dependabot-npm_and_yarn 0.211.0 → 0.212.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +3 -3
- data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +1 -2
- data/lib/dependabot/npm_and_yarn/file_parser.rb +1 -1
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +6 -6
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +7 -8
- data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +2 -2
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +3 -3
- data/lib/dependabot/npm_and_yarn/file_updater.rb +2 -2
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +4 -4
- data/lib/dependabot/npm_and_yarn/native_helpers.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -2
- data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +1 -1
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +5 -5
- data/lib/dependabot/npm_and_yarn/update_checker.rb +3 -3
- metadata +22 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5ff4958e3092d765d3d92a6035f05dee25680d26697649b3adad94b2b876df7b
|
4
|
+
data.tar.gz: 0adce108f8a33fefd73641d55db1730ba0bdfd167d2e0a8b7d674d1074455c87
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3eac1860e88136dc0b8ebc851b1fdad2ae27459df2a39937d401372b86cd6c86432d46bfe93d68422098d664ebe776fdaf3f7674f07911525e5c97fce83e0136
|
7
|
+
data.tar.gz: c7c5f918a175e8f8de6cfc8110895f3c13f15cd1af0e342ab2cdd74794c2d383c74e46ea2076b36a3059a75cc5e93a92233a1d08368e5cfdd456fb3a5d89bc34
|
@@ -88,7 +88,7 @@ module Dependabot
|
|
88
88
|
|
89
89
|
# Loop through parent directories looking for an npmrc
|
90
90
|
(1..directory.split("/").count).each do |i|
|
91
|
-
@npmrc = fetch_file_from_host("../" * i + ".npmrc")&.
|
91
|
+
@npmrc = fetch_file_from_host(("../" * i) + ".npmrc")&.
|
92
92
|
tap { |f| f.support_file = true }
|
93
93
|
break if @npmrc
|
94
94
|
rescue Dependabot::DependencyFileNotFound
|
@@ -107,7 +107,7 @@ module Dependabot
|
|
107
107
|
|
108
108
|
# Loop through parent directories looking for an yarnrc
|
109
109
|
(1..directory.split("/").count).each do |i|
|
110
|
-
@yarnrc = fetch_file_from_host("../" * i + ".yarnrc")&.
|
110
|
+
@yarnrc = fetch_file_from_host(("../" * i) + ".yarnrc")&.
|
111
111
|
tap { |f| f.support_file = true }
|
112
112
|
break if @yarnrc
|
113
113
|
rescue Dependabot::DependencyFileNotFound
|
@@ -200,7 +200,7 @@ module Dependabot
|
|
200
200
|
resolution_objects = parsed_manifest.values_at("resolutions").compact
|
201
201
|
manifest_objects = dependency_objects + resolution_objects
|
202
202
|
|
203
|
-
raise Dependabot::DependencyFileNotParseable, file.path unless manifest_objects.all?
|
203
|
+
raise Dependabot::DependencyFileNotParseable, file.path unless manifest_objects.all?(Hash)
|
204
204
|
|
205
205
|
resolution_deps = resolution_objects.flat_map(&:to_a).
|
206
206
|
map do |path, value|
|
@@ -48,8 +48,7 @@ module Dependabot
|
|
48
48
|
%w(yarn.lock package-lock.json npm-shrinkwrap.json)
|
49
49
|
|
50
50
|
possible_lockfile_names.uniq.
|
51
|
-
|
52
|
-
compact
|
51
|
+
filter_map { |nm| dependency_files.find { |f| f.name == nm } }
|
53
52
|
end
|
54
53
|
|
55
54
|
def npm_lockfile_details(lockfile, dependency_name, manifest_name)
|
@@ -159,7 +159,7 @@ module Dependabot
|
|
159
159
|
|
160
160
|
def workspace_package_names
|
161
161
|
@workspace_package_names ||=
|
162
|
-
package_files.
|
162
|
+
package_files.filter_map { |f| JSON.parse(f.content)["name"] }
|
163
163
|
end
|
164
164
|
|
165
165
|
def version_for(name, requirement, manifest_name)
|
@@ -385,7 +385,7 @@ module Dependabot
|
|
385
385
|
|
386
386
|
def raise_resolvability_error(error_message)
|
387
387
|
dependency_names = dependencies.map(&:name).join(", ")
|
388
|
-
msg = "Error whilst updating #{dependency_names} in "\
|
388
|
+
msg = "Error whilst updating #{dependency_names} in " \
|
389
389
|
"#{lockfile.path}:\n#{error_message}"
|
390
390
|
raise Dependabot::DependencyFileNotResolvable, msg
|
391
391
|
end
|
@@ -397,11 +397,11 @@ module Dependabot
|
|
397
397
|
# issues on the error message (issue detail) on the backend
|
398
398
|
#
|
399
399
|
# ToDo: add an error ID to issues to make it easier to unique them
|
400
|
-
msg = "Error whilst updating dependencies in #{lockfile.name}:\n"\
|
401
|
-
"#{error_message}\n\n"\
|
402
|
-
"It looks like your lockfile has some corrupt entries with "\
|
403
|
-
"missing versions and needs to be re-generated.\n"\
|
404
|
-
"You'll need to remove #{lockfile.name} and #{modules_path} "\
|
400
|
+
msg = "Error whilst updating dependencies in #{lockfile.name}:\n" \
|
401
|
+
"#{error_message}\n\n" \
|
402
|
+
"It looks like your lockfile has some corrupt entries with " \
|
403
|
+
"missing versions and needs to be re-generated.\n" \
|
404
|
+
"You'll need to remove #{lockfile.name} and #{modules_path} " \
|
405
405
|
"before you run npm install."
|
406
406
|
raise Dependabot::DependencyFileNotResolvable, msg
|
407
407
|
end
|
@@ -42,9 +42,9 @@ module Dependabot
|
|
42
42
|
return unless yarn_lock || package_lock
|
43
43
|
return unless global_registry
|
44
44
|
|
45
|
-
"registry = https://#{global_registry['registry']}\n"\
|
46
|
-
|
47
|
-
|
45
|
+
"registry = https://#{global_registry['registry']}\n" \
|
46
|
+
"#{global_registry_auth_line}" \
|
47
|
+
"always-auth = true"
|
48
48
|
end
|
49
49
|
|
50
50
|
def global_registry # rubocop:disable Metrics/PerceivedComplexity
|
@@ -89,7 +89,7 @@ module Dependabot
|
|
89
89
|
if package_lock
|
90
90
|
@dependency_urls +=
|
91
91
|
parsed_package_lock.fetch("dependencies", {}).
|
92
|
-
|
92
|
+
filter_map { |_, details| details["resolved"] }.
|
93
93
|
select { |url| url.is_a?(String) }.
|
94
94
|
reject { |url| url.start_with?("git") }
|
95
95
|
end
|
@@ -114,8 +114,8 @@ module Dependabot
|
|
114
114
|
return initial_content unless global_registry
|
115
115
|
|
116
116
|
initial_content +
|
117
|
-
"registry = https://#{global_registry['registry']}\n"\
|
118
|
-
"#{global_registry_auth_line}"\
|
117
|
+
"registry = https://#{global_registry['registry']}\n" \
|
118
|
+
"#{global_registry_auth_line}" \
|
119
119
|
"always-auth = true\n"
|
120
120
|
end
|
121
121
|
|
@@ -166,8 +166,7 @@ module Dependabot
|
|
166
166
|
|
167
167
|
@npmrc_scoped_registries ||=
|
168
168
|
npmrc_file.content.lines.select { |line| line.match?(SCOPED_REGISTRY) }.
|
169
|
-
|
170
|
-
compact
|
169
|
+
filter_map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") }
|
171
170
|
end
|
172
171
|
|
173
172
|
# rubocop:disable Metrics/PerceivedComplexity
|
@@ -220,8 +220,8 @@ module Dependabot
|
|
220
220
|
content.scan(/['"]#{sections_regex}['"]\s*:\s*\{/m) do
|
221
221
|
mtch = Regexp.last_match
|
222
222
|
declaration_blocks <<
|
223
|
-
mtch.to_s +
|
224
|
-
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
223
|
+
(mtch.to_s +
|
224
|
+
mtch.post_match[0..closing_bracket_index(mtch.post_match)])
|
225
225
|
end
|
226
226
|
|
227
227
|
declaration_blocks.reduce(content.dup) do |new_content, block|
|
@@ -155,11 +155,11 @@ module Dependabot
|
|
155
155
|
def requirements_for_path(requirements, path)
|
156
156
|
return requirements if path.to_s == "."
|
157
157
|
|
158
|
-
requirements.
|
158
|
+
requirements.filter_map do |r|
|
159
159
|
next unless r[:file].start_with?("#{path}/")
|
160
160
|
|
161
161
|
r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
|
162
|
-
end
|
162
|
+
end
|
163
163
|
end
|
164
164
|
|
165
165
|
# rubocop:disable Metrics/AbcSize
|
@@ -430,7 +430,7 @@ module Dependabot
|
|
430
430
|
|
431
431
|
def raise_resolvability_error(error_message, yarn_lock)
|
432
432
|
dependency_names = dependencies.map(&:name).join(", ")
|
433
|
-
msg = "Error whilst updating #{dependency_names} in "\
|
433
|
+
msg = "Error whilst updating #{dependency_names} in " \
|
434
434
|
"#{yarn_lock.path}:\n#{error_message}"
|
435
435
|
raise Dependabot::DependencyFileNotResolvable, msg
|
436
436
|
end
|
@@ -123,12 +123,12 @@ module Dependabot
|
|
123
123
|
end
|
124
124
|
|
125
125
|
def updated_manifest_files
|
126
|
-
package_files.
|
126
|
+
package_files.filter_map do |file|
|
127
127
|
updated_content = updated_package_json_content(file)
|
128
128
|
next if updated_content == file.content
|
129
129
|
|
130
130
|
updated_file(file: file, content: updated_content)
|
131
|
-
end
|
131
|
+
end
|
132
132
|
end
|
133
133
|
|
134
134
|
def updated_lockfiles
|
@@ -26,9 +26,9 @@ module Dependabot
|
|
26
26
|
return unless npm_listing.dig("time", dependency.version)
|
27
27
|
return if previous_releasers.include?(npm_releaser)
|
28
28
|
|
29
|
-
"This version was pushed to npm by "\
|
30
|
-
|
31
|
-
|
29
|
+
"This version was pushed to npm by " \
|
30
|
+
"[#{npm_releaser}](https://www.npmjs.com/~#{npm_releaser}), a new " \
|
31
|
+
"releaser for #{dependency.name} since your current version."
|
32
32
|
end
|
33
33
|
|
34
34
|
private
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
64
64
|
|
65
65
|
all_version_listings.
|
66
66
|
reject { |v, _| Time.parse(times[v]) > cutoff }.
|
67
|
-
|
67
|
+
filter_map { |_, d| d.fetch("_npmUser", nil)&.fetch("name", nil) }
|
68
68
|
end
|
69
69
|
|
70
70
|
def find_source_from_registry
|
@@ -8,7 +8,7 @@ module Dependabot
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def self.native_helpers_root
|
11
|
-
helpers_root = ENV
|
11
|
+
helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
|
12
12
|
return File.join(helpers_root, "npm_and_yarn") unless helpers_root.nil?
|
13
13
|
|
14
14
|
File.join(__dir__, "../../../helpers")
|
@@ -121,9 +121,9 @@ module Dependabot
|
|
121
121
|
end
|
122
122
|
|
123
123
|
def filter_out_of_range_versions(versions_array)
|
124
|
-
reqs = dependency.requirements.
|
124
|
+
reqs = dependency.requirements.filter_map do |r|
|
125
125
|
NpmAndYarn::Requirement.requirements_array(r.fetch(:requirement))
|
126
|
-
end
|
126
|
+
end
|
127
127
|
|
128
128
|
versions_array.
|
129
129
|
select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }
|
@@ -63,7 +63,7 @@ module Dependabot
|
|
63
63
|
def updating_from_git_to_npm?
|
64
64
|
return false unless updated_source.nil?
|
65
65
|
|
66
|
-
original_source = requirements.
|
66
|
+
original_source = requirements.filter_map { |r| r[:source] }.first
|
67
67
|
original_source&.fetch(:type) == "git"
|
68
68
|
end
|
69
69
|
|
@@ -157,7 +157,7 @@ module Dependabot
|
|
157
157
|
relevant_versions = latest_version_finder(dependency).
|
158
158
|
possible_previous_versions_with_details.
|
159
159
|
map(&:first)
|
160
|
-
reqs = dep.requirements.
|
160
|
+
reqs = dep.requirements.filter_map { |r| r[:requirement] }.
|
161
161
|
map { |r| requirement_class.requirements_array(r) }
|
162
162
|
|
163
163
|
# Pick the lowest version from the max possible version from all
|
@@ -355,7 +355,7 @@ module Dependabot
|
|
355
355
|
requirement_name:
|
356
356
|
captures.fetch("required_dep").sub(/@[^@]+$/, ""),
|
357
357
|
requirement_version:
|
358
|
-
captures.fetch("required_dep").split("@").last.
|
358
|
+
captures.fetch("required_dep").split("@").last.delete('"'),
|
359
359
|
requiring_dep_name:
|
360
360
|
captures.fetch("requiring_dep").sub(/@[^@]+$/, "")
|
361
361
|
}
|
@@ -543,11 +543,11 @@ module Dependabot
|
|
543
543
|
def requirements_for_path(requirements, path)
|
544
544
|
return requirements if path.to_s == "."
|
545
545
|
|
546
|
-
requirements.
|
546
|
+
requirements.filter_map do |r|
|
547
547
|
next unless r[:file].start_with?("#{path}/")
|
548
548
|
|
549
549
|
r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
|
550
|
-
end
|
550
|
+
end
|
551
551
|
end
|
552
552
|
|
553
553
|
# Top level dependencies are required in the peer dep checker
|
@@ -581,7 +581,7 @@ module Dependabot
|
|
581
581
|
def version_for_dependency(dep)
|
582
582
|
return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
|
583
583
|
|
584
|
-
dep.requirements.
|
584
|
+
dep.requirements.filter_map { |r| r[:requirement] }.
|
585
585
|
reject { |req_string| req_string.start_with?("<") }.
|
586
586
|
select { |req_string| req_string.match?(version_regex) }.
|
587
587
|
map { |req_string| req_string.match(version_regex) }.
|
@@ -188,7 +188,7 @@ module Dependabot
|
|
188
188
|
source: nil
|
189
189
|
).parse.select(&:top_level?)
|
190
190
|
|
191
|
-
top_level_dependencies.
|
191
|
+
top_level_dependencies.to_h { |dep| [dep.name, dep] }
|
192
192
|
end
|
193
193
|
|
194
194
|
def build_updated_dependency(update_details)
|
@@ -214,11 +214,11 @@ module Dependabot
|
|
214
214
|
end
|
215
215
|
|
216
216
|
def latest_resolvable_version_with_no_unlock_for_git_dependency
|
217
|
-
reqs = dependency.requirements.
|
217
|
+
reqs = dependency.requirements.filter_map do |r|
|
218
218
|
next if r.fetch(:requirement).nil?
|
219
219
|
|
220
220
|
requirement_class.requirements_array(r.fetch(:requirement))
|
221
|
-
end
|
221
|
+
end
|
222
222
|
|
223
223
|
current_version =
|
224
224
|
if existing_version_is_sha? ||
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.212.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.212.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.212.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debase
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +86,14 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 3.
|
89
|
+
version: 3.12.0
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 3.
|
96
|
+
version: 3.12.0
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: rake
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,14 +142,28 @@ dependencies:
|
|
142
142
|
requirements:
|
143
143
|
- - "~>"
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
145
|
+
version: 1.36.0
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
152
|
+
version: 1.36.0
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rubocop-performance
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 1.14.2
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: 1.14.2
|
153
167
|
- !ruby/object:Gem::Dependency
|
154
168
|
name: ruby-debug-ide
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|