dependabot-bun 0.379.0 → 0.380.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b96db7ce26be2c0633f3c07b3058a44fe60df2b747da3221d13cefbaecfb6f6b
|
|
4
|
+
data.tar.gz: ba81314d55458594ca198c8efd900709ffd986db3f860dbd01d4af282f31b580
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23aa46c39d9b9ce5e935e6eef5f67152f3a37f01652742603ab311fd1f962e055224763c6c657b13b161f0976fba42e7475264b46d0e405e6ad9be4912c3dea7
|
|
7
|
+
data.tar.gz: f174cf566e171a1fd7c857636d2ca2c799c70dfc75fac9519a10675c6ac087e157db5e5d00e67db4ae1e68fb9db814cc82125162384a51cb7ad2c73d5dc46aaf
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/dependency_file"
|
|
7
|
+
require "dependabot/shared_helpers"
|
|
8
|
+
require "dependabot/bun/helpers"
|
|
9
|
+
require "dependabot/bun/bun_package_manager"
|
|
10
|
+
require "dependabot/bun/file_updater/npmrc_builder"
|
|
11
|
+
|
|
12
|
+
module Dependabot
|
|
13
|
+
module Bun
|
|
14
|
+
class DependencyGrapher < Dependabot::DependencyGraphers::Base
|
|
15
|
+
class LockfileGenerator
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
18
|
+
sig do
|
|
19
|
+
params(
|
|
20
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
21
|
+
credentials: T::Array[Dependabot::Credential]
|
|
22
|
+
).void
|
|
23
|
+
end
|
|
24
|
+
def initialize(dependency_files:, credentials:)
|
|
25
|
+
@dependency_files = dependency_files
|
|
26
|
+
@credentials = credentials
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
30
|
+
def generate
|
|
31
|
+
SharedHelpers.in_a_temporary_directory do
|
|
32
|
+
write_temporary_files
|
|
33
|
+
run_lockfile_generation
|
|
34
|
+
read_generated_lockfile
|
|
35
|
+
end
|
|
36
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
37
|
+
handle_generation_error(e)
|
|
38
|
+
raise
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
private
|
|
42
|
+
|
|
43
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
44
|
+
attr_reader :dependency_files
|
|
45
|
+
|
|
46
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
47
|
+
attr_reader :credentials
|
|
48
|
+
|
|
49
|
+
sig { void }
|
|
50
|
+
def write_temporary_files
|
|
51
|
+
dependency_files.each do |file|
|
|
52
|
+
next unless file.name.end_with?("package.json", ".npmrc")
|
|
53
|
+
|
|
54
|
+
path = file.name
|
|
55
|
+
FileUtils.mkdir_p(File.dirname(path))
|
|
56
|
+
File.write(path, file.content)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
write_npmrc_from_credentials unless dependency_files.any? { |f| f.name.end_with?(".npmrc") }
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
sig { void }
|
|
63
|
+
def write_npmrc_from_credentials
|
|
64
|
+
npmrc_content = FileUpdater::NpmrcBuilder.new(
|
|
65
|
+
credentials: credentials,
|
|
66
|
+
dependency_files: dependency_files
|
|
67
|
+
).npmrc_content
|
|
68
|
+
|
|
69
|
+
return if npmrc_content.strip.empty?
|
|
70
|
+
|
|
71
|
+
File.write(".npmrc", npmrc_content)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
sig { void }
|
|
75
|
+
def run_lockfile_generation
|
|
76
|
+
Dependabot.logger.info("Generating bun.lock for dependency graphing")
|
|
77
|
+
Helpers.run_bun_command("install --ignore-scripts", fingerprint: "install --ignore-scripts")
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
81
|
+
def read_generated_lockfile
|
|
82
|
+
lockfile_name = BunPackageManager::LOCKFILE_NAME
|
|
83
|
+
|
|
84
|
+
unless File.exist?(lockfile_name)
|
|
85
|
+
Dependabot.logger.error("#{lockfile_name} was not generated")
|
|
86
|
+
raise Dependabot::DependencyFileNotEvaluatable, "#{lockfile_name} was not generated"
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
Dependabot::DependencyFile.new(
|
|
90
|
+
name: lockfile_name,
|
|
91
|
+
content: File.read(lockfile_name),
|
|
92
|
+
directory: package_json_directory
|
|
93
|
+
)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
sig { returns(String) }
|
|
97
|
+
def package_json_directory
|
|
98
|
+
package_json = dependency_files.find { |f| f.name.end_with?("package.json") }
|
|
99
|
+
package_json&.directory || "/"
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
|
|
103
|
+
def handle_generation_error(error)
|
|
104
|
+
Dependabot.logger.error("Failed to generate bun.lock: #{error.message}")
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
@@ -14,16 +14,20 @@ module Dependabot
|
|
|
14
14
|
class DependencyGrapher < Dependabot::DependencyGraphers::Base
|
|
15
15
|
extend T::Sig
|
|
16
16
|
|
|
17
|
+
require_relative "dependency_grapher/lockfile_generator"
|
|
18
|
+
|
|
17
19
|
sig { override.returns(Dependabot::DependencyFile) }
|
|
18
20
|
def relevant_dependency_file
|
|
21
|
+
return package_json if @ephemeral_lockfile_generated
|
|
22
|
+
|
|
19
23
|
lockfile || package_json
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
sig { override.void }
|
|
23
27
|
def prepare!
|
|
24
28
|
if lockfile.nil?
|
|
25
|
-
Dependabot.logger.
|
|
26
|
-
|
|
29
|
+
Dependabot.logger.info("No bun.lock found, generating ephemeral lockfile for dependency graphing")
|
|
30
|
+
generate_ephemeral_lockfile!
|
|
27
31
|
end
|
|
28
32
|
super
|
|
29
33
|
end
|
|
@@ -45,6 +49,33 @@ module Dependabot
|
|
|
45
49
|
dependency.name.sub(/^@/, "%40")
|
|
46
50
|
end
|
|
47
51
|
|
|
52
|
+
sig { void }
|
|
53
|
+
def generate_ephemeral_lockfile!
|
|
54
|
+
generator = LockfileGenerator.new(
|
|
55
|
+
dependency_files: dependency_files,
|
|
56
|
+
credentials: file_parser.credentials
|
|
57
|
+
)
|
|
58
|
+
|
|
59
|
+
ephemeral_lockfile = generator.generate
|
|
60
|
+
inject_ephemeral_lockfile(ephemeral_lockfile)
|
|
61
|
+
@ephemeral_lockfile_generated = T.let(true, T.nilable(T::Boolean))
|
|
62
|
+
|
|
63
|
+
Dependabot.logger.info("Successfully generated ephemeral bun.lock for dependency graphing")
|
|
64
|
+
rescue StandardError => e
|
|
65
|
+
errored_fetching_subdependencies!
|
|
66
|
+
@subdependency_error = e
|
|
67
|
+
Dependabot.logger.warn(
|
|
68
|
+
"Failed to generate ephemeral bun.lock: #{e.message}. " \
|
|
69
|
+
"Dependency versions may not be resolved."
|
|
70
|
+
)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
sig { params(ephemeral_lockfile: Dependabot::DependencyFile).void }
|
|
74
|
+
def inject_ephemeral_lockfile(ephemeral_lockfile)
|
|
75
|
+
dependency_files << ephemeral_lockfile
|
|
76
|
+
remove_instance_variable(:@lockfile) if instance_variable_defined?(:@lockfile)
|
|
77
|
+
end
|
|
78
|
+
|
|
48
79
|
sig { returns(Dependabot::DependencyFile) }
|
|
49
80
|
def package_json
|
|
50
81
|
return T.must(@package_json) if defined?(@package_json)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bun
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.380.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.380.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.380.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -309,6 +309,7 @@ files:
|
|
|
309
309
|
- lib/dependabot/bun/constraint_helper.rb
|
|
310
310
|
- lib/dependabot/bun/dependency_files_filterer.rb
|
|
311
311
|
- lib/dependabot/bun/dependency_grapher.rb
|
|
312
|
+
- lib/dependabot/bun/dependency_grapher/lockfile_generator.rb
|
|
312
313
|
- lib/dependabot/bun/file_fetcher.rb
|
|
313
314
|
- lib/dependabot/bun/file_fetcher/path_dependency_builder.rb
|
|
314
315
|
- lib/dependabot/bun/file_parser.rb
|
|
@@ -348,7 +349,7 @@ licenses:
|
|
|
348
349
|
- MIT
|
|
349
350
|
metadata:
|
|
350
351
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
351
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
352
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
|
|
352
353
|
rdoc_options: []
|
|
353
354
|
require_paths:
|
|
354
355
|
- lib
|