dependabot-npm_and_yarn 0.286.0 → 0.287.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/helpers.rb +74 -4
- data/lib/dependabot/npm_and_yarn/package_manager.rb +24 -15
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a81729237750f9d53bf9197345ac3f563f267d9683ac202ebca543413bd912ef
|
|
4
|
+
data.tar.gz: 5caefb54429a28a52aeff8b50ba8f80554f67baa70eaf6e5bef7040d52d7ebaa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2d4fca7ae33a0540e6940de6946420c08e06be84daf21b37c9efe7234af43050de4efe74191254ace8b12e7e977c74d66557067e9a9bdc07eaf5964bc1996060
|
|
7
|
+
data.tar.gz: ab4bd3efd5fe75244c87ec30fb31e1585ce26ac586d42a4b9b8ea84fe86a4015d54dbdc515afe228fb319520fdedc1b1aaa1ab89f71f38bd5cf76683c4c780a9
|
|
@@ -145,7 +145,7 @@ module Dependabot
|
|
|
145
145
|
false
|
|
146
146
|
end
|
|
147
147
|
|
|
148
|
-
sig { returns(Integer) }
|
|
148
|
+
sig { returns(T.any(Integer, T.noreturn)) }
|
|
149
149
|
def self.yarn_major_version
|
|
150
150
|
retries = 0
|
|
151
151
|
output = run_single_yarn_command("--version")
|
|
@@ -171,6 +171,7 @@ module Dependabot
|
|
|
171
171
|
handle_subprocess_failure(e)
|
|
172
172
|
end
|
|
173
173
|
|
|
174
|
+
sig { params(error: StandardError).returns(T.noreturn) }
|
|
174
175
|
def self.handle_subprocess_failure(error)
|
|
175
176
|
message = error.message
|
|
176
177
|
if YARN_PATH_NOT_FOUND.match?(message)
|
|
@@ -224,6 +225,7 @@ module Dependabot
|
|
|
224
225
|
yarn_major_version >= 4
|
|
225
226
|
end
|
|
226
227
|
|
|
228
|
+
sig { returns(T.nilable(String)) }
|
|
227
229
|
def self.setup_yarn_berry
|
|
228
230
|
# Always disable immutable installs so yarn's CI detection doesn't prevent updates.
|
|
229
231
|
run_single_yarn_command("config set enableImmutableInstalls false")
|
|
@@ -260,24 +262,92 @@ module Dependabot
|
|
|
260
262
|
# NOTE: Needs to be explicitly run through corepack to respect the
|
|
261
263
|
# `packageManager` setting in `package.json`, because corepack does not
|
|
262
264
|
# add shims for NPM.
|
|
265
|
+
sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
|
|
263
266
|
def self.run_npm_command(command, fingerprint: command)
|
|
264
|
-
|
|
267
|
+
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
268
|
+
package_manager_run_command(NpmPackageManager::NAME, command, fingerprint: fingerprint)
|
|
269
|
+
else
|
|
270
|
+
SharedHelpers.run_shell_command("corepack npm #{command}", fingerprint: "corepack npm #{fingerprint}")
|
|
271
|
+
end
|
|
265
272
|
end
|
|
266
273
|
|
|
267
274
|
# Setup yarn and run a single yarn command returning stdout/stderr
|
|
275
|
+
sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
|
|
268
276
|
def self.run_yarn_command(command, fingerprint: nil)
|
|
269
277
|
setup_yarn_berry
|
|
270
278
|
run_single_yarn_command(command, fingerprint: fingerprint)
|
|
271
279
|
end
|
|
272
280
|
|
|
273
281
|
# Run single pnpm command returning stdout/stderr
|
|
282
|
+
sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
|
|
274
283
|
def self.run_pnpm_command(command, fingerprint: nil)
|
|
275
|
-
|
|
284
|
+
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
285
|
+
package_manager_run_command(PNPMPackageManager::NAME, command, fingerprint: fingerprint)
|
|
286
|
+
else
|
|
287
|
+
SharedHelpers.run_shell_command("pnpm #{command}", fingerprint: "pnpm #{fingerprint || command}")
|
|
288
|
+
end
|
|
276
289
|
end
|
|
277
290
|
|
|
278
291
|
# Run single yarn command returning stdout/stderr
|
|
292
|
+
sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
|
|
279
293
|
def self.run_single_yarn_command(command, fingerprint: nil)
|
|
280
|
-
|
|
294
|
+
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
295
|
+
package_manager_run_command(YarnPackageManager::NAME, command, fingerprint: fingerprint)
|
|
296
|
+
else
|
|
297
|
+
SharedHelpers.run_shell_command("yarn #{command}", fingerprint: "yarn #{fingerprint || command}")
|
|
298
|
+
end
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
# Install the package manager for specified version by using corepack
|
|
302
|
+
# and prepare it for use by using corepack
|
|
303
|
+
sig { params(name: String, version: String).void }
|
|
304
|
+
def self.install(name, version)
|
|
305
|
+
Dependabot.logger.info("Installing \"#{name}@#{version}\"")
|
|
306
|
+
|
|
307
|
+
package_manager_install(name, version)
|
|
308
|
+
package_manager_activate(name, version)
|
|
309
|
+
installed_version = package_manager_version(name)
|
|
310
|
+
|
|
311
|
+
Dependabot.logger.info("Installed version of #{name}: #{installed_version}")
|
|
312
|
+
end
|
|
313
|
+
|
|
314
|
+
# Install the package manager for specified version by using corepack
|
|
315
|
+
sig { params(name: String, version: String).void }
|
|
316
|
+
def self.package_manager_install(name, version)
|
|
317
|
+
SharedHelpers.run_shell_command(
|
|
318
|
+
"corepack install #{name}@#{version} --global --cache-only",
|
|
319
|
+
fingerprint: "corepack install <name>@<version> --global --cache-only"
|
|
320
|
+
)
|
|
321
|
+
end
|
|
322
|
+
|
|
323
|
+
# Prepare the package manager for use by using corepack
|
|
324
|
+
sig { params(name: String, version: String).void }
|
|
325
|
+
def self.package_manager_activate(name, version)
|
|
326
|
+
SharedHelpers.run_shell_command(
|
|
327
|
+
"corepack prepare #{name}@#{version} --activate",
|
|
328
|
+
fingerprint: "corepack prepare --activate"
|
|
329
|
+
)
|
|
330
|
+
end
|
|
331
|
+
|
|
332
|
+
# Get the version of the package manager by using corepack
|
|
333
|
+
sig { params(name: String).returns(String) }
|
|
334
|
+
def self.package_manager_version(name)
|
|
335
|
+
package_manager_run_command(name, "-v")
|
|
336
|
+
end
|
|
337
|
+
|
|
338
|
+
# Run single command on package manager returning stdout/stderr
|
|
339
|
+
sig do
|
|
340
|
+
params(
|
|
341
|
+
name: String,
|
|
342
|
+
command: String,
|
|
343
|
+
fingerprint: T.nilable(String)
|
|
344
|
+
).returns(String)
|
|
345
|
+
end
|
|
346
|
+
def self.package_manager_run_command(name, command, fingerprint: nil)
|
|
347
|
+
SharedHelpers.run_shell_command(
|
|
348
|
+
"corepack #{name} #{command}",
|
|
349
|
+
fingerprint: "corepack #{name} #{fingerprint || command}"
|
|
350
|
+
)
|
|
281
351
|
end
|
|
282
352
|
private_class_method :run_single_yarn_command
|
|
283
353
|
|
|
@@ -172,18 +172,15 @@ module Dependabot
|
|
|
172
172
|
|
|
173
173
|
sig { returns(T.nilable(String)) }
|
|
174
174
|
def name_from_lockfiles
|
|
175
|
-
PACKAGE_MANAGER_CLASSES.
|
|
176
|
-
return manager_name.to_s if @lockfiles[manager_name.to_sym]
|
|
177
|
-
end
|
|
178
|
-
nil
|
|
175
|
+
PACKAGE_MANAGER_CLASSES.keys.map(&:to_s).find { |manager_name| @lockfiles[manager_name.to_sym] }
|
|
179
176
|
end
|
|
180
177
|
|
|
181
178
|
sig { returns(T.nilable(String)) }
|
|
182
179
|
def name_from_package_manager_attr
|
|
183
180
|
return unless @manifest_package_manager
|
|
184
181
|
|
|
185
|
-
PACKAGE_MANAGER_CLASSES.
|
|
186
|
-
|
|
182
|
+
PACKAGE_MANAGER_CLASSES.keys.map(&:to_s).find do |manager_name|
|
|
183
|
+
@manifest_package_manager.start_with?("#{manager_name}@")
|
|
187
184
|
end
|
|
188
185
|
end
|
|
189
186
|
|
|
@@ -255,22 +252,30 @@ module Dependabot
|
|
|
255
252
|
)
|
|
256
253
|
end
|
|
257
254
|
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
if version
|
|
261
|
-
raise_if_unsupported!(name, version)
|
|
255
|
+
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
256
|
+
version ||= requested_version(name) || guessed_version(name)
|
|
262
257
|
|
|
263
|
-
|
|
258
|
+
if version
|
|
259
|
+
raise_if_unsupported!(name, version.to_s)
|
|
260
|
+
install(name, version)
|
|
261
|
+
end
|
|
264
262
|
else
|
|
265
|
-
version
|
|
263
|
+
version ||= requested_version(name)
|
|
266
264
|
|
|
267
265
|
if version
|
|
268
|
-
raise_if_unsupported!(name, version
|
|
266
|
+
raise_if_unsupported!(name, version)
|
|
267
|
+
|
|
268
|
+
install(name, version)
|
|
269
|
+
else
|
|
270
|
+
version = guessed_version(name)
|
|
271
|
+
|
|
272
|
+
if version
|
|
273
|
+
raise_if_unsupported!(name, version.to_s)
|
|
269
274
|
|
|
270
|
-
|
|
275
|
+
install(name, version) if name == PNPMPackageManager::NAME
|
|
276
|
+
end
|
|
271
277
|
end
|
|
272
278
|
end
|
|
273
|
-
|
|
274
279
|
version
|
|
275
280
|
end
|
|
276
281
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
@@ -299,6 +304,10 @@ module Dependabot
|
|
|
299
304
|
end
|
|
300
305
|
|
|
301
306
|
def install(name, version)
|
|
307
|
+
if Dependabot::Experiments.enabled?(:enable_corepack_for_npm_and_yarn)
|
|
308
|
+
return Helpers.install(name, version.to_s)
|
|
309
|
+
end
|
|
310
|
+
|
|
302
311
|
Dependabot.logger.info("Installing \"#{name}@#{version}\"")
|
|
303
312
|
|
|
304
313
|
SharedHelpers.run_shell_command(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.287.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-11-
|
|
11
|
+
date: 2024-11-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.287.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.287.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,7 +346,7 @@ licenses:
|
|
|
346
346
|
- MIT
|
|
347
347
|
metadata:
|
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.287.0
|
|
350
350
|
post_install_message:
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|