RubyGems - dependabot-bun - Versions diffs - 0.296.2 → 0.296.3 - Mend

dependabot-bun 0.296.2 → 0.296.3

Files changed (144) hide show

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bun
 version: !ruby/object:Gem::Version
-  version: 0.296.2
+  version: 0.296.3
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-11 00:00:00.000000000 Z
+date: 2025-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.296.2
+        version: 0.296.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.296.2
-- !ruby/object:Gem::Dependency
-  name: zeitwerk
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
+        version: 0.296.3
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -248,63 +234,120 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
-description: Dependabot-bun provides support for bumping Javascript libraries using
-  bun via Dependabot.If you want support for multiple package managers, you probably
-  want the meta-gem dependabot-omnibus.
+description: Dependabot-BUN provides support for bumping Javascript libraries via
+  Dependabot. If you want support for multiple package managers, you probably want
+  the meta-gem dependabot-omnibus.
 email: opensource@github.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- helpers/.eslintrc
+- helpers/README.md
+- helpers/build
+- helpers/jest.config.js
+- helpers/lib/npm/conflicting-dependency-parser.js
+- helpers/lib/npm/index.js
+- helpers/lib/npm/vulnerability-auditor.js
+- helpers/lib/npm6/helpers.js
+- helpers/lib/npm6/index.js
+- helpers/lib/npm6/peer-dependency-checker.js
+- helpers/lib/npm6/remove-dependencies-from-lockfile.js
+- helpers/lib/npm6/subdependency-updater.js
+- helpers/lib/npm6/updater.js
+- helpers/lib/pnpm/index.js
+- helpers/lib/pnpm/lockfile-parser.js
+- helpers/lib/yarn/conflicting-dependency-parser.js
+- helpers/lib/yarn/fix-duplicates.js
+- helpers/lib/yarn/helpers.js
+- helpers/lib/yarn/index.js
+- helpers/lib/yarn/lockfile-parser.js
+- helpers/lib/yarn/peer-dependency-checker.js
+- helpers/lib/yarn/replace-lockfile-declaration.js
+- helpers/lib/yarn/subdependency-updater.js
+- helpers/lib/yarn/updater.js
+- helpers/package-lock.json
+- helpers/package.json
+- helpers/patches/npm++pacote+9.5.12.patch
+- helpers/run.js
+- helpers/test/npm6/conflicting-dependency-parser.test.js
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json
+- helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/npm6/fixtures/updater/original/package-lock.json
+- helpers/test/npm6/fixtures/updater/original/package.json
+- helpers/test/npm6/fixtures/updater/updated/package-lock.json
+- helpers/test/npm6/helpers.js
+- helpers/test/npm6/updater.test.js
+- helpers/test/pnpm/fixtures/parser/empty_version/pnpm-lock.yaml
+- helpers/test/pnpm/fixtures/parser/no_lockfile_change/pnpm-lock.yaml
+- helpers/test/pnpm/fixtures/parser/only_dev_dependencies/pnpm-lock.yaml
+- helpers/test/pnpm/fixtures/parser/peer_disambiguation/pnpm-lock.yaml
+- helpers/test/pnpm/lockfile-parser.test.js
+- helpers/test/yarn/conflicting-dependency-parser.test.js
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
+- helpers/test/yarn/fixtures/updater/illegal_character/package.json
+- helpers/test/yarn/fixtures/updater/illegal_character/yarn.lock
+- helpers/test/yarn/fixtures/updater/original/package.json
+- helpers/test/yarn/fixtures/updater/original/yarn.lock
+- helpers/test/yarn/fixtures/updater/updated/yarn.lock
+- helpers/test/yarn/fixtures/updater/with-version-comments/package.json
+- helpers/test/yarn/fixtures/updater/with-version-comments/yarn.lock
+- helpers/test/yarn/helpers.js
+- helpers/test/yarn/updater.test.js
 - lib/dependabot/bun.rb
-- lib/dependabot/javascript.rb
-- lib/dependabot/javascript/bun/file_fetcher.rb
-- lib/dependabot/javascript/bun/file_parser.rb
-- lib/dependabot/javascript/bun/file_parser/bun_lock.rb
-- lib/dependabot/javascript/bun/file_parser/lockfile_parser.rb
-- lib/dependabot/javascript/bun/file_updater.rb
-- lib/dependabot/javascript/bun/file_updater/lockfile_updater.rb
-- lib/dependabot/javascript/bun/helpers.rb
-- lib/dependabot/javascript/bun/package_manager.rb
-- lib/dependabot/javascript/bun/requirement.rb
-- lib/dependabot/javascript/bun/update_checker.rb
-- lib/dependabot/javascript/bun/update_checker/conflicting_dependency_resolver.rb
-- lib/dependabot/javascript/bun/update_checker/dependency_files_builder.rb
-- lib/dependabot/javascript/bun/update_checker/latest_version_finder.rb
-- lib/dependabot/javascript/bun/update_checker/library_detector.rb
-- lib/dependabot/javascript/bun/update_checker/requirements_updater.rb
-- lib/dependabot/javascript/bun/update_checker/subdependency_version_resolver.rb
-- lib/dependabot/javascript/bun/update_checker/version_resolver.rb
-- lib/dependabot/javascript/bun/update_checker/vulnerability_auditor.rb
-- lib/dependabot/javascript/bun/version.rb
-- lib/dependabot/javascript/shared/constraint_helper.rb
-- lib/dependabot/javascript/shared/dependency_files_filterer.rb
-- lib/dependabot/javascript/shared/file_fetcher.rb
-- lib/dependabot/javascript/shared/file_parser.rb
-- lib/dependabot/javascript/shared/file_parser/lockfile_parser.rb
-- lib/dependabot/javascript/shared/file_updater.rb
-- lib/dependabot/javascript/shared/file_updater/npmrc_builder.rb
-- lib/dependabot/javascript/shared/file_updater/package_json_preparer.rb
-- lib/dependabot/javascript/shared/file_updater/package_json_updater.rb
-- lib/dependabot/javascript/shared/language.rb
-- lib/dependabot/javascript/shared/metadata_finder.rb
-- lib/dependabot/javascript/shared/native_helpers.rb
-- lib/dependabot/javascript/shared/package_manager_detector.rb
-- lib/dependabot/javascript/shared/package_name.rb
-- lib/dependabot/javascript/shared/registry_helper.rb
-- lib/dependabot/javascript/shared/registry_parser.rb
-- lib/dependabot/javascript/shared/requirement.rb
-- lib/dependabot/javascript/shared/sub_dependency_files_filterer.rb
-- lib/dependabot/javascript/shared/update_checker/dependency_files_builder.rb
-- lib/dependabot/javascript/shared/update_checker/registry_finder.rb
-- lib/dependabot/javascript/shared/version.rb
-- lib/dependabot/javascript/shared/version_selector.rb
+- lib/dependabot/bun/bun_package_manager.rb
+- lib/dependabot/bun/constraint_helper.rb
+- lib/dependabot/bun/dependency_files_filterer.rb
+- lib/dependabot/bun/file_fetcher.rb
+- lib/dependabot/bun/file_fetcher/path_dependency_builder.rb
+- lib/dependabot/bun/file_parser.rb
+- lib/dependabot/bun/file_parser/bun_lock.rb
+- lib/dependabot/bun/file_parser/lockfile_parser.rb
+- lib/dependabot/bun/file_updater.rb
+- lib/dependabot/bun/file_updater/bun_lockfile_updater.rb
+- lib/dependabot/bun/file_updater/npmrc_builder.rb
+- lib/dependabot/bun/file_updater/package_json_preparer.rb
+- lib/dependabot/bun/file_updater/package_json_updater.rb
+- lib/dependabot/bun/helpers.rb
+- lib/dependabot/bun/language.rb
+- lib/dependabot/bun/metadata_finder.rb
+- lib/dependabot/bun/native_helpers.rb
+- lib/dependabot/bun/package_manager.rb
+- lib/dependabot/bun/package_name.rb
+- lib/dependabot/bun/pnpm_package_manager.rb
+- lib/dependabot/bun/registry_helper.rb
+- lib/dependabot/bun/registry_parser.rb
+- lib/dependabot/bun/requirement.rb
+- lib/dependabot/bun/sub_dependency_files_filterer.rb
+- lib/dependabot/bun/update_checker.rb
+- lib/dependabot/bun/update_checker/conflicting_dependency_resolver.rb
+- lib/dependabot/bun/update_checker/dependency_files_builder.rb
+- lib/dependabot/bun/update_checker/latest_version_finder.rb
+- lib/dependabot/bun/update_checker/library_detector.rb
+- lib/dependabot/bun/update_checker/registry_finder.rb
+- lib/dependabot/bun/update_checker/requirements_updater.rb
+- lib/dependabot/bun/update_checker/subdependency_version_resolver.rb
+- lib/dependabot/bun/update_checker/version_resolver.rb
+- lib/dependabot/bun/update_checker/vulnerability_auditor.rb
+- lib/dependabot/bun/version.rb
+- lib/dependabot/bun/version_selector.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.2
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.3
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -323,5 +366,5 @@ requirements: []
 rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
-summary: Provides Dependabot support for bun
+summary: Provides Dependabot support for Javascript
 test_files: []

data/lib/dependabot/javascript/bun/file_fetcher.rb DELETED Viewed

@@ -1,77 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class FileFetcher < Shared::FileFetcher
-        extend T::Sig
-        extend T::Helpers
-        sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
-        def self.required_files_in?(filenames)
-          filenames.include?("package.json")
-        end
-        sig { override.returns(String) }
-        def self.required_files_message
-          "Repo must contain a package.json."
-        end
-        sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
-        def ecosystem_versions
-          return unknown_ecosystem_versions unless ecosystem_enabled?
-          {
-            package_managers: {
-              "bun" => 1
-            }
-          }
-        end
-        sig { override.returns(T::Array[DependencyFile]) }
-        def fetch_files
-          fetched_files = T.let([], T::Array[DependencyFile])
-          fetched_files << package_json(self)
-          fetched_files += bun_files if ecosystem_enabled?
-          fetched_files += workspace_package_jsons(self)
-          fetched_files += path_dependencies(self, fetched_files)
-          fetched_files.uniq
-        end
-        private
-        sig { returns(T::Array[DependencyFile]) }
-        def bun_files
-          [bun_lock].compact
-        end
-        sig { returns(T.nilable(DependencyFile)) }
-        def bun_lock
-          return @bun_lock if defined?(@bun_lock)
-          @bun_lock ||= T.let(fetch_file_if_present(PackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
-          return @bun_lock if @bun_lock || directory == "/"
-          @bun_lock = fetch_file_from_parent_directories(self, PackageManager::LOCKFILE_NAME)
-        end
-        sig { returns(T::Boolean) }
-        def ecosystem_enabled?
-          allow_beta_ecosystems? && Experiments.enabled?(:enable_bun_ecosystem)
-        end
-        sig { returns(T::Hash[Symbol, String]) }
-        def unknown_ecosystem_versions
-          {
-            package_managers: {
-              "unknown" => 0
-            }
-          }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/file_parser/bun_lock.rb DELETED Viewed

@@ -1,156 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class FileParser
-        class BunLock < Shared::FileParser::Lockfile
-          extend T::Sig
-          sig { params(dependency_file: DependencyFile).void }
-          def initialize(dependency_file)
-            super
-            @parsed = T.let(
-              nil,
-              T.nilable(T::Hash[String, T.any(Integer, String, T::Array[String], T::Hash[String, String])])
-            )
-          end
-          sig { override.returns(T::Hash[String, T.untyped]) }
-          def parsed
-            @parsed ||= begin
-              content = begin
-                # Since bun.lock is a JSONC file, which is a subset of YAML, we can use YAML to parse it
-                YAML.load(T.must(@dependency_file.content))
-              rescue Psych::SyntaxError => e
-                raise_invalid!("malformed JSONC at line #{e.line}, column #{e.column}")
-              end
-              raise_invalid!("expected to be an object") unless content.is_a?(Hash)
-              version = content["lockfileVersion"]
-              raise_invalid!("expected 'lockfileVersion' to be an integer") unless version.is_a?(Integer)
-              raise_invalid!("expected 'lockfileVersion' to be >= 0") unless version >= 0
-              content
-            end
-          end
-          sig { override.returns(Dependabot::FileParsers::Base::DependencySet) }
-          def dependencies
-            dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-            # bun.lock v0 format:
-            # https://github.com/oven-sh/bun/blob/c130df6c589fdf28f9f3c7f23ed9901140bc9349/src/install/bun.lock.zig#L595-L605
-            packages = parsed["packages"]
-            raise_invalid!("expected 'packages' to be an object") unless packages.is_a?(Hash)
-            packages.each do |key, details|
-              raise_invalid!("expected 'packages.#{key}' to be an array") unless details.is_a?(Array)
-              resolution = details.first
-              raise_invalid!("expected 'packages.#{key}[0]' to be a string") unless resolution.is_a?(String)
-              name, version = resolution.split(/(?<=\w)\@/)
-              next if name.empty?
-              semver = Version.semver_for(version)
-              next unless semver
-              dependency_set << Dependency.new(
-                name: name,
-                version: semver.to_s,
-                package_manager: "bun",
-                requirements: []
-              )
-            end
-            dependency_set
-          end
-          sig do
-            override
-              .params(
-                dependency_name: String,
-                requirement: T.untyped,
-                manifest_name: String
-              )
-              .returns(T.nilable(T::Hash[String, T.untyped]))
-          end
-          def details(dependency_name, requirement, manifest_name) # rubocop:disable Lint/UnusedMethodArgument
-            packages = parsed["packages"]
-            return unless packages.is_a?(Hash)
-            candidates =
-              packages
-              .select { |name, _| name == dependency_name }
-              .values
-            # If there's only one entry for this dependency, use it, even if
-            # the requirement in the lockfile doesn't match
-            if candidates.one?
-              parse_details(candidates.first)
-            else
-              candidate = candidates.find do |label, _|
-                label.scan(/(?<=\w)\@(?:npm:)?([^\s,]+)/).flatten.include?(requirement)
-              end&.last
-              parse_details(candidate)
-            end
-          end
-          private
-          sig { params(message: String).void }
-          def raise_invalid!(message)
-            raise Dependabot::DependencyFileNotParseable.new(@dependency_file.path, "Invalid bun.lock file: #{message}")
-          end
-          sig do
-            params(entry: T.nilable(T::Array[T.untyped])).returns(T.nilable(T::Hash[String, T.untyped]))
-          end
-          def parse_details(entry)
-            return unless entry.is_a?(Array)
-            # Either:
-            # - "{name}@{version}", registry, details, integrity
-            # - "{name}@{resolution}", details
-            resolution = entry.first
-            return unless resolution.is_a?(String)
-            name, version = resolution.split(/(?<=\w)\@/)
-            semver = Version.semver_for(version)
-            if semver
-              registry, details, integrity = entry[1..3]
-              {
-                "name" => name,
-                "version" => semver.to_s,
-                "registry" => registry,
-                "details" => details,
-                "integrity" => integrity
-              }
-            else
-              details = entry[1]
-              {
-                "name" => name,
-                "resolution" => version,
-                "details" => details
-              }
-            end
-          end
-        end
-        sig { override.returns(T::Array[Dependabot::Dependency]) }
-        def parse
-          []
-        end
-        private
-        sig { override.void }
-        def check_required_files; end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/file_parser/lockfile_parser.rb DELETED Viewed

@@ -1,55 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class FileParser
-        class LockfileParser < Shared::FileParser::LockfileParser
-          extend T::Sig
-          DEFAULT_LOCKFILES = %w(bun.lock).freeze
-          sig { override.returns(Dependabot::FileParsers::Base::DependencySet) }
-          def parse_set
-            dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-            bun_locks.each do |file|
-              dependency_set += lockfile_for(file).dependencies
-            end
-            dependency_set
-          end
-          sig { override.returns(T::Array[String]) }
-          def default_lockfiles
-            DEFAULT_LOCKFILES
-          end
-          private
-          sig { override.params(file: DependencyFile).returns(BunLock) }
-          def lockfile_for(file)
-            @lockfiles ||= T.let({}, T.nilable(T::Hash[String, BunLock]))
-            @lockfiles[file.name] ||= case file.name
-                                      when *bun_locks.map(&:name)
-                                        Bun::FileParser::BunLock.new(file)
-                                      else
-                                        raise "Unexpected lockfile: #{file.name}"
-                                      end
-          end
-          sig { returns(T::Array[DependencyFile]) }
-          def bun_locks
-            @bun_locks ||= T.let(select_files_by_extension("bun.lock"), T.nilable(T::Array[DependencyFile]))
-          end
-          sig { override.returns(T.class_of(Version)) }
-          def version_class
-            Version
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/file_parser.rb DELETED Viewed

@@ -1,74 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-# See https://docs.npmjs.com/files/package.json for package.json format docs.
-module Dependabot
-  module Javascript
-    module Bun
-      class FileParser < Shared::FileParser
-        extend T::Sig
-        sig { override.returns(Ecosystem) }
-        def ecosystem
-          @ecosystem ||= T.let(
-            Ecosystem.new(
-              name: ECOSYSTEM,
-              package_manager: PackageManager.new(detected_version:),
-              language: Shared::Language.new(detected_version:)
-            ),
-            T.nilable(Ecosystem)
-          )
-        end
-        private
-        sig { returns(T.nilable(String)) }
-        def detected_version
-          Helpers.local_package_manager_version(Bun::PackageManager::NAME)
-        end
-        sig { override.returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
-        def lockfiles
-          {
-            bun: bun_lock
-          }
-        end
-        sig { override.returns(LockfileParser) }
-        def lockfile_parser
-          @lockfile_parser ||= T.let(LockfileParser.new(
-                                       dependency_files: dependency_files
-                                     ), T.nilable(LockfileParser))
-        end
-        sig { override.returns(T::Hash[Symbol, T.nilable(Dependabot::DependencyFile)]) }
-        def registry_config_files
-          {
-            npmrc: npmrc
-          }
-        end
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def bun_lock
-          @bun_lock ||= T.let(dependency_files.find do |f|
-            f.name.end_with?(PackageManager::LOCKFILE_NAME)
-          end, T.nilable(Dependabot::DependencyFile))
-        end
-        sig { override.returns(T.class_of(Version)) }
-        def version_class
-          Version
-        end
-        sig { override.returns(T.class_of(Requirement)) }
-        def requirement_class
-          Requirement
-        end
-        sig { override.void }
-        def check_required_files; end
-      end
-    end
-  end
-end