dependabot-npm_and_yarn 0.384.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 50054abe467b1c8831c9fe1d24a014dc0944fff9b5991fd2b19acb92f05d5253
4
- data.tar.gz: 81d4161505d10bfbafb2a6f7bd66d79dcdf70eb03cb56e3bf187cd795b4ba4c4
3
+ metadata.gz: 4e68f24f2520040b0fb94bb7a0d98af8b36a23bc7a8d27aecf9af8d32830a69d
4
+ data.tar.gz: 5e81bc9fc5e886d2e1a392899d27443f6d32cafdd08a788eb71052b7abe3266f
5
5
  SHA512:
6
- metadata.gz: a7641af7236364d01c54cabb30389d3f65a7831b4fcae0484cac7777dd4c5621bdbd144d13ed520f84f5d7d9d759be2bf0770c51e251cbb0f1644ff77364d0f5
7
- data.tar.gz: 24ada1ea83d5ca4383168a8e8f9847a3e63c06cfb3c246e1dc1e16cd53688afa1c34fadc22bb27954ff333bfc6f10fc0f25b607e54d6a4c2c3add55bdb91ed5b
6
+ metadata.gz: 618893dff8d6152043cfeab8c89c716f1cf5998f62a6210236df62c726d7c47e4edca330446c10a93c0e4f0704319c3d1ff6be5ddb1a652f5d67e2f51e3e11f5
7
+ data.tar.gz: 5a82b1c15fb5eb39f269f1d14a072796157758b9d9272f09fbcc1462296d10556d598dfb44b5f379097466661dcc0724f6d2d016dc850b8b2ab0727a8a611ff9
@@ -394,7 +394,7 @@ module Dependabot
394
394
 
395
395
  sig { returns(T::Boolean) }
396
396
  def dealias_packages?
397
- options.fetch(:dealias_packages, false) == true
397
+ options.fetch(:dealias_packages, false) ? true : false
398
398
  end
399
399
 
400
400
  # Resolves an aliased manifest entry to its real package name and requirement.
@@ -443,7 +443,7 @@ module Dependabot
443
443
  dependency_files: dependency_files,
444
444
  repo_contents_path: repo_contents_path,
445
445
  credentials: credentials,
446
- security_updates_only: options.fetch(:security_updates_only, false)
446
+ security_updates_only: options.fetch(:security_updates_only, false) ? true : false
447
447
  ),
448
448
  T.nilable(Dependabot::NpmAndYarn::FileUpdater::YarnLockfileUpdater)
449
449
  )
@@ -457,7 +457,7 @@ module Dependabot
457
457
  dependency_files: dependency_files,
458
458
  repo_contents_path: repo_contents_path,
459
459
  credentials: credentials,
460
- security_updates_only: options.fetch(:security_updates_only, false)
460
+ security_updates_only: options.fetch(:security_updates_only, false) ? true : false
461
461
  ),
462
462
  T.nilable(Dependabot::NpmAndYarn::FileUpdater::PnpmLockfileUpdater)
463
463
  )
@@ -474,7 +474,7 @@ module Dependabot
474
474
  dependencies: dependencies,
475
475
  dependency_files: dependency_files,
476
476
  credentials: credentials,
477
- security_updates_only: options.fetch(:security_updates_only, false)
477
+ security_updates_only: options.fetch(:security_updates_only, false) ? true : false
478
478
  )
479
479
  end
480
480
 
@@ -272,11 +272,14 @@ module Dependabot
272
272
  @latest_version_listing = T.let({}, T.nilable(T::Hash[String, T.untyped]))
273
273
 
274
274
  response = Dependabot::RegistryClient.get(url: "#{dependency_url}/latest", headers: registry_auth_headers)
275
- @latest_version_listing = JSON.parse(response.body) if response.status == 200
275
+ if response.status == 200
276
+ parsed = JSON.parse(response.body)
277
+ @latest_version_listing = parsed if parsed.is_a?(Hash)
278
+ end
276
279
 
277
- @latest_version_listing
280
+ T.must(@latest_version_listing)
278
281
  rescue JSON::ParserError, Excon::Error::Timeout
279
- @latest_version_listing
282
+ T.must(@latest_version_listing)
280
283
  end
281
284
 
282
285
  sig { returns(T::Array[[String, T::Hash[String, T.untyped]]]) }
@@ -299,14 +302,15 @@ module Dependabot
299
302
  return T.must(@npm_listing) if response.status >= 500
300
303
 
301
304
  begin
302
- @npm_listing = JSON.parse(response.body)
305
+ parsed = JSON.parse(response.body)
306
+ @npm_listing = parsed if parsed.is_a?(Hash)
303
307
  rescue JSON::ParserError
304
308
  raise unless non_standard_registry?
305
309
  end
306
310
 
307
- @npm_listing
311
+ T.must(@npm_listing)
308
312
  rescue Excon::Error::Timeout
309
- @npm_listing
313
+ T.must(@npm_listing)
310
314
  end
311
315
 
312
316
  sig { returns(String) }
@@ -428,8 +428,8 @@ module Dependabot
428
428
  return unless yarnrc_yml_file_content
429
429
  return @parsed_yarnrc_yml if @parsed_yarnrc_yml
430
430
 
431
- @parsed_yarnrc_yml = YAML.safe_load(yarnrc_yml_file_content)
432
- @parsed_yarnrc_yml
431
+ parsed = YAML.safe_load(yarnrc_yml_file_content)
432
+ @parsed_yarnrc_yml = parsed.is_a?(Hash) ? parsed : nil
433
433
  end
434
434
 
435
435
  sig { params(url: String).returns(String) }
@@ -242,7 +242,7 @@ module Dependabot
242
242
  .sort_by(&:version).reverse
243
243
  end
244
244
 
245
- sig { returns(T::Array[[Dependabot::Version, T::Hash[String, T.nilable(String)]]]) }
245
+ sig { returns(T::Array[[Dependabot::Version, T::Hash[String, T.anything]]]) }
246
246
  def possible_previous_versions_with_details
247
247
  possible_previous_releases.map do |r|
248
248
  [r.version, r.details]
@@ -503,7 +503,7 @@ module Dependabot
503
503
  # If there was a semver requirement provided or the dependency was
504
504
  # pinned to a version, look for the latest tag
505
505
  if semver_req || git_commit_checker.pinned_ref_looks_like_version?
506
- latest_tag = git_commit_checker.local_tag_for_latest_version
506
+ latest_tag = git_commit_checker.local_tag_for_latest_version(update_cooldown)
507
507
  return {
508
508
  sha: latest_tag&.fetch(:commit_sha),
509
509
  version: latest_tag&.fetch(:tag)&.gsub(/^[^\d]*/, "")
@@ -526,8 +526,8 @@ module Dependabot
526
526
 
527
527
  # Update the git tag if updating a pinned version
528
528
  if git_commit_checker.pinned_ref_looks_like_version? &&
529
- !git_commit_checker.local_tag_for_latest_version.nil?
530
- new_tag = git_commit_checker.local_tag_for_latest_version
529
+ !git_commit_checker.local_tag_for_latest_version(update_cooldown).nil?
530
+ new_tag = git_commit_checker.local_tag_for_latest_version(update_cooldown)
531
531
  return dependency_source_details&.merge(ref: new_tag&.fetch(:tag))
532
532
  end
533
533
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.384.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.384.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.384.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -377,7 +377,7 @@ licenses:
377
377
  - MIT
378
378
  metadata:
379
379
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
380
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
380
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
381
381
  rdoc_options: []
382
382
  require_paths:
383
383
  - lib