dependabot-npm_and_yarn 0.125.0 → 0.125.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/README.md +29 -0
- data/helpers/lib/npm/conflicting-dependency-parser.js +76 -0
- data/helpers/lib/npm/index.js +3 -0
- data/helpers/lib/yarn/conflicting-dependency-parser.js +176 -0
- data/helpers/lib/yarn/fix-duplicates.js +5 -3
- data/helpers/lib/yarn/helpers.js +8 -1
- data/helpers/lib/yarn/index.js +3 -0
- data/helpers/package.json +3 -2
- data/helpers/test/npm/conflicting-dependency-parser.test.js +67 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +565 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json +188 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json +27 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
- data/helpers/test/npm/helpers.js +14 -0
- data/helpers/test/npm/updater.test.js +1 -15
- data/helpers/test/yarn/conflicting-dependency-parser.test.js +84 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +496 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock +21 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +172 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock +21 -0
- data/helpers/test/yarn/helpers.js +11 -0
- data/helpers/yarn.lock +625 -30
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +2 -6
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -6
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -15
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +3 -9
- data/lib/dependabot/npm_and_yarn/requirement.rb +2 -6
- data/lib/dependabot/npm_and_yarn/update_checker.rb +15 -12
- data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +69 -0
- data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +94 -0
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +1 -3
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +24 -86
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +16 -85
- data/lib/dependabot/npm_and_yarn/version.rb +1 -3
- metadata +27 -6
@@ -60,9 +60,7 @@ module Dependabot
|
|
60
60
|
return latest_allowable_version if git_dependency?(dependency)
|
61
61
|
return if part_of_tightly_locked_monorepo?
|
62
62
|
|
63
|
-
unless relevant_unmet_peer_dependencies.any?
|
64
|
-
return latest_allowable_version
|
65
|
-
end
|
63
|
+
return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
|
66
64
|
|
67
65
|
satisfying_versions.first
|
68
66
|
end
|
@@ -79,9 +77,7 @@ module Dependabot
|
|
79
77
|
|
80
78
|
def dependency_updates_from_full_unlock
|
81
79
|
return if git_dependency?(dependency)
|
82
|
-
if part_of_tightly_locked_monorepo?
|
83
|
-
return updated_monorepo_dependencies
|
84
|
-
end
|
80
|
+
return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
|
85
81
|
return if newly_broken_peer_reqs_from_dep.any?
|
86
82
|
|
87
83
|
updates = [{
|
@@ -219,9 +215,7 @@ module Dependabot
|
|
219
215
|
end
|
220
216
|
|
221
217
|
def old_peer_dependency_errors
|
222
|
-
if @old_peer_dependency_errors_checked
|
223
|
-
return @old_peer_dependency_errors
|
224
|
-
end
|
218
|
+
return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
|
225
219
|
|
226
220
|
@old_peer_dependency_errors_checked = true
|
227
221
|
|
@@ -236,7 +230,7 @@ module Dependabot
|
|
236
230
|
# here (since problematic repos will be resolved here before they're
|
237
231
|
# seen by the FileUpdater)
|
238
232
|
SharedHelpers.in_a_temporary_directory do
|
239
|
-
write_temporary_dependency_files
|
233
|
+
dependency_files_builder.write_temporary_dependency_files
|
240
234
|
|
241
235
|
filtered_package_files.flat_map do |file|
|
242
236
|
path = Pathname.new(file.name).dirname
|
@@ -391,8 +385,8 @@ module Dependabot
|
|
391
385
|
def run_checker(path:, version:)
|
392
386
|
# If there are both yarn lockfiles and npm lockfiles only run the
|
393
387
|
# yarn updater, yarn is also used when only a package.json exists
|
394
|
-
if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
|
395
|
-
lockfiles_for_path(lockfiles: lockfiles, path: path).none?
|
388
|
+
if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
|
389
|
+
lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
|
396
390
|
return run_yarn_checker(path: path, version: version)
|
397
391
|
end
|
398
392
|
|
@@ -444,48 +438,6 @@ module Dependabot
|
|
444
438
|
end.compact
|
445
439
|
end
|
446
440
|
|
447
|
-
def write_temporary_dependency_files
|
448
|
-
write_lock_files
|
449
|
-
|
450
|
-
File.write(".npmrc", npmrc_content)
|
451
|
-
|
452
|
-
package_files.each do |file|
|
453
|
-
path = file.name
|
454
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
455
|
-
File.write(file.name, prepared_package_json_content(file))
|
456
|
-
end
|
457
|
-
end
|
458
|
-
|
459
|
-
def write_lock_files
|
460
|
-
yarn_locks.each do |f|
|
461
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
462
|
-
File.write(f.name, f.content)
|
463
|
-
end
|
464
|
-
|
465
|
-
package_locks.each do |f|
|
466
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
467
|
-
File.write(f.name, f.content)
|
468
|
-
end
|
469
|
-
|
470
|
-
shrinkwraps.each do |f|
|
471
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
472
|
-
File.write(f.name, f.content)
|
473
|
-
end
|
474
|
-
end
|
475
|
-
|
476
|
-
def prepared_package_json_content(file)
|
477
|
-
NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
|
478
|
-
package_json_content: file.content
|
479
|
-
).prepared_content
|
480
|
-
end
|
481
|
-
|
482
|
-
def npmrc_content
|
483
|
-
NpmAndYarn::FileUpdater::NpmrcBuilder.new(
|
484
|
-
credentials: credentials,
|
485
|
-
dependency_files: dependency_files
|
486
|
-
).npmrc_content
|
487
|
-
end
|
488
|
-
|
489
441
|
# Top level dependencies are required in the peer dep checker
|
490
442
|
# to fetch the manifests for all top level deps which may contain
|
491
443
|
# "peerDependency" requirements
|
@@ -497,34 +449,6 @@ module Dependabot
|
|
497
449
|
).parse.select(&:top_level?)
|
498
450
|
end
|
499
451
|
|
500
|
-
def lockfiles
|
501
|
-
[*yarn_locks, *package_locks, *shrinkwraps]
|
502
|
-
end
|
503
|
-
|
504
|
-
def package_locks
|
505
|
-
@package_locks ||=
|
506
|
-
dependency_files.
|
507
|
-
select { |f| f.name.end_with?("package-lock.json") }
|
508
|
-
end
|
509
|
-
|
510
|
-
def yarn_locks
|
511
|
-
@yarn_locks ||=
|
512
|
-
dependency_files.
|
513
|
-
select { |f| f.name.end_with?("yarn.lock") }
|
514
|
-
end
|
515
|
-
|
516
|
-
def shrinkwraps
|
517
|
-
@shrinkwraps ||=
|
518
|
-
dependency_files.
|
519
|
-
select { |f| f.name.end_with?("npm-shrinkwrap.json") }
|
520
|
-
end
|
521
|
-
|
522
|
-
def package_files
|
523
|
-
@package_files ||=
|
524
|
-
dependency_files.
|
525
|
-
select { |f| f.name.end_with?("package.json") }
|
526
|
-
end
|
527
|
-
|
528
452
|
def filtered_package_files
|
529
453
|
@filtered_package_files ||=
|
530
454
|
DependencyFilesFilterer.new(
|
@@ -533,10 +457,17 @@ module Dependabot
|
|
533
457
|
).package_files_requiring_update
|
534
458
|
end
|
535
459
|
|
460
|
+
def dependency_files_builder
|
461
|
+
@dependency_files_builder ||=
|
462
|
+
DependencyFilesBuilder.new(
|
463
|
+
dependency: dependency,
|
464
|
+
dependency_files: dependency_files,
|
465
|
+
credentials: credentials
|
466
|
+
)
|
467
|
+
end
|
468
|
+
|
536
469
|
def version_for_dependency(dep)
|
537
|
-
if dep.version && version_class.correct?(dep.version)
|
538
|
-
return version_class.new(dep.version)
|
539
|
-
end
|
470
|
+
return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
|
540
471
|
|
541
472
|
dep.requirements.map { |r| r[:requirement] }.compact.
|
542
473
|
reject { |req_string| req_string.start_with?("<") }.
|
@@ -29,9 +29,7 @@ module Dependabot
|
|
29
29
|
@version_string = version.to_s
|
30
30
|
version = version.gsub(/^v/, "") if version.is_a?(String)
|
31
31
|
|
32
|
-
if version.to_s.include?("+")
|
33
|
-
version, @build_info = version.to_s.split("+")
|
34
|
-
end
|
32
|
+
version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
|
35
33
|
|
36
34
|
super
|
37
35
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.125.
|
4
|
+
version: 0.125.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.125.
|
19
|
+
version: 0.125.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.125.
|
26
|
+
version: 0.125.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.
|
131
|
+
version: 0.8.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.
|
138
|
+
version: 0.8.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: vcr
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -172,13 +172,16 @@ extensions: []
|
|
172
172
|
extra_rdoc_files: []
|
173
173
|
files:
|
174
174
|
- helpers/.eslintrc
|
175
|
+
- helpers/README.md
|
175
176
|
- helpers/build
|
177
|
+
- helpers/lib/npm/conflicting-dependency-parser.js
|
176
178
|
- helpers/lib/npm/helpers.js
|
177
179
|
- helpers/lib/npm/index.js
|
178
180
|
- helpers/lib/npm/peer-dependency-checker.js
|
179
181
|
- helpers/lib/npm/remove-dependencies-from-lockfile.js
|
180
182
|
- helpers/lib/npm/subdependency-updater.js
|
181
183
|
- helpers/lib/npm/updater.js
|
184
|
+
- helpers/lib/yarn/conflicting-dependency-parser.js
|
182
185
|
- helpers/lib/yarn/fix-duplicates.js
|
183
186
|
- helpers/lib/yarn/helpers.js
|
184
187
|
- helpers/lib/yarn/index.js
|
@@ -189,11 +192,27 @@ files:
|
|
189
192
|
- helpers/lib/yarn/updater.js
|
190
193
|
- helpers/package.json
|
191
194
|
- helpers/run.js
|
195
|
+
- helpers/test/npm/conflicting-dependency-parser.test.js
|
196
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
|
197
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
198
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
|
199
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
|
200
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
|
201
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
|
192
202
|
- helpers/test/npm/fixtures/updater/original/package-lock.json
|
193
203
|
- helpers/test/npm/fixtures/updater/original/package.json
|
194
204
|
- helpers/test/npm/fixtures/updater/updated/package-lock.json
|
195
205
|
- helpers/test/npm/helpers.js
|
196
206
|
- helpers/test/npm/updater.test.js
|
207
|
+
- helpers/test/yarn/conflicting-dependency-parser.test.js
|
208
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
209
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
|
210
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
|
211
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
|
212
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
|
213
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
|
214
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
|
215
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
|
197
216
|
- helpers/test/yarn/fixtures/updater/original/package.json
|
198
217
|
- helpers/test/yarn/fixtures/updater/original/yarn.lock
|
199
218
|
- helpers/test/yarn/fixtures/updater/updated/yarn.lock
|
@@ -220,6 +239,8 @@ files:
|
|
220
239
|
- lib/dependabot/npm_and_yarn/requirement.rb
|
221
240
|
- lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
|
222
241
|
- lib/dependabot/npm_and_yarn/update_checker.rb
|
242
|
+
- lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
|
243
|
+
- lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
|
223
244
|
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
|
224
245
|
- lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
|
225
246
|
- lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb
|