dependabot-npm_and_yarn 0.95.34 → 0.95.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb +10 -11
  3. data/lib/dependabot/npm_and_yarn/file_updater.rb +14 -4
  4. data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb +71 -0
  5. data/lib/dependabot/npm_and_yarn/update_checker.rb +2 -1
  6. data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +28 -7
  7. data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -2
  8. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 74643b3d4abfbba5f5d8a78a0f13dae2a65fd190564325c138ae1ee0e9807d02
4
- data.tar.gz: ab79d1130f72465c8952001c7e0d7800162ab4710d0a0e59616d60771de8d9d0
3
+ metadata.gz: 420d0f2935efdd79685512dd3cbee90f7ce1960d98d82553e8da75647a0ece13
4
+ data.tar.gz: 313ec1dc3add3b2b25a015256d148301ef12d4203c8fbbaed4dcb8eeeeb97af5
5
5
  SHA512:
6
- metadata.gz: aa6099cb99a700715169c8a04b3b491aa5b416e996338df94a1d0aff365602238cc957a29d2947166617e5182c0ac60185c6cb1879a2ae9825d65cd943d3fb43
7
- data.tar.gz: f7dda297d8365ea72edbcb90c64d5b42610acdc397a9755ff43551285894a133bcdd467956b49b4dfeae7d3badf671d2f370e1719db4ab5b90a3f770e8b4f1f3
6
+ metadata.gz: f48842decfda956264784ed726a3192a4f5f1cbe885bb5b7ba25a5d9c0c060ab398c782dd45601caddb502dd961fd17419b51156d83f5c4291ca0dfa778ce356
7
+ data.tar.gz: 5ed6c038201025acb36c8fae331f8f6db0cbddb5eabdf65f1b938e67430a2857847ab3a6f9187ddd83a75abcbd53287d925ae5278c0a1bed8f01c25a697b5486
data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb CHANGED
@@ -2,15 +2,18 @@
2
2
 
3
3
  require "dependabot/utils"
4
4
 
5
+ # Used in the version resolver and file updater to only run yarn/npm helpers on
6
+ # dependency files that require updates. This is useful for large monorepos with
7
+ # lots of sub-projects that don't all have the same dependencies.
5
8
  module Dependabot
6
9
  module NpmAndYarn
7
10
  class DependencyFilesFilterer
8
- def initialize(dependency_files:, dependencies:)
9
- @dependencies = dependencies
11
+ def initialize(dependency_files:, updated_dependencies:)
10
12
  @dependency_files = dependency_files
13
+ @updated_dependencies = updated_dependencies
11
14
  end
12
15
 
13
- def filtered_files
16
+ def files_requiring_update
14
17
  dependency_files.select do |file|
15
18
  if manifest?(file)
16
19
  package_manifests.include?(file)
@@ -26,21 +29,17 @@ module Dependabot
26
29
  end
27
30
  end
28
31
 
29
- def filtered_package_files
30
- filtered_files.select { |f| manifest?(f) }
31
- end
32
-
33
- def filtered_lockfiles
34
- filtered_files.select { |f| lockfile?(f) }
32
+ def package_files_requiring_update
33
+ files_requiring_update.select { |file| manifest?(file) }
35
34
  end
36
35
 
37
36
  private
38
37
 
39
- attr_reader :dependency_files, :dependencies
38
+ attr_reader :dependency_files, :updated_dependencies
40
39
 
41
40
  def dependency_manifest_requirements
42
41
  @dependency_manifest_requirements ||=
43
- dependencies.flat_map do |dep|
42
+ updated_dependencies.flat_map do |dep|
44
43
  dep.requirements.map { |requirement| requirement[:file] }
45
44
  end
46
45
  end
data/lib/dependabot/npm_and_yarn/file_updater.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require "dependabot/file_updaters"
4
4
  require "dependabot/file_updaters/base"
5
5
  require "dependabot/npm_and_yarn/dependency_files_filterer"
6
+ require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
6
7
 
7
8
  module Dependabot
8
9
  module NpmAndYarn
@@ -59,10 +60,19 @@ module Dependabot
59
60
 
60
61
  def filtered_dependency_files
61
62
  @filtered_dependency_files ||=
62
- DependencyFilesFilterer.new(
63
- dependency_files: dependency_files,
64
- dependencies: dependencies
65
- ).filtered_files
63
+ begin
64
+ if dependencies.select(&:top_level?).any?
65
+ DependencyFilesFilterer.new(
66
+ dependency_files: dependency_files,
67
+ updated_dependencies: dependencies
68
+ ).files_requiring_update
69
+ else
70
+ SubDependencyFilesFilterer.new(
71
+ dependency_files: dependency_files,
72
+ updated_dependencies: dependencies
73
+ ).files_requiring_update
74
+ end
75
+ end
66
76
  end
67
77
 
68
78
  def check_required_files
data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb ADDED
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/utils"
4
+ require "dependabot/dependency_file"
5
+ require "dependabot/npm_and_yarn/file_parser"
6
+ require "dependabot/npm_and_yarn/version"
7
+
8
+ # Used in the sub dependency version resolver and file updater to only run
9
+ # yarn/npm helpers on dependency files that require updates. This is useful for
10
+ # large monorepos with lots of sub-projects that don't all have the same
11
+ # dependencies.
12
+ module Dependabot
13
+ module NpmAndYarn
14
+ class SubDependencyFilesFilterer
15
+ def initialize(dependency_files:, updated_dependencies:)
16
+ @dependency_files = dependency_files
17
+ @updated_dependencies = updated_dependencies
18
+ end
19
+
20
+ def files_requiring_update
21
+ lockfiles.select do |lockfile|
22
+ sub_dependencies(lockfile).any? do |sub_dep|
23
+ updated_dependencies.any? do |updated_dep|
24
+ next false unless sub_dep.name == updated_dep.name
25
+
26
+ version_class.new(updated_dep.version) >
27
+ version_class.new(sub_dep.version)
28
+ end
29
+ end
30
+ end
31
+ end
32
+
33
+ private
34
+
35
+ attr_reader :dependency_files, :updated_dependencies
36
+
37
+ def sub_dependencies(lockfile)
38
+ # Add dummy_package_manifest to keep existing validation login in base
39
+ # file parser
40
+ NpmAndYarn::FileParser.new(
41
+ dependency_files: [dummy_package_manifest, lockfile],
42
+ source: nil,
43
+ credentials: [] # Credentials are only needed for top level deps
44
+ ).parse
45
+ end
46
+
47
+ def lockfiles
48
+ @lockfiles ||= dependency_files.select { |file| lockfile?(file) }
49
+ end
50
+
51
+ def dummy_package_manifest
52
+ @dummy_package_manifest ||= Dependabot::DependencyFile.new(
53
+ content: "{}",
54
+ name: "package.json"
55
+ )
56
+ end
57
+
58
+ def lockfile?(file)
59
+ file.name.end_with?(
60
+ "package-lock.json",
61
+ "yarn.lock",
62
+ "npm-shrinkwrap.json"
63
+ )
64
+ end
65
+
66
+ def version_class
67
+ NpmAndYarn::Version
68
+ end
69
+ end
70
+ end
71
+ end
data/lib/dependabot/npm_and_yarn/update_checker.rb CHANGED
@@ -195,7 +195,8 @@ module Dependabot
195
195
  dependency: dependency,
196
196
  credentials: credentials,
197
197
  dependency_files: dependency_files,
198
- ignored_versions: ignored_versions
198
+ ignored_versions: ignored_versions,
199
+ latest_allowable_version: latest_version
199
200
  )
200
201
  end
201
202
 
data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb CHANGED
@@ -1,24 +1,27 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/dependency"
4
+ require "dependabot/shared_helpers"
5
+ require "dependabot/errors"
3
6
  require "dependabot/npm_and_yarn/update_checker"
4
7
  require "dependabot/npm_and_yarn/file_parser"
5
8
  require "dependabot/npm_and_yarn/version"
6
9
  require "dependabot/npm_and_yarn/native_helpers"
7
- require "dependabot/shared_helpers"
8
- require "dependabot/errors"
9
10
  require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
10
11
  require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
12
+ require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
11
13
 
12
14
  module Dependabot
13
15
  module NpmAndYarn
14
16
  class UpdateChecker
15
17
  class SubdependencyVersionResolver
16
18
  def initialize(dependency:, credentials:, dependency_files:,
17
- ignored_versions:)
18
- @dependency = dependency
19
- @credentials = credentials
19
+ ignored_versions:, latest_allowable_version:)
20
+ @dependency = dependency
21
+ @credentials = credentials
20
22
  @dependency_files = dependency_files
21
23
  @ignored_versions = ignored_versions
24
+ @latest_allowable_version = latest_allowable_version
22
25
  end
23
26
 
24
27
  def latest_resolvable_version
@@ -27,7 +30,7 @@ module Dependabot
27
30
  SharedHelpers.in_a_temporary_directory do
28
31
  write_temporary_dependency_files
29
32
 
30
- updated_lockfiles = lockfiles.map do |lockfile|
33
+ updated_lockfiles = filtered_lockfiles.map do |lockfile|
31
34
  updated_content = update_subdependency_in_lockfile(lockfile)
32
35
  updated_lockfile = lockfile.dup
33
36
  updated_lockfile.content = updated_content
@@ -46,7 +49,7 @@ module Dependabot
46
49
  private
47
50
 
48
51
  attr_reader :dependency, :credentials, :dependency_files,
49
- :ignored_versions
52
+ :ignored_versions, :latest_allowable_version
50
53
 
51
54
  def update_subdependency_in_lockfile(lockfile)
52
55
  lockfile_name = Pathname.new(lockfile.name).basename.to_s
@@ -208,6 +211,24 @@ module Dependabot
208
211
  [*package_locks, *shrinkwraps, *yarn_locks]
209
212
  end
210
213
 
214
+ def filtered_lockfiles
215
+ @filtered_lockfiles ||=
216
+ SubDependencyFilesFilterer.new(
217
+ dependency_files: dependency_files,
218
+ updated_dependencies: [updated_dependency]
219
+ ).files_requiring_update
220
+ end
221
+
222
+ def updated_dependency
223
+ Dependabot::Dependency.new(
224
+ name: dependency.name,
225
+ version: latest_allowable_version,
226
+ previous_version: dependency.version,
227
+ requirements: [],
228
+ package_manager: dependency.package_manager
229
+ )
230
+ end
231
+
211
232
  def package_files
212
233
  @package_files ||=
213
234
  dependency_files.
data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED
@@ -468,8 +468,8 @@ module Dependabot
468
468
  @filtered_package_files ||=
469
469
  DependencyFilesFilterer.new(
470
470
  dependency_files: dependency_files,
471
- dependencies: [dependency]
472
- ).filtered_package_files
471
+ updated_dependencies: [dependency]
472
+ ).package_files_requiring_update
473
473
  end
474
474
 
475
475
  def yarn_helper_path
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-npm_and_yarn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.34
4
+ version: 0.95.35
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-17 00:00:00.000000000 Z
11
+ date: 2019-02-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.95.34
19
+ version: 0.95.35
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.95.34
26
+ version: 0.95.35
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -193,6 +193,7 @@ files:
193
193
  - lib/dependabot/npm_and_yarn/metadata_finder.rb
194
194
  - lib/dependabot/npm_and_yarn/native_helpers.rb
195
195
  - lib/dependabot/npm_and_yarn/requirement.rb
196
+ - lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
196
197
  - lib/dependabot/npm_and_yarn/update_checker.rb
197
198
  - lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
198
199
  - lib/dependabot/npm_and_yarn/update_checker/library_detector.rb