dependabot-npm_and_yarn 0.129.5 → 0.131.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (32) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/.eslintrc +1 -4
  3. data/helpers/build +1 -0
  4. data/helpers/jest.config.js +5 -0
  5. data/helpers/lib/npm/index.js +0 -6
  6. data/helpers/lib/{npm → npm6}/helpers.js +0 -0
  7. data/helpers/lib/npm6/index.js +9 -0
  8. data/helpers/lib/{npm → npm6}/peer-dependency-checker.js +2 -2
  9. data/helpers/lib/{npm → npm6}/remove-dependencies-from-lockfile.js +0 -0
  10. data/helpers/lib/{npm → npm6}/subdependency-updater.js +2 -2
  11. data/helpers/lib/{npm → npm6}/updater.js +2 -2
  12. data/helpers/package.json +5 -4
  13. data/helpers/test/{npm → npm6}/conflicting-dependency-parser.test.js +0 -0
  14. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +0 -0
  15. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/deeply-nested/package.json +0 -0
  16. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/nested/package-lock.json +0 -0
  17. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/nested/package.json +0 -0
  18. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/simple/package-lock.json +0 -0
  19. data/helpers/test/{npm → npm6}/fixtures/conflicting-dependency-parser/simple/package.json +0 -0
  20. data/helpers/test/{npm → npm6}/fixtures/updater/original/package-lock.json +0 -0
  21. data/helpers/test/{npm → npm6}/fixtures/updater/original/package.json +0 -0
  22. data/helpers/test/{npm → npm6}/fixtures/updater/updated/package-lock.json +0 -0
  23. data/helpers/test/{npm → npm6}/helpers.js +0 -0
  24. data/helpers/test/{npm → npm6}/updater.test.js +1 -1
  25. data/helpers/yarn.lock +364 -114
  26. data/lib/dependabot/npm_and_yarn/file_parser.rb +3 -1
  27. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +27 -17
  28. data/lib/dependabot/npm_and_yarn/helpers.rb +16 -0
  29. data/lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb +2 -0
  30. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +8 -3
  31. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +17 -8
  32. metadata +29 -26
@@ -295,7 +295,9 @@ module Dependabot
295
295
  elsif resolved_url.include?("/#{name}/-/#{name}")
296
296
  # MyGet / Bintray format
297
297
  resolved_url.split("/#{name}/-/#{name}").first.
298
- gsub("dl.bintray.com//", "api.bintray.com/npm/")
298
+ gsub("dl.bintray.com//", "api.bintray.com/npm/").
299
+ # GitLab format
300
+ gsub(%r{\/projects\/\d+}, "")
299
301
  elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
300
302
  # Sonatype Nexus / Artifactory JFrog format
301
303
  resolved_url.split("/#{name}/-/#{name.split('/').last}").first
@@ -1,11 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/npm_and_yarn/file_updater"
3
+ require "dependabot/errors"
4
+ require "dependabot/logger"
4
5
  require "dependabot/npm_and_yarn/file_parser"
5
- require "dependabot/npm_and_yarn/update_checker/registry_finder"
6
+ require "dependabot/npm_and_yarn/file_updater"
7
+ require "dependabot/npm_and_yarn/helpers"
6
8
  require "dependabot/npm_and_yarn/native_helpers"
9
+ require "dependabot/npm_and_yarn/update_checker/registry_finder"
7
10
  require "dependabot/shared_helpers"
8
- require "dependabot/errors"
9
11
 
10
12
  # rubocop:disable Metrics/ClassLength
11
13
  module Dependabot
@@ -32,7 +34,7 @@ module Dependabot
32
34
  lockfile_name = Pathname.new(lockfile.name).basename.to_s
33
35
  write_temporary_dependency_files(lockfile.name)
34
36
  updated_files = Dir.chdir(path) do
35
- run_current_npm_update(lockfile_name: lockfile_name)
37
+ run_current_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
36
38
  end
37
39
  updated_content = updated_files.fetch(lockfile_name)
38
40
  post_process_npm_lockfile(lockfile.content, updated_content)
@@ -107,18 +109,19 @@ module Dependabot
107
109
  dependency.top_level? && requirements_for_path.empty?
108
110
  end
109
111
 
110
- def run_current_npm_update(lockfile_name:)
112
+ def run_current_npm_update(lockfile_name:, lockfile_content:)
111
113
  top_level_dependency_updates = top_level_dependencies.map do |d|
112
114
  { name: d.name, version: d.version, requirements: d.requirements }
113
115
  end
114
116
 
115
117
  run_npm_updater(
116
118
  lockfile_name: lockfile_name,
117
- top_level_dependency_updates: top_level_dependency_updates
119
+ top_level_dependency_updates: top_level_dependency_updates,
120
+ lockfile_content: lockfile_content
118
121
  )
119
122
  end
120
123
 
121
- def run_previous_npm_update(lockfile_name:)
124
+ def run_previous_npm_update(lockfile_name:, lockfile_content:)
122
125
  previous_top_level_dependencies = top_level_dependencies.map do |d|
123
126
  {
124
127
  name: d.name,
@@ -129,28 +132,32 @@ module Dependabot
129
132
 
130
133
  run_npm_updater(
131
134
  lockfile_name: lockfile_name,
132
- top_level_dependency_updates: previous_top_level_dependencies
135
+ top_level_dependency_updates: previous_top_level_dependencies,
136
+ lockfile_content: lockfile_content
133
137
  )
134
138
  end
135
139
 
136
- def run_npm_updater(lockfile_name:, top_level_dependency_updates:)
140
+ def run_npm_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
137
141
  SharedHelpers.with_git_configured(credentials: credentials) do
138
142
  if top_level_dependency_updates.any?
139
143
  run_npm_top_level_updater(
140
144
  lockfile_name: lockfile_name,
141
- top_level_dependency_updates: top_level_dependency_updates
145
+ top_level_dependency_updates: top_level_dependency_updates,
146
+ lockfile_content: lockfile_content
142
147
  )
143
148
  else
144
- run_npm_subdependency_updater(lockfile_name: lockfile_name)
149
+ run_npm_subdependency_updater(lockfile_name: lockfile_name, lockfile_content: lockfile_content)
145
150
  end
146
151
  end
147
152
  end
148
153
 
149
- def run_npm_top_level_updater(lockfile_name:,
150
- top_level_dependency_updates:)
154
+ def run_npm_top_level_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
155
+ npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
156
+ Dependabot.logger.info(npm_version)
157
+
151
158
  SharedHelpers.run_helper_subprocess(
152
159
  command: NativeHelpers.helper_path,
153
- function: "npm:update",
160
+ function: "npm6:update",
154
161
  args: [
155
162
  Dir.pwd,
156
163
  lockfile_name,
@@ -159,10 +166,13 @@ module Dependabot
159
166
  )
160
167
  end
161
168
 
162
- def run_npm_subdependency_updater(lockfile_name:)
169
+ def run_npm_subdependency_updater(lockfile_name:, lockfile_content:)
170
+ npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
171
+ Dependabot.logger.info(npm_version)
172
+
163
173
  SharedHelpers.run_helper_subprocess(
164
174
  command: NativeHelpers.helper_path,
165
- function: "npm:updateSubdependency",
175
+ function: "npm6:updateSubdependency",
166
176
  args: [Dir.pwd, lockfile_name, sub_dependencies.map(&:to_h)]
167
177
  )
168
178
  end
@@ -341,7 +351,7 @@ module Dependabot
341
351
  lockfile_name = Pathname.new(lockfile.name).basename.to_s
342
352
  path = Pathname.new(lockfile.name).dirname.to_s
343
353
  Dir.chdir(path) do
344
- run_previous_npm_update(lockfile_name: lockfile_name)
354
+ run_previous_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
345
355
  end
346
356
  end
347
357
 
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module NpmAndYarn
5
+ module Helpers
6
+ def self.npm_version(lockfile_content)
7
+ return "npm6" unless lockfile_content
8
+ return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] == 2
9
+
10
+ "npm6"
11
+ rescue JSON::ParserError
12
+ "npm6"
13
+ end
14
+ end
15
+ end
16
+ end
@@ -2,7 +2,9 @@
2
2
 
3
3
  require "dependabot/dependency"
4
4
  require "dependabot/errors"
5
+ require "dependabot/logger"
5
6
  require "dependabot/npm_and_yarn/file_parser"
7
+ require "dependabot/npm_and_yarn/helpers"
6
8
  require "dependabot/npm_and_yarn/native_helpers"
7
9
  require "dependabot/npm_and_yarn/update_checker"
8
10
  require "dependabot/npm_and_yarn/update_checker/dependency_files_builder"
@@ -2,9 +2,11 @@
2
2
 
3
3
  require "dependabot/dependency"
4
4
  require "dependabot/errors"
5
+ require "dependabot/logger"
5
6
  require "dependabot/npm_and_yarn/file_parser"
6
7
  require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
7
8
  require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
9
+ require "dependabot/npm_and_yarn/helpers"
8
10
  require "dependabot/npm_and_yarn/native_helpers"
9
11
  require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
10
12
  require "dependabot/npm_and_yarn/update_checker"
@@ -60,7 +62,7 @@ module Dependabot
60
62
  updated_files = if lockfile.name.end_with?("yarn.lock")
61
63
  run_yarn_updater(path, lockfile_name)
62
64
  else
63
- run_npm_updater(path, lockfile_name)
65
+ run_npm_updater(path, lockfile_name, lockfile.content)
64
66
  end
65
67
 
66
68
  updated_files.fetch(lockfile_name)
@@ -107,12 +109,15 @@ module Dependabot
107
109
  sleep(rand(3.0..10.0)) && retry
108
110
  end
109
111
 
110
- def run_npm_updater(path, lockfile_name)
112
+ def run_npm_updater(path, lockfile_name, lockfile_content)
111
113
  SharedHelpers.with_git_configured(credentials: credentials) do
112
114
  Dir.chdir(path) do
115
+ npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
116
+ Dependabot.logger.info(npm_version)
117
+
113
118
  SharedHelpers.run_helper_subprocess(
114
119
  command: NativeHelpers.helper_path,
115
- function: "npm:updateSubdependency",
120
+ function: "npm6:updateSubdependency",
116
121
  args: [Dir.pwd, lockfile_name, [dependency.to_h]]
117
122
  )
118
123
  end
@@ -1,16 +1,18 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/errors"
3
4
  require "dependabot/git_commit_checker"
4
- require "dependabot/npm_and_yarn/update_checker"
5
- require "dependabot/npm_and_yarn/file_parser"
6
- require "dependabot/npm_and_yarn/version"
7
- require "dependabot/npm_and_yarn/requirement"
8
- require "dependabot/npm_and_yarn/native_helpers"
5
+ require "dependabot/logger"
9
6
  require "dependabot/npm_and_yarn/dependency_files_filterer"
10
- require "dependabot/shared_helpers"
11
- require "dependabot/errors"
7
+ require "dependabot/npm_and_yarn/file_parser"
12
8
  require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
13
9
  require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
10
+ require "dependabot/npm_and_yarn/helpers"
11
+ require "dependabot/npm_and_yarn/native_helpers"
12
+ require "dependabot/npm_and_yarn/requirement"
13
+ require "dependabot/npm_and_yarn/update_checker"
14
+ require "dependabot/npm_and_yarn/version"
15
+ require "dependabot/shared_helpers"
14
16
 
15
17
  # rubocop:disable Metrics/ClassLength
16
18
  module Dependabot
@@ -413,9 +415,16 @@ module Dependabot
413
415
  def run_npm_checker(path:, version:)
414
416
  SharedHelpers.with_git_configured(credentials: credentials) do
415
417
  Dir.chdir(path) do
418
+ package_lock = dependency_files_builder.package_locks.find do |f|
419
+ # Find the lockfile that's in the current directory
420
+ f.name == [path, "package-lock.json"].join("/").sub(%r{\A.?\/}, "")
421
+ end
422
+ npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
423
+ Dependabot.logger.info(npm_version)
424
+
416
425
  SharedHelpers.run_helper_subprocess(
417
426
  command: NativeHelpers.helper_path,
418
- function: "npm:checkPeerDependencies",
427
+ function: "npm6:checkPeerDependencies",
419
428
  args: [
420
429
  Dir.pwd,
421
430
  dependency.name,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.129.5
4
+ version: 0.131.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-07 00:00:00.000000000 Z
11
+ date: 2021-02-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.129.5
19
+ version: 0.131.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.129.5
26
+ version: 0.131.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.7.0
103
+ version: 1.9.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.7.0
110
+ version: 1.9.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.8.0
131
+ version: 0.9.1
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.8.0
138
+ version: 0.9.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -174,13 +174,15 @@ files:
174
174
  - helpers/.eslintrc
175
175
  - helpers/README.md
176
176
  - helpers/build
177
+ - helpers/jest.config.js
177
178
  - helpers/lib/npm/conflicting-dependency-parser.js
178
- - helpers/lib/npm/helpers.js
179
179
  - helpers/lib/npm/index.js
180
- - helpers/lib/npm/peer-dependency-checker.js
181
- - helpers/lib/npm/remove-dependencies-from-lockfile.js
182
- - helpers/lib/npm/subdependency-updater.js
183
- - helpers/lib/npm/updater.js
180
+ - helpers/lib/npm6/helpers.js
181
+ - helpers/lib/npm6/index.js
182
+ - helpers/lib/npm6/peer-dependency-checker.js
183
+ - helpers/lib/npm6/remove-dependencies-from-lockfile.js
184
+ - helpers/lib/npm6/subdependency-updater.js
185
+ - helpers/lib/npm6/updater.js
184
186
  - helpers/lib/yarn/conflicting-dependency-parser.js
185
187
  - helpers/lib/yarn/fix-duplicates.js
186
188
  - helpers/lib/yarn/helpers.js
@@ -192,18 +194,18 @@ files:
192
194
  - helpers/lib/yarn/updater.js
193
195
  - helpers/package.json
194
196
  - helpers/run.js
195
- - helpers/test/npm/conflicting-dependency-parser.test.js
196
- - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
197
- - helpers/test/npm/fixtures/conflicting-dependency-parser/deeply-nested/package.json
198
- - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package-lock.json
199
- - helpers/test/npm/fixtures/conflicting-dependency-parser/nested/package.json
200
- - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package-lock.json
201
- - helpers/test/npm/fixtures/conflicting-dependency-parser/simple/package.json
202
- - helpers/test/npm/fixtures/updater/original/package-lock.json
203
- - helpers/test/npm/fixtures/updater/original/package.json
204
- - helpers/test/npm/fixtures/updater/updated/package-lock.json
205
- - helpers/test/npm/helpers.js
206
- - helpers/test/npm/updater.test.js
197
+ - helpers/test/npm6/conflicting-dependency-parser.test.js
198
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json
199
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package.json
200
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package-lock.json
201
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/nested/package.json
202
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package-lock.json
203
+ - helpers/test/npm6/fixtures/conflicting-dependency-parser/simple/package.json
204
+ - helpers/test/npm6/fixtures/updater/original/package-lock.json
205
+ - helpers/test/npm6/fixtures/updater/original/package.json
206
+ - helpers/test/npm6/fixtures/updater/updated/package-lock.json
207
+ - helpers/test/npm6/helpers.js
208
+ - helpers/test/npm6/updater.test.js
207
209
  - helpers/test/yarn/conflicting-dependency-parser.test.js
208
210
  - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/package.json
209
211
  - helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock
@@ -234,6 +236,7 @@ files:
234
236
  - lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb
235
237
  - lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb
236
238
  - lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb
239
+ - lib/dependabot/npm_and_yarn/helpers.rb
237
240
  - lib/dependabot/npm_and_yarn/metadata_finder.rb
238
241
  - lib/dependabot/npm_and_yarn/native_helpers.rb
239
242
  - lib/dependabot/npm_and_yarn/requirement.rb
@@ -267,7 +270,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
267
270
  - !ruby/object:Gem::Version
268
271
  version: 2.5.0
269
272
  requirements: []
270
- rubygems_version: 3.1.4
273
+ rubygems_version: 3.2.3
271
274
  signing_key:
272
275
  specification_version: 4
273
276
  summary: JS support for dependabot