dependabot-npm_and_yarn 0.125.0 → 0.125.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/README.md +29 -0
  3. data/helpers/lib/npm/conflicting-dependency-parser.js +76 -0
  4. data/helpers/lib/npm/index.js +3 -0
  5. data/helpers/lib/yarn/conflicting-dependency-parser.js +176 -0
  6. data/helpers/lib/yarn/fix-duplicates.js +5 -3
  7. data/helpers/lib/yarn/helpers.js +8 -1
  8. data/helpers/lib/yarn/index.js +3 -0
  9. data/helpers/package.json +3 -2
  10. data/helpers/test/npm/conflicting-dependency-parser.test.js +67 -0
  11. data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +565 -0
  12. data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  13. data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json +188 -0
  14. data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  15. data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json +27 -0
  16. data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  17. data/helpers/test/npm/helpers.js +14 -0
  18. data/helpers/test/npm/updater.test.js +1 -15
  19. data/helpers/test/yarn/conflicting-dependency-parser.test.js +84 -0
  20. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  21. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +496 -0
  22. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json +14 -0
  23. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock +21 -0
  24. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  25. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +172 -0
  26. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  27. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock +21 -0
  28. data/helpers/test/yarn/helpers.js +11 -0
  29. data/helpers/yarn.lock +625 -30
  30. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +2 -6
  31. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -3
  32. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -6
  33. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -15
  34. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +3 -9
  35. data/lib/dependabot/npm_and_yarn/requirement.rb +2 -6
  36. data/lib/dependabot/npm_and_yarn/update_checker.rb +15 -12
  37. data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +69 -0
  38. data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +94 -0
  39. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -6
  40. data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +1 -3
  41. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +24 -86
  42. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +16 -85
  43. data/lib/dependabot/npm_and_yarn/version.rb +1 -3
  44. metadata +27 -6
@@ -60,9 +60,7 @@ module Dependabot
60
60
  return latest_allowable_version if git_dependency?(dependency)
61
61
  return if part_of_tightly_locked_monorepo?
62
62
 
63
- unless relevant_unmet_peer_dependencies.any?
64
- return latest_allowable_version
65
- end
63
+ return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
66
64
 
67
65
  satisfying_versions.first
68
66
  end
@@ -79,9 +77,7 @@ module Dependabot
79
77
 
80
78
  def dependency_updates_from_full_unlock
81
79
  return if git_dependency?(dependency)
82
- if part_of_tightly_locked_monorepo?
83
- return updated_monorepo_dependencies
84
- end
80
+ return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
85
81
  return if newly_broken_peer_reqs_from_dep.any?
86
82
 
87
83
  updates = [{
@@ -219,9 +215,7 @@ module Dependabot
219
215
  end
220
216
 
221
217
  def old_peer_dependency_errors
222
- if @old_peer_dependency_errors_checked
223
- return @old_peer_dependency_errors
224
- end
218
+ return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
225
219
 
226
220
  @old_peer_dependency_errors_checked = true
227
221
 
@@ -236,7 +230,7 @@ module Dependabot
236
230
  # here (since problematic repos will be resolved here before they're
237
231
  # seen by the FileUpdater)
238
232
  SharedHelpers.in_a_temporary_directory do
239
- write_temporary_dependency_files
233
+ dependency_files_builder.write_temporary_dependency_files
240
234
 
241
235
  filtered_package_files.flat_map do |file|
242
236
  path = Pathname.new(file.name).dirname
@@ -391,8 +385,8 @@ module Dependabot
391
385
  def run_checker(path:, version:)
392
386
  # If there are both yarn lockfiles and npm lockfiles only run the
393
387
  # yarn updater, yarn is also used when only a package.json exists
394
- if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
395
- lockfiles_for_path(lockfiles: lockfiles, path: path).none?
388
+ if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
389
+ lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
396
390
  return run_yarn_checker(path: path, version: version)
397
391
  end
398
392
 
@@ -444,48 +438,6 @@ module Dependabot
444
438
  end.compact
445
439
  end
446
440
 
447
- def write_temporary_dependency_files
448
- write_lock_files
449
-
450
- File.write(".npmrc", npmrc_content)
451
-
452
- package_files.each do |file|
453
- path = file.name
454
- FileUtils.mkdir_p(Pathname.new(path).dirname)
455
- File.write(file.name, prepared_package_json_content(file))
456
- end
457
- end
458
-
459
- def write_lock_files
460
- yarn_locks.each do |f|
461
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
462
- File.write(f.name, f.content)
463
- end
464
-
465
- package_locks.each do |f|
466
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
467
- File.write(f.name, f.content)
468
- end
469
-
470
- shrinkwraps.each do |f|
471
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
472
- File.write(f.name, f.content)
473
- end
474
- end
475
-
476
- def prepared_package_json_content(file)
477
- NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
478
- package_json_content: file.content
479
- ).prepared_content
480
- end
481
-
482
- def npmrc_content
483
- NpmAndYarn::FileUpdater::NpmrcBuilder.new(
484
- credentials: credentials,
485
- dependency_files: dependency_files
486
- ).npmrc_content
487
- end
488
-
489
441
  # Top level dependencies are required in the peer dep checker
490
442
  # to fetch the manifests for all top level deps which may contain
491
443
  # "peerDependency" requirements
@@ -497,34 +449,6 @@ module Dependabot
497
449
  ).parse.select(&:top_level?)
498
450
  end
499
451
 
500
- def lockfiles
501
- [*yarn_locks, *package_locks, *shrinkwraps]
502
- end
503
-
504
- def package_locks
505
- @package_locks ||=
506
- dependency_files.
507
- select { |f| f.name.end_with?("package-lock.json") }
508
- end
509
-
510
- def yarn_locks
511
- @yarn_locks ||=
512
- dependency_files.
513
- select { |f| f.name.end_with?("yarn.lock") }
514
- end
515
-
516
- def shrinkwraps
517
- @shrinkwraps ||=
518
- dependency_files.
519
- select { |f| f.name.end_with?("npm-shrinkwrap.json") }
520
- end
521
-
522
- def package_files
523
- @package_files ||=
524
- dependency_files.
525
- select { |f| f.name.end_with?("package.json") }
526
- end
527
-
528
452
  def filtered_package_files
529
453
  @filtered_package_files ||=
530
454
  DependencyFilesFilterer.new(
@@ -533,10 +457,17 @@ module Dependabot
533
457
  ).package_files_requiring_update
534
458
  end
535
459
 
460
+ def dependency_files_builder
461
+ @dependency_files_builder ||=
462
+ DependencyFilesBuilder.new(
463
+ dependency: dependency,
464
+ dependency_files: dependency_files,
465
+ credentials: credentials
466
+ )
467
+ end
468
+
536
469
  def version_for_dependency(dep)
537
- if dep.version && version_class.correct?(dep.version)
538
- return version_class.new(dep.version)
539
- end
470
+ return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
540
471
 
541
472
  dep.requirements.map { |r| r[:requirement] }.compact.
542
473
  reject { |req_string| req_string.start_with?("<") }.
@@ -29,9 +29,7 @@ module Dependabot
29
29
  @version_string = version.to_s
30
30
  version = version.gsub(/^v/, "") if version.is_a?(String)
31
31
 
32
- if version.to_s.include?("+")
33
- version, @build_info = version.to_s.split("+")
34
- end
32
+ version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
35
33
 
36
34
  super
37
35
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-05 00:00:00.000000000 Z
11
+ date: 2020-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.0
19
+ version: 0.125.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.0
26
+ version: 0.125.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.7.2
131
+ version: 0.8.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.7.2
138
+ version: 0.8.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -172,13 +172,16 @@ extensions: []
172
172
  extra_rdoc_files: []
173
173
  files:
174
174
  - helpers/.eslintrc
175
+ - helpers/README.md
175
176
  - helpers/build
177
+ - helpers/lib/npm/conflicting-dependency-parser.js
176
178
  - helpers/lib/npm/helpers.js
177
179
  - helpers/lib/npm/index.js
178
180
  - helpers/lib/npm/peer-dependency-checker.js
179
181
  - helpers/lib/npm/remove-dependencies-from-lockfile.js
180
182
  - helpers/lib/npm/subdependency-updater.js
181
183
  - helpers/lib/npm/updater.js
184
+ - helpers/lib/yarn/conflicting-dependency-parser.js
182
185
  - helpers/lib/yarn/fix-duplicates.js
183
186
  - helpers/lib/yarn/helpers.js
184
187
  - helpers/lib/yarn/index.js
@@ -189,11 +192,27 @@ files:
189
192
  - helpers/lib/yarn/updater.js
190
193
  - helpers/package.json
191
194
  - helpers/run.js
195
+ - helpers/test/npm/conflicting-dependency-parser.test.js
196
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
197
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
198
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
199
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
200
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
201
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
192
202
  - helpers/test/npm/fixtures/updater/original/package-lock.json
193
203
  - helpers/test/npm/fixtures/updater/original/package.json
194
204
  - helpers/test/npm/fixtures/updater/updated/package-lock.json
195
205
  - helpers/test/npm/helpers.js
196
206
  - helpers/test/npm/updater.test.js
207
+ - helpers/test/yarn/conflicting-dependency-parser.test.js
208
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
209
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
210
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
211
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
212
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
213
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
214
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
215
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
197
216
  - helpers/test/yarn/fixtures/updater/original/package.json
198
217
  - helpers/test/yarn/fixtures/updater/original/yarn.lock
199
218
  - helpers/test/yarn/fixtures/updater/updated/yarn.lock
@@ -220,6 +239,8 @@ files:
220
239
  - lib/dependabot/npm_and_yarn/requirement.rb
221
240
  - lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
222
241
  - lib/dependabot/npm_and_yarn/update_checker.rb
242
+ - lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
243
+ - lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
223
244
  - lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
224
245
  - lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
225
246
  - lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb