RubyGems - dependabot-bun - Versions diffs - 0.296.0 → 0.296.2 - Mend

dependabot-bun 0.296.0 → 0.296.2

Files changed (55) hide show

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bun
 version: !ruby/object:Gem::Version
-  version: 0.296.0
+  version: 0.296.2
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-06 00:00:00.000000000 Z
+date: 2025-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.296.0
+        version: 0.296.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.296.0
+        version: 0.296.2
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -249,7 +249,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.7'
 description: Dependabot-bun provides support for bumping Javascript libraries using
-  bun via Dependabot. If you want support for multiple package managers, you probably
+  bun via Dependabot.If you want support for multiple package managers, you probably
   want the meta-gem dependabot-omnibus.
 email: opensource@github.com
 executables: []
@@ -257,23 +257,54 @@ extensions: []
 extra_rdoc_files: []
 files:
 - lib/dependabot/bun.rb
-- lib/dependabot/bun/file_fetcher.rb
-- lib/dependabot/bun/file_parser/bun_lock.rb
-- lib/dependabot/bun/helpers.rb
-- lib/dependabot/bun/language.rb
-- lib/dependabot/bun/package_manager.rb
-- lib/dependabot/bun/requirement.rb
-- lib/dependabot/bun/version.rb
 - lib/dependabot/javascript.rb
-- lib/dependabot/javascript/file_fetcher_helper.rb
-- lib/dependabot/javascript/requirement.rb
-- lib/dependabot/javascript/version.rb
+- lib/dependabot/javascript/bun/file_fetcher.rb
+- lib/dependabot/javascript/bun/file_parser.rb
+- lib/dependabot/javascript/bun/file_parser/bun_lock.rb
+- lib/dependabot/javascript/bun/file_parser/lockfile_parser.rb
+- lib/dependabot/javascript/bun/file_updater.rb
+- lib/dependabot/javascript/bun/file_updater/lockfile_updater.rb
+- lib/dependabot/javascript/bun/helpers.rb
+- lib/dependabot/javascript/bun/package_manager.rb
+- lib/dependabot/javascript/bun/requirement.rb
+- lib/dependabot/javascript/bun/update_checker.rb
+- lib/dependabot/javascript/bun/update_checker/conflicting_dependency_resolver.rb
+- lib/dependabot/javascript/bun/update_checker/dependency_files_builder.rb
+- lib/dependabot/javascript/bun/update_checker/latest_version_finder.rb
+- lib/dependabot/javascript/bun/update_checker/library_detector.rb
+- lib/dependabot/javascript/bun/update_checker/requirements_updater.rb
+- lib/dependabot/javascript/bun/update_checker/subdependency_version_resolver.rb
+- lib/dependabot/javascript/bun/update_checker/version_resolver.rb
+- lib/dependabot/javascript/bun/update_checker/vulnerability_auditor.rb
+- lib/dependabot/javascript/bun/version.rb
+- lib/dependabot/javascript/shared/constraint_helper.rb
+- lib/dependabot/javascript/shared/dependency_files_filterer.rb
+- lib/dependabot/javascript/shared/file_fetcher.rb
+- lib/dependabot/javascript/shared/file_parser.rb
+- lib/dependabot/javascript/shared/file_parser/lockfile_parser.rb
+- lib/dependabot/javascript/shared/file_updater.rb
+- lib/dependabot/javascript/shared/file_updater/npmrc_builder.rb
+- lib/dependabot/javascript/shared/file_updater/package_json_preparer.rb
+- lib/dependabot/javascript/shared/file_updater/package_json_updater.rb
+- lib/dependabot/javascript/shared/language.rb
+- lib/dependabot/javascript/shared/metadata_finder.rb
+- lib/dependabot/javascript/shared/native_helpers.rb
+- lib/dependabot/javascript/shared/package_manager_detector.rb
+- lib/dependabot/javascript/shared/package_name.rb
+- lib/dependabot/javascript/shared/registry_helper.rb
+- lib/dependabot/javascript/shared/registry_parser.rb
+- lib/dependabot/javascript/shared/requirement.rb
+- lib/dependabot/javascript/shared/sub_dependency_files_filterer.rb
+- lib/dependabot/javascript/shared/update_checker/dependency_files_builder.rb
+- lib/dependabot/javascript/shared/update_checker/registry_finder.rb
+- lib/dependabot/javascript/shared/version.rb
+- lib/dependabot/javascript/shared/version_selector.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.2
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -292,5 +323,5 @@ requirements: []
 rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
-summary: Provides Dependabot support for Bun
+summary: Provides Dependabot support for bun
 test_files: []

data/lib/dependabot/bun/file_fetcher.rb DELETED Viewed

@@ -1,97 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Bun
-    class FileFetcher < Dependabot::FileFetchers::Base
-      include Javascript::FileFetcherHelper
-      extend T::Sig
-      extend T::Helpers
-      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
-      def self.required_files_in?(filenames)
-        filenames.include?("package.json")
-      end
-      sig { override.returns(String) }
-      def self.required_files_message
-        "Repo must contain a package.json."
-      end
-      sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
-      def ecosystem_versions
-        return unknown_ecosystem_versions unless ecosystem_enabled?
-        {
-          package_managers: {
-            "bun" => 1
-          }
-        }
-      end
-      sig { override.returns(T::Array[DependencyFile]) }
-      def fetch_files
-        fetched_files = T.let([], T::Array[DependencyFile])
-        fetched_files << package_json(self)
-        fetched_files += bun_files if ecosystem_enabled?
-        fetched_files += workspace_package_jsons(self)
-        fetched_files += path_dependencies(self, fetched_files)
-        fetched_files.uniq
-      end
-      sig { params(filename: String, fetch_submodules: T::Boolean).returns(DependencyFile) }
-      def fetch_file(filename, fetch_submodules: false)
-        fetch_file_from_host(filename, fetch_submodules: fetch_submodules)
-      end
-      sig do
-        params(
-          dir: T.any(Pathname, String),
-          ignore_base_directory: T::Boolean,
-          raise_errors: T::Boolean,
-          fetch_submodules: T::Boolean
-        )
-          .returns(T::Array[T.untyped])
-      end
-      def fetch_repo_contents(dir: ".", ignore_base_directory: false, raise_errors: true, fetch_submodules: false)
-        repo_contents(dir: dir, ignore_base_directory:, raise_errors:, fetch_submodules:)
-      end
-      private
-      sig { returns(T::Array[DependencyFile]) }
-      def bun_files
-        [bun_lock].compact
-      end
-      sig { returns(T.nilable(DependencyFile)) }
-      def bun_lock
-        return @bun_lock if defined?(@bun_lock)
-        @bun_lock ||= T.let(fetch_file_if_present(PackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
-        return @bun_lock if @bun_lock || directory == "/"
-        @bun_lock = fetch_file_from_parent_directories(self, PackageManager::LOCKFILE_NAME)
-      end
-      sig { returns(T::Boolean) }
-      def ecosystem_enabled?
-        allow_beta_ecosystems? && Experiments.enabled?(:enable_bun_ecosystem)
-      end
-      sig { returns(T::Hash[Symbol, String]) }
-      def unknown_ecosystem_versions
-        {
-          package_managers: {
-            "unknown" => 0
-          }
-        }
-      end
-    end
-  end
-end
-Dependabot::FileFetchers
-  .register(Dependabot::Bun::ECOSYSTEM, Dependabot::Bun::FileFetcher)

data/lib/dependabot/bun/file_parser/bun_lock.rb DELETED Viewed

@@ -1,148 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "yaml"
-require "sorbet-runtime"
-module Dependabot
-  module Bun
-    class FileParser < Dependabot::FileParsers::Base
-      class BunLock
-        extend T::Sig
-        sig { params(dependency_file: DependencyFile).void }
-        def initialize(dependency_file)
-          @dependency_file = dependency_file
-        end
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed
-          @parsed ||= begin
-            content = begin
-              # Since bun.lock is a JSONC file, which is a subset of YAML, we can use YAML to parse it
-              YAML.load(T.must(@dependency_file.content))
-            rescue Psych::SyntaxError => e
-              raise_invalid!("malformed JSONC at line #{e.line}, column #{e.column}")
-            end
-            raise_invalid!("expected to be an object") unless content.is_a?(Hash)
-            version = content["lockfileVersion"]
-            raise_invalid!("expected 'lockfileVersion' to be an integer") unless version.is_a?(Integer)
-            raise_invalid!("expected 'lockfileVersion' to be >= 0") unless version >= 0
-            T.let(content, T.untyped)
-          end
-        end
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def dependencies
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-          # bun.lock v0 format:
-          # https://github.com/oven-sh/bun/blob/c130df6c589fdf28f9f3c7f23ed9901140bc9349/src/install/bun.lock.zig#L595-L605
-          packages = parsed["packages"]
-          raise_invalid!("expected 'packages' to be an object") unless packages.is_a?(Hash)
-          packages.each do |key, details|
-            raise_invalid!("expected 'packages.#{key}' to be an array") unless details.is_a?(Array)
-            resolution = details.first
-            raise_invalid!("expected 'packages.#{key}[0]' to be a string") unless resolution.is_a?(String)
-            name, version = resolution.split(/(?<=\w)\@/)
-            next if name.empty?
-            semver = Version.semver_for(version)
-            next unless semver
-            dependency_set << Dependency.new(
-              name: name,
-              version: semver.to_s,
-              package_manager: "npm_and_yarn",
-              requirements: []
-            )
-          end
-          dependency_set
-        end
-        sig do
-          params(dependency_name: String, requirement: T.untyped, _manifest_name: String)
-            .returns(T.nilable(T::Hash[String, T.untyped]))
-        end
-        def details(dependency_name, requirement, _manifest_name)
-          packages = parsed["packages"]
-          return unless packages.is_a?(Hash)
-          candidates =
-            packages
-            .select { |name, _| name == dependency_name }
-            .values
-          # If there's only one entry for this dependency, use it, even if
-          # the requirement in the lockfile doesn't match
-          if candidates.one?
-            parse_details(candidates.first)
-          else
-            candidate = candidates.find do |label, _|
-              label.scan(/(?<=\w)\@(?:npm:)?([^\s,]+)/).flatten.include?(requirement)
-            end&.last
-            parse_details(candidate)
-          end
-        end
-        private
-        sig { params(message: String).void }
-        def raise_invalid!(message)
-          raise Dependabot::DependencyFileNotParseable.new(@dependency_file.path, "Invalid bun.lock file: #{message}")
-        end
-        sig do
-          params(entry: T.nilable(T::Array[T.untyped])).returns(T.nilable(T::Hash[String, T.untyped]))
-        end
-        def parse_details(entry)
-          return unless entry.is_a?(Array)
-          # Either:
-          # - "{name}@{version}", registry, details, integrity
-          # - "{name}@{resolution}", details
-          resolution = entry.first
-          return unless resolution.is_a?(String)
-          name, version = resolution.split(/(?<=\w)\@/)
-          semver = Version.semver_for(version)
-          if semver
-            registry, details, integrity = entry[1..3]
-            {
-              "name" => name,
-              "version" => semver.to_s,
-              "registry" => registry,
-              "details" => details,
-              "integrity" => integrity
-            }
-          else
-            details = entry[1]
-            {
-              "name" => name,
-              "resolution" => version,
-              "details" => details
-            }
-          end
-        end
-      end
-      sig { override.returns(T::Array[Dependabot::Dependency]) }
-      def parse
-        []
-      end
-      private
-      sig { override.void }
-      def check_required_files; end
-    end
-  end
-end

data/lib/dependabot/bun/helpers.rb DELETED Viewed

@@ -1,79 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Bun
-    module Helpers
-      extend T::Sig
-      # BUN Version Constants
-      BUN_V1 = 1
-      BUN_DEFAULT_VERSION = BUN_V1
-      sig { params(_bun_lock: T.nilable(DependencyFile)).returns(Integer) }
-      def self.bun_version_numeric(_bun_lock)
-        BUN_DEFAULT_VERSION
-      end
-      sig { returns(T.nilable(String)) }
-      def self.bun_version
-        run_bun_command("--version", fingerprint: "--version").strip
-      rescue StandardError => e
-        Dependabot.logger.error("Error retrieving Bun version: #{e.message}")
-        nil
-      end
-      sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
-      def self.run_bun_command(command, fingerprint: nil)
-        full_command = "bun #{command}"
-        Dependabot.logger.info("Running bun command: #{full_command}")
-        result = Dependabot::SharedHelpers.run_shell_command(
-          full_command,
-          fingerprint: "bun #{fingerprint || command}"
-        )
-        Dependabot.logger.info("Command executed successfully: #{full_command}")
-        result
-      rescue StandardError => e
-        Dependabot.logger.error("Error running bun command: #{full_command}, Error: #{e.message}")
-        raise
-      end
-      # Fetch the currently installed version of the package manager directly
-      # from the system
-      sig { params(name: String).returns(String) }
-      def self.local_package_manager_version(name)
-        Dependabot::SharedHelpers.run_shell_command(
-          "#{name} -v",
-          fingerprint: "#{name} -v"
-        ).strip
-      end
-      # Run single command on package manager returning stdout/stderr
-      sig do
-        params(
-          name: String,
-          command: String,
-          fingerprint: T.nilable(String)
-        ).returns(String)
-      end
-      def self.package_manager_run_command(name, command, fingerprint: nil)
-        return run_bun_command(command, fingerprint: fingerprint) if name == PackageManager::NAME
-        # TODO: remove this method and just use the one in the PackageManager class
-        "noop"
-      end
-      sig { params(dependency_set: Dependabot::FileParsers::Base::DependencySet).returns(T::Array[Dependency]) }
-      def self.dependencies_with_all_versions_metadata(dependency_set)
-        # TODO: Check if we still need this method
-        dependency_set.dependencies.map do |dependency|
-          dependency.metadata[:all_versions] = dependency_set.all_versions_for_name(dependency.name)
-          dependency
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/bun/language.rb DELETED Viewed

@@ -1,45 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "dependabot/npm_and_yarn/package_manager"
-module Dependabot
-  module Bun
-    class Language < Ecosystem::VersionManager
-      extend T::Sig
-      NAME = "node"
-      SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-      sig do
-        params(
-          detected_version: T.nilable(String),
-          raw_version: T.nilable(String),
-          requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
-        ).void
-      end
-      def initialize(detected_version: nil, raw_version: nil, requirement: nil)
-        super(
-          name: NAME,
-          detected_version: detected_version ? Version.new(detected_version) : nil,
-          version: raw_version ? Version.new(raw_version) : nil,
-          deprecated_versions: DEPRECATED_VERSIONS,
-          supported_versions: SUPPORTED_VERSIONS,
-          requirement: requirement
-        )
-      end
-      sig { override.returns(T::Boolean) }
-      def deprecated?
-        false
-      end
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        false
-      end
-    end
-  end
-end

data/lib/dependabot/bun/package_manager.rb DELETED Viewed

@@ -1,46 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Bun
-    class PackageManager < Ecosystem::VersionManager
-      extend T::Sig
-      NAME = "bun"
-      LOCKFILE_NAME = "bun.lock"
-      # In Bun 1.1.39, the lockfile format was changed from a binary bun.lockb to a text-based bun.lock.
-      # https://bun.sh/blog/bun-lock-text-lockfile
-      MIN_SUPPORTED_VERSION = T.let(Version.new("1.1.39"), Javascript::Version)
-      SUPPORTED_VERSIONS = T.let([MIN_SUPPORTED_VERSION].freeze, T::Array[Javascript::Version])
-      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Version])
-      sig do
-        params(
-          detected_version: T.nilable(String),
-          raw_version: T.nilable(String),
-          requirement: T.nilable(Requirement)
-        ).void
-      end
-      def initialize(detected_version: nil, raw_version: nil, requirement: nil)
-        super(
-          name: NAME,
-          detected_version: detected_version ? Version.new(detected_version) : nil,
-          version: raw_version ? Version.new(raw_version) : nil,
-          deprecated_versions: DEPRECATED_VERSIONS,
-          supported_versions: SUPPORTED_VERSIONS,
-          requirement: requirement
-        )
-      end
-      sig { override.returns(T::Boolean) }
-      def deprecated?
-        false
-      end
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        false
-      end
-    end
-  end
-end

data/lib/dependabot/bun/requirement.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Bun
-    class Requirement < Dependabot::Javascript::Requirement
-    end
-  end
-end
-Dependabot::Utils.register_requirement_class(
-  "bun",
-  Dependabot::Bun::Requirement
-)

data/lib/dependabot/bun/version.rb DELETED Viewed

@@ -1,12 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Bun
-    class Version < Dependabot::Javascript::Version
-    end
-  end
-end
-Dependabot::Utils
-  .register_version_class("bun", Dependabot::Bun::Version)