dependabot-npm_and_yarn 0.271.0 → 0.272.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/file_updater.rb +11 -20
- data/lib/dependabot/npm_and_yarn.rb +93 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b986a02c4b0f3aec877f1f3e5713415bf0f6dd7e2cbb347fb8c69c69934e369
|
|
4
|
+
data.tar.gz: 70a12ed63b81ce69ea93473df5792b26397a81015ab40fb9a57c77aa37ceea60
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 023a5ff98729ff3e7e53fb36e086cb957f3f1e545ca1345a69dc1ba4664580b2842af29b407fdbd39fa7c2fe3dc90f04928eb8954b27a3f4aef3ab6bfae0cb36
|
|
7
|
+
data.tar.gz: ce482960e083b8141181fd2a5c7c58159715f7360cf339b372fe230b8ade5148ad657568c25273d394e4549033f9db09cb82c9e16796e8147278bcc2b18d39fb
|
|
@@ -30,26 +30,17 @@ module Dependabot
|
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
sig { override.
|
|
34
|
-
def self.updated_files_regex
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
# Old regex. After 100% rollout of the allowlist, this will be removed.
|
|
45
|
-
[
|
|
46
|
-
/^package\.json$/,
|
|
47
|
-
/^package-lock\.json$/,
|
|
48
|
-
/^npm-shrinkwrap\.json$/,
|
|
49
|
-
/^yarn\.lock$/,
|
|
50
|
-
/^pnpm-lock\.yaml$/
|
|
51
|
-
]
|
|
52
|
-
end
|
|
33
|
+
sig { override.returns(T::Array[Regexp]) }
|
|
34
|
+
def self.updated_files_regex
|
|
35
|
+
[
|
|
36
|
+
%r{^(?:.*/)?package\.json$},
|
|
37
|
+
%r{^(?:.*/)?package-lock\.json$},
|
|
38
|
+
%r{^(?:.*/)?npm-shrinkwrap\.json$},
|
|
39
|
+
%r{^(?:.*/)?yarn\.lock$},
|
|
40
|
+
%r{^(?:.*/)?pnpm-lock\.yaml$},
|
|
41
|
+
%r{^(?:.*/)?\.yarn/.*}, # Matches any file within the .yarn/ directory
|
|
42
|
+
%r{^(?:.*/)?\.pnp\.(?:js|cjs)$} # Matches .pnp.js or .pnp.cjs files
|
|
43
|
+
]
|
|
53
44
|
end
|
|
54
45
|
|
|
55
46
|
sig { override.returns(T::Array[DependencyFile]) }
|
|
@@ -34,6 +34,7 @@ ErrorHandler = T.type_alias do
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
module Dependabot
|
|
37
|
+
# rubocop:disable Metrics/ModuleLength
|
|
37
38
|
module NpmAndYarn
|
|
38
39
|
NODE_VERSION_NOT_SATISFY_REGEX = /The current Node version (?<current_version>v?\d+\.\d+\.\d+) does not satisfy the required version (?<required_version>v?\d+\.\d+\.\d+)\./ # rubocop:disable Layout/LineLength
|
|
39
40
|
|
|
@@ -115,6 +116,29 @@ module Dependabot
|
|
|
115
116
|
|
|
116
117
|
ENV_VAR_NOT_RESOLVABLE = /Failed to replace env in config: \$\{(?<var>.*)\}/
|
|
117
118
|
|
|
119
|
+
OUT_OF_DISKSPACE = / Out of diskspace/
|
|
120
|
+
|
|
121
|
+
# yarnrc.yml errors
|
|
122
|
+
YARNRC_PARSE_ERROR = /Parse error when loading (?<filename>.*?); /
|
|
123
|
+
YARNRC_ENV_NOT_FOUND = /Usage Error: Environment variable not found /
|
|
124
|
+
YARNRC_ENV_NOT_FOUND_REGEX = /Usage Error: Environment variable not found \((?<token>.*)\) in (?<filename>.*?) /
|
|
125
|
+
YARNRC_EAI_AGAIN = /getaddrinfo EAI_AGAIN/
|
|
126
|
+
YARNRC_ENOENT = /Internal Error: ENOENT/
|
|
127
|
+
YARNRC_ENOENT_REGEX = /Internal Error: ENOENT: no such file or directory, stat '(?<filename>.*?)'/
|
|
128
|
+
|
|
129
|
+
YN0001_FILE_NOT_RESOLVED_CODES = T.let({
|
|
130
|
+
FIND_PACKAGE_LOCATION: /YN0001: UsageError: Couldn't find the (?<pkg>.*) state file/,
|
|
131
|
+
NO_CANDIDATE_FOUND: /YN0001: Error: (?<pkg>.*): No candidates found/,
|
|
132
|
+
NO_SUPPORTED_RESOLVER: /YN0001:*.*Error: (?<pkg>.*) isn't supported by any available resolver/,
|
|
133
|
+
WORKSPACE_NOT_FOUND: /YN0001: Error: (?<pkg>.*): Workspace not found/,
|
|
134
|
+
ENOENT: /YN0001:*.*Thrown Error: (?<pkg>.*) ENOENT/,
|
|
135
|
+
MANIFEST_NOT_FOUND: /YN0001: Error: (?<pkg>.*): Manifest not found/
|
|
136
|
+
}.freeze, T::Hash[String, Regexp])
|
|
137
|
+
|
|
138
|
+
YN0001_AUTH_ERROR_CODES = T.let({
|
|
139
|
+
AUTH_ERROR: /YN0001:*.*Fatal Error: could not read Username for '(?<url>.*)': terminal prompts disabled/
|
|
140
|
+
}.freeze, T::Hash[String, Regexp])
|
|
141
|
+
|
|
118
142
|
class Utils
|
|
119
143
|
extend T::Sig
|
|
120
144
|
|
|
@@ -155,6 +179,18 @@ module Dependabot
|
|
|
155
179
|
"YN0001" => {
|
|
156
180
|
message: "Exception error",
|
|
157
181
|
handler: lambda { |message, _error, _params|
|
|
182
|
+
YN0001_FILE_NOT_RESOLVED_CODES.each do |(_yn0001_key, yn0001_regex)|
|
|
183
|
+
if (msg = message.match(yn0001_regex))
|
|
184
|
+
return Dependabot::DependencyFileNotResolvable.new(msg)
|
|
185
|
+
end
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
YN0001_AUTH_ERROR_CODES.each do |(_yn0001_key, yn0001_regex)|
|
|
189
|
+
if (msg = message.match(yn0001_regex))
|
|
190
|
+
url = msg.named_captures.fetch(URL_CAPTURE)
|
|
191
|
+
return Dependabot::PrivateSourceAuthenticationFailure.new(url)
|
|
192
|
+
end
|
|
193
|
+
end
|
|
158
194
|
Dependabot::DependabotError.new(message)
|
|
159
195
|
}
|
|
160
196
|
},
|
|
@@ -385,6 +421,62 @@ module Dependabot
|
|
|
385
421
|
},
|
|
386
422
|
in_usage: false,
|
|
387
423
|
matchfn: nil
|
|
424
|
+
},
|
|
425
|
+
{
|
|
426
|
+
patterns: [OUT_OF_DISKSPACE],
|
|
427
|
+
handler: lambda { |message, _error, _params|
|
|
428
|
+
Dependabot::OutOfDisk.new(message)
|
|
429
|
+
},
|
|
430
|
+
in_usage: false,
|
|
431
|
+
matchfn: nil
|
|
432
|
+
},
|
|
433
|
+
{
|
|
434
|
+
patterns: [YARNRC_PARSE_ERROR],
|
|
435
|
+
handler: lambda { |message, _error, _params|
|
|
436
|
+
filename = message.match(YARNRC_PARSE_ERROR).named_captures["filename"]
|
|
437
|
+
|
|
438
|
+
msg = "Error while loading \"#{filename.split('/').last}\"."
|
|
439
|
+
Dependabot::DependencyFileNotResolvable.new(msg)
|
|
440
|
+
},
|
|
441
|
+
in_usage: false,
|
|
442
|
+
matchfn: nil
|
|
443
|
+
},
|
|
444
|
+
{
|
|
445
|
+
patterns: [YARNRC_ENV_NOT_FOUND],
|
|
446
|
+
handler: lambda { |message, _error, _params|
|
|
447
|
+
error_message = message.gsub(/[[:space:]]+/, " ").strip
|
|
448
|
+
|
|
449
|
+
filename = error_message.match(YARNRC_ENV_NOT_FOUND_REGEX)
|
|
450
|
+
.named_captures["filename"]
|
|
451
|
+
|
|
452
|
+
env_var = error_message.match(YARNRC_ENV_NOT_FOUND_REGEX)
|
|
453
|
+
.named_captures["token"]
|
|
454
|
+
|
|
455
|
+
msg = "Environment variable \"#{env_var}\" not found in \"#{filename.split('/').last}\"."
|
|
456
|
+
Dependabot::MissingEnvironmentVariable.new(env_var, msg)
|
|
457
|
+
},
|
|
458
|
+
in_usage: false,
|
|
459
|
+
matchfn: nil
|
|
460
|
+
},
|
|
461
|
+
{
|
|
462
|
+
patterns: [YARNRC_EAI_AGAIN],
|
|
463
|
+
handler: lambda { |_message, _error, _params|
|
|
464
|
+
Dependabot::DependencyFileNotResolvable.new("Network error while resolving dependency.")
|
|
465
|
+
},
|
|
466
|
+
in_usage: false,
|
|
467
|
+
matchfn: nil
|
|
468
|
+
},
|
|
469
|
+
{
|
|
470
|
+
patterns: [YARNRC_ENOENT],
|
|
471
|
+
handler: lambda { |message, _error, _params|
|
|
472
|
+
error_message = message.gsub(/[[:space:]]+/, " ").strip
|
|
473
|
+
filename = error_message.match(YARNRC_ENOENT_REGEX).named_captures["filename"]
|
|
474
|
+
|
|
475
|
+
Dependabot::DependencyFileNotResolvable.new("Internal error while resolving dependency." \
|
|
476
|
+
"File not found \"#{filename.split('/').last}\"")
|
|
477
|
+
},
|
|
478
|
+
in_usage: false,
|
|
479
|
+
matchfn: nil
|
|
388
480
|
}
|
|
389
481
|
|
|
390
482
|
].freeze, T::Array[{
|
|
@@ -394,4 +486,5 @@ module Dependabot
|
|
|
394
486
|
matchfn: T.nilable(T.proc.params(usage: String, message: String).returns(T::Boolean))
|
|
395
487
|
}])
|
|
396
488
|
end
|
|
489
|
+
# rubocop:enable Metrics/ModuleLength
|
|
397
490
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.272.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-08-
|
|
11
|
+
date: 2024-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.272.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.272.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -345,7 +345,7 @@ licenses:
|
|
|
345
345
|
- MIT
|
|
346
346
|
metadata:
|
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.272.0
|
|
349
349
|
post_install_message:
|
|
350
350
|
rdoc_options: []
|
|
351
351
|
require_paths:
|