dependabot-npm_and_yarn 0.98.31 → 0.98.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c64980d5dcc4f6aee065563f79e7719e3728a5bf0acdc886a31e6d58c8fbd403
-  data.tar.gz: 1054e8e98b57a060d6e75bc98c0fc7730934a426cfc1fcdc40ec12a45796796c
+  metadata.gz: 6655cb532c302e030c5ec06c40e4569033f100ace191c95db7d85f285577c3c5
+  data.tar.gz: fa4fd1fb4289e2407655c2ce94d263c43770077e81ae3684900e078ff22efaba
 SHA512:
-  metadata.gz: 35fadad0d5d5e1ea827a1616453bfa5eda8ef04c044d843ce7b94f549addafda68bd7a00c8d44cd805639dd63a0ab87f2ad01823a00af0248eb2fb5b8dd9e956
-  data.tar.gz: cbbc89b47bed92f2a37288546ccfaf081036d5ff686bed97dcf0357fdba9b0d86d8dec2aa1d163d08c70b9a13b6694ac1ac5c695b68895894372b7c3fa8a1eae
+  metadata.gz: 46787e598b4b0aec3ef9b08bd95fafcd269a70e06c1ec2cfa2f6efe7028d651b55a93a71a844de2b292f7d9182eef46f966c2ba0038df34595b9d3468474e05f
+  data.tar.gz: d87a529b8f15deb3f740d4aa6667d06a985b0cb2243de9a34378d6dc85328d421c547c51b2184745ef8f22f7f2f997dfef76e110598997eb663d22ed719f675f

data/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -264,25 +264,26 @@ module Dependabot
           elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
             # Sonatype Nexus / Artifactory JFrog format
             resolved_url.split("/#{name}/-/#{name.split('/').last}").first
-          elsif (cred_url = credential_url(resolved_url)) then cred_url
+          elsif (cred_url = url_for_relevant_cred(resolved_url)) then cred_url
           else resolved_url.split("/")[0..2].join("/")
           end
 
         { type: "private_registry", url: url }
       end
 
-      def credential_url(resolved_url)
-        registries = credentials.
-                     select { |cred| cred["type"] == "npm_registry" }
+      def url_for_relevant_cred(resolved_url)
+        credential_matching_url =
+          credentials.
+          select { |cred| cred["type"] == "npm_registry" }.
+          sort_by { |cred| cred["registry"].length }.
+          find { |details| resolved_url.include?(details["registry"]) }
 
-        registries.each do |details|
-          reg = details["registry"]
-          next unless resolved_url.include?(reg)
+        return unless credential_matching_url
 
-          return resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
-        end
-
-        false
+        # Trim the resolved URL so that it ends at the same point as the
+        # credential registry
+        reg = credential_matching_url["registry"]
+        resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
       end
 
       def package_files

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

@@ -18,6 +18,7 @@ module Dependabot
           @credentials = credentials
         end
 
+        # PROXY WORK
         def npmrc_content
           initial_content =
             if npmrc_file then complete_npmrc_from_credentials

data/lib/dependabot/npm_and_yarn/metadata_finder.rb

@@ -225,7 +225,7 @@ module Dependabot
         credentials.
           select { |cred| cred["type"] == "npm_registry" }.
           find { |cred| cred["registry"] == dependency_registry }&.
-          fetch("token")
+          fetch("token", nil)
       end
 
       def non_standard_registry?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.98.31
+  version: 0.98.32
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-22 00:00:00.000000000 Z
+date: 2019-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.31
+        version: 0.98.32
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.31
+        version: 0.98.32
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement