RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.125.0 → 0.125.5 - Mend

dependabot-npm_and_yarn 0.125.0 → 0.125.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED

@@ -60,9 +60,7 @@ module Dependabot
           return latest_allowable_version if git_dependency?(dependency)
           return if part_of_tightly_locked_monorepo?
-          unless relevant_unmet_peer_dependencies.any?
-            return latest_allowable_version
-          end
+          return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
           satisfying_versions.first
         end
@@ -79,9 +77,7 @@ module Dependabot
         def dependency_updates_from_full_unlock
           return if git_dependency?(dependency)
-          if part_of_tightly_locked_monorepo?
-            return updated_monorepo_dependencies
-          end
+          return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
           return if newly_broken_peer_reqs_from_dep.any?
           updates = [{
@@ -219,9 +215,7 @@ module Dependabot
         end
         def old_peer_dependency_errors
-          if @old_peer_dependency_errors_checked
-            return @old_peer_dependency_errors
-          end
+          return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
           @old_peer_dependency_errors_checked = true
@@ -236,7 +230,7 @@ module Dependabot
           # here (since problematic repos will be resolved here before they're
           # seen by the FileUpdater)
           SharedHelpers.in_a_temporary_directory do
-            write_temporary_dependency_files
+            dependency_files_builder.write_temporary_dependency_files
             filtered_package_files.flat_map do |file|
               path = Pathname.new(file.name).dirname
@@ -391,8 +385,8 @@ module Dependabot
         def run_checker(path:, version:)
           # If there are both yarn lockfiles and npm lockfiles only run the
           # yarn updater, yarn is also used when only a package.json exists
-          if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
-             lockfiles_for_path(lockfiles: lockfiles, path: path).none?
+          if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
+             lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
             return run_yarn_checker(path: path, version: version)
           end
@@ -444,48 +438,6 @@ module Dependabot
           end.compact
         end
-        def write_temporary_dependency_files
-          write_lock_files
-          File.write(".npmrc", npmrc_content)
-          package_files.each do |file|
-            path = file.name
-            FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(file.name, prepared_package_json_content(file))
-          end
-        end
-        def write_lock_files
-          yarn_locks.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-          package_locks.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-          shrinkwraps.each do |f|
-            FileUtils.mkdir_p(Pathname.new(f.name).dirname)
-            File.write(f.name, f.content)
-          end
-        end
-        def prepared_package_json_content(file)
-          NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
-            package_json_content: file.content
-          ).prepared_content
-        end
-        def npmrc_content
-          NpmAndYarn::FileUpdater::NpmrcBuilder.new(
-            credentials: credentials,
-            dependency_files: dependency_files
-          ).npmrc_content
-        end
         # Top level dependencies are required in the peer dep checker
         # to fetch the manifests for all top level deps which may contain
         # "peerDependency" requirements
@@ -497,34 +449,6 @@ module Dependabot
           ).parse.select(&:top_level?)
         end
-        def lockfiles
-          [*yarn_locks, *package_locks, *shrinkwraps]
-        end
-        def package_locks
-          @package_locks ||=
-            dependency_files.
-            select { |f| f.name.end_with?("package-lock.json") }
-        end
-        def yarn_locks
-          @yarn_locks ||=
-            dependency_files.
-            select { |f| f.name.end_with?("yarn.lock") }
-        end
-        def shrinkwraps
-          @shrinkwraps ||=
-            dependency_files.
-            select { |f| f.name.end_with?("npm-shrinkwrap.json") }
-        end
-        def package_files
-          @package_files ||=
-            dependency_files.
-            select { |f| f.name.end_with?("package.json") }
-        end
         def filtered_package_files
           @filtered_package_files ||=
             DependencyFilesFilterer.new(
@@ -533,10 +457,17 @@ module Dependabot
             ).package_files_requiring_update
         end
+        def dependency_files_builder
+          @dependency_files_builder ||=
+            DependencyFilesBuilder.new(
+              dependency: dependency,
+              dependency_files: dependency_files,
+              credentials: credentials
+            )
+        end
         def version_for_dependency(dep)
-          if dep.version && version_class.correct?(dep.version)
-            return version_class.new(dep.version)
-          end
+          return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
           dep.requirements.map { |r| r[:requirement] }.compact.
             reject { |req_string| req_string.start_with?("<") }.

data/lib/dependabot/npm_and_yarn/version.rb CHANGED

@@ -29,9 +29,7 @@ module Dependabot
         @version_string = version.to_s
         version = version.gsub(/^v/, "") if version.is_a?(String)
-        if version.to_s.include?("+")
-          version, @build_info = version.to_s.split("+")
-        end
+        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
         super
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.125.0
+  version: 0.125.5
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-05 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.5
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -172,13 +172,16 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/.eslintrc
+- helpers/README.md
 - helpers/build
+- helpers/lib/npm/conflicting-dependency-parser.js
 - helpers/lib/npm/helpers.js
 - helpers/lib/npm/index.js
 - helpers/lib/npm/peer-dependency-checker.js
 - helpers/lib/npm/remove-dependencies-from-lockfile.js
 - helpers/lib/npm/subdependency-updater.js
 - helpers/lib/npm/updater.js
+- helpers/lib/yarn/conflicting-dependency-parser.js
 - helpers/lib/yarn/fix-duplicates.js
 - helpers/lib/yarn/helpers.js
 - helpers/lib/yarn/index.js
@@ -189,11 +192,27 @@ files:
 - helpers/lib/yarn/updater.js
 - helpers/package.json
 - helpers/run.js
+- helpers/test/npm/conflicting-dependency-parser.test.js
+- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
+- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
 - helpers/test/npm/fixtures/updater/original/package-lock.json
 - helpers/test/npm/fixtures/updater/original/package.json
 - helpers/test/npm/fixtures/updater/updated/package-lock.json
 - helpers/test/npm/helpers.js
 - helpers/test/npm/updater.test.js
+- helpers/test/yarn/conflicting-dependency-parser.test.js
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
+- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
 - helpers/test/yarn/fixtures/updater/original/package.json
 - helpers/test/yarn/fixtures/updater/original/yarn.lock
 - helpers/test/yarn/fixtures/updater/updated/yarn.lock
@@ -220,6 +239,8 @@ files:
 - lib/dependabot/npm_and_yarn/requirement.rb
 - lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
 - lib/dependabot/npm_and_yarn/update_checker.rb
+- lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
+- lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
 - lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
 - lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
 - lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb