dependabot-bun 0.296.0 → 0.296.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (106) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/.eslintrc +11 -0
  3. data/helpers/README.md +29 -0
  4. data/helpers/build +26 -0
  5. data/helpers/jest.config.js +5 -0
  6. data/helpers/lib/npm/conflicting-dependency-parser.js +78 -0
  7. data/helpers/lib/npm/index.js +9 -0
  8. data/helpers/lib/npm/vulnerability-auditor.js +291 -0
  9. data/helpers/lib/npm6/helpers.js +25 -0
  10. data/helpers/lib/npm6/index.js +9 -0
  11. data/helpers/lib/npm6/peer-dependency-checker.js +111 -0
  12. data/helpers/lib/npm6/remove-dependencies-from-lockfile.js +22 -0
  13. data/helpers/lib/npm6/subdependency-updater.js +78 -0
  14. data/helpers/lib/npm6/updater.js +199 -0
  15. data/helpers/lib/pnpm/index.js +5 -0
  16. data/helpers/lib/pnpm/lockfile-parser.js +82 -0
  17. data/helpers/lib/yarn/conflicting-dependency-parser.js +176 -0
  18. data/helpers/lib/yarn/fix-duplicates.js +80 -0
  19. data/helpers/lib/yarn/helpers.js +54 -0
  20. data/helpers/lib/yarn/index.js +14 -0
  21. data/helpers/lib/yarn/lockfile-parser.js +21 -0
  22. data/helpers/lib/yarn/peer-dependency-checker.js +132 -0
  23. data/helpers/lib/yarn/replace-lockfile-declaration.js +57 -0
  24. data/helpers/lib/yarn/subdependency-updater.js +83 -0
  25. data/helpers/lib/yarn/updater.js +209 -0
  26. data/helpers/package-lock.json +28519 -0
  27. data/helpers/package.json +29 -0
  28. data/helpers/patches/npm++pacote+9.5.12.patch +14 -0
  29. data/helpers/run.js +30 -0
  30. data/helpers/test/npm6/conflicting-dependency-parser.test.js +66 -0
  31. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +591 -0
  32. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  33. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package-lock.json +188 -0
  34. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  35. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json +27 -0
  36. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  37. data/helpers/test/npm6/fixtures/updater/original/package-lock.json +16 -0
  38. data/helpers/test/npm6/fixtures/updater/original/package.json +9 -0
  39. data/helpers/test/npm6/fixtures/updater/updated/package-lock.json +16 -0
  40. data/helpers/test/npm6/helpers.js +21 -0
  41. data/helpers/test/npm6/updater.test.js +30 -0
  42. data/helpers/test/pnpm/fixtures/parser/empty_version/pnpm-lock.yaml +72 -0
  43. data/helpers/test/pnpm/fixtures/parser/no_lockfile_change/pnpm-lock.yaml +2744 -0
  44. data/helpers/test/pnpm/fixtures/parser/only_dev_dependencies/pnpm-lock.yaml +16 -0
  45. data/helpers/test/pnpm/fixtures/parser/peer_disambiguation/pnpm-lock.yaml +855 -0
  46. data/helpers/test/pnpm/lockfile-parser.test.js +62 -0
  47. data/helpers/test/yarn/conflicting-dependency-parser.test.js +83 -0
  48. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  49. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +496 -0
  50. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json +14 -0
  51. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock +21 -0
  52. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  53. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +183 -0
  54. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  55. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock +21 -0
  56. data/helpers/test/yarn/fixtures/updater/illegal_character/package.json +8 -0
  57. data/helpers/test/yarn/fixtures/updater/illegal_character/yarn.lock +14 -0
  58. data/helpers/test/yarn/fixtures/updater/original/package.json +6 -0
  59. data/helpers/test/yarn/fixtures/updater/original/yarn.lock +11 -0
  60. data/helpers/test/yarn/fixtures/updater/updated/yarn.lock +12 -0
  61. data/helpers/test/yarn/fixtures/updater/with-version-comments/package.json +5 -0
  62. data/helpers/test/yarn/fixtures/updater/with-version-comments/yarn.lock +13 -0
  63. data/helpers/test/yarn/helpers.js +18 -0
  64. data/helpers/test/yarn/updater.test.js +117 -0
  65. data/lib/dependabot/bun/bun_package_manager.rb +47 -0
  66. data/lib/dependabot/bun/constraint_helper.rb +359 -0
  67. data/lib/dependabot/bun/dependency_files_filterer.rb +157 -0
  68. data/lib/dependabot/bun/file_fetcher/path_dependency_builder.rb +184 -0
  69. data/lib/dependabot/bun/file_fetcher.rb +343 -38
  70. data/lib/dependabot/bun/file_parser/bun_lock.rb +3 -11
  71. data/lib/dependabot/bun/file_parser/lockfile_parser.rb +105 -0
  72. data/lib/dependabot/bun/file_parser.rb +477 -0
  73. data/lib/dependabot/bun/file_updater/bun_lockfile_updater.rb +144 -0
  74. data/lib/dependabot/bun/file_updater/npmrc_builder.rb +256 -0
  75. data/lib/dependabot/bun/file_updater/package_json_preparer.rb +88 -0
  76. data/lib/dependabot/bun/file_updater/package_json_updater.rb +378 -0
  77. data/lib/dependabot/bun/file_updater.rb +203 -0
  78. data/lib/dependabot/bun/helpers.rb +41 -27
  79. data/lib/dependabot/bun/language.rb +2 -2
  80. data/lib/dependabot/bun/metadata_finder.rb +214 -0
  81. data/lib/dependabot/bun/native_helpers.rb +19 -0
  82. data/lib/dependabot/bun/package_manager.rb +261 -27
  83. data/lib/dependabot/bun/package_name.rb +118 -0
  84. data/lib/dependabot/bun/pnpm_package_manager.rb +55 -0
  85. data/lib/dependabot/bun/registry_helper.rb +188 -0
  86. data/lib/dependabot/bun/registry_parser.rb +93 -0
  87. data/lib/dependabot/bun/requirement.rb +134 -2
  88. data/lib/dependabot/bun/sub_dependency_files_filterer.rb +82 -0
  89. data/lib/dependabot/bun/update_checker/conflicting_dependency_resolver.rb +59 -0
  90. data/lib/dependabot/bun/update_checker/dependency_files_builder.rb +79 -0
  91. data/lib/dependabot/bun/update_checker/latest_version_finder.rb +448 -0
  92. data/lib/dependabot/bun/update_checker/library_detector.rb +76 -0
  93. data/lib/dependabot/bun/update_checker/registry_finder.rb +279 -0
  94. data/lib/dependabot/bun/update_checker/requirements_updater.rb +206 -0
  95. data/lib/dependabot/bun/update_checker/subdependency_version_resolver.rb +154 -0
  96. data/lib/dependabot/bun/update_checker/version_resolver.rb +583 -0
  97. data/lib/dependabot/bun/update_checker/vulnerability_auditor.rb +164 -0
  98. data/lib/dependabot/bun/update_checker.rb +455 -0
  99. data/lib/dependabot/bun/version.rb +128 -2
  100. data/lib/dependabot/bun/version_selector.rb +61 -0
  101. data/lib/dependabot/bun.rb +338 -26
  102. metadata +101 -27
  103. data/lib/dependabot/javascript/file_fetcher_helper.rb +0 -245
  104. data/lib/dependabot/javascript/requirement.rb +0 -141
  105. data/lib/dependabot/javascript/version.rb +0 -135
  106. data/lib/dependabot/javascript.rb +0 -8
data/helpers/package.json ADDED
@@ -0,0 +1,29 @@
1
+ {
2
+ "name": "@dependabot/helper",
3
+ "private": true,
4
+ "bin": {
5
+ "helper": "run.js"
6
+ },
7
+ "scripts": {
8
+ "lint": "eslint .",
9
+ "test": "jest",
10
+ "postinstall": "patch-package"
11
+ },
12
+ "dependencies": {
13
+ "@dependabot/yarn-lib": "^1.22.22",
14
+ "@npmcli/arborist": "^8.0.0",
15
+ "detect-indent": "^6.1.0",
16
+ "nock": "^13.5.6",
17
+ "npm": "6.14.18",
18
+ "@pnpm/lockfile-file": "^9.1.2",
19
+ "@pnpm/dependency-path": "^5.1.1",
20
+ "semver": "^7.6.3",
21
+ "patch-package": "^8.0.0"
22
+ },
23
+ "devDependencies": {
24
+ "eslint": "^9.16.0",
25
+ "eslint-config-prettier": "^9.1.0",
26
+ "jest": "^29.7.0",
27
+ "prettier": "^3.4.2"
28
+ }
29
+ }
data/helpers/patches/npm++pacote+9.5.12.patch ADDED
@@ -0,0 +1,14 @@
1
+ diff --git a/node_modules/npm/node_modules/pacote/lib/util/git.js b/node_modules/npm/node_modules/pacote/lib/util/git.js
2
+ index 7642eb2..7bb3324 100644
3
+ --- a/node_modules/npm/node_modules/pacote/lib/util/git.js
4
+ +++ b/node_modules/npm/node_modules/pacote/lib/util/git.js
5
+ @@ -25,7 +25,8 @@ const GOOD_ENV_VARS = new Set([
6
+ 'GIT_SSH',
7
+ 'GIT_SSH_COMMAND',
8
+ 'GIT_SSL_CAINFO',
9
+ - 'GIT_SSL_NO_VERIFY'
10
+ + 'GIT_SSL_NO_VERIFY',
11
+ + 'GIT_CONFIG_GLOBAL'
12
+ ])
13
+
14
+ const GIT_TRANSIENT_ERRORS = [
data/helpers/run.js ADDED
@@ -0,0 +1,30 @@
1
+ #!/usr/bin/env node
2
+
3
+ const process = require('process');
4
+
5
+ function output(obj) {
6
+ process.stdout.write(JSON.stringify(obj));
7
+ }
8
+
9
+ const input = [];
10
+ process.stdin.on("data", (data) => input.push(data));
11
+ process.stdin.on("end", () => {
12
+ const request = JSON.parse(input.join(""));
13
+ const [manager, functionName] = request.function.split(":");
14
+ const helpers = require(`./lib/${manager}`);
15
+ const func = helpers[functionName];
16
+ if (!func) {
17
+ output({ error: `Invalid function ${request.function}` });
18
+ process.exit(1);
19
+ }
20
+
21
+ func
22
+ .apply(null, request.args)
23
+ .then((result) => {
24
+ output({ result: result });
25
+ })
26
+ .catch((error) => {
27
+ output({ error: error.message });
28
+ process.exit(1);
29
+ });
30
+ });
data/helpers/test/npm6/conflicting-dependency-parser.test.js ADDED
@@ -0,0 +1,66 @@
1
+ const path = require("path");
2
+ const os = require("os");
3
+ const fs = require("fs");
4
+ const {
5
+ findConflictingDependencies,
6
+ } = require("../../lib/npm/conflicting-dependency-parser");
7
+ const helpers = require("./helpers");
8
+
9
+ describe("findConflictingDependencies", () => {
10
+ let tempDir;
11
+ beforeEach(() => {
12
+ tempDir = fs.mkdtempSync(os.tmpdir() + path.sep);
13
+ });
14
+ afterEach(() => fs.rm(tempDir, { recursive: true }, () => {}));
15
+
16
+ it("finds conflicting dependencies", async () => {
17
+ helpers.copyDependencies("conflicting-dependency-parser/simple", tempDir);
18
+
19
+ const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
20
+ expect(result).toEqual([
21
+ {
22
+ explanation: "objnest@4.1.2 requires abind@^1.0.0",
23
+ name: "objnest",
24
+ version: "4.1.2",
25
+ requirement: "^1.0.0",
26
+ },
27
+ ]);
28
+ });
29
+
30
+ it("finds the top-level conflicting dependency", async () => {
31
+ helpers.copyDependencies("conflicting-dependency-parser/nested", tempDir);
32
+
33
+ const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
34
+ expect(result).toEqual([
35
+ {
36
+ explanation: "askconfig@4.0.4 requires abind@^1.0.4 via objnest@5.0.10",
37
+ name: "objnest",
38
+ version: "5.0.10",
39
+ requirement: "^1.0.4",
40
+ },
41
+ ]);
42
+ });
43
+
44
+ it("explains a deeply nested dependency", async () => {
45
+ helpers.copyDependencies(
46
+ "conflicting-dependency-parser/deeply-nested",
47
+ tempDir
48
+ );
49
+
50
+ const result = await findConflictingDependencies(tempDir, "abind", "2.0.0");
51
+ expect(result).toEqual([
52
+ {
53
+ explanation: "apass@1.1.0 requires abind@^1.0.0 via cipherjson@2.1.0",
54
+ name: "cipherjson",
55
+ version: "2.1.0",
56
+ requirement: "^1.0.0",
57
+ },
58
+ {
59
+ explanation: `apass@1.1.0 requires abind@^1.0.0 via a transitive dependency on objnest@3.0.9`,
60
+ name: "objnest",
61
+ version: "3.0.9",
62
+ requirement: "^1.0.0",
63
+ },
64
+ ]);
65
+ });
66
+ });