalid package manager specification/
|
|
124
|
+
|
|
125
|
+
# Invalid npm authentication configuration
|
|
126
|
+
ERR_INVALID_AUTH = /npm error code ERR_INVALID_AUTH/
|
|
127
|
+
INVALID_AUTH_CONFIG = /Invalid auth configuration found.*_auth.*must be renamed to/
|
|
128
|
+
|
|
122
129
|
# TODO: look into fixing this in npm, seems like a bug in the git
|
|
123
130
|
# downloader introduced in npm 7
|
|
124
131
|
#
|
|
@@ -613,6 +620,20 @@ module Dependabot
|
|
|
613
620
|
raise Dependabot::DependencyFileNotResolvable, msg
|
|
614
621
|
end
|
|
615
622
|
|
|
623
|
+
# Handle invalid package manager specification in package.json
|
|
624
|
+
if error_message.match?(INVALID_PACKAGE_MANAGER_SPEC)
|
|
625
|
+
msg = "Invalid package manager specification in package.json. " \
|
|
626
|
+
"The packageManager field must specify a valid semver version"
|
|
627
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
|
628
|
+
end
|
|
629
|
+
|
|
630
|
+
if error_message.match?(ERR_INVALID_AUTH) || error_message.match?(INVALID_AUTH_CONFIG)
|
|
631
|
+
msg = "Invalid npm authentication configuration found " \
|
|
632
|
+
"The _auth setting in .npmrc needs to be scoped to the specific registry." \
|
|
633
|
+
"Please update your .npmrc configuration to use registry-specific auth settings."
|
|
634
|
+
raise Dependabot::PrivateSourceAuthenticationFailure, msg
|
|
635
|
+
end
|
|
636
|
+
|
|
616
637
|
raise error
|
|
617
638
|
end
|
|
618
639
|
# rubocop:enable Metrics/AbcSize
|
|
@@ -22,11 +22,12 @@ module Dependabot
|
|
|
22
22
|
NPM_DEFAULT_VERSION = NPM_V10
|
|
23
23
|
|
|
24
24
|
# PNPM Version Constants
|
|
25
|
+
PNPM_V10 = 10
|
|
25
26
|
PNPM_V9 = 9
|
|
26
27
|
PNPM_V8 = 8
|
|
27
28
|
PNPM_V7 = 7
|
|
28
29
|
PNPM_V6 = 6
|
|
29
|
-
PNPM_DEFAULT_VERSION =
|
|
30
|
+
PNPM_DEFAULT_VERSION = PNPM_V10
|
|
30
31
|
PNPM_FALLBACK_VERSION = PNPM_V6
|
|
31
32
|
|
|
32
33
|
# BUN Version Constants
|
|
@@ -107,7 +108,7 @@ module Dependabot
|
|
|
107
108
|
|
|
108
109
|
pnpm_lockfile_version = pnpm_lockfile_version_str.to_f
|
|
109
110
|
|
|
110
|
-
return
|
|
111
|
+
return PNPM_V10 if pnpm_lockfile_version >= 9.0
|
|
111
112
|
return PNPM_V8 if pnpm_lockfile_version >= 6.0
|
|
112
113
|
return PNPM_V7 if pnpm_lockfile_version >= 5.4
|
|
113
114
|
|
|
@@ -404,7 +404,7 @@ module Dependabot
|
|
|
404
404
|
return unless name == PNPMPackageManager::NAME
|
|
405
405
|
return unless Version.new(version) < Version.new("7")
|
|
406
406
|
|
|
407
|
-
raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*, 9.*")
|
|
407
|
+
raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*, 9.*, 10.*")
|
|
408
408
|
end
|
|
409
409
|
|
|
410
410
|
sig { params(name: String, version: T.nilable(String)).void }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.336.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.336.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.336.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -362,7 +362,7 @@ licenses:
|
|
|
362
362
|
- MIT
|
|
363
363
|
metadata:
|
|
364
364
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
365
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
365
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.336.0
|
|
366
366
|
rdoc_options: []
|
|
367
367
|
require_paths:
|
|
368
368
|
- lib
|