RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.211.0 → 0.212.0 - Mend

dependabot-npm_and_yarn 0.211.0 → 0.212.0

Files changed (16) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a59daca8d3197603d1310f3e9441dbcaf008aede06905fdb6ce6464a2a729bf
-  data.tar.gz: 1fa8b86f5de495b7fa09ee5ad9e3ca50916c152ea4350763e36580309f73491d
+  metadata.gz: 5ff4958e3092d765d3d92a6035f05dee25680d26697649b3adad94b2b876df7b
+  data.tar.gz: 0adce108f8a33fefd73641d55db1730ba0bdfd167d2e0a8b7d674d1074455c87
 SHA512:
-  metadata.gz: '080b0ecf1699841eb2f2830bc29c962732abb6eb704b50d3ac9f64a165eea2f860ad9112eb0a5a2367918d324e408e187883c63d027bb7502c17be2146413657'
-  data.tar.gz: 3cec11a3e2321e639d455cc3df562b51a5ed9a22a197ba6d5a210d9dd63a2a1f6b65099c9bbe5c00b469442f415c6790a898a16ea54589d85468ed45f3183d56
+  metadata.gz: 3eac1860e88136dc0b8ebc851b1fdad2ae27459df2a39937d401372b86cd6c86432d46bfe93d68422098d664ebe776fdaf3f7674f07911525e5c97fce83e0136
+  data.tar.gz: c7c5f918a175e8f8de6cfc8110895f3c13f15cd1af0e342ab2cdd74794c2d383c74e46ea2076b36a3059a75cc5e93a92233a1d08368e5cfdd456fb3a5d89bc34

data/lib/dependabot/npm_and_yarn/file_fetcher.rb CHANGED Viewed

@@ -88,7 +88,7 @@ module Dependabot
         # Loop through parent directories looking for an npmrc
         (1..directory.split("/").count).each do |i|
-          @npmrc = fetch_file_from_host("../" * i + ".npmrc")&.
+          @npmrc = fetch_file_from_host(("../" * i) + ".npmrc")&.
                    tap { |f| f.support_file = true }
           break if @npmrc
         rescue Dependabot::DependencyFileNotFound
@@ -107,7 +107,7 @@ module Dependabot
         # Loop through parent directories looking for an yarnrc
         (1..directory.split("/").count).each do |i|
-          @yarnrc = fetch_file_from_host("../" * i + ".yarnrc")&.
+          @yarnrc = fetch_file_from_host(("../" * i) + ".yarnrc")&.
                    tap { |f| f.support_file = true }
           break if @yarnrc
         rescue Dependabot::DependencyFileNotFound
@@ -200,7 +200,7 @@ module Dependabot
         resolution_objects = parsed_manifest.values_at("resolutions").compact
         manifest_objects = dependency_objects + resolution_objects
-        raise Dependabot::DependencyFileNotParseable, file.path unless manifest_objects.all? { |o| o.is_a?(Hash) }
+        raise Dependabot::DependencyFileNotParseable, file.path unless manifest_objects.all?(Hash)
         resolution_deps = resolution_objects.flat_map(&:to_a).
                           map do |path, value|

data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb CHANGED Viewed

@@ -48,8 +48,7 @@ module Dependabot
             %w(yarn.lock package-lock.json npm-shrinkwrap.json)
           possible_lockfile_names.uniq.
-            map { |nm| dependency_files.find { |f| f.name == nm } }.
-            compact
+            filter_map { |nm| dependency_files.find { |f| f.name == nm } }
         end
         def npm_lockfile_details(lockfile, dependency_name, manifest_name)

data/lib/dependabot/npm_and_yarn/file_parser.rb CHANGED Viewed

@@ -159,7 +159,7 @@ module Dependabot
       def workspace_package_names
         @workspace_package_names ||=
-          package_files.map { |f| JSON.parse(f.content)["name"] }.compact
+          package_files.filter_map { |f| JSON.parse(f.content)["name"] }
       end
       def version_for(name, requirement, manifest_name)

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED Viewed

@@ -385,7 +385,7 @@ module Dependabot
         def raise_resolvability_error(error_message)
           dependency_names = dependencies.map(&:name).join(", ")
-          msg = "Error whilst updating #{dependency_names} in "\
+          msg = "Error whilst updating #{dependency_names} in " \
                 "#{lockfile.path}:\n#{error_message}"
           raise Dependabot::DependencyFileNotResolvable, msg
         end
@@ -397,11 +397,11 @@ module Dependabot
           # issues on the error message (issue detail) on the backend
           #
           # ToDo: add an error ID to issues to make it easier to unique them
-          msg = "Error whilst updating dependencies in #{lockfile.name}:\n"\
-                "#{error_message}\n\n"\
-                "It looks like your lockfile has some corrupt entries with "\
-                "missing versions and needs to be re-generated.\n"\
-                "You'll need to remove #{lockfile.name} and #{modules_path} "\
+          msg = "Error whilst updating dependencies in #{lockfile.name}:\n" \
+                "#{error_message}\n\n" \
+                "It looks like your lockfile has some corrupt entries with " \
+                "missing versions and needs to be re-generated.\n" \
+                "You'll need to remove #{lockfile.name} and #{modules_path} " \
                 "before you run npm install."
           raise Dependabot::DependencyFileNotResolvable, msg
         end

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb CHANGED Viewed

@@ -42,9 +42,9 @@ module Dependabot
           return unless yarn_lock || package_lock
           return unless global_registry
-          "registry = https://#{global_registry['registry']}\n"\
-          "#{global_registry_auth_line}"\
-          "always-auth = true"
+          "registry = https://#{global_registry['registry']}\n" \
+            "#{global_registry_auth_line}" \
+            "always-auth = true"
         end
         def global_registry # rubocop:disable Metrics/PerceivedComplexity
@@ -89,7 +89,7 @@ module Dependabot
           if package_lock
             @dependency_urls +=
               parsed_package_lock.fetch("dependencies", {}).
-              map { |_, details| details["resolved"] }.compact.
+              filter_map { |_, details| details["resolved"] }.
               select { |url| url.is_a?(String) }.
               reject { |url| url.start_with?("git") }
           end
@@ -114,8 +114,8 @@ module Dependabot
           return initial_content unless global_registry
           initial_content +
-            "registry = https://#{global_registry['registry']}\n"\
-            "#{global_registry_auth_line}"\
+            "registry = https://#{global_registry['registry']}\n" \
+            "#{global_registry_auth_line}" \
             "always-auth = true\n"
         end
@@ -166,8 +166,7 @@ module Dependabot
           @npmrc_scoped_registries ||=
             npmrc_file.content.lines.select { |line| line.match?(SCOPED_REGISTRY) }.
-            map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") }.
-            compact
+            filter_map { |line| line.match(SCOPED_REGISTRY)&.named_captures&.fetch("registry") }
         end
         # rubocop:disable Metrics/PerceivedComplexity

data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb CHANGED Viewed

@@ -220,8 +220,8 @@ module Dependabot
           content.scan(/['"]#{sections_regex}['"]\s*:\s*\{/m) do
             mtch = Regexp.last_match
             declaration_blocks <<
-              mtch.to_s +
-              mtch.post_match[0..closing_bracket_index(mtch.post_match)]
+              (mtch.to_s +
+              mtch.post_match[0..closing_bracket_index(mtch.post_match)])
           end
           declaration_blocks.reduce(content.dup) do |new_content, block|

data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED Viewed

@@ -155,11 +155,11 @@ module Dependabot
         def requirements_for_path(requirements, path)
           return requirements if path.to_s == "."
-          requirements.map do |r|
+          requirements.filter_map do |r|
             next unless r[:file].start_with?("#{path}/")
             r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
-          end.compact
+          end
         end
         # rubocop:disable Metrics/AbcSize
@@ -430,7 +430,7 @@ module Dependabot
         def raise_resolvability_error(error_message, yarn_lock)
           dependency_names = dependencies.map(&:name).join(", ")
-          msg = "Error whilst updating #{dependency_names} in "\
+          msg = "Error whilst updating #{dependency_names} in " \
                 "#{yarn_lock.path}:\n#{error_message}"
           raise Dependabot::DependencyFileNotResolvable, msg
         end

data/lib/dependabot/npm_and_yarn/file_updater.rb CHANGED Viewed

@@ -123,12 +123,12 @@ module Dependabot
       end
       def updated_manifest_files
-        package_files.map do |file|
+        package_files.filter_map do |file|
           updated_content = updated_package_json_content(file)
           next if updated_content == file.content
           updated_file(file: file, content: updated_content)
-        end.compact
+        end
       end
       def updated_lockfiles

