dependabot-npm_and_yarn 0.125.0 → 0.125.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/README.md +29 -0
  3. data/helpers/lib/npm/conflicting-dependency-parser.js +76 -0
  4. data/helpers/lib/npm/index.js +3 -0
  5. data/helpers/lib/yarn/conflicting-dependency-parser.js +176 -0
  6. data/helpers/lib/yarn/fix-duplicates.js +5 -3
  7. data/helpers/lib/yarn/helpers.js +8 -1
  8. data/helpers/lib/yarn/index.js +3 -0
  9. data/helpers/package.json +3 -2
  10. data/helpers/test/npm/conflicting-dependency-parser.test.js +67 -0
  11. data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +565 -0
  12. data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  13. data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json +188 -0
  14. data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  15. data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json +27 -0
  16. data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  17. data/helpers/test/npm/helpers.js +14 -0
  18. data/helpers/test/npm/updater.test.js +1 -15
  19. data/helpers/test/yarn/conflicting-dependency-parser.test.js +84 -0
  20. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
  21. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +496 -0
  22. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json +14 -0
  23. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock +21 -0
  24. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
  25. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +172 -0
  26. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
  27. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock +21 -0
  28. data/helpers/test/yarn/helpers.js +11 -0
  29. data/helpers/yarn.lock +625 -30
  30. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +2 -6
  31. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -3
  32. data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -6
  33. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -15
  34. data/lib/dependabot/npm_and_yarn/metadata_finder.rb +3 -9
  35. data/lib/dependabot/npm_and_yarn/requirement.rb +2 -6
  36. data/lib/dependabot/npm_and_yarn/update_checker.rb +15 -12
  37. data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +69 -0
  38. data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +94 -0
  39. data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -6
  40. data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +1 -3
  41. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +24 -86
  42. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +16 -85
  43. data/lib/dependabot/npm_and_yarn/version.rb +1 -3
  44. metadata +27 -6
@@ -60,9 +60,7 @@ module Dependabot
60
60
  return latest_allowable_version if git_dependency?(dependency)
61
61
  return if part_of_tightly_locked_monorepo?
62
62
 
63
- unless relevant_unmet_peer_dependencies.any?
64
- return latest_allowable_version
65
- end
63
+ return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
66
64
 
67
65
  satisfying_versions.first
68
66
  end
@@ -79,9 +77,7 @@ module Dependabot
79
77
 
80
78
  def dependency_updates_from_full_unlock
81
79
  return if git_dependency?(dependency)
82
- if part_of_tightly_locked_monorepo?
83
- return updated_monorepo_dependencies
84
- end
80
+ return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
85
81
  return if newly_broken_peer_reqs_from_dep.any?
86
82
 
87
83
  updates = [{
@@ -219,9 +215,7 @@ module Dependabot
219
215
  end
220
216
 
221
217
  def old_peer_dependency_errors
222
- if @old_peer_dependency_errors_checked
223
- return @old_peer_dependency_errors
224
- end
218
+ return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
225
219
 
226
220
  @old_peer_dependency_errors_checked = true
227
221
 
@@ -236,7 +230,7 @@ module Dependabot
236
230
  # here (since problematic repos will be resolved here before they're
237
231
  # seen by the FileUpdater)
238
232
  SharedHelpers.in_a_temporary_directory do
239
- write_temporary_dependency_files
233
+ dependency_files_builder.write_temporary_dependency_files
240
234
 
241
235
  filtered_package_files.flat_map do |file|
242
236
  path = Pathname.new(file.name).dirname
@@ -391,8 +385,8 @@ module Dependabot
391
385
  def run_checker(path:, version:)
392
386
  # If there are both yarn lockfiles and npm lockfiles only run the
393
387
  # yarn updater, yarn is also used when only a package.json exists
394
- if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
395
- lockfiles_for_path(lockfiles: lockfiles, path: path).none?
388
+ if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
389
+ lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
396
390
  return run_yarn_checker(path: path, version: version)
397
391
  end
398
392
 
@@ -444,48 +438,6 @@ module Dependabot
444
438
  end.compact
445
439
  end
446
440
 
447
- def write_temporary_dependency_files
448
- write_lock_files
449
-
450
- File.write(".npmrc", npmrc_content)
451
-
452
- package_files.each do |file|
453
- path = file.name
454
- FileUtils.mkdir_p(Pathname.new(path).dirname)
455
- File.write(file.name, prepared_package_json_content(file))
456
- end
457
- end
458
-
459
- def write_lock_files
460
- yarn_locks.each do |f|
461
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
462
- File.write(f.name, f.content)
463
- end
464
-
465
- package_locks.each do |f|
466
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
467
- File.write(f.name, f.content)
468
- end
469
-
470
- shrinkwraps.each do |f|
471
- FileUtils.mkdir_p(Pathname.new(f.name).dirname)
472
- File.write(f.name, f.content)
473
- end
474
- end
475
-
476
- def prepared_package_json_content(file)
477
- NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
478
- package_json_content: file.content
479
- ).prepared_content
480
- end
481
-
482
- def npmrc_content
483
- NpmAndYarn::FileUpdater::NpmrcBuilder.new(
484
- credentials: credentials,
485
- dependency_files: dependency_files
486
- ).npmrc_content
487
- end
488
-
489
441
  # Top level dependencies are required in the peer dep checker
490
442
  # to fetch the manifests for all top level deps which may contain
491
443
  # "peerDependency" requirements
@@ -497,34 +449,6 @@ module Dependabot
497
449
  ).parse.select(&:top_level?)
498
450
  end
499
451
 
500
- def lockfiles
501
- [*yarn_locks, *package_locks, *shrinkwraps]
502
- end
503
-
504
- def package_locks
505
- @package_locks ||=
506
- dependency_files.
507
- select { |f| f.name.end_with?("package-lock.json") }
508
- end
509
-
510
- def yarn_locks
511
- @yarn_locks ||=
512
- dependency_files.
513
- select { |f| f.name.end_with?("yarn.lock") }
514
- end
515
-
516
- def shrinkwraps
517
- @shrinkwraps ||=
518
- dependency_files.
519
- select { |f| f.name.end_with?("npm-shrinkwrap.json") }
520
- end
521
-
522
- def package_files
523
- @package_files ||=
524
- dependency_files.
525
- select { |f| f.name.end_with?("package.json") }
526
- end
527
-
528
452
  def filtered_package_files
529
453
  @filtered_package_files ||=
530
454
  DependencyFilesFilterer.new(
@@ -533,10 +457,17 @@ module Dependabot
533
457
  ).package_files_requiring_update
534
458
  end
535
459
 
460
+ def dependency_files_builder
461
+ @dependency_files_builder ||=
462
+ DependencyFilesBuilder.new(
463
+ dependency: dependency,
464
+ dependency_files: dependency_files,
465
+ credentials: credentials
466
+ )
467
+ end
468
+
536
469
  def version_for_dependency(dep)
537
- if dep.version && version_class.correct?(dep.version)
538
- return version_class.new(dep.version)
539
- end
470
+ return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
540
471
 
541
472
  dep.requirements.map { |r| r[:requirement] }.compact.
542
473
  reject { |req_string| req_string.start_with?("<") }.
@@ -29,9 +29,7 @@ module Dependabot
29
29
  @version_string = version.to_s
30
30
  version = version.gsub(/^v/, "") if version.is_a?(String)
31
31
 
32
- if version.to_s.include?("+")
33
- version, @build_info = version.to_s.split("+")
34
- end
32
+ version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
35
33
 
36
34
  super
37
35
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-05 00:00:00.000000000 Z
11
+ date: 2020-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.0
19
+ version: 0.125.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.0
26
+ version: 0.125.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.7.2
131
+ version: 0.8.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.7.2
138
+ version: 0.8.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -172,13 +172,16 @@ extensions: []
172
172
  extra_rdoc_files: []
173
173
  files:
174
174
  - helpers/.eslintrc
175
+ - helpers/README.md
175
176
  - helpers/build
177
+ - helpers/lib/npm/conflicting-dependency-parser.js
176
178
  - helpers/lib/npm/helpers.js
177
179
  - helpers/lib/npm/index.js
178
180
  - helpers/lib/npm/peer-dependency-checker.js
179
181
  - helpers/lib/npm/remove-dependencies-from-lockfile.js
180
182
  - helpers/lib/npm/subdependency-updater.js
181
183
  - helpers/lib/npm/updater.js
184
+ - helpers/lib/yarn/conflicting-dependency-parser.js
182
185
  - helpers/lib/yarn/fix-duplicates.js
183
186
  - helpers/lib/yarn/helpers.js
184
187
  - helpers/lib/yarn/index.js
@@ -189,11 +192,27 @@ files:
189
192
  - helpers/lib/yarn/updater.js
190
193
  - helpers/package.json
191
194
  - helpers/run.js
195
+ - helpers/test/npm/conflicting-dependency-parser.test.js
196
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
197
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
198
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
199
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
200
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
201
+ - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
192
202
  - helpers/test/npm/fixtures/updater/original/package-lock.json
193
203
  - helpers/test/npm/fixtures/updater/original/package.json
194
204
  - helpers/test/npm/fixtures/updater/updated/package-lock.json
195
205
  - helpers/test/npm/helpers.js
196
206
  - helpers/test/npm/updater.test.js
207
+ - helpers/test/yarn/conflicting-dependency-parser.test.js
208
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
209
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
210
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
211
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
212
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
213
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
214
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
215
+ - helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
197
216
  - helpers/test/yarn/fixtures/updater/original/package.json
198
217
  - helpers/test/yarn/fixtures/updater/original/yarn.lock
199
218
  - helpers/test/yarn/fixtures/updater/updated/yarn.lock
@@ -220,6 +239,8 @@ files:
220
239
  - lib/dependabot/npm_and_yarn/requirement.rb
221
240
  - lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
222
241
  - lib/dependabot/npm_and_yarn/update_checker.rb
242
+ - lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
243
+ - lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
223
244
  - lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
224
245
  - lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
225
246
  - lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb