dependabot-npm_and_yarn 0.334.0 → 0.335.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59f5561b6c250d5b6a9faa73a5e57c38dcae2bb07148054561d1d512f66f9d5f
-  data.tar.gz: 1bf3f2fb844f57104a4073c14cb7b02fa4eb5f48535161f0890c8d25f076db18
+  metadata.gz: 346d7b71bd954f3c940145a417d0fc72b0d53bd9328d38cad95eee321b962b16
+  data.tar.gz: f146f1b02e2ad0f8cde7ab2c57a3bff0a2e6da7fca80d78a51c88f243461c58b
 SHA512:
-  metadata.gz: 05ed6460bdf252b60820f7a8b1e0358f1d706fa6cbc415fe322aa505605d7516dd0d7ef7c6cff45e8ab403d53fc6b6dda23f68b6a3e329b254cf08991de5f6e2
-  data.tar.gz: 247ed7731f5ceac78c3886edb8fdf8ebaf4c98d6d955a186039fd320ddcce02c173a5e2c0503517e70c1910ce75f9348a0de176fe1d1059aa70aaefc48e5807c
+  metadata.gz: 44811e6584bcdf0aab4dd8bd5970fa8213d8a25c9e2c41656e02fc6bce9dca00fc039f6f8a36a7e7150fc8f68e4be63ca7ed129138109ba7d441a5dd92cd7177
+  data.tar.gz: 5669b41c7ad4b82807fbbed0142a4114f3c84a319b6133c6858311856824a53354ec09cfbb5d93feae3cf32c66b2e0a5989c643d554d6332140790b0005d1774

data/lib/dependabot/npm_and_yarn/constraint_helper.rb

@@ -20,11 +20,14 @@ module Dependabot
 
       # Base regex for SemVer (major.minor.patch[-prerelease][+build])
       # This pattern extracts valid semantic versioning strings based on the SemVer 2.0 specification.
-      SEMVER_REGEX = T.let(/
-        (?<version>\d+\.\d+\.\d+)               # Match major.minor.patch (e.g., 1.2.3)
-        (?:-(?<prerelease>[a-zA-Z0-9.-]+))?     # Optional prerelease (e.g., -alpha.1, -rc.1, -beta.5)
-        (?:\+(?<build>[a-zA-Z0-9.-]+))?         # Optional build metadata (e.g., +build.20231101, +exp.sha.5114f85)
-      /x, Regexp)
+      SEMVER_REGEX = T.let(
+        /
+          (?<version>\d+\.\d+\.\d+)               # Match major.minor.patch (e.g., 1.2.3)
+          (?:-(?<prerelease>[a-zA-Z0-9.-]+))?     # Optional prerelease (e.g., -alpha.1, -rc.1, -beta.5)
+          (?:\+(?<build>[a-zA-Z0-9.-]+))?         # Optional build metadata (e.g., +build.20231101, +exp.sha.5114f85)
+        /x,
+        Regexp
+      )
 
       # Full SemVer validation regex (ensures the entire string is a valid SemVer)
       # This ensures the entire input strictly follows SemVer, without extra characters before/after.
@@ -32,11 +35,14 @@ module Dependabot
 
       # SemVer constraint regex (supports package.json version constraints)
       # This pattern ensures proper parsing of SemVer versions with optional operators.
-      SEMVER_CONSTRAINT_REGEX = T.let(/
-        (?: (>=|<=|>|<|=|~|\^)\s*)?  # Make operators optional (e.g., >=, ^, ~)
-        (\d+\.\d+\.\d+(?:-[a-zA-Z0-9.-]+)?(?:\+[a-zA-Z0-9.-]+)?)  # Match full SemVer versions
-        | (\*|latest) # Match wildcard (*) or 'latest'
-      /x, Regexp)
+      SEMVER_CONSTRAINT_REGEX = T.let(
+        /
+                (?: (>=|<=|>|<|=|~|\^)\s*)?  # Make operators optional (e.g., >=, ^, ~)
+                (\d+\.\d+\.\d+(?:-[a-zA-Z0-9.-]+)?(?:\+[a-zA-Z0-9.-]+)?)  # Match full SemVer versions
+                | (\*|latest) # Match wildcard (*) or 'latest'
+              /x,
+        Regexp
+      )
 
       # /(>=|<=|>|<|=|~|\^)\s*(\d+\.\d+\.\d+(?:-[a-zA-Z0-9.-]+)?(?:\+[a-zA-Z0-9.-]+)?)|(\*|latest)/
 
@@ -55,17 +61,20 @@ module Dependabot
       SEMVER_CONSTANTS = ["*", "latest"].freeze
 
       # Unified Regex for Valid Constraints
-      VALID_CONSTRAINT_REGEX = T.let(Regexp.union(
-        CARET_CONSTRAINT_REGEX,
-        TILDE_CONSTRAINT_REGEX,
-        EXACT_CONSTRAINT_REGEX,
-        GREATER_THAN_EQUAL_REGEX,
-        LESS_THAN_EQUAL_REGEX,
-        GREATER_THAN_REGEX,
-        LESS_THAN_REGEX,
-        WILDCARD_REGEX,
-        LATEST_REGEX
-      ).freeze, Regexp)
+      VALID_CONSTRAINT_REGEX = T.let(
+        Regexp.union(
+          CARET_CONSTRAINT_REGEX,
+          TILDE_CONSTRAINT_REGEX,
+          EXACT_CONSTRAINT_REGEX,
+          GREATER_THAN_EQUAL_REGEX,
+          LESS_THAN_EQUAL_REGEX,
+          GREATER_THAN_REGEX,
+          LESS_THAN_REGEX,
+          WILDCARD_REGEX,
+          LATEST_REGEX
+        ).freeze,
+        Regexp
+      )
 
       # Extract unique constraints from the given constraint expression.
       # @param constraint_expression [T.nilable(String)] The semver constraint expression.

data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb

@@ -31,7 +31,8 @@ module Dependabot
             package_files_requiring_update.include?(file) ||
               package_required_lockfile?(file) ||
               workspaces_lockfile?(file)
-          end, T.nilable(T::Array[DependencyFile])
+          end,
+          T.nilable(T::Array[DependencyFile])
         )
       end
 
@@ -40,7 +41,8 @@ module Dependabot
         @package_files_requiring_update ||= T.let(
           dependency_files.select do |file|
             dependency_manifest_requirements.include?(file.name)
-          end, T.nilable(T::Array[DependencyFile])
+          end,
+          T.nilable(T::Array[DependencyFile])
         )
       end
 
@@ -67,7 +69,8 @@ module Dependabot
         @dependency_manifest_requirements ||= T.let(
           updated_dependencies.flat_map do |dep|
             dep.requirements.map { |requirement| requirement[:file] }
-          end, T.nilable(T::Array[String])
+          end,
+          T.nilable(T::Array[String])
         )
       end
 
@@ -96,7 +99,8 @@ module Dependabot
         @root_lockfile ||= T.let(
           lockfiles.find do |file|
             File.dirname(file.name) == "."
-          end, T.nilable(DependencyFile)
+          end,
+          T.nilable(DependencyFile)
         )
       end
 
@@ -105,7 +109,8 @@ module Dependabot
         @lockfiles ||= T.let(
           dependency_files.select do |file|
             lockfile?(file)
-          end, T.nilable(T::Array[DependencyFile])
+          end,
+          T.nilable(T::Array[DependencyFile])
         )
       end
 
@@ -115,7 +120,8 @@ module Dependabot
           begin
             package = T.must(dependency_files.find { |f| f.name == "package.json" })
             JSON.parse(T.must(package.content))
-          end, T.nilable(T::Hash[String, T.untyped])
+          end,
+          T.nilable(T::Hash[String, T.untyped])
         )
       end
 

data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb

@@ -23,8 +23,13 @@ module Dependabot
           )
             .void
         end
-        def initialize(dependency_name:, path:, directory:, package_lock:,
-                       yarn_lock:)
+        def initialize(
+          dependency_name:,
+          path:,
+          directory:,
+          package_lock:,
+          yarn_lock:
+        )
           @dependency_name = dependency_name
           @path = path
           @directory = directory
@@ -154,17 +159,20 @@ module Dependabot
           return unless yarn_lock
           return @parsed_yarn_lock if defined?(@parsed_yarn_lock)
 
-          parsed = T.cast(SharedHelpers.in_a_temporary_directory do
-            File.write("yarn.lock", T.must(yarn_lock).content)
-
-            SharedHelpers.run_helper_subprocess(
-              command: NativeHelpers.helper_path,
-              function: "yarn:parseLockfile",
-              args: [Dir.pwd]
-            )
-          rescue SharedHelpers::HelperSubprocessFailed
-            raise Dependabot::DependencyFileNotParseable, T.must(yarn_lock).path
-          end, T::Hash[String, T.untyped])
+          parsed = T.cast(
+            SharedHelpers.in_a_temporary_directory do
+              File.write("yarn.lock", T.must(yarn_lock).content)
+
+              SharedHelpers.run_helper_subprocess(
+                command: NativeHelpers.helper_path,
+                function: "yarn:parseLockfile",
+                args: [Dir.pwd]
+              )
+            rescue SharedHelpers::HelperSubprocessFailed
+              raise Dependabot::DependencyFileNotParseable, T.must(yarn_lock).path
+            end,
+            T::Hash[String, T.untyped]
+          )
           @parsed_yarn_lock = T.let(parsed, T.nilable(T::Hash[String, T.untyped]))
         end
 

data/lib/dependabot/npm_and_yarn/file_fetcher.rb

@@ -28,8 +28,10 @@ module Dependabot
       # when it specifies a path. Only include Yarn "link:"'s that start with a
       # path and ignore symlinked package names that have been registered with
       # "yarn link", e.g. "link:react"
-      PATH_DEPENDENCY_STARTS = T.let(%w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze,
-                                     [String, String, String, String, String, String, String, String])
+      PATH_DEPENDENCY_STARTS = T.let(
+        %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze,
+        [String, String, String, String, String, String, String, String]
+      )
       PATH_DEPENDENCY_CLEAN_REGEX = /^file:|^link:/
       DEFAULT_NPM_REGISTRY = "https://registry.npmjs.org"
 
@@ -155,8 +157,10 @@ module Dependabot
         return @inferred_npmrc ||= T.let(nil, T.nilable(DependencyFile)) unless npmrc.nil? && package_lock
 
         known_registries = []
-        FileParser::JsonLock.new(T.must(package_lock)).parsed.fetch("dependencies",
-                                                                    {}).each do |dependency_name, details|
+        FileParser::JsonLock.new(T.must(package_lock)).parsed.fetch(
+          "dependencies",
+          {}
+        ).each do |dependency_name, details|
           resolved = details.fetch("resolved", DEFAULT_NPM_REGISTRY)
 
           begin
@@ -236,7 +240,8 @@ module Dependabot
             lockfiles,
             registry_config_files,
             credentials
-          ), T.nilable(PackageManagerHelper)
+          ),
+          T.nilable(PackageManagerHelper)
         )
       end
 
@@ -476,8 +481,10 @@ module Dependabot
           # skip dependencies that contain invalid values such as inline comments, null, etc.
 
           unless value.is_a?(String)
-            Dependabot.logger.warn("File fetcher: Skipping dependency \"#{path}\" " \
-                                   "with value: \"#{value}\"")
+            Dependabot.logger.warn(
+              "File fetcher: Skipping dependency \"#{path}\" " \
+              "with value: \"#{value}\""
+            )
 
             next
           end

data/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -102,7 +102,8 @@ module Dependabot
             lockfiles,
             registry_config_files,
             credentials
-          ), T.nilable(PackageManagerHelper)
+          ),
+          T.nilable(PackageManagerHelper)
         )
       end
 
@@ -143,65 +144,92 @@ module Dependabot
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def shrinkwrap
-        @shrinkwrap ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @shrinkwrap ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(NpmPackageManager::SHRINKWRAP_LOCKFILE_NAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def package_lock
-        @package_lock ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(NpmPackageManager::LOCKFILE_NAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @package_lock ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(NpmPackageManager::LOCKFILE_NAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def yarn_lock
-        @yarn_lock ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(YarnPackageManager::LOCKFILE_NAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @yarn_lock ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(YarnPackageManager::LOCKFILE_NAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def pnpm_lock
-        @pnpm_lock ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(PNPMPackageManager::LOCKFILE_NAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @pnpm_lock ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(PNPMPackageManager::LOCKFILE_NAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def pnpm_workspace_yml
-        @pnpm_workspace_yml ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(PNPMPackageManager::PNPM_WS_YML_FILENAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @pnpm_workspace_yml ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(PNPMPackageManager::PNPM_WS_YML_FILENAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def bun_lock
-        @bun_lock ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(BunPackageManager::LOCKFILE_NAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @bun_lock ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(BunPackageManager::LOCKFILE_NAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def npmrc
-        @npmrc ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(NpmPackageManager::RC_FILENAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @npmrc ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(NpmPackageManager::RC_FILENAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def yarnrc
-        @yarnrc ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(YarnPackageManager::RC_FILENAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @yarnrc ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(YarnPackageManager::RC_FILENAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(T.nilable(DependencyFile)) }
       def yarnrc_yml
-        @yarnrc_yml ||= T.let(dependency_files.find do |f|
-          f.name.end_with?(YarnPackageManager::RC_YML_FILENAME)
-        end, T.nilable(Dependabot::DependencyFile))
+        @yarnrc_yml ||= T.let(
+          dependency_files.find do |f|
+            f.name.end_with?(YarnPackageManager::RC_YML_FILENAME)
+          end,
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
 
       sig { returns(Dependabot::FileParsers::Base::DependencySet) }
@@ -259,9 +287,12 @@ module Dependabot
 
       sig { returns(LockfileParser) }
       def lockfile_parser
-        @lockfile_parser ||= T.let(LockfileParser.new(
-                                     dependency_files: dependency_files
-                                   ), T.nilable(Dependabot::NpmAndYarn::FileParser::LockfileParser))
+        @lockfile_parser ||= T.let(
+          LockfileParser.new(
+            dependency_files: dependency_files
+          ),
+          T.nilable(Dependabot::NpmAndYarn::FileParser::LockfileParser)
+        )
       end
 
       sig { returns(Dependabot::FileParsers::Base::DependencySet) }
@@ -280,13 +311,16 @@ module Dependabot
           manifest_name: file.name
         )
         version = version_for(requirement, lockfile_details)
-        converted_version = T.let(if version.nil?
-                                    nil
-                                  elsif version.is_a?(String)
-                                    version
-                                  else
-                                    Dependabot::Version.new(version)
-                                  end, T.nilable(T.any(String, Dependabot::Version)))
+        converted_version = T.let(
+          if version.nil?
+            nil
+          elsif version.is_a?(String)
+            version
+          else
+            Dependabot::Version.new(version)
+          end,
+          T.nilable(T.any(String, Dependabot::Version))
+        )
 
         return if lockfile_details && !version
         return if ignore_requirement?(requirement)
@@ -316,8 +350,10 @@ module Dependabot
       def check_required_files
         return if get_original_file(MANIFEST_FILENAME)
 
-        raise DependencyFileNotFound.new(nil,
-                                         "#{MANIFEST_FILENAME} not found.")
+        raise DependencyFileNotFound.new(
+          nil,
+          "#{MANIFEST_FILENAME} not found."
+        )
       end
 
       sig { params(requirement: String).returns(T::Boolean) }
@@ -364,9 +400,12 @@ module Dependabot
 
       sig { returns(T::Array[String]) }
       def workspace_package_names
-        @workspace_package_names ||= T.let(package_files.filter_map do |f|
-          JSON.parse(T.must(f.content))["name"]
-        end, T.nilable(T::Array[String]))
+        @workspace_package_names ||= T.let(
+          package_files.filter_map do |f|
+            JSON.parse(T.must(f.content))["name"]
+          end,
+          T.nilable(T::Array[String])
+        )
       end
 
       sig do
@@ -533,7 +572,8 @@ module Dependabot
           [
             dependency_files.find { |f| f.name == MANIFEST_FILENAME },
             *sub_package_files
-          ].compact, T.nilable(T::Array[DependencyFile])
+          ].compact,
+          T.nilable(T::Array[DependencyFile])
         )
       end
 

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb

@@ -84,8 +84,11 @@ module Dependabot
         NPM_PACKAGE_REGISTRY = "https://npm.pkg.github.com"
         EOVERRIDE = /EOVERRIDE\n *.* Override for (?<deps>.*) conflicts with direct dependency/
         NESTED_ALIAS = /nested aliases not supported/
-        PEER_DEPS_PATTERNS = T.let([/Cannot read properties of null/,
-                                    /ERESOLVE overriding peer dependency/].freeze, T::Array[Regexp])
+        PEER_DEPS_PATTERNS = T.let(
+          [/Cannot read properties of null/,
+           /ERESOLVE overriding peer dependency/].freeze,
+          T::Array[Regexp]
+        )
         PREMATURE_CLOSE = /premature close/
         EMPTY_OBJECT_ERROR = /Object for dependency "(?<package>.*)" is empty/
         ERROR_E401 = /code E401/
@@ -93,10 +96,13 @@ module Dependabot
         REQUEST_ERROR_E403 = /Request "(?<pkg>.*)" returned a 403/
         ERROR_EAI_AGAIN = /request to (?<url>.*) failed, reason: getaddrinfo EAI_AGAIN/
 
-        NPM_PACKAGE_NOT_FOUND_CODES = T.let([
-          /Couldn't find package "(?<pkg>.*)" on the "(?<regis>.*)" registry./,
-          /Couldn't find package "(?<pkg>.*)" required by "(?<dep>.*)" on the "(?<regis>.*)" registry./
-        ].freeze, T::Array[Regexp])
+        NPM_PACKAGE_NOT_FOUND_CODES = T.let(
+          [
+            /Couldn't find package "(?<pkg>.*)" on the "(?<regis>.*)" registry./,
+            /Couldn't find package "(?<pkg>.*)" required by "(?<dep>.*)" on the "(?<regis>.*)" registry./
+          ].freeze,
+          T::Array[Regexp]
+        )
 
         # dependency access protocol not supported by packagemanager
         UNSUPPORTED_PROTOCOL = /EUNSUPPORTEDPROTOCOL\n(.*?)Unsupported URL Type "(?<access_method>.*)"/
@@ -222,8 +228,10 @@ module Dependabot
             )
           end
 
-          run_npm_updater(top_level_dependencies: previous_top_level_dependencies,
-                          sub_dependencies: previous_sub_dependencies)
+          run_npm_updater(
+            top_level_dependencies: previous_top_level_dependencies,
+            sub_dependencies: previous_sub_dependencies
+          )
         end
 
         sig do
@@ -646,8 +654,8 @@ module Dependabot
           reg = Package::RegistryFinder.new(
             dependency: missing_dep,
             credentials: credentials,
-            npmrc_file: dependency_files. find { |f| f.name.end_with?(".npmrc") },
-            yarnrc_file: dependency_files. find { |f| f.name.end_with?(".yarnrc") },
+            npmrc_file: dependency_files.find { |f| f.name.end_with?(".npmrc") },
+            yarnrc_file: dependency_files.find { |f| f.name.end_with?(".yarnrc") },
             yarnrc_yml_file: dependency_files.find { |f| f.name.end_with?(".yarnrc.yml") }
           ).registry
 

data/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb

@@ -69,8 +69,10 @@ module Dependabot
                 # a transitive dependency which only needs update in lockfile, So we avoid throwing exception and let
                 # the update continue.
 
-                Dependabot.logger.info("experiment: avoid_duplicate_updates_package_json.
-                Updating package.json for #{dep.name} ")
+                Dependabot.logger.info(
+                  "experiment: avoid_duplicate_updates_package_json.
+                Updating package.json for #{dep.name} "
+                )
 
                 raise "Expected content to change!"
               end
@@ -225,8 +227,10 @@ module Dependabot
 
           unless git_dependency
             requirement = dependency_req&.fetch(:requirement)
-            return content.match(/"#{Regexp.escape(dependency_name)}"\s*:\s*
-                                  "#{Regexp.escape(requirement)}"/x).to_s
+            return content.match(
+              /"#{Regexp.escape(dependency_name)}"\s*:\s*
+                                                "#{Regexp.escape(requirement)}"/x
+            ).to_s
           end
 
           username, repo =
@@ -355,8 +359,10 @@ module Dependabot
 
             # some deps are patched with local patches, we don't need to update them
             if req.fetch(:requirement).match?(Regexp.union(PATCH_PACKAGE))
-              Dependabot.logger.info("Func: updated_requirements. dependency patched #{dependency.name}," \
-                                     " Requirement: '#{req.fetch(:requirement)}'")
+              Dependabot.logger.info(
+                "Func: updated_requirements. dependency patched #{dependency.name}," \
+                " Requirement: '#{req.fetch(:requirement)}'"
+              )
 
               raise DependencyFileNotResolvable,
                     "Dependency is patched locally, Update not required."
@@ -365,8 +371,10 @@ module Dependabot
             # some deps are added as local packages, we don't need to update them as they are referred to a local path
             next unless req.fetch(:requirement).match?(Regexp.union(LOCAL_PACKAGE))
 
-            Dependabot.logger.info("Func: updated_requirements. local package #{dependency.name}," \
-                                   " Requirement: '#{req.fetch(:requirement)}'")
+            Dependabot.logger.info(
+              "Func: updated_requirements. local package #{dependency.name}," \
+              " Requirement: '#{req.fetch(:requirement)}'"
+            )
 
             raise DependencyFileNotResolvable,
                   "Local package, Update not required."

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb

@@ -380,8 +380,10 @@ module Dependabot
             .returns(T.noreturn)
         end
         def raise_package_access_error(error_message, dependency_url, pnpm_lock)
-          package_name = RegistryParser.new(resolved_url: dependency_url,
-                                            credentials: credentials).dependency_name
+          package_name = RegistryParser.new(
+            resolved_url: dependency_url,
+            credentials: credentials
+          ).dependency_name
           missing_dep = lockfile_dependencies(pnpm_lock)
                         .find { |dep| dep.name == package_name }
           raise DependencyNotFound, package_name unless missing_dep

data/lib/dependabot/npm_and_yarn/file_updater/pnpm_workspace_updater.rb

@@ -23,7 +23,7 @@ module Dependabot
           params(
             workspace_file: Dependabot::DependencyFile,
             dependencies: T::Array[Dependabot::Dependency]
-          ) .void
+          ).void
         end
         def initialize(workspace_file:, dependencies:)
           @dependencies = dependencies
@@ -119,8 +119,10 @@ module Dependabot
         end
 
         sig do
-          params(dependency: Dependabot::Dependency,
-                 new_requirement: DependencyRequirement).returns(T.nilable(DependencyRequirement))
+          params(
+            dependency: Dependabot::Dependency,
+            new_requirement: DependencyRequirement
+          ).returns(T.nilable(DependencyRequirement))
         end
         def old_requirement(dependency, new_requirement)
           matching_req = T.must(dependency.previous_requirements).find { |r| r[:groups] == new_requirement.groups }