dependabot-npm_and_yarn 0.275.0 → 0.276.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 71f857c622a3e71c8c1e3099f585ebcc9aa7451b2d4fffc696770ed110b71405
|
|
4
|
+
data.tar.gz: 6c345e58a378ac08049a9593708f92735d565b48283a23d52233d303cb700d66
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ec358314a3ce776ab90fa8b9d34e5bd3ec4006bb388467e412d58042bd1bcab2803e51b3fcc816ac49e5cdb6e64fbac2bed472dbb27d36c91e527f904a44797e
|
|
7
|
+
data.tar.gz: bbbc9073fddf986810a9ca35e1800d9030c8df3743f20d8ba7802a303eb815bf650e171d55beb63cab8f31fb5d9fbe9c65b84b7f2e2ec0db018a15f08ceae1ed
|
|
@@ -107,6 +107,12 @@ module Dependabot
|
|
|
107
107
|
# issue related when dependency url is not mentioned correctly
|
|
108
108
|
UNRESOLVED_REFERENCE = /Unable to resolve reference (?<deps>.*)/
|
|
109
109
|
|
|
110
|
+
# npm git related error for dependencies
|
|
111
|
+
GIT_CHECKOUT_ERROR_REGEX = /Command failed: git checkout (?<sha>.*)/
|
|
112
|
+
|
|
113
|
+
# Invalid version format found for dependency in package.json file
|
|
114
|
+
INVALID_VERSION = /Invalid Version: (?<ver>.*)/
|
|
115
|
+
|
|
110
116
|
# TODO: look into fixing this in npm, seems like a bug in the git
|
|
111
117
|
# downloader introduced in npm 7
|
|
112
118
|
#
|
|
@@ -616,6 +622,15 @@ module Dependabot
|
|
|
616
622
|
raise Dependabot::DependencyFileNotResolvable, msg
|
|
617
623
|
end
|
|
618
624
|
|
|
625
|
+
if (error_msg = error_message.match(GIT_CHECKOUT_ERROR_REGEX))
|
|
626
|
+
raise Dependabot::DependencyFileNotResolvable, error_msg
|
|
627
|
+
end
|
|
628
|
+
|
|
629
|
+
if (error_msg = error_message.match(INVALID_VERSION))
|
|
630
|
+
msg = "Found invalid version \"#{error_msg.named_captures.fetch('ver')}\" while updating"
|
|
631
|
+
raise Dependabot::DependencyFileNotResolvable, msg
|
|
632
|
+
end
|
|
633
|
+
|
|
619
634
|
raise error
|
|
620
635
|
end
|
|
621
636
|
# rubocop:enable Metrics/AbcSize
|
|
@@ -45,7 +45,8 @@ module Dependabot
|
|
|
45
45
|
resolved_url
|
|
46
46
|
end
|
|
47
47
|
|
|
48
|
-
|
|
48
|
+
package_name = url_base.gsub("%2F", "/").match(%r{@.*/})
|
|
49
|
+
"#{T.must(package_name)}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
|
|
49
50
|
end
|
|
50
51
|
|
|
51
52
|
private
|
|
@@ -17,15 +17,6 @@ module Dependabot
|
|
|
17
17
|
class LatestVersionFinder
|
|
18
18
|
extend T::Sig
|
|
19
19
|
|
|
20
|
-
class RegistryError < StandardError
|
|
21
|
-
attr_reader :status
|
|
22
|
-
|
|
23
|
-
def initialize(status, msg)
|
|
24
|
-
@status = status
|
|
25
|
-
super(msg)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
20
|
def initialize(dependency:, credentials:, dependency_files:,
|
|
30
21
|
ignored_versions:, security_advisories:,
|
|
31
22
|
raise_on_ignored: false)
|
|
@@ -165,6 +165,9 @@ module Dependabot
|
|
|
165
165
|
REQUIREMENT_NOT_PROVIDED: /(?<dep>.*)(.*?)doesn't provide (?<pkg>.*)(.*?), requested by (?<parent>.*)/
|
|
166
166
|
}.freeze, T::Hash[String, Regexp])
|
|
167
167
|
|
|
168
|
+
# registry returns malformed response
|
|
169
|
+
REGISTRY_NOT_REACHABLE = /Received malformed response from registry for "(?<ver>.*)". The registry may be down./
|
|
170
|
+
|
|
168
171
|
class Utils
|
|
169
172
|
extend T::Sig
|
|
170
173
|
|
|
@@ -580,6 +583,15 @@ module Dependabot
|
|
|
580
583
|
},
|
|
581
584
|
in_usage: false,
|
|
582
585
|
matchfn: nil
|
|
586
|
+
},
|
|
587
|
+
{
|
|
588
|
+
patterns: [REGISTRY_NOT_REACHABLE],
|
|
589
|
+
handler: lambda { |message, _error, _params|
|
|
590
|
+
msg = message.match(REGISTRY_NOT_REACHABLE)
|
|
591
|
+
Dependabot::DependencyFileNotResolvable.new(msg)
|
|
592
|
+
},
|
|
593
|
+
in_usage: false,
|
|
594
|
+
matchfn: nil
|
|
583
595
|
}
|
|
584
596
|
].freeze, T::Array[{
|
|
585
597
|
patterns: T::Array[T.any(String, Regexp)],
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.276.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-09-
|
|
11
|
+
date: 2024-09-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.276.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.276.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,7 +346,7 @@ licenses:
|
|
|
346
346
|
- MIT
|
|
347
347
|
metadata:
|
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
|
|
350
350
|
post_install_message:
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|