dependabot-deno 0.378.0 → 0.379.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: db549557d14756fc5ba5f9fde9bf887724c585d8f7698c75c4168c2cca7a81c9
|
|
4
|
+
data.tar.gz: 8fa9f06eda624534c3cee85eb1de7f6ffb26eed35ff216c53ca140901cefd59e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0fef03bebbd283a3cc0f24cc2a059bb1abd8f4a88f315840cf70f50458789f10f26859a296a5362e41c20c4b2a2a63fabbeccd931b803866ed05e730edc6b7ec
|
|
7
|
+
data.tar.gz: '08c3f276772d8fe09521879ce3dc48b12fd2b6a7119e2323186d9894c9fc7c3c2f6c2f4c6f8f96e134c3692d4154050d064aec196690477531f533165fd39759'
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "json"
|
|
5
|
+
require "sorbet-runtime"
|
|
6
|
+
|
|
7
|
+
require "dependabot/dependency"
|
|
8
|
+
require "dependabot/dependency_file"
|
|
9
|
+
require "dependabot/errors"
|
|
10
|
+
require "dependabot/shared_helpers"
|
|
11
|
+
require "dependabot/deno/file_updater"
|
|
12
|
+
require "dependabot/deno/file_updater/manifest_updater"
|
|
13
|
+
require "dependabot/deno/helpers"
|
|
14
|
+
|
|
15
|
+
module Dependabot
|
|
16
|
+
module Deno
|
|
17
|
+
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
18
|
+
class LockfileUpdater
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
21
|
+
LOCKFILE_FILENAME = T.let("deno.lock", String)
|
|
22
|
+
|
|
23
|
+
sig do
|
|
24
|
+
params(
|
|
25
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
26
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
27
|
+
credentials: T::Array[Dependabot::Credential]
|
|
28
|
+
).void
|
|
29
|
+
end
|
|
30
|
+
def initialize(dependencies:, dependency_files:, credentials:)
|
|
31
|
+
@dependencies = dependencies
|
|
32
|
+
@dependency_files = dependency_files
|
|
33
|
+
# Reserved for DENO_AUTH_TOKENS / private registry support — accepted now
|
|
34
|
+
# so callers don't need a signature change when that lands.
|
|
35
|
+
@credentials = credentials
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
sig { returns(String) }
|
|
39
|
+
def updated_lockfile_content
|
|
40
|
+
@updated_lockfile_content ||= T.let(
|
|
41
|
+
regenerate_lockfile,
|
|
42
|
+
T.nilable(String)
|
|
43
|
+
)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
49
|
+
attr_reader :dependencies
|
|
50
|
+
|
|
51
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
52
|
+
attr_reader :dependency_files
|
|
53
|
+
|
|
54
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
55
|
+
attr_reader :credentials
|
|
56
|
+
|
|
57
|
+
sig { returns(String) }
|
|
58
|
+
def regenerate_lockfile
|
|
59
|
+
# Deno rewrites `deno.lock` holistically (not surgically) when its
|
|
60
|
+
# input manifest references newer constraints. Don't try to
|
|
61
|
+
# preserve unrelated entries here — that's deno install's job.
|
|
62
|
+
#
|
|
63
|
+
# Note on error detection: `deno install` exits 0 even when a
|
|
64
|
+
# specifier can't be resolved (missing package, unsatisfiable
|
|
65
|
+
# constraint) — it just silently leaves the lockfile unchanged.
|
|
66
|
+
# The byte-equal check below is the primary defense; the rescue
|
|
67
|
+
# wraps the rare-but-real cases where deno does exit non-zero
|
|
68
|
+
# (malformed config, binary missing, filesystem errors).
|
|
69
|
+
original_lockfile_content = T.must(lockfile.content)
|
|
70
|
+
|
|
71
|
+
new_content =
|
|
72
|
+
begin
|
|
73
|
+
SharedHelpers.in_a_temporary_directory do |dir|
|
|
74
|
+
write_temporary_files(dir.to_s)
|
|
75
|
+
Helpers.run_deno_command("install", "--frozen=false", dir: dir.to_s)
|
|
76
|
+
File.read(File.join(dir.to_s, LOCKFILE_FILENAME))
|
|
77
|
+
end
|
|
78
|
+
rescue SharedHelpers::HelperSubprocessFailed, Errno::ENOENT => e
|
|
79
|
+
raise Dependabot::DependencyFileNotResolvable, e.message
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
if new_content == original_lockfile_content
|
|
83
|
+
raise Dependabot::DependencyFileNotResolvable,
|
|
84
|
+
"deno install did not change #{LOCKFILE_FILENAME}; manifest bump did not take effect"
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
new_content
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
sig { params(dir: String).void }
|
|
91
|
+
def write_temporary_files(dir)
|
|
92
|
+
File.write(File.join(dir, manifest.name), updated_manifest_content)
|
|
93
|
+
File.write(File.join(dir, LOCKFILE_FILENAME), T.must(lockfile.content))
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
sig { returns(String) }
|
|
97
|
+
def updated_manifest_content
|
|
98
|
+
ManifestUpdater.new(dependencies: dependencies, manifest: manifest).updated_manifest_content
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
102
|
+
def manifest
|
|
103
|
+
@manifest ||= T.let(
|
|
104
|
+
T.must(dependency_files.find { |f| FileUpdater::MANIFEST_FILENAMES.include?(f.name) }),
|
|
105
|
+
T.nilable(Dependabot::DependencyFile)
|
|
106
|
+
)
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
110
|
+
def lockfile
|
|
111
|
+
@lockfile ||= T.let(
|
|
112
|
+
T.must(dependency_files.find { |f| f.name == LOCKFILE_FILENAME }),
|
|
113
|
+
T.nilable(Dependabot::DependencyFile)
|
|
114
|
+
)
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/dependency"
|
|
7
|
+
require "dependabot/dependency_file"
|
|
8
|
+
require "dependabot/deno/file_updater"
|
|
9
|
+
|
|
10
|
+
module Dependabot
|
|
11
|
+
module Deno
|
|
12
|
+
class FileUpdater
|
|
13
|
+
class ManifestUpdater
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
16
|
+
sig do
|
|
17
|
+
params(
|
|
18
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
19
|
+
manifest: Dependabot::DependencyFile
|
|
20
|
+
).void
|
|
21
|
+
end
|
|
22
|
+
def initialize(dependencies:, manifest:)
|
|
23
|
+
@dependencies = dependencies
|
|
24
|
+
@manifest = manifest
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
sig { returns(String) }
|
|
28
|
+
def updated_manifest_content
|
|
29
|
+
content = T.must(manifest.content).dup
|
|
30
|
+
|
|
31
|
+
dependencies.each do |dep|
|
|
32
|
+
prev_reqs = (dep.previous_requirements || []).select { |r| r[:file] == manifest.name }
|
|
33
|
+
new_reqs = dep.requirements.select { |r| r[:file] == manifest.name }
|
|
34
|
+
|
|
35
|
+
prev_reqs.zip(new_reqs).each do |prev_req, new_req|
|
|
36
|
+
content = apply_substitution(content, dep, prev_req, T.must(new_req))
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
content
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
private
|
|
44
|
+
|
|
45
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
46
|
+
attr_reader :dependencies
|
|
47
|
+
|
|
48
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
49
|
+
attr_reader :manifest
|
|
50
|
+
|
|
51
|
+
sig do
|
|
52
|
+
params(
|
|
53
|
+
content: String,
|
|
54
|
+
dep: Dependabot::Dependency,
|
|
55
|
+
prev_req: T::Hash[Symbol, T.untyped],
|
|
56
|
+
new_req: T::Hash[Symbol, T.untyped]
|
|
57
|
+
).returns(String)
|
|
58
|
+
end
|
|
59
|
+
def apply_substitution(content, dep, prev_req, new_req)
|
|
60
|
+
source_type = prev_req[:source][:type]
|
|
61
|
+
prev_req_str = prev_req[:requirement]
|
|
62
|
+
new_req_str = new_req[:requirement]
|
|
63
|
+
|
|
64
|
+
base = "#{source_type}:#{dep.name}"
|
|
65
|
+
old_specifier = prev_req_str ? "#{base}@#{prev_req_str}" : base
|
|
66
|
+
new_specifier = "#{base}@#{new_req_str}"
|
|
67
|
+
|
|
68
|
+
content.gsub(%r{#{Regexp.escape(old_specifier)}(?=["/])}, new_specifier)
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/file_updaters"
|
|
@@ -9,6 +9,9 @@ module Dependabot
|
|
|
9
9
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
10
10
|
extend T::Sig
|
|
11
11
|
|
|
12
|
+
require_relative "file_updater/manifest_updater"
|
|
13
|
+
require_relative "file_updater/lockfile_updater"
|
|
14
|
+
|
|
12
15
|
MANIFEST_FILENAMES = T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])
|
|
13
16
|
|
|
14
17
|
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
@@ -24,6 +27,13 @@ module Dependabot
|
|
|
24
27
|
updated_files << updated_file(file: file, content: new_content)
|
|
25
28
|
end
|
|
26
29
|
|
|
30
|
+
if lockfile
|
|
31
|
+
updated_files << updated_file(
|
|
32
|
+
file: T.must(lockfile),
|
|
33
|
+
content: lockfile_updater.updated_lockfile_content
|
|
34
|
+
)
|
|
35
|
+
end
|
|
36
|
+
|
|
27
37
|
updated_files
|
|
28
38
|
end
|
|
29
39
|
|
|
@@ -36,28 +46,29 @@ module Dependabot
|
|
|
36
46
|
raise "No deno.json or deno.jsonc found!"
|
|
37
47
|
end
|
|
38
48
|
|
|
39
|
-
sig {
|
|
40
|
-
def
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
prev_reqs.zip(new_reqs).each do |prev_req, new_req|
|
|
48
|
-
source_type = prev_req[:source][:type]
|
|
49
|
-
prev_req_str = prev_req[:requirement]
|
|
50
|
-
new_req_str = T.must(new_req)[:requirement]
|
|
51
|
-
|
|
52
|
-
base = "#{source_type}:#{dep.name}"
|
|
53
|
-
old_specifier = prev_req_str ? "#{base}@#{prev_req_str}" : base
|
|
54
|
-
new_specifier = "#{base}@#{new_req_str}"
|
|
49
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
50
|
+
def lockfile
|
|
51
|
+
@lockfile ||= T.let(
|
|
52
|
+
dependency_files.find { |f| f.name == "deno.lock" },
|
|
53
|
+
T.nilable(Dependabot::DependencyFile)
|
|
54
|
+
)
|
|
55
|
+
end
|
|
55
56
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
57
|
+
sig { returns(LockfileUpdater) }
|
|
58
|
+
def lockfile_updater
|
|
59
|
+
@lockfile_updater ||= T.let(
|
|
60
|
+
LockfileUpdater.new(
|
|
61
|
+
dependencies: dependencies,
|
|
62
|
+
dependency_files: dependency_files,
|
|
63
|
+
credentials: credentials
|
|
64
|
+
),
|
|
65
|
+
T.nilable(LockfileUpdater)
|
|
66
|
+
)
|
|
67
|
+
end
|
|
59
68
|
|
|
60
|
-
|
|
69
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
70
|
+
def update_manifest_content(file)
|
|
71
|
+
ManifestUpdater.new(dependencies: dependencies, manifest: file).updated_manifest_content
|
|
61
72
|
end
|
|
62
73
|
end
|
|
63
74
|
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/shared_helpers"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module Deno
|
|
10
|
+
module Helpers
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
# Wraps `deno <args>` via Dependabot's standard subprocess helper, so
|
|
14
|
+
# failures surface as Dependabot::SharedHelpers::HelperSubprocessFailed
|
|
15
|
+
# (consistent with cargo / bun / npm_and_yarn). DENO_DIR is scoped to
|
|
16
|
+
# the working directory so concurrent jobs don't trample each other's
|
|
17
|
+
# module cache.
|
|
18
|
+
sig do
|
|
19
|
+
params(
|
|
20
|
+
args: String,
|
|
21
|
+
dir: String
|
|
22
|
+
).returns(String)
|
|
23
|
+
end
|
|
24
|
+
def self.run_deno_command(*args, dir:)
|
|
25
|
+
Dependabot::SharedHelpers.run_shell_command(
|
|
26
|
+
"deno #{args.join(' ')}",
|
|
27
|
+
cwd: dir,
|
|
28
|
+
env: { "DENO_DIR" => File.join(dir, ".deno_cache") }
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
data/lib/dependabot/deno.rb
CHANGED
|
@@ -9,6 +9,7 @@ require "dependabot/deno/update_checker"
|
|
|
9
9
|
require "dependabot/deno/file_updater"
|
|
10
10
|
require "dependabot/deno/metadata_finder"
|
|
11
11
|
require "dependabot/deno/package/package_details_fetcher"
|
|
12
|
+
require "dependabot/deno/helpers"
|
|
12
13
|
require "dependabot/deno/version"
|
|
13
14
|
require "dependabot/deno/requirement"
|
|
14
15
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-deno
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.379.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.379.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.379.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -245,6 +245,9 @@ files:
|
|
|
245
245
|
- lib/dependabot/deno/file_fetcher.rb
|
|
246
246
|
- lib/dependabot/deno/file_parser.rb
|
|
247
247
|
- lib/dependabot/deno/file_updater.rb
|
|
248
|
+
- lib/dependabot/deno/file_updater/lockfile_updater.rb
|
|
249
|
+
- lib/dependabot/deno/file_updater/manifest_updater.rb
|
|
250
|
+
- lib/dependabot/deno/helpers.rb
|
|
248
251
|
- lib/dependabot/deno/metadata_finder.rb
|
|
249
252
|
- lib/dependabot/deno/package/package_details_fetcher.rb
|
|
250
253
|
- lib/dependabot/deno/requirement.rb
|
|
@@ -256,7 +259,7 @@ licenses:
|
|
|
256
259
|
- MIT
|
|
257
260
|
metadata:
|
|
258
261
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
259
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
262
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.379.0
|
|
260
263
|
rdoc_options: []
|
|
261
264
|
require_paths:
|
|
262
265
|
- lib
|