dependabot-npm_and_yarn 0.215.0 → 0.216.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (25) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +1 -1
  3. data/helpers/lib/yarn/subdependency-updater.js +15 -44
  4. data/helpers/package-lock.json +2597 -1572
  5. data/helpers/package.json +8 -9
  6. data/helpers/test/npm6/conflicting-dependency-parser.test.js +1 -2
  7. data/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested/package-lock.json +3 -3
  8. data/helpers/test/npm6/updater.test.js +1 -2
  9. data/helpers/test/yarn/conflicting-dependency-parser.test.js +1 -2
  10. data/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested/yarn.lock +3 -3
  11. data/helpers/test/yarn/updater.test.js +1 -2
  12. data/lib/dependabot/npm_and_yarn/file_fetcher.rb +26 -38
  13. data/lib/dependabot/npm_and_yarn/file_parser/json_lock.rb +84 -0
  14. data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb +21 -183
  15. data/lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb +80 -0
  16. data/lib/dependabot/npm_and_yarn/file_parser.rb +23 -36
  17. data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +55 -40
  18. data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +20 -1
  19. data/lib/dependabot/npm_and_yarn/helpers.rb +7 -1
  20. data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb +6 -0
  21. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +1 -1
  22. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +20 -13
  23. data/lib/dependabot/npm_and_yarn/update_checker.rb +5 -0
  24. data/lib/dependabot/npm_and_yarn/version.rb +13 -2
  25. metadata +37 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ab218ae4b2f9134c67ada69180e938eae5fae986f8fe340347b1e8bac37395cd
4
- data.tar.gz: 1ccf4e04ea21683fb92133dd8491dc005e06b57c8d00d7922704cd7749208378
3
+ metadata.gz: 239ea74bfa12a1156995f658945575829fd543be7c7db2986fe00ad6124b111d
4
+ data.tar.gz: 9f65a09fc63f0579d77ce551c1e1929edfe347598741d311112a27f44d020252
5
5
  SHA512:
6
- metadata.gz: 572b409e78fd0ee17ab23164240ba4ac6364c73237011f7d799abad39d9c1acc47710094bac6c13afc6d7be4a4851b77fe546d4aa35974b2ad44e6c0494a0d71
7
- data.tar.gz: ae73b9b051c07d6d58d310087865020a4888155ac3464ffc3a9f2565d4e02f3af6e48f0c5ffb11ef9ce38d5a871c0e0d25316f5bc8952aa36edf199e494fea39
6
+ metadata.gz: 3d81beca1ebbdc44ced78f2f375dc9f1ef39558021dba7c1982fea116bce47a906926d429c38787354439b8828efa12516d165e3781f215cb83a30c99c375ea9
7
+ data.tar.gz: 200a5946ddd36daa5b687a634f79cb5c84718f94b771c1b6e5a04d6ab8654d82362d6b4c6c8c1016e313dd12a633452116dfe9329c5dc8248fdecd47d25dc735
data/helpers/build CHANGED
@@ -22,4 +22,4 @@ cp -r \
22
22
  "$install_dir"
23
23
 
24
24
  cd "$install_dir"
25
- npm ci --no-audit --fetch-timeout=600000 --fetch-retries=5
25
+ npm ci --no-audit --fetch-timeout=600000 --fetch-retries=5 --no-dry-run
@@ -5,7 +5,7 @@ const Config = require("@dependabot/yarn-lib/lib/config").default;
5
5
  const { EventReporter } = require("@dependabot/yarn-lib/lib/reporters");
6
6
  const Lockfile = require("@dependabot/yarn-lib/lib/lockfile").default;
7
7
  const fixDuplicates = require("./fix-duplicates");
8
- const { LightweightAdd, LightweightInstall } = require("./helpers");
8
+ const { LightweightInstall, LOCKFILE_ENTRY_REGEX } = require("./helpers");
9
9
  const { parse } = require("./lockfile-parser");
10
10
  const stringify =
11
11
  require("@dependabot/yarn-lib/lib/lockfile/stringify").default;
@@ -21,43 +21,10 @@ function recoverVersionComments(oldLockfile, newLockfile) {
21
21
  .replace(nodeRegex, () => oldMatch(nodeRegex) || "");
22
22
  }
23
23
 
24
- // Installs exact version and returns lockfile entry
25
- async function getLockfileEntryForUpdate(depName, depVersion) {
26
- const directory = fs.mkdtempSync(`${os.tmpdir()}${path.sep}`);
27
- const readFile = (fileName) =>
28
- fs.readFileSync(path.join(directory, fileName)).toString();
29
-
30
- const flags = {
31
- ignoreScripts: true,
32
- ignoreWorkspaceRootCheck: true,
33
- ignoreEngines: true,
34
- ignorePlatform: true,
35
- };
36
- const reporter = new EventReporter();
37
- const config = new Config(reporter);
38
- await config.init({
39
- cwd: directory,
40
- nonInteractive: true,
41
- enableDefaultRc: true,
42
- extraneousYarnrcFiles: [".yarnrc"],
43
- });
44
-
45
- // Empty lockfile
46
- const lockfile = await Lockfile.fromDirectory(directory, reporter);
47
-
48
- const arg = [`${depName}@${depVersion}`];
49
- await new LightweightAdd(arg, flags, config, reporter, lockfile).init();
50
-
51
- const lockfileObject = await parse(directory);
52
- const noHeader = true;
53
- const enableLockfileVersions = false;
54
- return stringify(lockfileObject, noHeader, enableLockfileVersions);
55
- }
56
-
57
24
  async function updateDependencyFile(
58
25
  directory,
59
26
  lockfileName,
60
- updatedDependency
27
+ dependencies
61
28
  ) {
62
29
  const readFile = (fileName) =>
63
30
  fs.readFileSync(path.join(directory, fileName)).toString();
@@ -76,23 +43,27 @@ async function updateDependencyFile(
76
43
  enableDefaultRc: true,
77
44
  extraneousYarnrcFiles: [".yarnrc"],
78
45
  });
46
+ const noHeader = !Boolean(originalYarnLock.match(/^# THIS IS AN AU/m));
79
47
  config.enableLockfileVersions = Boolean(originalYarnLock.match(/^# yarn v/m));
80
- const depName = updatedDependency && updatedDependency.name;
81
- const depVersion = updatedDependency && updatedDependency.version;
82
48
 
83
49
  // SubDependencyVersionResolver relies on the install finding the latest
84
50
  // version of a sub-dependency that's been removed from the lockfile
85
51
  // YarnLockFileUpdater passes a specific version to be updated
86
- if (depName && depVersion) {
87
- const lockfileEntryForUpdate = await getLockfileEntryForUpdate(
88
- depName,
89
- depVersion
52
+ const lockfileObject = await parse(directory);
53
+ for (const [entry, pkg] of Object.entries(lockfileObject)) {
54
+ const [_, depName] = entry.match(
55
+ LOCKFILE_ENTRY_REGEX
90
56
  );
91
- const lockfileContent = `${originalYarnLock}\n${lockfileEntryForUpdate}`;
57
+ if (dependencies.some(dependency => dependency.name === depName)) {
58
+ delete lockfileObject[entry];
59
+ }
60
+ }
92
61
 
93
- const dedupedYarnLock = fixDuplicates(lockfileContent, depName);
94
- fs.writeFileSync(path.join(directory, lockfileName), dedupedYarnLock);
62
+ let newLockFileContent = await stringify(lockfileObject, noHeader, config.enableLockfileVersions);
63
+ for (const dependency of dependencies) {
64
+ newLockFileContent = fixDuplicates(newLockFileContent, dependency.name);
95
65
  }
66
+ fs.writeFileSync(path.join(directory, lockfileName), newLockFileContent);
96
67
 
97
68
  const lockfile = await Lockfile.fromDirectory(directory, reporter);
98
69
  const install = new LightweightInstall(flags, config, reporter, lockfile);