RubyGems - dependabot-npm_and_yarn - Versions diffs - 0.215.0 → 0.216.0 - Mend

dependabot-npm_and_yarn 0.215.0 → 0.216.0

Files changed (25) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab218ae4b2f9134c67ada69180e938eae5fae986f8fe340347b1e8bac37395cd
-  data.tar.gz: 1ccf4e04ea21683fb92133dd8491dc005e06b57c8d00d7922704cd7749208378
+  metadata.gz: a8f2067adcff622e13e15f0f69b0af6a37040740153e7259d7a8b10716b21b25
+  data.tar.gz: a6d6ec0f7f3575d681d1e55dffe7d02e573d6733e0a4d1ef2ae85c90064dcd04
 SHA512:
-  metadata.gz: 572b409e78fd0ee17ab23164240ba4ac6364c73237011f7d799abad39d9c1acc47710094bac6c13afc6d7be4a4851b77fe546d4aa35974b2ad44e6c0494a0d71
-  data.tar.gz: ae73b9b051c07d6d58d310087865020a4888155ac3464ffc3a9f2565d4e02f3af6e48f0c5ffb11ef9ce38d5a871c0e0d25316f5bc8952aa36edf199e494fea39
+  metadata.gz: ab002df13a3712244ce2cba0498d92750a84f89316dcd6809d28a793eda2525c073252797104ac7bdf1b4f13e597ca5e75db14a488cc622fd71e3e2892269ef9
+  data.tar.gz: e2c83d55d329b47796f02a0c4894f64df7d56c1b1ef0a2e8cdb051419a108031a7f86d0d5c77caaf67d8bbd3c22e3b270bcfde232ed1ad3b40cba36876d679fa

data/helpers/build CHANGED Viewed

@@ -22,4 +22,4 @@ cp -r \
   "$install_dir"
 cd "$install_dir"
-npm ci --no-audit --fetch-timeout=600000 --fetch-retries=5
+npm ci --no-audit --fetch-timeout=600000 --fetch-retries=5 --no-dry-run

data/helpers/lib/yarn/subdependency-updater.js CHANGED Viewed

@@ -5,7 +5,7 @@ const Config = require("@dependabot/yarn-lib/lib/config").default;
 const { EventReporter } = require("@dependabot/yarn-lib/lib/reporters");
 const Lockfile = require("@dependabot/yarn-lib/lib/lockfile").default;
 const fixDuplicates = require("./fix-duplicates");
-const { LightweightAdd, LightweightInstall } = require("./helpers");
+const { LightweightInstall, LOCKFILE_ENTRY_REGEX } = require("./helpers");
 const { parse } = require("./lockfile-parser");
 const stringify =
   require("@dependabot/yarn-lib/lib/lockfile/stringify").default;
@@ -21,43 +21,10 @@ function recoverVersionComments(oldLockfile, newLockfile) {
     .replace(nodeRegex, () => oldMatch(nodeRegex) || "");
 }
-// Installs exact version and returns lockfile entry
-async function getLockfileEntryForUpdate(depName, depVersion) {
-  const directory = fs.mkdtempSync(`${os.tmpdir()}${path.sep}`);
-  const readFile = (fileName) =>
-    fs.readFileSync(path.join(directory, fileName)).toString();
-  const flags = {
-    ignoreScripts: true,
-    ignoreWorkspaceRootCheck: true,
-    ignoreEngines: true,
-    ignorePlatform: true,
-  };
-  const reporter = new EventReporter();
-  const config = new Config(reporter);
-  await config.init({
-    cwd: directory,
-    nonInteractive: true,
-    enableDefaultRc: true,
-    extraneousYarnrcFiles: [".yarnrc"],
-  });
-  // Empty lockfile
-  const lockfile = await Lockfile.fromDirectory(directory, reporter);
-  const arg = [`${depName}@${depVersion}`];
-  await new LightweightAdd(arg, flags, config, reporter, lockfile).init();
-  const lockfileObject = await parse(directory);
-  const noHeader = true;
-  const enableLockfileVersions = false;
-  return stringify(lockfileObject, noHeader, enableLockfileVersions);
-}
 async function updateDependencyFile(
   directory,
   lockfileName,
-  updatedDependency
+  dependencies
 ) {
   const readFile = (fileName) =>
     fs.readFileSync(path.join(directory, fileName)).toString();
@@ -76,23 +43,27 @@ async function updateDependencyFile(
     enableDefaultRc: true,
     extraneousYarnrcFiles: [".yarnrc"],
   });
+  const noHeader = !Boolean(originalYarnLock.match(/^# THIS IS AN AU/m));
   config.enableLockfileVersions = Boolean(originalYarnLock.match(/^# yarn v/m));
-  const depName = updatedDependency && updatedDependency.name;
-  const depVersion = updatedDependency && updatedDependency.version;
   // SubDependencyVersionResolver relies on the install finding the latest
   // version of a sub-dependency that's been removed from the lockfile
   // YarnLockFileUpdater passes a specific version to be updated
-  if (depName && depVersion) {
-    const lockfileEntryForUpdate = await getLockfileEntryForUpdate(
-      depName,
-      depVersion
+  const lockfileObject = await parse(directory);
+  for (const [entry, pkg] of Object.entries(lockfileObject)) {
+    const [_, depName] = entry.match(
+      LOCKFILE_ENTRY_REGEX
     );
-    const lockfileContent = `${originalYarnLock}\n${lockfileEntryForUpdate}`;
+    if (dependencies.some(dependency => dependency.name === depName)) {
+      delete lockfileObject[entry];
+    }
+  }
-    const dedupedYarnLock = fixDuplicates(lockfileContent, depName);
-    fs.writeFileSync(path.join(directory, lockfileName), dedupedYarnLock);
+  let newLockFileContent = await stringify(lockfileObject, noHeader, config.enableLockfileVersions);
+  for (const dependency of dependencies) {
+    newLockFileContent = fixDuplicates(newLockFileContent, dependency.name);
   }
+  fs.writeFileSync(path.join(directory, lockfileName), newLockFileContent);
   const lockfile = await Lockfile.fromDirectory(directory, reporter);
   const install = new LightweightInstall(flags, config, reporter, lockfile);