dependabot-npm_and_yarn 0.192.1 → 0.193.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/package-lock.json +7 -7
  3. data/helpers/package.json +1 -1
  4. data/lib/dependabot/npm_and_yarn/package_name.rb +21 -12
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e4e7528f402410ad33c8df39f69fd750982894b9dd1f5d55eb9a114e1257769
4
- data.tar.gz: 4809a6fb9ada871b7ab4dd6ee17ad54f125a9135a0532bc9ab939f0c532d4645
3
+ metadata.gz: 37e5369c2574dd066d5daa2780069cb6b4e11d7eede6b18dae084dae43502582
4
+ data.tar.gz: afc71042de82cfbad18106b182fdb851b7ce763eeba74154fcac92f315d6432f
5
5
  SHA512:
6
- metadata.gz: 4aab0c151c26c41b6b4b5645d64bfb951e4533419136475c70f5f36b3bf1aef16ec02fe2fbaf911c91f8e63c65daec6f8061a85c863a09af944425ad8bdd6807
7
- data.tar.gz: 9dbd17d3efd5f27689fa6ef5f8d6c78c558f32a7a3330f286e88176a2d78e8695f07c0cd3d34e92013c679e6d5ea2d9c0e8a9e7d20380ae11fbf439cd1939128
6
+ metadata.gz: 2065e7854b019d6f302ff2524657e6f8c3ec0a1fcb3e9474998f292eb557a001d8293fea66f6cadd4d7e0f07781afa2c08dc356a514e79aa391efb6984f953dd
7
+ data.tar.gz: feefb9a8df6ea577b949806d071a0d6636d49f492631039fd62d1b645ecaf27fca88bbbbf934e5a4184d435dd21b9fb28a44708f6837dd4f8735dd9f0c01d725
data/helpers/package-lock.json CHANGED
@@ -19,7 +19,7 @@
19
19
  "eslint": "^8.15.0",
20
20
  "eslint-config-prettier": "^8.5.0",
21
21
  "jest": "^28.1.0",
22
- "prettier": "^2.6.2",
22
+ "prettier": "^2.7.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  },
@@ -12167,9 +12167,9 @@
12167
12167
  }
12168
12168
  },
12169
12169
  "node_modules/prettier": {
12170
- "version": "2.6.2",
12171
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
12172
- "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
12170
+ "version": "2.7.1",
12171
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
12172
+ "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
12173
12173
  "dev": true,
12174
12174
  "bin": {
12175
12175
  "prettier": "bin-prettier.js"
@@ -22908,9 +22908,9 @@
22908
22908
  "integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks="
22909
22909
  },
22910
22910
  "prettier": {
22911
- "version": "2.6.2",
22912
- "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz",
22913
- "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==",
22911
+ "version": "2.7.1",
22912
+ "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
22913
+ "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
22914
22914
  "dev": true
22915
22915
  },
22916
22916
  "pretty-format": {
data/helpers/package.json CHANGED
@@ -19,7 +19,7 @@
19
19
  "eslint": "^8.15.0",
20
20
  "eslint-config-prettier": "^8.5.0",
21
21
  "jest": "^28.1.0",
22
- "prettier": "^2.6.2",
22
+ "prettier": "^2.7.1",
23
23
  "rimraf": "^3.0.2"
24
24
  }
25
25
  }
data/lib/dependabot/npm_and_yarn/package_name.rb CHANGED
@@ -3,21 +3,30 @@
3
3
  module Dependabot
4
4
  module NpmAndYarn
5
5
  class PackageName
6
+ # NPM package naming rules are defined by the following projects:
7
+ # - https://github.com/npm/npm-user-validate
8
+ # - https://github.com/npm/validate-npm-package-name
6
9
  PACKAGE_NAME_REGEX = %r{
7
- \A # beginning of string
8
- (?=.{1,214}\z) # enforce length (1 - 214)
9
- (@(?<scope>[a-z0-9\-~][a-z0-9\-\._~]*)\/)? # capture 'scope' if present
10
- (?<name>[a-z0-9\-~][a-z0-9\-._~]*) # capture package name
11
- \z # end of string
12
- }xi.freeze # multi-line/case-insensitive
10
+ \A # beginning of string
11
+ (?=.{1,214}\z) # enforce length (1 - 214)
12
+ (@(?<scope> # capture 'scope' if present
13
+ (?=[^\.]) # reject leading dot
14
+ [a-z0-9\-\_\.\!\~\*\'\(\)]+ # URL-safe characters
15
+ )\/)?
16
+ (?<name> # capture package name
17
+ (?=[^\.\_]) # reject leading dot or underscore
18
+ [a-z0-9\-\_\.\!\~\*\'\(\)]+ # URL-safe characters
19
+ )
20
+ \z # end of string
21
+ }xi.freeze # multi-line/case-insensitive
13
22
 
14
23
  TYPES_PACKAGE_NAME_REGEX = %r{
15
- \A # beginning of string
16
- @types\/ # starts with @types/
17
- ((?<scope>.+)__)? # capture scope
18
- (?<name>.+) # capture name
19
- \z # end of string
20
- }xi.freeze # multi-line/case-insensitive
24
+ \A # beginning of string
25
+ @types\/ # starts with @types/
26
+ ((?<scope>.+)__)? # capture scope
27
+ (?<name>.+) # capture name
28
+ \z # end of string
29
+ }xi.freeze # multi-line/case-insensitive
21
30
 
22
31
  class InvalidPackageName < StandardError; end
23
32
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.192.1
4
+ version: 0.193.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-14 00:00:00.000000000 Z
11
+ date: 2022-06-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.192.1
19
+ version: 0.193.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.192.1
26
+ version: 0.193.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement