dependabot-npm_and_yarn 0.356.0 → 0.358.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/file_updater/pnpm_workspace_updater.rb +1 -1
  3. data/lib/dependabot/npm_and_yarn/registry_helper.rb +12 -3
  4. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e11f7943ddda66926cdb4b56ade2b7cb2a13768fbd5f9c553f0e9b3587fd1d8
4
- data.tar.gz: a17b204a222dc640eaa06d2de063aa14990a9465fd2acbc542799c1774383465
3
+ metadata.gz: 325748a82ff120849842880e7c6478b52676197746b1a6f7e4e7f44bfca23481
4
+ data.tar.gz: d123e22205b9753050eea3640f955803323b0ca81e2162ae4fc48398d3e364a3
5
5
  SHA512:
6
- metadata.gz: 06d577b25e341f36461de62693029894603e8b23aea5695195450942d422a5470682c7eec0671c6dc5e2f9eeb8b30abdbb57d85043ee376f3c1a9cb46845a246
7
- data.tar.gz: 6410fef7a8f5bc85ee274ff4ad15210132f995bb015cd6d9621d39fb440c3306511866d80f56a3ec9ec8a10025d3b6723d3dd42228dd012269f796c44cd8f59b
6
+ metadata.gz: c0e4d0b55185886c963db2ff338f885ce40f1fe9a3af2bdc117bb809c3ccf678339c3c9fb442449769015b008db1b1472190c75f68e9f7312aea5f3ca0c3637f
7
+ data.tar.gz: 0173066cb1ac5a04307fde9e6a1e7ab9a88a2350b5cfd8b63c32019f740eb6ca7d92e73afcedba7ca50f8db7868b8df91cfa7821ddfdd45a34c274ad535d4673
data/lib/dependabot/npm_and_yarn/file_updater/pnpm_workspace_updater.rb CHANGED
@@ -10,7 +10,7 @@ class DependencyRequirement < T::Struct
10
10
  const :file, String
11
11
  const :requirement, String
12
12
  const :groups, T::Array[String]
13
- const :source, T.nilable(String)
13
+ const :source, T.nilable(T::Hash[Symbol, T.untyped])
14
14
  end
15
15
 
16
16
  module Dependabot
data/lib/dependabot/npm_and_yarn/registry_helper.rb CHANGED
@@ -20,9 +20,13 @@ module Dependabot
20
20
  NPM_REGISTER_KEY_FOR_YARN = "npmRegistryServer"
21
21
 
22
22
  # Environment variable keys
23
- COREPACK_NPM_REGISTRY_ENV = "COREPACK_NPM_REGISTRY"
23
+ COREPACK_NPM_REGISTRY_ENV = "COREPACK_NPM_REGISTRY" # For Corepack
24
+ NPM_CONFIG_REGISTRY_ENV = "npm_config_registry" # For npm
24
25
  COREPACK_NPM_TOKEN_ENV = "COREPACK_NPM_TOKEN"
25
26
 
27
+ # Default npm registry - no need to set env vars for this
28
+ DEFAULT_NPM_REGISTRY = "https://registry.npmjs.org"
29
+
26
30
  sig do
27
31
  params(
28
32
  registry_config_files: T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)],
@@ -43,8 +47,13 @@ module Dependabot
43
47
  if registry_info[:registry] # Prevent the https from being stripped in the process
44
48
  registry = registry_info[:registry]
45
49
  registry = "https://#{T.must(registry)}" unless T.must(registry).start_with?("http://", "https://")
46
- env_variables[COREPACK_NPM_REGISTRY_ENV] = registry
47
- env_variables[REGISTRY_KEY] = registry
50
+
51
+ # Set both in the env_variables hash
52
+ unless registry == DEFAULT_NPM_REGISTRY
53
+ env_variables[COREPACK_NPM_REGISTRY_ENV] = registry # For Corepack
54
+ env_variables[NPM_CONFIG_REGISTRY_ENV] = registry # For npm
55
+ env_variables[REGISTRY_KEY] = registry
56
+ end
48
57
  end
49
58
 
50
59
  env_variables[COREPACK_NPM_TOKEN_ENV] = registry_info[:auth_token] if registry_info[:auth_token]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.356.0
4
+ version: 0.358.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.356.0
18
+ version: 0.358.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.356.0
25
+ version: 0.358.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -361,7 +361,7 @@ licenses:
361
361
  - MIT
362
362
  metadata:
363
363
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
364
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.356.0
364
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.358.0
365
365
  rdoc_options: []
366
366
  require_paths:
367
367
  - lib
@@ -376,7 +376,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
376
376
  - !ruby/object:Gem::Version
377
377
  version: 3.3.0
378
378
  requirements: []
379
- rubygems_version: 3.6.9
379
+ rubygems_version: 3.7.2
380
380
  specification_version: 4
381
381
  summary: Provides Dependabot support for Javascript (npm and yarn)
382
382
  test_files: []