RubyGems - dependabot-bun - Versions diffs - 0.296.0 → 0.296.2 - Mend

dependabot-bun 0.296.0 → 0.296.2

Files changed (55) hide show

data/lib/dependabot/javascript/file_fetcher_helper.rb DELETED Viewed

@@ -1,245 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module FileFetcherHelper
-      include Kernel
-      extend T::Sig
-      PATH_DEPENDENCY_STARTS = T.let(%w(file: / ./ ../ ~/).freeze, [String, String, String, String, String])
-      PATH_DEPENDENCY_CLEAN_REGEX = /^file:|^link:/
-      DEPENDENCY_TYPES = T.let(%w(dependencies devDependencies optionalDependencies).freeze, T::Array[String])
-      sig { params(instance: Dependabot::Bun::FileFetcher).returns(T::Array[DependencyFile]) }
-      def workspace_package_jsons(instance)
-        @workspace_package_jsons ||= T.let(fetch_workspace_package_jsons(instance), T.nilable(T::Array[DependencyFile]))
-      end
-      sig do
-        params(instance: Dependabot::Bun::FileFetcher, fetched_files: T::Array[DependencyFile])
-          .returns(T::Array[DependencyFile])
-      end
-      def path_dependencies(instance, fetched_files)
-        package_json_files = T.let([], T::Array[DependencyFile])
-        path_dependency_details(instance, fetched_files).each do |name, path|
-          # This happens with relative paths in the package-lock. Skipping it since it results
-          # in /package.json which is outside of the project directory.
-          next if path == "file:"
-          path = path.gsub(PATH_DEPENDENCY_CLEAN_REGEX, "")
-          raise PathDependenciesNotReachable, "#{name} at #{path}" if path.start_with?("/")
-          filename = path
-          filename = File.join(filename, MANIFEST_FILENAME)
-          cleaned_name = Pathname.new(filename).cleanpath.to_path
-          next if fetched_files.map(&:name).include?(cleaned_name)
-          file = instance.fetch_file(filename, fetch_submodules: true)
-          package_json_files << file
-        end
-        if package_json_files.any?
-          package_json_files +=
-            path_dependencies(instance, fetched_files + package_json_files)
-        end
-        package_json_files.tap { |fs| fs.each { |f| f.support_file = true } }
-      end
-      sig do
-        params(instance: Dependabot::Bun::FileFetcher, fetched_files: T::Array[DependencyFile])
-          .returns(T::Array[[String, String]])
-      end
-      def path_dependency_details(instance, fetched_files)
-        package_json_path_deps = T.let([], T::Array[[String, String]])
-        fetched_files.each do |file|
-          package_json_path_deps +=
-            path_dependency_details_from_manifest(instance, file)
-        end
-        [
-          *package_json_path_deps
-        ].uniq
-      end
-      # rubocop:disable Metrics/PerceivedComplexity
-      # rubocop:disable Metrics/AbcSize
-      sig { params(instance: Dependabot::Bun::FileFetcher, file: DependencyFile).returns(T::Array[[String, String]]) }
-      def path_dependency_details_from_manifest(instance, file)
-        return [] unless file.name.end_with?(MANIFEST_FILENAME)
-        current_dir = file.name.rpartition("/").first
-        current_dir = nil if current_dir == ""
-        current_depth = File.join(instance.directory, file.name).split("/").count { |path| !path.empty? }
-        path_to_directory = "../" * current_depth
-        dep_types = DEPENDENCY_TYPES # TODO: Is this needed?
-        parsed_manifest = JSON.parse(T.must(file.content))
-        dependency_objects = parsed_manifest.values_at(*dep_types).compact
-        # Fetch yarn "file:" path "resolutions" so the lockfile can be resolved
-        resolution_objects = parsed_manifest.values_at("resolutions").compact
-        manifest_objects = dependency_objects + resolution_objects
-        raise Dependabot::DependencyFileNotParseable, file.path unless manifest_objects.all?(Hash)
-        resolution_deps = resolution_objects.flat_map(&:to_a)
-                                            .map do |path, value|
-          # skip dependencies that contain invalid values such as inline comments, null, etc.
-          unless value.is_a?(String)
-            Dependabot.logger.warn("File fetcher: Skipping dependency \"#{path}\" " \
-                                   "with value: \"#{value}\"")
-            next
-          end
-          convert_dependency_path_to_name(path, value)
-        end
-        path_starts = PATH_DEPENDENCY_STARTS
-        (dependency_objects.flat_map(&:to_a) + resolution_deps)
-          .select { |_, v| v.is_a?(String) && v.start_with?(*path_starts) }
-          .map do |name, path|
-            path = path.gsub(PATH_DEPENDENCY_CLEAN_REGEX, "")
-            raise PathDependenciesNotReachable, "#{name} at #{path}" if path.start_with?("/", "#{path_to_directory}..")
-            path = File.join(current_dir, path) unless current_dir.nil?
-            [name, Pathname.new(path).cleanpath.to_path]
-          end
-      rescue JSON::ParserError
-        raise Dependabot::DependencyFileNotParseable, file.path
-      end
-      # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/PerceivedComplexity
-      # Re-write the glob name to the targeted dependency name (which is used
-      # in the lockfile), for example "parent-package/**/sub-dep/target-dep" >
-      # "target-dep"
-      sig { params(path: String, value: String).returns([String, String]) }
-      def convert_dependency_path_to_name(path, value)
-        # Picking the last two parts that might include a scope
-        parts = path.split("/").last(2)
-        parts.shift if parts.count == 2 && !T.must(parts.first).start_with?("@")
-        [parts.join("/"), value]
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher).returns(T::Array[DependencyFile]) }
-      def fetch_workspace_package_jsons(instance)
-        parsed_manifest = parsed_package_json(instance)
-        return [] unless parsed_manifest["workspaces"]
-        workspace_paths(instance, parsed_manifest["workspaces"]).filter_map do |workspace|
-          fetch_package_json_if_present(instance, workspace)
-        end
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, workspace_object: T.untyped).returns(T::Array[String]) }
-      def workspace_paths(instance, workspace_object)
-        paths_array =
-          if workspace_object.is_a?(Hash)
-            workspace_object.values_at("packages", "nohoist").flatten.compact
-          elsif workspace_object.is_a?(Array) then workspace_object
-          else
-            [] # Invalid lerna.json, which must not be in use
-          end
-        paths_array.flat_map { |path| recursive_find_directories(instance, path) }
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, glob: String).returns(T::Array[String]) }
-      def find_directories(instance, glob)
-        return [glob] unless glob.include?("*")
-        unglobbed_path =
-          glob.gsub(%r{^\./}, "").gsub(/!\(.*?\)/, "*")
-              .split("*")
-              .first&.gsub(%r{(?<=/)[^/]*$}, "") || "."
-        dir = instance.directory.gsub(%r{(^/|/$)}, "")
-        paths =
-          instance.fetch_repo_contents(dir: unglobbed_path, raise_errors: false)
-                  .select { |file| file.type == "dir" }
-                  .map { |f| f.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "") }
-        matching_paths(glob, paths)
-      end
-      sig { params(glob: String, paths: T::Array[String]).returns(T::Array[String]) }
-      def matching_paths(glob, paths)
-        glob = glob.gsub(%r{^\./}, "").gsub(/!\(.*?\)/, "*")
-        glob = "#{glob}/*" if glob.end_with?("**")
-        paths.select { |filename| File.fnmatch?(glob, filename, File::FNM_PATHNAME) }
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, glob: String, prefix: String).returns(T::Array[String]) }
-      def recursive_find_directories(instance, glob, prefix = "")
-        return [prefix + glob] unless glob.include?("*")
-        glob = glob.gsub(%r{^\./}, "")
-        glob_parts = glob.split("/")
-        current_glob = glob_parts.first
-        paths = find_directories(instance, prefix + T.must(current_glob))
-        next_parts = current_glob == "**" ? glob_parts : glob_parts.drop(1)
-        return paths if next_parts.empty?
-        paths += paths.flat_map do |expanded_path|
-          recursive_find_directories(instance, next_parts.join("/"), "#{expanded_path}/")
-        end
-        matching_paths(prefix + glob, paths)
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, workspace: String).returns(T.nilable(DependencyFile)) }
-      def fetch_package_json_if_present(instance, workspace)
-        file = File.join(workspace, MANIFEST_FILENAME)
-        begin
-          instance.fetch_file(file)
-        rescue Dependabot::DependencyFileNotFound
-          # Not all paths matched by a workspace glob may contain a package.json
-          # file. Ignore if that's the case
-          nil
-        end
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher).returns(DependencyFile) }
-      def package_json(instance)
-        @package_json ||= T.let(instance.fetch_file(Javascript::MANIFEST_FILENAME), T.nilable(DependencyFile))
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher).returns(T.untyped) }
-      def parsed_package_json(instance)
-        manifest_file = package_json(instance)
-        parsed = JSON.parse(T.must(manifest_file.content))
-        raise Dependabot::DependencyFileNotParseable, manifest_file.path unless parsed.is_a?(Hash)
-        parsed
-      rescue JSON::ParserError
-        raise Dependabot::DependencyFileNotParseable, T.must(manifest_file).path
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, filename: String).returns(T.nilable(DependencyFile)) }
-      def fetch_file_with_support(instance, filename)
-        instance.fetch_file(filename).tap { |f| f.support_file = true }
-      rescue Dependabot::DependencyFileNotFound
-        nil
-      end
-      sig { params(instance: Dependabot::Bun::FileFetcher, filename: String).returns(T.nilable(DependencyFile)) }
-      def fetch_file_from_parent_directories(instance, filename)
-        (1..instance.directory.split("/").count).each do |i|
-          file = fetch_file_with_support(instance, ("../" * i) + filename)
-          return file if file
-        end
-        nil
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/requirement.rb DELETED Viewed

@@ -1,141 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-require "sorbet-runtime"
-require "dependabot/requirement"
-require "dependabot/utils"
-require "dependabot/npm_and_yarn/version"
-module Dependabot
-  module Javascript
-    class Requirement < Dependabot::Requirement
-      extend T::Sig
-      AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
-      OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/
-      # Override the version pattern to allow a 'v' prefix
-      quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
-      version_pattern = "v?#{Javascript::Version::VERSION_PATTERN}"
-      PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
-      PATTERN = /\A#{PATTERN_RAW}\z/
-      def self.parse(obj)
-        return ["=", nil] if obj.is_a?(String) && Version::VERSION_TAGS.include?(obj.strip)
-        return ["=", Javascript::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
-        unless (matches = PATTERN.match(obj.to_s))
-          msg = "Illformed requirement [#{obj.inspect}]"
-          raise BadRequirementError, msg
-        end
-        return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
-        [matches[1] || "=", Javascript::Version.new(T.must(matches[2]))]
-      end
-      # Returns an array of requirements. At least one requirement from the
-      # returned array must be satisfied for a version to be valid.
-      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
-      def self.requirements_array(requirement_string)
-        return [new(nil)] if requirement_string.nil?
-        # Removing parentheses is technically wrong but they are extremely
-        # rarely used.
-        # TODO: Handle complicated parenthesised requirements
-        requirement_string = requirement_string.gsub(/[()]/, "")
-        requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
-          requirements = req_string.strip.split(AND_SEPARATOR)
-          new(requirements)
-        end
-      end
-      def initialize(*requirements)
-        requirements = requirements.flatten
-                                   .flat_map { |req_string| req_string.split(",").map(&:strip) }
-                                   .flat_map { |req_string| convert_js_constraint_to_ruby_constraint(req_string) }
-        super(requirements)
-      end
-      private
-      def convert_js_constraint_to_ruby_constraint(req_string)
-        return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
-        req_string = req_string.gsub(/(?:\.|^)[xX*]/, "")
-        if req_string.empty? then ">= 0"
-        elsif req_string.start_with?("~>") then req_string
-        elsif req_string.start_with?("=") then req_string.gsub(/^=*/, "")
-        elsif req_string.start_with?("~") then convert_tilde_req(req_string)
-        elsif req_string.start_with?("^") then convert_caret_req(req_string)
-        elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
-        elsif req_string.match?(/[<>]/) then req_string
-        else
-          ruby_range(req_string)
-        end
-      end
-      def convert_tilde_req(req_string)
-        version = req_string.gsub(/^~\>?[\s=]*/, "")
-        parts = version.split(".")
-        parts << "0" if parts.count < 3
-        "~> #{parts.join('.')}"
-      end
-      def convert_hyphen_req(req_string)
-        lower_bound, upper_bound = req_string.split(/\s+-\s+/)
-        lower_bound_parts = lower_bound.split(".")
-        lower_bound_parts.fill("0", lower_bound_parts.length...3)
-        upper_bound_parts = upper_bound.split(".")
-        upper_bound_range =
-          if upper_bound_parts.length < 3
-            # When upper bound is a partial version treat these as an X-range
-            upper_bound_parts[-1] = upper_bound_parts[-1].to_i + 1 if upper_bound_parts[-1].to_i.positive?
-            upper_bound_parts.fill("0", upper_bound_parts.length...3)
-            "< #{upper_bound_parts.join('.')}.a"
-          else
-            "<= #{upper_bound_parts.join('.')}"
-          end
-        [">= #{lower_bound_parts.join('.')}", upper_bound_range]
-      end
-      def ruby_range(req_string)
-        parts = req_string.split(".")
-        # If we have three or more parts then this is an exact match
-        return req_string if parts.count >= 3
-        # If we have fewer than three parts we do a partial match
-        parts << "0"
-        "~> #{parts.join('.')}"
-      end
-      def convert_caret_req(req_string)
-        version = req_string.gsub(/^\^[\s=]*/, "")
-        parts = version.split(".")
-        parts.fill("x", parts.length...3)
-        first_non_zero = parts.find { |d| d != "0" }
-        first_non_zero_index =
-          first_non_zero ? parts.index(first_non_zero) : parts.count - 1
-        # If the requirement has a blank minor or patch version increment the
-        # previous index value with 1
-        first_non_zero_index -= 1 if first_non_zero == "x"
-        upper_bound = parts.map.with_index do |part, i|
-          if i < first_non_zero_index then part
-          elsif i == first_non_zero_index then (part.to_i + 1).to_s
-          elsif i > first_non_zero_index && i == 2 then "0.a"
-          else
-            0
-          end
-        end.join(".")
-        [">= #{version}", "< #{upper_bound}"]
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/version.rb DELETED Viewed

@@ -1,135 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "dependabot/version"
-require "dependabot/utils"
-require "sorbet-runtime"
-# JavaScript pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
-# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
-# alteration.
-#
-# See https://semver.org/ for details of node's version syntax.
-module Dependabot
-  module Javascript
-    class Version < Dependabot::Version
-      extend T::Sig
-      sig { returns(T.nilable(String)) }
-      attr_reader :build_info
-      # These are possible npm versioning tags that can be used in place of a version.
-      # See https://docs.npmjs.com/cli/v10/commands/npm-dist-tag#purpose for more details.
-      VERSION_TAGS = T.let([
-        "alpha",        # Alpha version, early testing phase
-        "beta",         # Beta version, more stable than alpha
-        "canary",       # Canary version, often used for cutting-edge builds
-        "dev",          # Development version, ongoing development
-        "experimental", # Experimental version, unstable and new features
-        "latest",       # Latest stable version, used by npm to identify the current version of a package
-        "legacy",       # Legacy version, older version maintained for compatibility
-        "next",         # Next version, used by some projects to identify the upcoming version
-        "nightly",      # Nightly build, daily builds often including latest changes
-        "rc",           # Release candidate, potential final version
-        "release",      # General release version
-        "stable"        # Stable version, thoroughly tested and stable
-      ].freeze.map(&:freeze), T::Array[String])
-      VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
-      sig { override.params(version: VersionParameter).returns(T::Boolean) }
-      def self.correct?(version)
-        version = version.gsub(/^v/, "") if version.is_a?(String)
-        return false if version.nil?
-        version.to_s.match?(ANCHORED_VERSION_PATTERN)
-      end
-      sig { params(version: VersionParameter).returns(VersionParameter) }
-      def self.semver_for(version)
-        # The next two lines are to guard against improperly formatted
-        # versions in a lockfile, such as an empty string or additional
-        # characters. NPM/yarn fixes these when running an update, so we can
-        # safely ignore these versions.
-        return if version == ""
-        return unless correct?(version)
-        version
-      end
-      sig { override.params(version: VersionParameter).void }
-      def initialize(version)
-        version = clean_version(version)
-        @version_string = T.let(version.to_s, String)
-        @build_info = T.let(nil, T.nilable(String))
-        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
-        super(T.must(version))
-      end
-      sig { params(version: VersionParameter).returns(VersionParameter) }
-      def clean_version(version)
-        # Check if version is a string before attempting to match
-        if version.is_a?(String)
-          # Matches @ followed by x.y.z (digits separated by dots)
-          if (match = version.match(/@(\d+\.\d+\.\d+)/))
-            version = match[1] # Just "4.5.3"
-          # Extract version in case the output contains Corepack verbose data
-          elsif version.include?("Corepack")
-            version = T.must(T.must(version.tr("\n", " ").match(/(\d+\.\d+\.\d+)/))[-1])
-          end
-          version = version&.gsub(/^v/, "")
-        end
-        version
-      end
-      sig { override.params(version: VersionParameter).returns(Dependabot::Javascript::Version) }
-      def self.new(version)
-        T.cast(super, Dependabot::Javascript::Version)
-      end
-      sig { returns(Integer) }
-      def major
-        @major ||= T.let(segments[0].to_i, T.nilable(Integer))
-      end
-      sig { returns(Integer) }
-      def minor
-        @minor ||= T.let(segments[1].to_i, T.nilable(Integer))
-      end
-      sig { returns(Integer) }
-      def patch
-        @patch ||= T.let(segments[2].to_i, T.nilable(Integer))
-      end
-      sig { params(other: Dependabot::Javascript::Version).returns(T::Boolean) }
-      def backwards_compatible_with?(other)
-        case major
-        when 0
-          self == other
-        else
-          major == other.major && minor >= other.minor
-        end
-      end
-      sig { override.returns(String) }
-      def to_s
-        @version_string
-      end
-      sig { override.returns(String) }
-      def inspect
-        "#<#{self.class} #{@version_string}>"
-      end
-    end
-  end
-end