dependabot-npm_and_yarn 0.95.34 → 0.95.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/npm_and_yarn/dependency_files_filterer.rb +10 -11
- data/lib/dependabot/npm_and_yarn/file_updater.rb +14 -4
- data/lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb +71 -0
- data/lib/dependabot/npm_and_yarn/update_checker.rb +2 -1
- data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +28 -7
- data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +2 -2
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 420d0f2935efdd79685512dd3cbee90f7ce1960d98d82553e8da75647a0ece13
|
|
4
|
+
data.tar.gz: 313ec1dc3add3b2b25a015256d148301ef12d4203c8fbbaed4dcb8eeeeb97af5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f48842decfda956264784ed726a3192a4f5f1cbe885bb5b7ba25a5d9c0c060ab398c782dd45601caddb502dd961fd17419b51156d83f5c4291ca0dfa778ce356
|
|
7
|
+
data.tar.gz: 5ed6c038201025acb36c8fae331f8f6db0cbddb5eabdf65f1b938e67430a2857847ab3a6f9187ddd83a75abcbd53287d925ae5278c0a1bed8f01c25a697b5486
|
|
@@ -2,15 +2,18 @@
|
|
|
2
2
|
|
|
3
3
|
require "dependabot/utils"
|
|
4
4
|
|
|
5
|
+
# Used in the version resolver and file updater to only run yarn/npm helpers on
|
|
6
|
+
# dependency files that require updates. This is useful for large monorepos with
|
|
7
|
+
# lots of sub-projects that don't all have the same dependencies.
|
|
5
8
|
module Dependabot
|
|
6
9
|
module NpmAndYarn
|
|
7
10
|
class DependencyFilesFilterer
|
|
8
|
-
def initialize(dependency_files:,
|
|
9
|
-
@dependencies = dependencies
|
|
11
|
+
def initialize(dependency_files:, updated_dependencies:)
|
|
10
12
|
@dependency_files = dependency_files
|
|
13
|
+
@updated_dependencies = updated_dependencies
|
|
11
14
|
end
|
|
12
15
|
|
|
13
|
-
def
|
|
16
|
+
def files_requiring_update
|
|
14
17
|
dependency_files.select do |file|
|
|
15
18
|
if manifest?(file)
|
|
16
19
|
package_manifests.include?(file)
|
|
@@ -26,21 +29,17 @@ module Dependabot
|
|
|
26
29
|
end
|
|
27
30
|
end
|
|
28
31
|
|
|
29
|
-
def
|
|
30
|
-
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def filtered_lockfiles
|
|
34
|
-
filtered_files.select { |f| lockfile?(f) }
|
|
32
|
+
def package_files_requiring_update
|
|
33
|
+
files_requiring_update.select { |file| manifest?(file) }
|
|
35
34
|
end
|
|
36
35
|
|
|
37
36
|
private
|
|
38
37
|
|
|
39
|
-
attr_reader :dependency_files, :
|
|
38
|
+
attr_reader :dependency_files, :updated_dependencies
|
|
40
39
|
|
|
41
40
|
def dependency_manifest_requirements
|
|
42
41
|
@dependency_manifest_requirements ||=
|
|
43
|
-
|
|
42
|
+
updated_dependencies.flat_map do |dep|
|
|
44
43
|
dep.requirements.map { |requirement| requirement[:file] }
|
|
45
44
|
end
|
|
46
45
|
end
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "dependabot/file_updaters"
|
|
4
4
|
require "dependabot/file_updaters/base"
|
|
5
5
|
require "dependabot/npm_and_yarn/dependency_files_filterer"
|
|
6
|
+
require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module NpmAndYarn
|
|
@@ -59,10 +60,19 @@ module Dependabot
|
|
|
59
60
|
|
|
60
61
|
def filtered_dependency_files
|
|
61
62
|
@filtered_dependency_files ||=
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
begin
|
|
64
|
+
if dependencies.select(&:top_level?).any?
|
|
65
|
+
DependencyFilesFilterer.new(
|
|
66
|
+
dependency_files: dependency_files,
|
|
67
|
+
updated_dependencies: dependencies
|
|
68
|
+
).files_requiring_update
|
|
69
|
+
else
|
|
70
|
+
SubDependencyFilesFilterer.new(
|
|
71
|
+
dependency_files: dependency_files,
|
|
72
|
+
updated_dependencies: dependencies
|
|
73
|
+
).files_requiring_update
|
|
74
|
+
end
|
|
75
|
+
end
|
|
66
76
|
end
|
|
67
77
|
|
|
68
78
|
def check_required_files
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/utils"
|
|
4
|
+
require "dependabot/dependency_file"
|
|
5
|
+
require "dependabot/npm_and_yarn/file_parser"
|
|
6
|
+
require "dependabot/npm_and_yarn/version"
|
|
7
|
+
|
|
8
|
+
# Used in the sub dependency version resolver and file updater to only run
|
|
9
|
+
# yarn/npm helpers on dependency files that require updates. This is useful for
|
|
10
|
+
# large monorepos with lots of sub-projects that don't all have the same
|
|
11
|
+
# dependencies.
|
|
12
|
+
module Dependabot
|
|
13
|
+
module NpmAndYarn
|
|
14
|
+
class SubDependencyFilesFilterer
|
|
15
|
+
def initialize(dependency_files:, updated_dependencies:)
|
|
16
|
+
@dependency_files = dependency_files
|
|
17
|
+
@updated_dependencies = updated_dependencies
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def files_requiring_update
|
|
21
|
+
lockfiles.select do |lockfile|
|
|
22
|
+
sub_dependencies(lockfile).any? do |sub_dep|
|
|
23
|
+
updated_dependencies.any? do |updated_dep|
|
|
24
|
+
next false unless sub_dep.name == updated_dep.name
|
|
25
|
+
|
|
26
|
+
version_class.new(updated_dep.version) >
|
|
27
|
+
version_class.new(sub_dep.version)
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
attr_reader :dependency_files, :updated_dependencies
|
|
36
|
+
|
|
37
|
+
def sub_dependencies(lockfile)
|
|
38
|
+
# Add dummy_package_manifest to keep existing validation login in base
|
|
39
|
+
# file parser
|
|
40
|
+
NpmAndYarn::FileParser.new(
|
|
41
|
+
dependency_files: [dummy_package_manifest, lockfile],
|
|
42
|
+
source: nil,
|
|
43
|
+
credentials: [] # Credentials are only needed for top level deps
|
|
44
|
+
).parse
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def lockfiles
|
|
48
|
+
@lockfiles ||= dependency_files.select { |file| lockfile?(file) }
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def dummy_package_manifest
|
|
52
|
+
@dummy_package_manifest ||= Dependabot::DependencyFile.new(
|
|
53
|
+
content: "{}",
|
|
54
|
+
name: "package.json"
|
|
55
|
+
)
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def lockfile?(file)
|
|
59
|
+
file.name.end_with?(
|
|
60
|
+
"package-lock.json",
|
|
61
|
+
"yarn.lock",
|
|
62
|
+
"npm-shrinkwrap.json"
|
|
63
|
+
)
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def version_class
|
|
67
|
+
NpmAndYarn::Version
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
@@ -195,7 +195,8 @@ module Dependabot
|
|
|
195
195
|
dependency: dependency,
|
|
196
196
|
credentials: credentials,
|
|
197
197
|
dependency_files: dependency_files,
|
|
198
|
-
ignored_versions: ignored_versions
|
|
198
|
+
ignored_versions: ignored_versions,
|
|
199
|
+
latest_allowable_version: latest_version
|
|
199
200
|
)
|
|
200
201
|
end
|
|
201
202
|
|
|
@@ -1,24 +1,27 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/dependency"
|
|
4
|
+
require "dependabot/shared_helpers"
|
|
5
|
+
require "dependabot/errors"
|
|
3
6
|
require "dependabot/npm_and_yarn/update_checker"
|
|
4
7
|
require "dependabot/npm_and_yarn/file_parser"
|
|
5
8
|
require "dependabot/npm_and_yarn/version"
|
|
6
9
|
require "dependabot/npm_and_yarn/native_helpers"
|
|
7
|
-
require "dependabot/shared_helpers"
|
|
8
|
-
require "dependabot/errors"
|
|
9
10
|
require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
|
|
10
11
|
require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
|
|
12
|
+
require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
|
|
11
13
|
|
|
12
14
|
module Dependabot
|
|
13
15
|
module NpmAndYarn
|
|
14
16
|
class UpdateChecker
|
|
15
17
|
class SubdependencyVersionResolver
|
|
16
18
|
def initialize(dependency:, credentials:, dependency_files:,
|
|
17
|
-
ignored_versions:)
|
|
18
|
-
@dependency
|
|
19
|
-
@credentials
|
|
19
|
+
ignored_versions:, latest_allowable_version:)
|
|
20
|
+
@dependency = dependency
|
|
21
|
+
@credentials = credentials
|
|
20
22
|
@dependency_files = dependency_files
|
|
21
23
|
@ignored_versions = ignored_versions
|
|
24
|
+
@latest_allowable_version = latest_allowable_version
|
|
22
25
|
end
|
|
23
26
|
|
|
24
27
|
def latest_resolvable_version
|
|
@@ -27,7 +30,7 @@ module Dependabot
|
|
|
27
30
|
SharedHelpers.in_a_temporary_directory do
|
|
28
31
|
write_temporary_dependency_files
|
|
29
32
|
|
|
30
|
-
updated_lockfiles =
|
|
33
|
+
updated_lockfiles = filtered_lockfiles.map do |lockfile|
|
|
31
34
|
updated_content = update_subdependency_in_lockfile(lockfile)
|
|
32
35
|
updated_lockfile = lockfile.dup
|
|
33
36
|
updated_lockfile.content = updated_content
|
|
@@ -46,7 +49,7 @@ module Dependabot
|
|
|
46
49
|
private
|
|
47
50
|
|
|
48
51
|
attr_reader :dependency, :credentials, :dependency_files,
|
|
49
|
-
:ignored_versions
|
|
52
|
+
:ignored_versions, :latest_allowable_version
|
|
50
53
|
|
|
51
54
|
def update_subdependency_in_lockfile(lockfile)
|
|
52
55
|
lockfile_name = Pathname.new(lockfile.name).basename.to_s
|
|
@@ -208,6 +211,24 @@ module Dependabot
|
|
|
208
211
|
[*package_locks, *shrinkwraps, *yarn_locks]
|
|
209
212
|
end
|
|
210
213
|
|
|
214
|
+
def filtered_lockfiles
|
|
215
|
+
@filtered_lockfiles ||=
|
|
216
|
+
SubDependencyFilesFilterer.new(
|
|
217
|
+
dependency_files: dependency_files,
|
|
218
|
+
updated_dependencies: [updated_dependency]
|
|
219
|
+
).files_requiring_update
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
def updated_dependency
|
|
223
|
+
Dependabot::Dependency.new(
|
|
224
|
+
name: dependency.name,
|
|
225
|
+
version: latest_allowable_version,
|
|
226
|
+
previous_version: dependency.version,
|
|
227
|
+
requirements: [],
|
|
228
|
+
package_manager: dependency.package_manager
|
|
229
|
+
)
|
|
230
|
+
end
|
|
231
|
+
|
|
211
232
|
def package_files
|
|
212
233
|
@package_files ||=
|
|
213
234
|
dependency_files.
|
|
@@ -468,8 +468,8 @@ module Dependabot
|
|
|
468
468
|
@filtered_package_files ||=
|
|
469
469
|
DependencyFilesFilterer.new(
|
|
470
470
|
dependency_files: dependency_files,
|
|
471
|
-
|
|
472
|
-
).
|
|
471
|
+
updated_dependencies: [dependency]
|
|
472
|
+
).package_files_requiring_update
|
|
473
473
|
end
|
|
474
474
|
|
|
475
475
|
def yarn_helper_path
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.35
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-02-
|
|
11
|
+
date: 2019-02-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.95.
|
|
19
|
+
version: 0.95.35
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.95.
|
|
26
|
+
version: 0.95.35
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -193,6 +193,7 @@ files:
|
|
|
193
193
|
- lib/dependabot/npm_and_yarn/metadata_finder.rb
|
|
194
194
|
- lib/dependabot/npm_and_yarn/native_helpers.rb
|
|
195
195
|
- lib/dependabot/npm_and_yarn/requirement.rb
|
|
196
|
+
- lib/dependabot/npm_and_yarn/sub_dependency_files_filterer.rb
|
|
196
197
|
- lib/dependabot/npm_and_yarn/update_checker.rb
|
|
197
198
|
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
|
|
198
199
|
- lib/dependabot/npm_and_yarn/update_checker/library_detector.rb
|