RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.95.84 → 0.95.85 - Mend

dependabot-npm_and_yarn 0.95.84 → 0.95.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

data/lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb CHANGED Viewed

@@ -120,8 +120,8 @@ module Dependabot
               File.write("yarn.lock", yarn_lock.content)
               SharedHelpers.run_helper_subprocess(
-                command: "node #{yarn_helper_path}",
-                function: "parseLockfile",
+                command: NativeHelpers.helper_path,
+                function: "yarn:parseLockfile",
                 args: [Dir.pwd]
               )
             end
@@ -136,10 +136,6 @@ module Dependabot
             ".."
           end.join("/")
         end
-        def yarn_helper_path
-          NativeHelpers.yarn_helper_path
-        end
       end
     end
   end

data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb CHANGED Viewed

@@ -61,7 +61,7 @@ module Dependabot
           yarn_locks.each do |yarn_lock|
             parse_yarn_lock(yarn_lock).each do |req, details|
-              next unless details["version"] && details["version"] != ""
+              next unless semver_version_for(details["version"])
               # Note: The DependencySet will de-dupe our dependencies, so they
               # end up unique by name. That's not a perfect representation of
@@ -69,7 +69,7 @@ module Dependabot
               # comparably to other flat-resolution strategies
               dependency_set << Dependency.new(
                 name: req.split(/(?<=\w)\@/).first,
-                version: details["version"],
+                version: semver_version_for(details["version"]),
                 package_manager: "npm_and_yarn",
                 requirements: []
               )
@@ -116,11 +116,11 @@ module Dependabot
           object_with_dependencies.
             fetch("dependencies", {}).each do |name, details|
-              next unless details["version"] && details["version"] != ""
+              next unless semver_version_for(details["version"])
               dependency_set << Dependency.new(
                 name: name,
-                version: details["version"],
+                version: semver_version_for(details["version"]),
                 package_manager: "npm_and_yarn",
                 requirements: []
               )
@@ -131,6 +131,17 @@ module Dependabot
           dependency_set
         end
+        def semver_version_for(version_string)
+          return unless version_string
+          return if version_string == ""
+          return if version_string.include?("://")
+          return if version_string.include?("file:")
+          return if version_string.include?("link:")
+          return if version_string.include?("#")
+          version_string
+        end
         def parse_package_lock(package_lock)
           @parse_package_lock ||= {}
           @parse_package_lock[package_lock.name] ||=
@@ -154,8 +165,8 @@ module Dependabot
               File.write("yarn.lock", yarn_lock.content)
               SharedHelpers.run_helper_subprocess(
-                command: "node #{yarn_helper_path}",
-                function: "parseLockfile",
+                command: NativeHelpers.helper_path,
+                function: "yarn:parseLockfile",
                 args: [Dir.pwd]
               )
             rescue SharedHelpers::HelperSubprocessFailed
@@ -163,10 +174,6 @@ module Dependabot
             end
         end
-        def yarn_helper_path
-          NativeHelpers.yarn_helper_path
-        end
         def package_locks
           @package_locks ||=
             dependency_files.

data/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb CHANGED Viewed

@@ -147,8 +147,8 @@ module Dependabot
         def run_npm_top_level_updater(lockfile_name:,
                                       top_level_dependency_updates:)
           SharedHelpers.run_helper_subprocess(
-            command: "node #{npm_helper_path}",
-            function: "update",
+            command: NativeHelpers.helper_path,
+            function: "npm:update",
             args: [
               Dir.pwd,
               top_level_dependency_updates,
@@ -159,8 +159,8 @@ module Dependabot
         def run_npm_subdependency_updater(lockfile_name:)
           SharedHelpers.run_helper_subprocess(
-            command: "node #{npm_helper_path}",
-            function: "updateSubdependency",
+            command: NativeHelpers.helper_path,
+            function: "npm:updateSubdependency",
             args: [Dir.pwd, lockfile_name]
           )
         end
@@ -537,10 +537,6 @@ module Dependabot
             gsub(%r{^\s*//.*}, " ")           # comments are not allowed
         end
-        def npm_helper_path
-          NativeHelpers.npm_helper_path
-        end
         def package_locks
           @package_locks ||=
             dependency_files.

data/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb CHANGED Viewed

@@ -136,8 +136,8 @@ module Dependabot
         def run_yarn_top_level_updater(top_level_dependency_updates:)
           SharedHelpers.run_helper_subprocess(
-            command: "node #{yarn_helper_path}",
-            function: "update",
+            command: NativeHelpers.helper_path,
+            function: "yarn:update",
             args: [
               Dir.pwd,
               top_level_dependency_updates
@@ -147,8 +147,8 @@ module Dependabot
         def run_yarn_subdependency_updater(lockfile_name:)
           SharedHelpers.run_helper_subprocess(
-            command: "node #{yarn_helper_path}",
-            function: "updateSubdependency",
+            command: NativeHelpers.helper_path,
+            function: "yarn:updateSubdependency",
             args: [Dir.pwd, lockfile_name]
           )
         end
@@ -506,10 +506,6 @@ module Dependabot
         def package_files
           dependency_files.select { |f| f.name.end_with?("package.json") }
         end
-        def yarn_helper_path
-          NativeHelpers.yarn_helper_path
-        end
       end
     end
   end

data/lib/dependabot/npm_and_yarn/native_helpers.rb CHANGED Viewed

@@ -3,34 +3,13 @@
 module Dependabot
   module NpmAndYarn
     module NativeHelpers
-      def self.npm_helper_path
-        File.join(npm_helpers_dir, "bin/run.js")
+      def self.helper_path
+        "node #{File.join(native_helpers_root, 'npm_and_yarn/run.js')}"
       end
-      def self.npm_helpers_dir
-        helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
-        unless helpers_root.nil?
-          return File.join(helpers_root, "npm_and_yarn/npm")
-        end
-        File.join(default_helpers_dir, "npm")
-      end
-      def self.yarn_helper_path
-        File.join(yarn_helpers_dir, "bin/run.js")
-      end
-      def self.yarn_helpers_dir
-        helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
-        unless helpers_root.nil?
-          return File.join(helpers_root, "npm_and_yarn/yarn")
-        end
-        File.join(default_helpers_dir, "yarn")
-      end
-      def self.default_helpers_dir
-        File.join(__dir__, "../../../../npm_and_yarn/helpers")
+      def self.native_helpers_root
+        default_path = File.join(__dir__, "../../../helpers/install-dir")
+        ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", default_path)
       end
     end
   end

data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb CHANGED Viewed

@@ -87,8 +87,8 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
-                command: "node #{yarn_helper_path}",
-                function: "updateSubdependency",
+                command: NativeHelpers.helper_path,
+                function: "yarn:updateSubdependency",
                 args: [Dir.pwd, lockfile_name]
               )
             end
@@ -113,8 +113,8 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
-                command: "node #{npm_helper_path}",
-                function: "updateSubdependency",
+                command: NativeHelpers.helper_path,
+                function: "npm:updateSubdependency",
                 args: [Dir.pwd, lockfile_name]
               )
             end
@@ -234,14 +234,6 @@ module Dependabot
             dependency_files.
             select { |f| f.name.end_with?("package.json") }
         end
-        def yarn_helper_path
-          NativeHelpers.yarn_helper_path
-        end
-        def npm_helper_path
-          NativeHelpers.npm_helper_path
-        end
       end
     end
   end

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb CHANGED Viewed

@@ -339,8 +339,8 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
-                command: "node #{yarn_helper_path}",
-                function: "checkPeerDependencies",
+                command: NativeHelpers.helper_path,
+                function: "yarn:checkPeerDependencies",
                 args: [
                   Dir.pwd,
                   dependency.name,
@@ -356,8 +356,8 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
               SharedHelpers.run_helper_subprocess(
-                command: "node #{npm_helper_path}",
-                function: "checkPeerDependencies",
+                command: NativeHelpers.helper_path,
+                function: "npm:checkPeerDependencies",
                 args: [
                   Dir.pwd,
                   dependency.name,
@@ -469,14 +469,6 @@ module Dependabot
             ).package_files_requiring_update
         end
-        def yarn_helper_path
-          NativeHelpers.yarn_helper_path
-        end
-        def npm_helper_path
-          NativeHelpers.npm_helper_path
-        end
         def version_for_dependency(dep)
           if dep.version && version_class.correct?(dep.version)
             return version_class.new(dep.version)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.95.84
+  version: 0.95.85
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-02 00:00:00.000000000 Z
+date: 2019-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.84
+        version: 0.95.85
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.95.84
+        version: 0.95.85
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -145,40 +145,38 @@ extra_rdoc_files: []
 files:
 - helpers/.eslintrc
 - helpers/build
-- helpers/npm/bin/run.js
-- helpers/npm/lib/helpers.js
-- helpers/npm/lib/index.js
-- helpers/npm/lib/peer-dependency-checker.js
-- helpers/npm/lib/subdependency-updater.js
-- helpers/npm/lib/updater.js
-- helpers/npm/package.json
-- helpers/npm/test/fixtures/npm-left-pad.json
-- helpers/npm/test/fixtures/updater/original/package-lock.json
-- helpers/npm/test/fixtures/updater/original/package.json
-- helpers/npm/test/fixtures/updater/updated/package-lock.json
-- helpers/npm/test/helpers.js
-- helpers/npm/test/updater.test.js
+- helpers/lib/npm/helpers.js
+- helpers/lib/npm/index.js
+- helpers/lib/npm/peer-dependency-checker.js
+- helpers/lib/npm/subdependency-updater.js
+- helpers/lib/npm/updater.js
+- helpers/lib/yarn/fix-duplicates.js
+- helpers/lib/yarn/helpers.js
+- helpers/lib/yarn/index.js
+- helpers/lib/yarn/lockfile-parser.js
+- helpers/lib/yarn/peer-dependency-checker.js
+- helpers/lib/yarn/replace-lockfile-declaration.js
+- helpers/lib/yarn/subdependency-updater.js
+- helpers/lib/yarn/updater.js
+- helpers/package-lock.json
 - helpers/package.json
+- helpers/run.js
+- helpers/test/npm/fixtures/npm-left-pad.json
+- helpers/test/npm/fixtures/updater/original/package-lock.json
+- helpers/test/npm/fixtures/updater/original/package.json
+- helpers/test/npm/fixtures/updater/updated/package-lock.json
+- helpers/test/npm/helpers.js
+- helpers/test/npm/updater.test.js
+- helpers/test/yarn/fixtures/updater/original/package.json
+- helpers/test/yarn/fixtures/updater/original/yarn.lock
+- helpers/test/yarn/fixtures/updater/updated/yarn.lock
+- helpers/test/yarn/fixtures/updater/with-version-comments/package.json
+- helpers/test/yarn/fixtures/updater/with-version-comments/yarn.lock
+- helpers/test/yarn/fixtures/yarnpkg-is-positive.json
+- helpers/test/yarn/fixtures/yarnpkg-left-pad.json
+- helpers/test/yarn/helpers.js
+- helpers/test/yarn/updater.test.js
 - helpers/yarn.lock
-- helpers/yarn/bin/run.js
-- helpers/yarn/lib/fix-duplicates.js
-- helpers/yarn/lib/helpers.js
-- helpers/yarn/lib/index.js
-- helpers/yarn/lib/lockfile-parser.js
-- helpers/yarn/lib/peer-dependency-checker.js
-- helpers/yarn/lib/replace-lockfile-declaration.js
-- helpers/yarn/lib/subdependency-updater.js
-- helpers/yarn/lib/updater.js
-- helpers/yarn/package.json
-- helpers/yarn/test/fixtures/updater/original/package.json
-- helpers/yarn/test/fixtures/updater/original/yarn.lock
-- helpers/yarn/test/fixtures/updater/updated/yarn.lock
-- helpers/yarn/test/fixtures/updater/with-version-comments/package.json
-- helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock
-- helpers/yarn/test/fixtures/yarnpkg-is-positive.json
-- helpers/yarn/test/fixtures/yarnpkg-left-pad.json
-- helpers/yarn/test/helpers.js
-- helpers/yarn/test/updater.test.js
 - lib/dependabot/npm_and_yarn.rb
 - lib/dependabot/npm_and_yarn/dependency_files_filterer.rb
 - lib/dependabot/npm_and_yarn/file_fetcher.rb

data/helpers/npm/package.json DELETED Viewed

@@ -1,12 +0,0 @@
-{
-  "name": "@dependabot/npm",
-  "version": "0.0.0",
-  "private": true,
-  "dependencies": {
-    "npm": "^6.8.0",
-    "semver": "^5.6.0"
-  },
-  "bin": {
-    "dependabot-npm": "./bin/run.js"
-  }
-}

data/helpers/yarn/bin/run.js DELETED Viewed

@@ -1,28 +0,0 @@
-#!/usr/bin/env node
-const functionMap = require("../lib");
-function output(obj) {
-  process.stdout.write(JSON.stringify(obj));
-}
-const input = [];
-process.stdin.on("data", data => input.push(data));
-process.stdin.on("end", () => {
-  const request = JSON.parse(input.join(""));
-  const func = functionMap[request.function];
-  if (!func) {
-    output({ error: `Invalid function ${request.function}` });
-    process.exit(1);
-  }
-  func
-    .apply(null, request.args)
-    .then(result => {
-      output({ result: result });
-    })
-    .catch(error => {
-      output({ error: error.message });
-      process.exit(1);
-    });
-});

data/helpers/yarn/lib/index.js DELETED Viewed

@@ -1,11 +0,0 @@
-const lockfileParser = require("../lib/lockfile-parser");
-const updater = require("../lib/updater");
-const subdependencyUpdater = require("../lib/subdependency-updater");
-const peerDependencyChecker = require("../lib/peer-dependency-checker");
-module.exports = {
-  parseLockfile: lockfileParser.parse,
-  update: updater.updateDependencyFiles,
-  updateSubdependency: subdependencyUpdater.updateDependencyFile,
-  checkPeerDependencies: peerDependencyChecker.checkPeerDependencies
-};

data/helpers/yarn/package.json DELETED Viewed

@@ -1,12 +0,0 @@
-{
-  "name": "@dependabot/yarn",
-  "version": "0.0.0",
-  "private": true,
-  "dependencies": {
-    "@dependabot/yarn-lib": "^1.13.0",
-    "semver": "^5.6.0"
-  },
-  "bin": {
-    "dependabot-yarn": "./bin/run.js"
-  }
-}