dependabot-npm_and_yarn 0.98.45 → 0.98.46

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1b6c40b4bcc7a2478ba258b303f6a8a6fff64a6cd204c91e240db10fe0946bb
-  data.tar.gz: 28099f7b4185c9aa811113925af39943e14449f2efbc679e1bd8a3126897e8aa
+  metadata.gz: 5a958491b70aae36d9ca054c9f6d593f5d432e0fac36869525f57ab440785fc9
+  data.tar.gz: 35fbab926d71a74daeecdb60ffadc04cfc3d294a1a304f3716d48cd69243894b
 SHA512:
-  metadata.gz: bda64a23a9e8046435d610b9d61c76f53d9b52c82c89a917e61bc14a8e438027d34c595a3cb74c9e0c2eb38da2fea61f5dfc2f2355aa74353124e85f32704e0a
-  data.tar.gz: fcf807288358e640b35c0c6ed8e2e5244322230eb3538483e80c82e463379aafb9f4d3881b6be0aa0c83c0f37ebf1cf5939bbf0c4599549abbc7316662b3bb8f
+  metadata.gz: f587105c6a8623c7df301277e2589f2bde453b4fc73d658883fc770a0335ec7f6e35f3dafeb81a4bcdc282cdcee37f3ac88cf9266502f3641b570e728be79666
+  data.tar.gz: 21c53d2207a905e3895252341cda0c2f51a9b11718a87e20a0d46fbce3f4586b36c4df16a5d90d46e035293cbe2ac43b891d2ace4b74f805a51d9de5aa9c7b6e

data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb

@@ -40,7 +40,7 @@ module Dependabot
           return unless global_registry
 
           "registry = https://#{global_registry['registry']}\n"\
-          "#{global_registry_auth_line}\n"\
+          "#{global_registry_auth_line}"\
           "always-auth = true"
         end
 
@@ -62,16 +62,17 @@ module Dependabot
         end
 
         def global_registry_auth_line
-          token = global_registry.fetch("token")
+          token = global_registry.fetch("token", nil)
+          return "" unless token
 
           if token.include?(":")
             encoded_token = Base64.encode64(token).delete("\n")
-            "_auth = #{encoded_token}"
+            "_auth = #{encoded_token}\n"
           elsif Base64.decode64(token).ascii_only? &&
                 Base64.decode64(token).include?(":")
-            "_auth = #{token.delete("\n")}"
+            "_auth = #{token.delete("\n")}\n"
           else
-            "_authToken = #{token}"
+            "_authToken = #{token}\n"
           end
         end
 
@@ -94,7 +95,7 @@ module Dependabot
 
           initial_content +
             "registry = https://#{global_registry['registry']}\n"\
-            "#{global_registry_auth_line}\n"\
+            "#{global_registry_auth_line}"\
             "always-auth = true\n"
         end
 
@@ -112,6 +113,7 @@ module Dependabot
           build_npmrc_content_from_lockfile
         end
 
+        # rubocop:disable Metrics/PerceivedComplexity
         def credential_lines_for_npmrc
           lines = []
           registry_credentials.each do |cred|
@@ -119,7 +121,9 @@ module Dependabot
 
             lines << registry_scope(registry) if registry_scope(registry)
 
-            token = cred.fetch("token")
+            token = cred.fetch("token", nil)
+            next unless token
+
             if token.include?(":")
               encoded_token = Base64.encode64(token).delete("\n")
               lines << "//#{registry}:_auth=#{encoded_token}"
@@ -136,6 +140,7 @@ module Dependabot
           # Work around a suspected yarn bug
           ["always-auth = true"] + lines
         end
+        # rubocop:enable Metrics/PerceivedComplexity
 
         def registry_scope(registry)
           # Central registries don't just apply to scopes

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.98.45
+  version: 0.98.46
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.45
+        version: 0.98.46
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.45
+        version: 0.98.46
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement