RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.124.8 → 0.125.4 - Mend

dependabot-npm_and_yarn 0.124.8 → 0.125.4

Files changed (44) hide show

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED

@@ -60,9 +60,7 @@ module Dependabot
           return latest_allowable_version if git_dependency?(dependency)
           return if part_of_tightly_locked_monorepo?
-          unless relevant_unmet_peer_dependencies.any?
-            return latest_allowable_version
-          end
+          return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
           satisfying_versions.first
         end
@@ -79,9 +77,7 @@ module Dependabot
         def dependency_updates_from_full_unlock
           return if git_dependency?(dependency)
-          if part_of_tightly_locked_monorepo?
-            return updated_monorepo_dependencies
-          end
+          return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
           return if newly_broken_peer_reqs_from_dep.any?
           updates = [{
@@ -219,9 +215,7 @@ module Dependabot
         end
         def old_peer_dependency_errors
-          if @old_peer_dependency_errors_checked
-            return @old_peer_dependency_errors
-          end
+          return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
           @old_peer_dependency_errors_checked = true
@@ -236,7 +230,7 @@ module Dependabot
           # here (since problematic repos will be resolved here before they're
           # seen by the FileUpdater)
           SharedHelpers.in_a_temporary_directory do
-            write_temporary_dependency_files
+            dependency_files_builder.write_temporary_dependency_files
             filtered_package_files.flat_map do |file|
               path = Pathname.new(file.name).dirname
@@ -391,8 +385,8 @@ module Dependabot
         def run_checker(path:, version:)
           # If there are both yarn lockfiles and npm lockfiles only run the
           # yarn updater, yarn is also used when only a package.json exists
-          if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
-             lockfiles_for_path(lockfiles: lockfiles, path: path).none?
+          if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
+             lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
             return run_yarn_checker(path: path, version: version)
           end
@@ -444,48 +438,6 @@ module Dependabot
           end.compact
         end
-        def write_temporary_dependency_files
-          write_lock_files
-          File.write(".npmrc", npmrc_content)
-          package_files.each do |file|
-            path = file.name
-            FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(file.name, prepared_package_json_content(file))
-          end
-        end
-        def write_lock_files
-          yarn_locks.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-          package_locks.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-          shrinkwraps.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-        end
-        def prepared_package_json_content(file)
-          NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
-            package_json_content: file.content
-          ).prepared_content
-        end
-        def npmrc_content
-          NpmAndYarn::FileUpdater::NpmrcBuilder.new(
-            credentials: credentials,
-            dependency_files: dependency_files
-          ).npmrc_content
-        end
         # Top level dependencies are required in the peer dep checker
         # to fetch the manifests for all top level deps which may contain
         # "peerDependency" requirements
@@ -497,34 +449,6 @@ module Dependabot
           ).parse.select(&:top_level?)
         end
-        def lockfiles
-          [*yarn_locks, *package_locks, *shrinkwraps]
-        end
-        def package_locks
-          @package_locks ||=
-            dependency_files.
-            select { |f| f.name.end_with?("package-lock.json") }
-        end
-        def yarn_locks
-          @yarn_locks ||=
-            dependency_files.
-            select { |f| f.name.end_with?("yarn.lock") }
-        end
-        def shrinkwraps
-          @shrinkwraps ||=
-            dependency_files.
-            select { |f| f.name.end_with?("npm-shrinkwrap.json") }
-        end
-        def package_files
-          @package_files ||=
-            dependency_files.
-            select { |f| f.name.end_with?("package.json") }
-        end
         def filtered_package_files
           @filtered_package_files ||=
             DependencyFilesFilterer.new(
@@ -533,10 +457,17 @@ module Dependabot
             ).package_files_requiring_update
         end
+        def dependency_files_builder
+          @dependency_files_builder ||=
+            DependencyFilesBuilder.new(
+              dependency: dependency,
+              dependency_files: dependency_files,
+              credentials: credentials
+            )
+        end
         def version_for_dependency(dep)
-          if dep.version && version_class.correct?(dep.version)
-            return version_class.new(dep.version)
-          end
+          return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
           dep.requirements.map { |r| r[:requirement] }.compact.
             reject { |req_string| req_string.start_with?("<") }.

data/lib/dependabot/npm_and_yarn/version.rb CHANGED

@@ -29,9 +29,7 @@ module Dependabot
         @version_string = version.to_s
         version = version.gsub(/^v/, "") if version.is_a?(String)
-        if version.to_s.include?("+")
-          version, @build_info = version.to_s.split("+")
-        end
+        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
         super
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.124.8
+  version: 0.125.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-04 00:00:00.000000000 Z
+date: 2020-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.8
+        version: 0.125.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.8
+        version: 0.125.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -172,13 +172,16 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/.eslintrc
+- helpers/README.md
 - helpers/build
+- helpers/lib/npm/conflicting-dependency-parser.js
 - helpers/lib/npm/helpers.js
 - helpers/lib/npm/index.js
 - helpers/lib/npm/peer-dependency-checker.js
 - helpers/lib/npm/remove-dependencies-from-lockfile.js
 - helpers/lib/npm/subdependency-updater.js
 - helpers/lib/npm/updater.js
+- helpers/lib/yarn/conflicting-dependency-parser.js
 - helpers/lib/yarn/fix-duplicates.js
 - helpers/lib/yarn/helpers.js
 - helpers/lib/yarn/index.js
@@ -189,11 +192,27 @@ files:
 - helpers/lib/yarn/updater.js
 - helpers/package.json
 - helpers/run.js
+- helpers/test/npm/conflicting-dependency-parser.test.js
+- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
 - helpers/test/npm/fixtures/updater/original/package-lock.json
 - helpers/test/npm/fixtures/updater/original/package.json
 - helpers/test/npm/fixtures/updater/updated/package-lock.json
 - helpers/test/npm/helpers.js
 - helpers/test/npm/updater.test.js
+- helpers/test/yarn/conflicting-dependency-parser.test.js
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
 - helpers/test/yarn/fixtures/updater/original/package.json
 - helpers/test/yarn/fixtures/updater/original/yarn.lock
 - helpers/test/yarn/fixtures/updater/updated/yarn.lock
@@ -220,6 +239,8 @@ files:
 - lib/dependabot/npm_and_yarn/requirement.rb
 - lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
 - lib/dependabot/npm_and_yarn/update_checker.rb
+- lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
+- lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
 - lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
 - lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
 - lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb