RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.305.0 → 0.306.0 - Mend

dependabot-npm_and_yarn 0.305.0 → 0.306.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/npm_and_yarn/package/registry_finder.rb +22 -10
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29f8a6417f34cb02e78ced5b82afc2a542a47544d5aa37d363e588567c843b23
-  data.tar.gz: ff7f7d7c8715850f1a65e2ca66c81e03dca0e9ed741f5908dc6e0a2e951f9140
+  metadata.gz: 3ff9efde259877135fd46b68bcaacb237d36e81e6f75cef7272c9b0f5b0ac7e3
+  data.tar.gz: 49e0c62b28e246185249baf59537874550a7cb921a975c16516c7f53c07a6fdd
 SHA512:
-  metadata.gz: d17166b9cb9fd4e320dbf0d70ad3c134d5b2872a7600eabc38c64db6f78284a1b6ad60fe799ad33f09073f8d0aa1e5186ce8e88cad89759ef666b02cd7f05247
-  data.tar.gz: e10961478b7b3e7e45b06f8f8f1238cea5f7a2775a655b270a0e489fa2d1cf1ad5cf121c2c9e0a5e77a874d167217f17d32623f9fcd643e3554178b417d98511
+  metadata.gz: 63420987691aaabf0ba1fa1ce85f8607af5f7c5f96ed9e7addef8bf0f74de3bb9eccedceb62126881556f1e9c457106868575befcfd02226617b10ae9b4819c5
+  data.tar.gz: 867565a2869b6d54a1d23f41c4cf14e8566e56ea0c56a4ca731a8b8ffb250f80f014840f81485a972eea7da426b08b652f78216856f06af3b6f63b326172ddf6

data/lib/dependabot/npm_and_yarn/package/registry_finder.rb CHANGED Viewed

@@ -221,7 +221,12 @@ module Dependabot
               registries = []
               registries += credentials
                             .select { |cred| cred["type"] == "npm_registry" && cred["registry"] }
-                            .tap { |arr| arr.each { |c| c["token"] ||= nil } }
+                            .tap do |arr|
+                              arr.each do |c|
+                                c["registry"] = prepare_registry_url(c["registry"])
+                                c["token"] ||= nil
+                              end
+                            end
               registries += npmrc_registries
               registries += yarnrc_registries
@@ -238,12 +243,12 @@ module Dependabot
           npmrc_file&.content&.scan(NPM_AUTH_TOKEN_REGEX) do
             next if Regexp.last_match&.[](:registry)&.include?("${")
-            registry = T.must(Regexp.last_match)[:registry]
+            registry = prepare_registry_url(T.must(Regexp.last_match)[:registry])
             token = T.must(Regexp.last_match)[:token]&.strip
             registries << {
               "type" => "npm_registry",
-              "registry" => registry&.gsub(/\s+/, "%20"),
+              "registry" => registry,
               "token" => token
             }
           end
@@ -291,14 +296,14 @@ module Dependabot
           return @configured_global_registry if @configured_global_registry
           if parsed_yarnrc_yml&.key?("npmRegistryServer")
-            return @configured_global_registry = T.must(parsed_yarnrc_yml)["npmRegistryServer"]
+            return @configured_global_registry = prepare_registry_url(T.must(parsed_yarnrc_yml)["npmRegistryServer"])
           end
           replaces_base = credentials.find { |cred| cred["type"] == "npm_registry" && cred.replaces_base? }
           if replaces_base
             registry = replaces_base["registry"]
             registry = "https://#{registry}" unless registry&.start_with?("http")
-            return @configured_global_registry = registry
+            return @configured_global_registry = prepare_registry_url(registry)
           end
           @configured_global_registry = nil
@@ -323,7 +328,7 @@ module Dependabot
           if parsed_yarnrc_yml
             yarn_berry_registry = parsed_yarnrc_yml&.dig("npmScopes", scope.delete_prefix("@"), "npmRegistryServer")
-            return yarn_berry_registry if yarn_berry_registry
+            return prepare_registry_url(yarn_berry_registry) if yarn_berry_registry
           end
           nil
@@ -341,7 +346,7 @@ module Dependabot
           file&.content&.scan(syntax) do
             next if Regexp.last_match&.[](:registry)&.include?("${")
-            url = T.must(T.must(Regexp.last_match)[:registry]).strip
+            url = T.must(prepare_registry_url(T.must(T.must(Regexp.last_match)[:registry])))
             registry = normalize_configured_registry(url)
             registries << {
               "type" => "npm_registry",
@@ -365,7 +370,7 @@ module Dependabot
           file&.content.to_s.scan(syntax) do
             next if Regexp.last_match&.[](:registry)&.include?("${") || Regexp.last_match&.[](:scope) != scope
-            return T.must(T.must(Regexp.last_match)[:registry]).strip
+            return prepare_registry_url(T.must(T.must(Regexp.last_match)[:registry]))
           end
           nil
@@ -388,7 +393,9 @@ module Dependabot
                               &.map { |r| r.fetch(:source) }&.uniq&.compact
                               &.sort_by { |source| self.class.central_registry?(source[:url]) ? 1 : 0 }
-          sources&.find { |s| s[:type] == "registry" }&.fetch(:url)
+          sources&.find { |s| s[:type] == "registry" }
+                 &.fetch(:url)
+                 &.then { |url| prepare_registry_url(url) }
         end
         sig { returns(T.nilable(T::Hash[String, T.untyped])) }
@@ -405,7 +412,12 @@ module Dependabot
         def normalize_configured_registry(url)
           url.sub(%r{/+$}, "")
              .sub(%r{^.*?//}, "")
-             .gsub(/\s+/, "%20")
+        end
+        sig { params(url: T.nilable(String)).returns(T.nilable(String)) }
+        def prepare_registry_url(url)
+          url&.strip
+             &.gsub(/\s+/, "%20")
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.305.0
+  version: 0.306.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-06 00:00:00.000000000 Z
+date: 2025-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.305.0
+        version: 0.306.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.305.0
+        version: 0.306.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -357,7 +357,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.305.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.306.0
 post_install_message:
 rdoc_options: []
 require_paths: