dependabot-npm_and_yarn 0.125.0 → 0.125.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/README.md +29 -0
- data/helpers/lib/npm/conflicting-dependency-parser.js +76 -0
- data/helpers/lib/npm/index.js +3 -0
- data/helpers/lib/yarn/conflicting-dependency-parser.js +176 -0
- data/helpers/lib/yarn/fix-duplicates.js +5 -3
- data/helpers/lib/yarn/helpers.js +8 -1
- data/helpers/lib/yarn/index.js +3 -0
- data/helpers/package.json +3 -2
- data/helpers/test/npm/conflicting-dependency-parser.test.js +67 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +565 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json +188 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json +27 -0
- data/helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
- data/helpers/test/npm/helpers.js +14 -0
- data/helpers/test/npm/updater.test.js +1 -15
- data/helpers/test/yarn/conflicting-dependency-parser.test.js +84 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +496 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock +21 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock +172 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json +14 -0
- data/helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock +21 -0
- data/helpers/test/yarn/helpers.js +11 -0
- data/helpers/yarn.lock +625 -30
- data/lib/dependabot/npm_and_yarn/file_fetcher.rb +2 -6
- data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +1 -3
- data/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +2 -6
- data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +5 -15
- data/lib/dependabot/npm_and_yarn/metadata_finder.rb +3 -9
- data/lib/dependabot/npm_and_yarn/requirement.rb +2 -6
- data/lib/dependabot/npm_and_yarn/update_checker.rb +15 -12
- data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +69 -0
- data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +94 -0
- data/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +1 -3
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +24 -86
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +16 -85
- data/lib/dependabot/npm_and_yarn/version.rb +1 -3
- metadata +27 -6
@@ -60,9 +60,7 @@ module Dependabot
|
|
60
60
|
return latest_allowable_version if git_dependency?(dependency)
|
61
61
|
return if part_of_tightly_locked_monorepo?
|
62
62
|
|
63
|
-
unless relevant_unmet_peer_dependencies.any?
|
64
|
-
return latest_allowable_version
|
65
|
-
end
|
63
|
+
return latest_allowable_version unless relevant_unmet_peer_dependencies.any?
|
66
64
|
|
67
65
|
satisfying_versions.first
|
68
66
|
end
|
@@ -79,9 +77,7 @@ module Dependabot
|
|
79
77
|
|
80
78
|
def dependency_updates_from_full_unlock
|
81
79
|
return if git_dependency?(dependency)
|
82
|
-
if part_of_tightly_locked_monorepo?
|
83
|
-
return updated_monorepo_dependencies
|
84
|
-
end
|
80
|
+
return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
|
85
81
|
return if newly_broken_peer_reqs_from_dep.any?
|
86
82
|
|
87
83
|
updates = [{
|
@@ -219,9 +215,7 @@ module Dependabot
|
|
219
215
|
end
|
220
216
|
|
221
217
|
def old_peer_dependency_errors
|
222
|
-
if @old_peer_dependency_errors_checked
|
223
|
-
return @old_peer_dependency_errors
|
224
|
-
end
|
218
|
+
return @old_peer_dependency_errors if @old_peer_dependency_errors_checked
|
225
219
|
|
226
220
|
@old_peer_dependency_errors_checked = true
|
227
221
|
|
@@ -236,7 +230,7 @@ module Dependabot
|
|
236
230
|
# here (since problematic repos will be resolved here before they're
|
237
231
|
# seen by the FileUpdater)
|
238
232
|
SharedHelpers.in_a_temporary_directory do
|
239
|
-
write_temporary_dependency_files
|
233
|
+
dependency_files_builder.write_temporary_dependency_files
|
240
234
|
|
241
235
|
filtered_package_files.flat_map do |file|
|
242
236
|
path = Pathname.new(file.name).dirname
|
@@ -391,8 +385,8 @@ module Dependabot
|
|
391
385
|
def run_checker(path:, version:)
|
392
386
|
# If there are both yarn lockfiles and npm lockfiles only run the
|
393
387
|
# yarn updater, yarn is also used when only a package.json exists
|
394
|
-
if lockfiles_for_path(lockfiles: yarn_locks, path: path).any? ||
|
395
|
-
lockfiles_for_path(lockfiles: lockfiles, path: path).none?
|
388
|
+
if lockfiles_for_path(lockfiles: dependency_files_builder.yarn_locks, path: path).any? ||
|
389
|
+
lockfiles_for_path(lockfiles: dependency_files_builder.lockfiles, path: path).none?
|
396
390
|
return run_yarn_checker(path: path, version: version)
|
397
391
|
end
|
398
392
|
|
@@ -444,48 +438,6 @@ module Dependabot
|
|
444
438
|
end.compact
|
445
439
|
end
|
446
440
|
|
447
|
-
def write_temporary_dependency_files
|
448
|
-
write_lock_files
|
449
|
-
|
450
|
-
File.write(".npmrc", npmrc_content)
|
451
|
-
|
452
|
-
package_files.each do |file|
|
453
|
-
path = file.name
|
454
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
455
|
-
File.write(file.name, prepared_package_json_content(file))
|
456
|
-
end
|
457
|
-
end
|
458
|
-
|
459
|
-
def write_lock_files
|
460
|
-
yarn_locks.each do |f|
|
461
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
462
|
-
File.write(f.name, f.content)
|
463
|
-
end
|
464
|
-
|
465
|
-
package_locks.each do |f|
|
466
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
467
|
-
File.write(f.name, f.content)
|
468
|
-
end
|
469
|
-
|
470
|
-
shrinkwraps.each do |f|
|
471
|
-
FileUtils.mkdir_p(Pathname.new(f.name).dirname)
|
472
|
-
File.write(f.name, f.content)
|
473
|
-
end
|
474
|
-
end
|
475
|
-
|
476
|
-
def prepared_package_json_content(file)
|
477
|
-
NpmAndYarn::FileUpdater::PackageJsonPreparer.new(
|
478
|
-
package_json_content: file.content
|
479
|
-
).prepared_content
|
480
|
-
end
|
481
|
-
|
482
|
-
def npmrc_content
|
483
|
-
NpmAndYarn::FileUpdater::NpmrcBuilder.new(
|
484
|
-
credentials: credentials,
|
485
|
-
dependency_files: dependency_files
|
486
|
-
).npmrc_content
|
487
|
-
end
|
488
|
-
|
489
441
|
# Top level dependencies are required in the peer dep checker
|
490
442
|
# to fetch the manifests for all top level deps which may contain
|
491
443
|
# "peerDependency" requirements
|
@@ -497,34 +449,6 @@ module Dependabot
|
|
497
449
|
).parse.select(&:top_level?)
|
498
450
|
end
|
499
451
|
|
500
|
-
def lockfiles
|
501
|
-
[*yarn_locks, *package_locks, *shrinkwraps]
|
502
|
-
end
|
503
|
-
|
504
|
-
def package_locks
|
505
|
-
@package_locks ||=
|
506
|
-
dependency_files.
|
507
|
-
select { |f| f.name.end_with?("package-lock.json") }
|
508
|
-
end
|
509
|
-
|
510
|
-
def yarn_locks
|
511
|
-
@yarn_locks ||=
|
512
|
-
dependency_files.
|
513
|
-
select { |f| f.name.end_with?("yarn.lock") }
|
514
|
-
end
|
515
|
-
|
516
|
-
def shrinkwraps
|
517
|
-
@shrinkwraps ||=
|
518
|
-
dependency_files.
|
519
|
-
select { |f| f.name.end_with?("npm-shrinkwrap.json") }
|
520
|
-
end
|
521
|
-
|
522
|
-
def package_files
|
523
|
-
@package_files ||=
|
524
|
-
dependency_files.
|
525
|
-
select { |f| f.name.end_with?("package.json") }
|
526
|
-
end
|
527
|
-
|
528
452
|
def filtered_package_files
|
529
453
|
@filtered_package_files ||=
|
530
454
|
DependencyFilesFilterer.new(
|
@@ -533,10 +457,17 @@ module Dependabot
|
|
533
457
|
).package_files_requiring_update
|
534
458
|
end
|
535
459
|
|
460
|
+
def dependency_files_builder
|
461
|
+
@dependency_files_builder ||=
|
462
|
+
DependencyFilesBuilder.new(
|
463
|
+
dependency: dependency,
|
464
|
+
dependency_files: dependency_files,
|
465
|
+
credentials: credentials
|
466
|
+
)
|
467
|
+
end
|
468
|
+
|
536
469
|
def version_for_dependency(dep)
|
537
|
-
if dep.version && version_class.correct?(dep.version)
|
538
|
-
return version_class.new(dep.version)
|
539
|
-
end
|
470
|
+
return version_class.new(dep.version) if dep.version && version_class.correct?(dep.version)
|
540
471
|
|
541
472
|
dep.requirements.map { |r| r[:requirement] }.compact.
|
542
473
|
reject { |req_string| req_string.start_with?("<") }.
|
@@ -29,9 +29,7 @@ module Dependabot
|
|
29
29
|
@version_string = version.to_s
|
30
30
|
version = version.gsub(/^v/, "") if version.is_a?(String)
|
31
31
|
|
32
|
-
if version.to_s.include?("+")
|
33
|
-
version, @build_info = version.to_s.split("+")
|
34
|
-
end
|
32
|
+
version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
|
35
33
|
|
36
34
|
super
|
37
35
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-npm_and_yarn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.125.
|
4
|
+
version: 0.125.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-11-
|
11
|
+
date: 2020-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.125.
|
19
|
+
version: 0.125.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.125.
|
26
|
+
version: 0.125.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.
|
131
|
+
version: 0.8.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.
|
138
|
+
version: 0.8.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: vcr
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -172,13 +172,16 @@ extensions: []
|
|
172
172
|
extra_rdoc_files: []
|
173
173
|
files:
|
174
174
|
- helpers/.eslintrc
|
175
|
+
- helpers/README.md
|
175
176
|
- helpers/build
|
177
|
+
- helpers/lib/npm/conflicting-dependency-parser.js
|
176
178
|
- helpers/lib/npm/helpers.js
|
177
179
|
- helpers/lib/npm/index.js
|
178
180
|
- helpers/lib/npm/peer-dependency-checker.js
|
179
181
|
- helpers/lib/npm/remove-dependencies-from-lockfile.js
|
180
182
|
- helpers/lib/npm/subdependency-updater.js
|
181
183
|
- helpers/lib/npm/updater.js
|
184
|
+
- helpers/lib/yarn/conflicting-dependency-parser.js
|
182
185
|
- helpers/lib/yarn/fix-duplicates.js
|
183
186
|
- helpers/lib/yarn/helpers.js
|
184
187
|
- helpers/lib/yarn/index.js
|
@@ -189,11 +192,27 @@ files:
|
|
189
192
|
- helpers/lib/yarn/updater.js
|
190
193
|
- helpers/package.json
|
191
194
|
- helpers/run.js
|
195
|
+
- helpers/test/npm/conflicting-dependency-parser.test.js
|
196
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
|
197
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
198
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
|
199
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
|
200
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
|
201
|
+
- helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
|
192
202
|
- helpers/test/npm/fixtures/updater/original/package-lock.json
|
193
203
|
- helpers/test/npm/fixtures/updater/original/package.json
|
194
204
|
- helpers/test/npm/fixtures/updater/updated/package-lock.json
|
195
205
|
- helpers/test/npm/helpers.js
|
196
206
|
- helpers/test/npm/updater.test.js
|
207
|
+
- helpers/test/yarn/conflicting-dependency-parser.test.js
|
208
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
|
209
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
|
210
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/package.json
|
211
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/dev-dependencies/yarn.lock
|
212
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/package.json
|
213
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/nested/yarn.lock
|
214
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/package.json
|
215
|
+
- helpers/test/yarn/fixtures/conflicting-dependency-parser/simple/yarn.lock
|
197
216
|
- helpers/test/yarn/fixtures/updater/original/package.json
|
198
217
|
- helpers/test/yarn/fixtures/updater/original/yarn.lock
|
199
218
|
- helpers/test/yarn/fixtures/updater/updated/yarn.lock
|
@@ -220,6 +239,8 @@ files:
|
|
220
239
|
- lib/dependabot/npm_and_yarn/requirement.rb
|
221
240
|
- lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
|
222
241
|
- lib/dependabot/npm_and_yarn/update_checker.rb
|
242
|
+
- lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb
|
243
|
+
- lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb
|
223
244
|
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
|
224
245
|
- lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
|
225
246
|
- lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb
|