data/lib/dependabot/npm_and_yarn/metadata_finder.rb CHANGED Viewed

@@ -26,9 +26,9 @@ module Dependabot
         return unless npm_listing.dig("time", dependency.version)
         return if previous_releasers.include?(npm_releaser)
-        "This version was pushed to npm by "\
-        "[#{npm_releaser}](https://www.npmjs.com/~#{npm_releaser}), a new "\
-        "releaser for #{dependency.name} since your current version."
+        "This version was pushed to npm by " \
+          "[#{npm_releaser}](https://www.npmjs.com/~#{npm_releaser}), a new " \
+          "releaser for #{dependency.name} since your current version."
       end
       private
@@ -64,7 +64,7 @@ module Dependabot
         all_version_listings.
           reject { |v, _| Time.parse(times[v]) > cutoff }.
-          map { |_, d| d.fetch("_npmUser", nil)&.fetch("name", nil) }.compact
+          filter_map { |_, d| d.fetch("_npmUser", nil)&.fetch("name", nil) }
       end
       def find_source_from_registry

data/lib/dependabot/npm_and_yarn/native_helpers.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module Dependabot
       end
       def self.native_helpers_root
-        helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
+        helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
         return File.join(helpers_root, "npm_and_yarn") unless helpers_root.nil?
         File.join(__dir__, "../../../helpers")

data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -121,9 +121,9 @@ module Dependabot
         end
         def filter_out_of_range_versions(versions_array)
-          reqs = dependency.requirements.map do |r|
+          reqs = dependency.requirements.filter_map do |r|
             NpmAndYarn::Requirement.requirements_array(r.fetch(:requirement))
-          end.compact
+          end
           versions_array.
             select { |v| reqs.all? { |r| r.any? { |o| o.satisfied_by?(v) } } }

data/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb CHANGED Viewed

@@ -63,7 +63,7 @@ module Dependabot
         def updating_from_git_to_npm?
           return false unless updated_source.nil?
-          original_source = requirements.map { |r| r[:source] }.compact.first
+          original_source = requirements.filter_map { |r| r[:source] }.first
           original_source&.fetch(:type) == "git"
         end

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED Viewed

@@ -157,7 +157,7 @@ module Dependabot
             relevant_versions = latest_version_finder(dependency).
                                 possible_previous_versions_with_details.
                                 map(&:first)
-            reqs = dep.requirements.map { |r| r[:requirement] }.compact.
+            reqs = dep.requirements.filter_map { |r| r[:requirement] }.
                    map { |r| requirement_class.requirements_array(r) }
             # Pick the lowest version from the max possible version from all
@@ -355,7 +355,7 @@ module Dependabot
             requirement_name:
               captures.fetch("required_dep").sub(/@[^@]+$/, ""),
             requirement_version:
-              captures.fetch("required_dep").split("@").last.gsub('"', ""),
+              captures.fetch("required_dep").split("@").last.delete('"'),
             requiring_dep_name:
               captures.fetch("requiring_dep").sub(/@[^@]+$/, "")
           }
@@ -543,11 +543,11 @@ module Dependabot
         def requirements_for_path(requirements, path)
           return requirements if path.to_s == "."
-          requirements.map do |r|
+          requirements.filter_map do |r|
             next unless r[:file].start_with?("#{path}/")
             r.merge(file: r[:file].gsub(/^#{Regexp.quote("#{path}/")}/, ""))
-          end.compact
+          end
         end
         # Top level dependencies are required in the peer dep checker
@@ -581,7 +581,7 @@ module Dependabot
         def version_for_dependency(dep)
           return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
-          dep.requirements.map { |r| r[:requirement] }.compact.
+          dep.requirements.filter_map { |r| r[:requirement] }.
             reject { |req_string| req_string.start_with?("<") }.
             select { |req_string| req_string.match?(version_regex) }.
             map { |req_string| req_string.match(version_regex) }.

data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED Viewed

@@ -188,7 +188,7 @@ module Dependabot
           source: nil
         ).parse.select(&:top_level?)
-        top_level_dependencies.map { |dep| [dep.name, dep] }.to_h
+        top_level_dependencies.to_h { |dep| [dep.name, dep] }
       end
       def build_updated_dependency(update_details)
@@ -214,11 +214,11 @@ module Dependabot
       end
       def latest_resolvable_version_with_no_unlock_for_git_dependency
-        reqs = dependency.requirements.map do |r|
+        reqs = dependency.requirements.filter_map do |r|
           next if r.fetch(:requirement).nil?
           requirement_class.requirements_array(r.fetch(:requirement))
-        end.compact
+        end
         current_version =
           if existing_version_is_sha? ||

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.211.0
+  version: 0.212.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
+        version: 0.212.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
+        version: 0.212.0
 - !ruby/object:Gem::Dependency
   name: debase
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.12.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.36.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.36.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.14.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.14.2
 - !ruby/object:Gem::Dependency
   name: ruby-debug-ide
   requirement: !ruby/object:Gem::Requirement