dependabot-npm_and_yarn 0.174.1 → 0.175.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1670420229d206add0e33c55f169aa32c48ffeb556c52eb852f0eed843dd567a
-  data.tar.gz: e07a8e900f981e12b4edc06dfaa6deb404ab406705ae8f1e944934f551e2d918
+  metadata.gz: 3c07f155a90a67db8072626219fa6d797c7294ebb3531565c6fe5b7163378f3e
+  data.tar.gz: 5ededcae3a93518dd184c7e5b202a63b9f80c0614ceba6a9a59a9c32c92980af
 SHA512:
-  metadata.gz: 42c6c3d11dce9a7c91115529cb62cdadab6ea13979ea4ed149383ac952fe94b507b784c43ac9e4abc39fc6681dcf0da6c377d26b0c27b52feae837547d1080a8
-  data.tar.gz: 6d4ee2595178167f01f29bcbd304ff05f823c3e42fc9b7ec849a27a9eacfe3cd8fc71ea3ac5ef5b6d8fea64166dda4221f2edfd52f3b57aa3853ace78f87e834
+  metadata.gz: ef4274999e5373d0e7d20c5697214836c67750719061b9e9768f688a42f2fb84a80dc841363158f2520d8330eb2b913e5d4ab4af318bdd6b9faed192cc0f6767
+  data.tar.gz: 2b739c355b0096994ee83157bfdf4f514a310ca0981ef649d550d446951b40ce87d174802c1ec4c0b9446bf207d5d123f1876a6741de7e67100f2cbec5604f6e

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -476,6 +476,7 @@ module Dependabot
             updated_content = lock_deps_with_latest_reqs(updated_content)
 
             updated_content = sanitized_package_json_content(updated_content)
+
             File.write(file.name, updated_content)
           end
         end
@@ -495,6 +496,16 @@ module Dependabot
           end
         end
 
+        # Takes a JSON string and detects if it is spaces or tabs and how many
+        # levels deep it is indented.
+        def detect_indentation(json)
+          indentation = json.scan(/^\s+/).min_by(&:length)
+          indentation_size = indentation.length
+          indentation_type = indentation.scan(/\t/).any? ? "\t" : " "
+
+          indentation_type * indentation_size
+        end
+
         def lock_git_deps(content)
           return content if git_dependencies_to_lock.empty?
 
@@ -508,7 +519,8 @@ module Dependabot
             end
           end
 
-          json.to_json
+          indent = detect_indentation(content)
+          JSON.pretty_generate(json, indent: indent)
         end
 
         def git_dependencies_to_lock
@@ -549,7 +561,8 @@ module Dependabot
             end
           end
 
-          json.to_json
+          indent = detect_indentation(content)
+          JSON.pretty_generate(json, indent: indent)
         end
 
         def replace_ssh_sources(content)

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

@@ -56,8 +56,8 @@ module Dependabot
         # npm ERR! peer @opentelemetry/api@">=1.0.0 <1.1.0" from @opentelemetry/context-async-hooks@1.0.1
         NPM7_PEER_DEP_ERROR_REGEX =
           /
-            npm\sERR!\sCould\snot\sresolve\sdependency:\n
-            npm\sERR!\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
+            npm\s(?:WARN|ERR!)\sCould\snot\sresolve\sdependency:\n
+            npm\s(?:WARN|ERR!)\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
           /x.freeze
 
         def initialize(dependency:, credentials:, dependency_files:,
@@ -458,10 +458,13 @@ module Dependabot
         end
 
         def run_npm7_checker(version:)
-          SharedHelpers.run_shell_command(
+          cmd =
             "npm install #{version_install_arg(version: version)} --package-lock-only --dry-run=true --ignore-scripts"
-          )
-          nil
+          output = SharedHelpers.run_shell_command(cmd)
+          if output.match?(NPM7_PEER_DEP_ERROR_REGEX)
+            error_context = { command: cmd, process_exit_value: 1 }
+            raise SharedHelpers::HelperSubprocessFailed.new(message: output, error_context: error_context)
+          end
         rescue SharedHelpers::HelperSubprocessFailed => e
           raise if e.message.match?(NPM7_PEER_DEP_ERROR_REGEX)
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.174.1
+  version: 0.175.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-22 00:00:00.000000000 Z
+date: 2022-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.174.1
+        version: 0.175.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.174.1
+        version: 0.175.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement