RubyGems - dependabot-bun - Versions diffs - 0.296.2 → 0.296.3 - Mend

dependabot-bun 0.296.2 → 0.296.3

Files changed (144) hide show

data/lib/dependabot/javascript/bun/file_updater/lockfile_updater.rb DELETED Viewed

@@ -1,138 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class FileUpdater
-        class LockfileUpdater
-          def initialize(dependencies:, dependency_files:, repo_contents_path:, credentials:)
-            @dependencies = dependencies
-            @dependency_files = dependency_files
-            @repo_contents_path = repo_contents_path
-            @credentials = credentials
-          end
-          def updated_bun_lock_content(bun_lock)
-            @updated_bun_lock_content ||= {}
-            return @updated_bun_lock_content[bun_lock.name] if @updated_bun_lock_content[bun_lock.name]
-            new_content = run_bun_update(bun_lock: bun_lock)
-            @updated_bun_lock_content[bun_lock.name] = new_content
-          rescue SharedHelpers::HelperSubprocessFailed => e
-            handle_bun_lock_updater_error(e, bun_lock)
-          end
-          private
-          attr_reader :dependencies
-          attr_reader :dependency_files
-          attr_reader :repo_contents_path
-          attr_reader :credentials
-          ERR_PATTERNS = {
-            /get .* 404/i => Dependabot::DependencyNotFound,
-            /installfailed cloning repository/i => Dependabot::DependencyNotFound,
-            /file:.* failed to resolve/i => Dependabot::DependencyNotFound,
-            /no version matching/i => Dependabot::DependencyFileNotResolvable,
-            /failed to resolve/i => Dependabot::DependencyFileNotResolvable
-          }.freeze
-          def run_bun_update(bun_lock:)
-            SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
-              File.write(".npmrc", npmrc_content(bun_lock))
-              SharedHelpers.with_git_configured(credentials: credentials) do
-                run_bun_updater
-                write_final_package_json_files
-                run_bun_install
-                File.read(bun_lock.name)
-              end
-            end
-          end
-          def run_bun_updater
-            dependency_updates = dependencies.map do |d|
-              "#{d.name}@#{d.version}"
-            end.join(" ")
-            Helpers.run_bun_command(
-              "install #{dependency_updates} --save-text-lockfile",
-              fingerprint: "install <dependency_updates> --save-text-lockfile"
-            )
-          end
-          def run_bun_install
-            Helpers.run_bun_command(
-              "install --save-text-lockfile"
-            )
-          end
-          def lockfile_dependencies(lockfile)
-            @lockfile_dependencies ||= {}
-            @lockfile_dependencies[lockfile.name] ||=
-              FileParser.new(
-                dependency_files: [lockfile, *package_files],
-                source: nil,
-                credentials: credentials
-              ).parse
-          end
-          def handle_bun_lock_updater_error(error, _bun_lock)
-            error_message = error.message
-            ERR_PATTERNS.each do |pattern, error_class|
-              raise error_class, error_message if error_message.match?(pattern)
-            end
-            raise error
-          end
-          def write_final_package_json_files
-            package_files.each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-              File.write(path, updated_package_json_content(file))
-            end
-          end
-          def npmrc_content(bun_lock)
-            Dependabot::Javascript::Shared::FileUpdater::NpmrcBuilder.new(
-              credentials: credentials,
-              dependency_files: dependency_files,
-              dependencies: lockfile_dependencies(bun_lock)
-            ).npmrc_content
-          end
-          def updated_package_json_content(file)
-            @updated_package_json_content ||= {}
-            @updated_package_json_content[file.name] ||=
-              Dependabot::Javascript::Shared::FileUpdater::PackageJsonUpdater.new(
-                package_json: file,
-                dependencies: dependencies
-              ).updated_package_json.content
-          end
-          def package_files
-            @package_files ||= dependency_files.select { |f| f.name.end_with?("package.json") }
-          end
-          def base_dir
-            dependency_files.first.directory
-          end
-          def npmrc_file
-            dependency_files.find { |f| f.name == ".npmrc" }
-          end
-          def sanitize_message(message)
-            message.gsub(/"|\[|\]|\}|\{/, "")
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/file_updater.rb DELETED Viewed

@@ -1,75 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class FileUpdater < Shared::FileUpdater
-        sig { override.returns(T::Array[Regexp]) }
-        def self.updated_files_regex
-          [
-            %r{^(?:.*/)?package\.json$},
-            %r{^(?:.*/)?bun\.lock$} # Matches bun.lock files
-          ]
-        end
-        private
-        sig { override.returns(T.class_of(FileParser::LockfileParser)) }
-        def lockfile_parser_class
-          FileParser::LockfileParser
-        end
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def bun_locks
-          @bun_locks ||= T.let(
-            filtered_dependency_files
-            .select { |f| f.name.end_with?("bun.lock") },
-            T.nilable(T::Array[Dependabot::DependencyFile])
-          )
-        end
-        sig { params(bun_lock: Dependabot::DependencyFile).returns(T::Boolean) }
-        def bun_lock_changed?(bun_lock)
-          bun_lock.content != updated_bun_lock_content(bun_lock)
-        end
-        sig { override.returns(T::Array[Dependabot::DependencyFile]) }
-        def updated_lockfiles
-          updated_files = []
-          bun_locks.each do |bun_lock|
-            next unless bun_lock_changed?(bun_lock)
-            updated_files << updated_file(
-              file: bun_lock,
-              content: updated_bun_lock_content(bun_lock)
-            )
-          end
-          updated_files
-        end
-        sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
-        def updated_bun_lock_content(bun_lock)
-          @updated_bun_lock_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))
-          @updated_bun_lock_content[bun_lock.name] ||=
-            bun_lockfile_updater.updated_bun_lock_content(bun_lock)
-        end
-        sig { returns(Bun::FileUpdater::LockfileUpdater) }
-        def bun_lockfile_updater
-          @bun_lockfile_updater ||= T.let(
-            LockfileUpdater.new(
-              dependencies: dependencies,
-              dependency_files: dependency_files,
-              repo_contents_path: repo_contents_path,
-              credentials: credentials
-            ),
-            T.nilable(Bun::FileUpdater::LockfileUpdater)
-          )
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/helpers.rb DELETED Viewed

@@ -1,72 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      module Helpers
-        extend T::Sig
-        # BUN Version Constants
-        BUN_V1 = 1
-        BUN_DEFAULT_VERSION = BUN_V1
-        sig { params(_bun_lock: T.nilable(DependencyFile)).returns(Integer) }
-        def self.bun_version_numeric(_bun_lock)
-          BUN_DEFAULT_VERSION
-        end
-        sig { returns(T.nilable(String)) }
-        def self.bun_version
-          run_bun_command("--version", fingerprint: "--version").strip
-        rescue StandardError => e
-          Dependabot.logger.error("Error retrieving Bun version: #{e.message}")
-          nil
-        end
-        sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
-        def self.run_bun_command(command, fingerprint: nil)
-          full_command = "bun #{command}"
-          Dependabot.logger.info("Running bun command: #{full_command}")
-          result = Dependabot::SharedHelpers.run_shell_command(
-            full_command,
-            fingerprint: "bun #{fingerprint || command}"
-          )
-          Dependabot.logger.info("Command executed successfully: #{full_command}")
-          result
-        rescue StandardError => e
-          Dependabot.logger.error("Error running bun command: #{full_command}, Error: #{e.message}")
-          raise
-        end
-        # Fetch the currently installed version of the package manager directly
-        # from the system
-        sig { params(name: String).returns(String) }
-        def self.local_package_manager_version(name)
-          Dependabot::SharedHelpers.run_shell_command(
-            "#{name} -v",
-            fingerprint: "#{name} -v"
-          ).strip
-        end
-        # Run single command on package manager returning stdout/stderr
-        sig do
-          params(
-            name: String,
-            command: String,
-            fingerprint: T.nilable(String)
-          ).returns(String)
-        end
-        def self.package_manager_run_command(name, command, fingerprint: nil)
-          return run_bun_command(command, fingerprint: fingerprint) if name == PackageManager::NAME
-          # TODO: remove this method and just use the one in the PackageManager class
-          "noop"
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/package_manager.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class PackageManager < Ecosystem::VersionManager
-        extend T::Sig
-        NAME = "bun"
-        LOCKFILE_NAME = "bun.lock"
-        # In Bun 1.1.39, the lockfile format was changed from a binary bun.lockb to a text-based bun.lock.
-        # https://bun.sh/blog/bun-lock-text-lockfile
-        MIN_SUPPORTED_VERSION = T.let(Version.new("1.1.39"), Dependabot::Version)
-        SUPPORTED_VERSIONS = T.let([MIN_SUPPORTED_VERSION].freeze, T::Array[Dependabot::Version])
-        DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Version])
-        sig do
-          params(
-            detected_version: T.nilable(String),
-            raw_version: T.nilable(String),
-            requirement: T.nilable(Requirement)
-          ).void
-        end
-        def initialize(detected_version: nil, raw_version: nil, requirement: nil)
-          super(
-            name: NAME,
-            detected_version: detected_version ? Version.new(detected_version) : nil,
-            version: raw_version ? Version.new(raw_version) : nil,
-            deprecated_versions: DEPRECATED_VERSIONS,
-            supported_versions: SUPPORTED_VERSIONS,
-            requirement: requirement
-          )
-        end
-        sig { override.returns(T::Boolean) }
-        def deprecated?
-          false
-        end
-        sig { override.returns(T::Boolean) }
-        def unsupported?
-          false
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/requirement.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class Requirement < Dependabot::Javascript::Shared::Requirement
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/update_checker/conflicting_dependency_resolver.rb DELETED Viewed

@@ -1,64 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class UpdateChecker < Dependabot::UpdateCheckers::Base
-        class ConflictingDependencyResolver
-          def initialize(dependency_files:, credentials:)
-            @dependency_files = dependency_files
-            @credentials = credentials
-          end
-          # Finds any dependencies in the `yarn.lock` or `package-lock.json` that
-          # have a subdependency on the given dependency that does not satisfly
-          # the target_version.
-          #
-          # @param dependency [Dependabot::Dependency] the dependency to check
-          # @param target_version [String] the version to check
-          # @return [Array<Hash{String => String}]
-          #   * name [String] the blocking dependencies name
-          #   * version [String] the version of the blocking dependency
-          #   * requirement [String] the requirement on the target_dependency
-          def conflicting_dependencies(dependency:, target_version:)
-            SharedHelpers.in_a_temporary_directory do
-              dependency_files_builder = DependencyFilesBuilder.new(
-                dependency: dependency,
-                dependency_files: dependency_files,
-                credentials: credentials
-              )
-              dependency_files_builder.write_temporary_dependency_files
-              # TODO: Look into using npm/arborist for parsing yarn lockfiles (there's currently partial yarn support)
-              #
-              # Prefer the npm conflicting dependency parser if there's both a npm lockfile and a yarn.lock file as the
-              # npm parser handles edge cases where the package.json is out of sync with the lockfile,
-              # something the yarn parser doesn't deal with at the moment.
-              if dependency_files_builder.lockfiles.any?
-                SharedHelpers.run_helper_subprocess(
-                  command: Dependabot::Javascript::Shared::NativeHelpers.helper_path,
-                  function: "npm:findConflictingDependencies",
-                  args: [Dir.pwd, dependency.name, target_version.to_s]
-                )
-              else
-                SharedHelpers.run_helper_subprocess(
-                  command: Dependabot::Javascript::Shared::NativeHelpers.helper_path,
-                  function: "yarn:findConflictingDependencies",
-                  args: [Dir.pwd, dependency.name, target_version.to_s]
-                )
-              end
-            end
-          rescue SharedHelpers::HelperSubprocessFailed
-            []
-          end
-          private
-          attr_reader :dependency_files
-          attr_reader :credentials
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/bun/update_checker/dependency_files_builder.rb DELETED Viewed

@@ -1,47 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Bun
-      class UpdateChecker
-        class DependencyFilesBuilder < Shared::UpdateChecker::DependencyFilesBuilder
-          extend T::Sig
-          sig { returns(T::Array[Dependabot::DependencyFile]) }
-          def bun_locks
-            @bun_locks ||= T.let(
-              dependency_files
-              .select { |f| f.name.end_with?("bun.lock") },
-              T.nilable(T::Array[Dependabot::DependencyFile])
-            )
-          end
-          sig { returns(T.nilable(Dependabot::DependencyFile)) }
-          def root_bun_lock
-            @root_bun_lock ||= T.let(
-              dependency_files
-              .find { |f| f.name == "bun.lock" },
-              T.nilable(Dependabot::DependencyFile)
-            )
-          end
-          sig { override.returns(T::Array[Dependabot::DependencyFile]) }
-          def lockfiles
-            [*bun_locks]
-          end
-          private
-          sig { override.returns(T::Array[Dependabot::DependencyFile]) }
-          def write_lockfiles
-            [*bun_locks].each do |f|
-              FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-              File.write(f.name, f.content)
-            end
-          end
-        end
-      end
-    end
-  end
-end