dependabot-npm_and_yarn 0.185.0 → 0.186.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d42472b33cbd3bc18ffc46a89ec1258b99ee91c06f37df754c34d918c984054
-  data.tar.gz: 2f7ad25e3389283e30decb7d515d793d6e1ecdef2f5de75ac81b2dce53bcf15a
+  metadata.gz: aeff725531d7c22b4ef708a9bc7fa65726f8dd59bd4add961f917adb05d215e6
+  data.tar.gz: 18e5d38da3681f275f65dbac387cfa3621b225e1bf411db092367d4513a900b3
 SHA512:
-  metadata.gz: 9608c5d0237700098c9488abf00b3d58d8a6c5cd9487fcd38a2a46fed9e737bef85bd3bbb7c11d8db5571701d960b96164507b709319f1ea3f7d9d89ec62227a
-  data.tar.gz: 4124eadef4cca03dbad1a826e1cc225a213920971aff8c451af0357fa6be94b7af50defb856509c20938dcb7e71c22574e32dc90971fac130cad56d7547ae04c
+  metadata.gz: a36832bb9014119197be3a4656719fc1f621f6f375148235127f640b71f75ce92f47edd122e74bd9795a8952508f68eddbf7b897b368c03a74bbfdb27fda82e2
+  data.tar.gz: b9e2aab53895c9892a584e425fe9a1f8dd801610f3b8e0b5b65ae011ab0262f565dd01fe8116e92ac410dad446c07c47aaf77f803a44bab581459efa31f6ea59

data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "uri"
+
 require "dependabot/npm_and_yarn/file_updater"
 require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/update_checker/registry_finder"
@@ -436,7 +438,7 @@ module Dependabot
         def handle_timeout(error_message, yarn_lock)
           url = error_message.match(TIMEOUT_FETCHING_PACKAGE).
                 named_captures["url"]
-          return if url.start_with?("https://registry.npmjs.org")
+          raise if URI(url).host == "registry.npmjs.org"
 
           package_name = error_message.match(TIMEOUT_FETCHING_PACKAGE).
                          named_captures["package"]
@@ -482,7 +484,7 @@ module Dependabot
 
           return false unless yarnrc_global_registry
 
-          yarnrc_global_registry.include?("registry.npmjs.org")
+          URI(yarnrc_global_registry).host == "registry.npmjs.org"
         end
 
         def yarnrc_content

data/lib/dependabot/npm_and_yarn/package_name.rb

@@ -37,16 +37,20 @@ module Dependabot
         end
       end
 
-      def <=>(other)
-        to_s.casecmp(other.to_s)
+      def eql?(other)
+        self.class == other.class && to_s == other.to_s
       end
 
-      def eql?(other)
-        to_s.eql?(other.to_s)
+      def hash
+        to_s.downcase.hash
+      end
+
+      def <=>(other)
+        to_s.casecmp(other.to_s)
       end
 
       def library_name
-        return self unless types_package?
+        return unless types_package?
 
         @library_name ||=
           begin
@@ -60,7 +64,7 @@ module Dependabot
       end
 
       def types_package_name
-        return self if types_package?
+        return if types_package?
 
         @types_package_name ||=
           if scoped?

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

@@ -9,6 +9,7 @@ require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
 require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
 require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/npm_and_yarn/package_name"
 require "dependabot/npm_and_yarn/requirement"
 require "dependabot/npm_and_yarn/update_checker"
 require "dependabot/npm_and_yarn/version"
@@ -74,6 +75,8 @@ module Dependabot
         def latest_resolvable_version
           return latest_allowable_version if git_dependency?(dependency)
           return if part_of_tightly_locked_monorepo?
+          return if types_update_available?
+          return if original_package_update_available?
 
           return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
 
@@ -90,10 +93,12 @@ module Dependabot
           resolve_latest_previous_version(dependency, updated_version)
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def dependency_updates_from_full_unlock
           return if git_dependency?(dependency)
           return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
           return if newly_broken_peer_reqs_from_dep.any?
+          return if original_package_update_available?
 
           updates = [{
             dependency: dependency,
@@ -122,8 +127,10 @@ module Dependabot
               )
             }
           end
+          updates += updated_types_dependencies if types_update_available?
           updates.uniq
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         private
 
@@ -222,6 +229,54 @@ module Dependabot
           updates
         end
 
+        def types_package
+          @types_package ||= begin
+            types_package_name = PackageName.new(dependency.name).types_package_name
+            top_level_dependencies.find { |d| types_package_name.to_s == d.name } if types_package_name
+          end
+        end
+
+        def original_package
+          @original_package ||= begin
+            original_package_name = PackageName.new(dependency.name).library_name
+            top_level_dependencies.find { |d| original_package_name.to_s == d.name } if original_package_name
+          end
+        end
+
+        def latest_types_package_version
+          @latest_types_package_version ||= latest_version_finder(types_package).latest_version_from_registry
+        end
+
+        def types_update_available?
+          return false if types_package.nil?
+
+          return false unless latest_allowable_version.backwards_compatible_with?(latest_types_package_version)
+
+          current_types_package_version = version_class.new(types_package.version)
+          return false unless current_types_package_version < latest_types_package_version
+
+          true
+        end
+
+        def original_package_update_available?
+          return false if original_package.nil?
+
+          latest_version = latest_version_finder(original_package).latest_version_from_registry
+          original_package_version = version_class.new(original_package.version)
+
+          original_package_version < latest_version
+        end
+
+        def updated_types_dependencies
+          [{
+            dependency: types_package,
+            version: latest_types_package_version,
+            previous_version: resolve_latest_previous_version(
+              types_package, latest_types_package_version
+            )
+          }]
+        end
+
         def peer_dependency_errors
           return @peer_dependency_errors if @peer_dependency_errors_checked
 

data/lib/dependabot/npm_and_yarn/version.rb

@@ -34,6 +34,27 @@ module Dependabot
         super
       end
 
+      def major
+        @major ||= segments[0] || 0
+      end
+
+      def minor
+        @minor ||= segments[1] || 0
+      end
+
+      def patch
+        @patch ||= segments[2] || 0
+      end
+
+      def backwards_compatible_with?(other)
+        case major
+        when 0
+          self == other
+        else
+          major == other.major && minor >= other.minor
+        end
+      end
+
       def to_s
         @version_string
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.185.0
+  version: 0.186.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-09 00:00:00.000000000 Z
+date: 2022-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.185.0
+        version: 0.186.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.185.0
+        version: 0.186.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement