dependabot-npm_and_yarn 0.186.1 → 0.187.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ba76f738d1063edb7f67ffd5e91446dc499e4ce3c5669f30cd24549a81de2c7
-  data.tar.gz: 66a0dcbf534d029bf52515a562586adf5787a164456c2ebb4569ebf4997fbb1a
+  metadata.gz: 4fecb25c98d20c0537bb14fbfbf5f0ae606a09c03bcd8c69686104ae8ea2b60e
+  data.tar.gz: 49c8c245cfcbd8a7c0f56acd3fcde70fdf89ddaa22c131b0870f776af1f35d4f
 SHA512:
-  metadata.gz: dd992188087707f9dbb6a40410e4e73831e8517c51735a627284dce456a50c5bab2624a0b7af29b86526ae6e2d61f03e5a210a383826df25f66f22c4a5e13843
-  data.tar.gz: a175aa22539ef2f3ec0e0c0adf6f70e2e883aa4fdcea6ed46a881241268b1c1245478835aaa7142dedef8b9639861500474a8dc767cd71cc622cdbeb65fb0c50
+  metadata.gz: 8f9b74182a2a7eea592f0087787ce6c36d95cb223fc0f2367c414e701f76944529986994e31c3699b670e68a56f5d34ba09597c0c59591440fc5a142ae765a63
+  data.tar.gz: ee6a76e595a5db7fb2ea1d61b3482a6739864c038ed0b4d1806a1c16dcd00085b7af05a8b7582e7e9dd0db9020487c98cfd459ef653ad0d9ebbd70479db12adb

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

@@ -48,7 +48,9 @@ module Dependabot
         end
 
         def global_registry # rubocop:disable Metrics/PerceivedComplexity
-          @global_registry ||=
+          return @global_registry if defined?(@global_registry)
+
+          @global_registry =
             registry_credentials.find do |cred|
               next false if CENTRAL_REGISTRIES.include?(cred["registry"])
 
@@ -132,21 +134,24 @@ module Dependabot
         def credential_lines_for_npmrc
           lines = []
           registry_credentials.each do |cred|
-            registry = cred.fetch("registry").sub(%r{\/?$}, "/")
+            registry = cred.fetch("registry")
 
             lines += registry_scopes(registry) if registry_scopes(registry)
 
             token = cred.fetch("token", nil)
             next unless token
 
+            # We need to ensure the registry uri ends with a trailing slash in the npmrc file
+            # but we do not want to add one if it already exists
+            registry_with_trailing_slash = registry.sub(%r{\/?$}, "/")
             if token.include?(":")
               encoded_token = Base64.encode64(token).delete("\n")
-              lines << "//#{registry}:_auth=#{encoded_token}"
+              lines << "//#{registry_with_trailing_slash}:_auth=#{encoded_token}"
             elsif Base64.decode64(token).ascii_only? &&
                   Base64.decode64(token).include?(":")
-              lines << %(//#{registry}:_auth=#{token.delete("\n")})
+              lines << %(//#{registry_with_trailing_slash}:_auth=#{token.delete("\n")})
             else
-              lines << "//#{registry}:_authToken=#{token}"
+              lines << "//#{registry_with_trailing_slash}:_authToken=#{token}"
             end
           end
 
@@ -169,7 +174,6 @@ module Dependabot
         def registry_scopes(registry)
           # Central registries don't just apply to scopes
           return if CENTRAL_REGISTRIES.include?(registry)
-
           return unless dependency_urls
 
           other_regs =

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.186.1
+  version: 0.187.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-05-10 00:00:00.000000000 Z
+date: 2022-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.186.1
+        version: 0.187.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.186.1
+        version: 0.187.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement