dependabot-bun 0.373.0 → 0.374.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bun/dependency_grapher.rb +101 -0
- data/lib/dependabot/bun.rb +1 -0
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8262719a72e3213f41fe3f1d26d7efb11a622ff03b9f08539216daf9fdf935e2
|
|
4
|
+
data.tar.gz: a1bafb40bc94437c6b53de4f1796342d731e65bdf03040f1893f110581d61eda
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bacf85e5f892f22a607f1602c2a60427cf54a0c552d18d34ca97f2130060ee1a968e2312e2dfac6b1be64e61e66db84ea26bf9f266b8049a2213c26f01742a19
|
|
7
|
+
data.tar.gz: 74752e2ff6f5c595924a2f980fa0177dbaabaa4c99478ac505a221df144f8c137bdc895216a827d4eccf2b196d3bdb26d31207e0cad6540ef24f75338b62b2de
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/dependency_graphers"
|
|
7
|
+
require "dependabot/dependency_graphers/base"
|
|
8
|
+
require "dependabot/bun/file_parser"
|
|
9
|
+
require "dependabot/bun/file_parser/bun_lock"
|
|
10
|
+
require "dependabot/bun/bun_package_manager"
|
|
11
|
+
|
|
12
|
+
module Dependabot
|
|
13
|
+
module Bun
|
|
14
|
+
class DependencyGrapher < Dependabot::DependencyGraphers::Base
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
sig { override.returns(Dependabot::DependencyFile) }
|
|
18
|
+
def relevant_dependency_file
|
|
19
|
+
lockfile || package_json
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
sig { override.void }
|
|
23
|
+
def prepare!
|
|
24
|
+
if lockfile.nil?
|
|
25
|
+
Dependabot.logger.warn("No bun.lock found; dependency graph will be incomplete.")
|
|
26
|
+
errored_fetching_subdependencies!
|
|
27
|
+
end
|
|
28
|
+
super
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
private
|
|
32
|
+
|
|
33
|
+
sig { override.params(dependency: Dependabot::Dependency).returns(T::Array[String]) }
|
|
34
|
+
def fetch_subdependencies(dependency)
|
|
35
|
+
package_relationships.fetch(dependency.name, [])
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
sig { override.params(_dependency: Dependabot::Dependency).returns(String) }
|
|
39
|
+
def purl_pkg_for(_dependency)
|
|
40
|
+
"npm"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
sig { override.params(dependency: Dependabot::Dependency).returns(String) }
|
|
44
|
+
def purl_name_for(dependency)
|
|
45
|
+
dependency.name.sub(/^@/, "%40")
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
49
|
+
def package_json
|
|
50
|
+
return T.must(@package_json) if defined?(@package_json)
|
|
51
|
+
|
|
52
|
+
T.must(
|
|
53
|
+
@package_json = T.let(
|
|
54
|
+
T.must(dependency_files.find { |f| f.name.end_with?("package.json") }),
|
|
55
|
+
T.nilable(Dependabot::DependencyFile)
|
|
56
|
+
)
|
|
57
|
+
)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
61
|
+
def lockfile
|
|
62
|
+
return @lockfile if defined?(@lockfile)
|
|
63
|
+
|
|
64
|
+
@lockfile = T.let(
|
|
65
|
+
dependency_files.find { |f| f.name.end_with?(BunPackageManager::LOCKFILE_NAME) },
|
|
66
|
+
T.nilable(Dependabot::DependencyFile)
|
|
67
|
+
)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
sig { returns(T::Hash[String, T::Array[String]]) }
|
|
71
|
+
def package_relationships
|
|
72
|
+
@package_relationships ||= T.let(
|
|
73
|
+
fetch_package_relationships,
|
|
74
|
+
T.nilable(T::Hash[String, T::Array[String]])
|
|
75
|
+
)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
sig { returns(T::Hash[String, T::Array[String]]) }
|
|
79
|
+
def fetch_package_relationships
|
|
80
|
+
return {} unless lockfile
|
|
81
|
+
|
|
82
|
+
parsed_lockfile = FileParser::BunLock.new(T.must(lockfile)).parsed
|
|
83
|
+
packages = parsed_lockfile.fetch("packages", nil)
|
|
84
|
+
return {} unless packages.is_a?(Hash)
|
|
85
|
+
|
|
86
|
+
# bun.lock entries are arrays: ["{name}@{version}", registry, {details}, integrity]
|
|
87
|
+
packages.each_with_object({}) do |(_key, entry), rels|
|
|
88
|
+
next unless entry.is_a?(Array) && entry.first.is_a?(String)
|
|
89
|
+
|
|
90
|
+
parent_name = T.must(T.cast(entry.first, String).split(/(?<=\w)\@/).first)
|
|
91
|
+
children = entry.dig(2, "dependencies")&.keys
|
|
92
|
+
next unless children&.any?
|
|
93
|
+
|
|
94
|
+
rels[parent_name] = children
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
Dependabot::DependencyGraphers.register("bun", Dependabot::Bun::DependencyGrapher)
|
data/lib/dependabot/bun.rb
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
# These all need to be required so the various classes can be registered in a
|
|
5
5
|
# lookup table of package manager names to concrete classes.
|
|
6
|
+
require "dependabot/bun/dependency_grapher"
|
|
6
7
|
require "dependabot/bun/file_fetcher"
|
|
7
8
|
require "dependabot/bun/file_parser"
|
|
8
9
|
require "dependabot/bun/update_checker"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bun
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.374.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.374.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.374.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -308,6 +308,7 @@ files:
|
|
|
308
308
|
- lib/dependabot/bun/bun_package_manager.rb
|
|
309
309
|
- lib/dependabot/bun/constraint_helper.rb
|
|
310
310
|
- lib/dependabot/bun/dependency_files_filterer.rb
|
|
311
|
+
- lib/dependabot/bun/dependency_grapher.rb
|
|
311
312
|
- lib/dependabot/bun/file_fetcher.rb
|
|
312
313
|
- lib/dependabot/bun/file_fetcher/path_dependency_builder.rb
|
|
313
314
|
- lib/dependabot/bun/file_parser.rb
|
|
@@ -347,7 +348,7 @@ licenses:
|
|
|
347
348
|
- MIT
|
|
348
349
|
metadata:
|
|
349
350
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
351
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
|
|
351
352
|
rdoc_options: []
|
|
352
353
|
require_paths:
|
|
353
354
|
- lib
|