dependabot-npm_and_yarn 0.349.0 → 0.350.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e4e43ee5991e6cea99e308855eb218a880627a403e38f5d629b34182b63f810e
-  data.tar.gz: 7860c1f505810459902cf13ff518f355fecf40e408d401f5536f32409165b12a
+  metadata.gz: 3c95e5a25dfbc888b7cbe14a06c8545a1dffa0223254983a4fea67b8e372a024
+  data.tar.gz: a47db5408d030fbc18d62679d22e3ace24b5f85cbb8de6ae2d153fd46a2c2c9a
 SHA512:
-  metadata.gz: 15a4161403d48cc7e18988c67b87d104feeeb649ec78df51178475badc7d86aee54ec03f0266179db78d2ce6a5d72bcb5e2a6ec01010baf34e509f78df4400f1
-  data.tar.gz: 13d3c213858a113a55a91fce77ca257609e634393adcac8716db3270033f63a86f7b176e04c4e7fbed9d95f08275a674043c89d00b2f2ec24604f30a0bc59c53
+  metadata.gz: 14d440ca0f12543d02ac0b1d49b6f943c88fec8abb6f96851dfbcb26db1f6737360acc8747f5cd2ee17eefcea34fc57b3e3ef04f6c84999527ef3516c56a3d2d
+  data.tar.gz: 64b4cd22bcbe18bc9d82231bce93291cce5dc75ebf43d9c8a40d5ee28f44b9cd2a1b8784b9dd919e5e72e1243bffe5f07bd471c9405d1dda1667ad30be3b2002

data/lib/dependabot/npm_and_yarn/helpers.rb

@@ -16,10 +16,11 @@ module Dependabot
         /^.*(?<error>The "yarn-path" option has been set \(in [^)]+\), but the specified location doesn't exist)/
 
       # NPM Version Constants
+      NPM_V11 = 11
       NPM_V10 = 10
       NPM_V8 = 8
       NPM_V6 = 6
-      NPM_DEFAULT_VERSION = NPM_V10
+      NPM_DEFAULT_VERSION = NPM_V11
 
       # PNPM Version Constants
       PNPM_V10 = 10
@@ -65,7 +66,7 @@ module Dependabot
         lockfile_version = lockfile_version_str.to_i
 
         # Using npm 8 as the default for lockfile_version > 2.
-        return NPM_V10 if lockfile_version >= 3
+        return NPM_V11 if lockfile_version >= 3
         return NPM_V8 if lockfile_version >= 2
 
         NPM_V6 if lockfile_version >= 1
@@ -362,7 +363,7 @@ module Dependabot
         end
       end
 
-      # Install the package manager for specified version by using corepack
+      # Activate the package manager for specified version by using corepack
       sig do
         params(
           name: String,
@@ -375,22 +376,20 @@ module Dependabot
         Dependabot.logger.info("Installing \"#{name}@#{version}\"")
 
         begin
-          # Try to install the specified version
-          output = package_manager_install(name, version, env: env)
+          # Try to activate the specified version
+          output = package_manager_activate(name, version, env: env)
 
           # Confirm success based on the output
-          if output.match?(/Adding #{name}@.* to the cache/)
+          if output.include?("immediate activation...")
             Dependabot.logger.info("#{name}@#{version} successfully installed.")
 
             Dependabot.logger.info("Activating currently installed version of #{name}: #{version}")
-            package_manager_activate(name, version)
-
           else
             Dependabot.logger.error("Corepack installation output unexpected: #{output}")
             fallback_to_local_version(name)
           end
         rescue StandardError => e
-          Dependabot.logger.error("Error installing #{name}@#{version}: #{e.message}")
+          Dependabot.logger.error("Error activating #{name}@#{version}: #{e.message}")
           fallback_to_local_version(name)
         end
 
@@ -435,13 +434,14 @@ module Dependabot
       end
 
       # Prepare the package manager for use by using corepack
-      sig { params(name: String, version: String).returns(String) }
-      def self.package_manager_activate(name, version)
+      sig { params(name: String, version: String, env: T.nilable(T::Hash[String, String])).returns(String) }
+      def self.package_manager_activate(name, version, env: {})
         return "Corepack does not support #{name}" unless corepack_supported_package_manager?(name)
 
         Dependabot::SharedHelpers.run_shell_command(
           "corepack prepare #{name}@#{version} --activate",
-          fingerprint: "corepack prepare <name>@<version> --activate"
+          fingerprint: "corepack prepare <name>@<version> --activate",
+          env: env
         ).strip
       end
 

data/lib/dependabot/npm_and_yarn/registry_helper.rb

@@ -39,7 +39,13 @@ module Dependabot
         registry_info = find_registry_and_token
 
         env_variables = {}
-        env_variables[COREPACK_NPM_REGISTRY_ENV] = registry_info[:registry] if registry_info[:registry]
+
+        if registry_info[:registry] # Prevent the https from being stripped in the process
+          registry = registry_info[:registry]
+          registry = "https://#{T.must(registry)}" unless T.must(registry).start_with?("http://", "https://")
+          env_variables[COREPACK_NPM_REGISTRY_ENV] = registry
+        end
+
         env_variables[COREPACK_NPM_TOKEN_ENV] = registry_info[:auth_token] if registry_info[:auth_token]
 
         env_variables

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.349.0
+  version: 0.350.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.349.0
+        version: 0.350.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.349.0
+        version: 0.350.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -359,7 +359,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.349.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.350.0
 rdoc_options: []
 require_paths:
 - lib