dependabot-npm_and_yarn 0.348.1 → 0.349.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47c97a4dca373d2c6a15f97c6a69d378563edaceb0495221ed137f5cadcc026e
-  data.tar.gz: 5b8844f4299d7278de784c2c5bc90f371904975eeaee49cad94d87b365eb32d5
+  metadata.gz: e4e43ee5991e6cea99e308855eb218a880627a403e38f5d629b34182b63f810e
+  data.tar.gz: 7860c1f505810459902cf13ff518f355fecf40e408d401f5536f32409165b12a
 SHA512:
-  metadata.gz: 30ee3d916fa352fe814f5afb595cfe81dcba15dacdb02977995d226467c5c7741e72a2b699a2a8c15bca873fa68e9edadf5458600c1b7b2c9efe10fc061eccff
-  data.tar.gz: 00da5d4eda7b0525c0e6d647fdf18bd6316aa88cf05459427601f237b4e6db8c3baf2b73668d649999c8fbb3dea2a32f3a45909819118f944eb3ad529cad4f50
+  metadata.gz: 15a4161403d48cc7e18988c67b87d104feeeb649ec78df51178475badc7d86aee54ec03f0266179db78d2ce6a5d72bcb5e2a6ec01010baf34e509f78df4400f1
+  data.tar.gz: 13d3c213858a113a55a91fce77ca257609e634393adcac8716db3270033f63a86f7b176e04c4e7fbed9d95f08275a674043c89d00b2f2ec24604f30a0bc59c53

data/lib/dependabot/npm_and_yarn/file_fetcher.rb

@@ -71,7 +71,6 @@ module Dependabot
         package_managers["npm"] = npm_version if npm_version
         package_managers["yarn"] = yarn_version if yarn_version
         package_managers["pnpm"] = pnpm_version if pnpm_version
-        package_managers["bun"] = bun_version if bun_version
         package_managers["unknown"] = 1 if package_managers.empty?
 
         {
@@ -87,7 +86,6 @@ module Dependabot
         fetched_files += npm_files if npm_version
         fetched_files += yarn_files if yarn_version
         fetched_files += pnpm_files if pnpm_version
-        fetched_files += bun_files if bun_version
         fetched_files += lerna_files
         fetched_files += workspace_package_jsons
         fetched_files += path_dependencies(fetched_files)
@@ -131,13 +129,6 @@ module Dependabot
         fetched_pnpm_files
       end
 
-      sig { returns(T::Array[DependencyFile]) }
-      def bun_files
-        fetched_bun_files = []
-        fetched_bun_files << bun_lock if bun_lock
-        fetched_bun_files
-      end
-
       sig { returns(T::Array[DependencyFile]) }
       def lerna_files
         fetched_lerna_files = []
@@ -222,16 +213,6 @@ module Dependabot
         )
       end
 
-      sig { returns(T.nilable(T.any(Integer, String))) }
-      def bun_version
-        return @bun_version = nil unless allow_beta_ecosystems?
-
-        @bun_version ||= T.let(
-          package_manager_helper.setup(BunPackageManager::NAME),
-          T.nilable(T.any(Integer, String))
-        )
-      end
-
       sig { returns(PackageManagerHelper) }
       def package_manager_helper
         @package_manager_helper ||= T.let(
@@ -250,8 +231,7 @@ module Dependabot
         {
           npm: package_lock || shrinkwrap,
           yarn: yarn_lock,
-          pnpm: pnpm_lock,
-          bun: bun_lock
+          pnpm: pnpm_lock
         }
       end
 
@@ -296,17 +276,6 @@ module Dependabot
         @pnpm_lock = fetch_file_from_parent_directories(PNPMPackageManager::LOCKFILE_NAME)
       end
 
-      sig { returns(T.nilable(DependencyFile)) }
-      def bun_lock
-        return @bun_lock if defined?(@bun_lock)
-
-        @bun_lock ||= T.let(fetch_file_if_present(BunPackageManager::LOCKFILE_NAME), T.nilable(DependencyFile))
-
-        return @bun_lock if @bun_lock || directory == "/"
-
-        @bun_lock = fetch_file_from_parent_directories(BunPackageManager::LOCKFILE_NAME)
-      end
-
       sig { returns(T.nilable(DependencyFile)) }
       def shrinkwrap
         return @shrinkwrap if defined?(@shrinkwrap)

data/lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

@@ -15,11 +15,10 @@ module Dependabot
         require "dependabot/npm_and_yarn/file_parser/yarn_lock"
         require "dependabot/npm_and_yarn/file_parser/pnpm_lock"
         require "dependabot/npm_and_yarn/file_parser/json_lock"
-        require "dependabot/npm_and_yarn/file_parser/bun_lock"
 
-        DEFAULT_LOCKFILES = %w(package-lock.json yarn.lock pnpm-lock.yaml bun.lock npm-shrinkwrap.json).freeze
+        DEFAULT_LOCKFILES = %w(package-lock.json yarn.lock pnpm-lock.yaml npm-shrinkwrap.json).freeze
 
-        LockFile = T.type_alias { T.any(JsonLock, YarnLock, PnpmLock, BunLock) }
+        LockFile = T.type_alias { T.any(JsonLock, YarnLock, PnpmLock) }
 
         sig { params(dependency_files: T::Array[DependencyFile]).void }
         def initialize(dependency_files:)
@@ -34,7 +33,7 @@ module Dependabot
           # end up unique by name. That's not a perfect representation of
           # the nested nature of JS resolution, but it makes everything work
           # comparably to other flat-resolution strategies
-          (yarn_locks + pnpm_locks + package_locks + bun_locks + shrinkwraps).each do |file|
+          (yarn_locks + pnpm_locks + package_locks + shrinkwraps).each do |file|
             dependency_set += lockfile_for(file).dependencies
           end
 
@@ -87,8 +86,6 @@ module Dependabot
                                       YarnLock.new(file)
                                     when *pnpm_locks.map(&:name)
                                       PnpmLock.new(file)
-                                    when *bun_locks.map(&:name)
-                                      BunLock.new(file)
                                     else
                                       raise "Unexpected lockfile: #{file.name}"
                                     end
@@ -109,11 +106,6 @@ module Dependabot
           @pnpm_locks ||= T.let(select_files_by_extension("pnpm-lock.yaml"), T.nilable(T::Array[DependencyFile]))
         end
 
-        sig { returns(T::Array[DependencyFile]) }
-        def bun_locks
-          @bun_locks ||= T.let(select_files_by_extension("bun.lock"), T.nilable(T::Array[DependencyFile]))
-        end
-
         sig { returns(T::Array[DependencyFile]) }
         def yarn_locks
           @yarn_locks ||= T.let(select_files_by_extension("yarn.lock"), T.nilable(T::Array[DependencyFile]))

data/lib/dependabot/npm_and_yarn/file_parser.rb

@@ -112,8 +112,7 @@ module Dependabot
         {
           npm: package_lock || shrinkwrap,
           yarn: yarn_lock,
-          pnpm: pnpm_lock,
-          bun: bun_lock
+          pnpm: pnpm_lock
         }
       end
 
@@ -192,16 +191,6 @@ module Dependabot
         )
       end
 
-      sig { returns(T.nilable(Dependabot::DependencyFile)) }
-      def bun_lock
-        @bun_lock ||= T.let(
-          dependency_files.find do |f|
-            f.name.end_with?(BunPackageManager::LOCKFILE_NAME)
-          end,
-          T.nilable(Dependabot::DependencyFile)
-        )
-      end
-
       sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def npmrc
         @npmrc ||= T.let(

data/lib/dependabot/npm_and_yarn/file_updater.rb

@@ -18,7 +18,6 @@ module Dependabot
       require_relative "file_updater/npm_lockfile_updater"
       require_relative "file_updater/yarn_lockfile_updater"
       require_relative "file_updater/pnpm_lockfile_updater"
-      require_relative "file_updater/bun_lockfile_updater"
       require_relative "file_updater/pnpm_workspace_updater"
 
       class NoChangeError < StandardError
@@ -275,15 +274,6 @@ module Dependabot
         )
       end
 
-      sig { returns(T::Array[Dependabot::DependencyFile]) }
-      def bun_locks
-        @bun_locks ||= T.let(
-          filtered_dependency_files
-          .select { |f| f.name.end_with?("bun.lock") },
-          T.nilable(T::Array[Dependabot::DependencyFile])
-        )
-      end
-
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def shrinkwraps
         @shrinkwraps ||= T.let(
@@ -313,11 +303,6 @@ module Dependabot
         pnpm_lock.content != updated_pnpm_lock_content(pnpm_lock)
       end
 
-      sig { params(bun_lock: Dependabot::DependencyFile).returns(T::Boolean) }
-      def bun_lock_changed?(bun_lock)
-        bun_lock.content != updated_bun_lock_content(bun_lock)
-      end
-
       sig { params(package_lock: Dependabot::DependencyFile).returns(T::Boolean) }
       def package_lock_changed?(package_lock)
         package_lock.content != updated_lockfile_content(package_lock)
@@ -363,15 +348,6 @@ module Dependabot
 
         updated_files.concat(update_pnpm_locks)
 
-        bun_locks.each do |bun_lock|
-          next unless bun_lock_changed?(bun_lock)
-
-          updated_files << updated_file(
-            file: bun_lock,
-            content: updated_bun_lock_content(bun_lock)
-          )
-        end
-
         package_locks.each do |package_lock|
           next unless package_lock_changed?(package_lock)
 
@@ -409,13 +385,6 @@ module Dependabot
           )
       end
 
-      sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
-      def updated_bun_lock_content(bun_lock)
-        @updated_bun_lock_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))
-        @updated_bun_lock_content[bun_lock.name] ||=
-          bun_lockfile_updater.updated_bun_lock_content(bun_lock)
-      end
-
       sig { returns(Dependabot::NpmAndYarn::FileUpdater::YarnLockfileUpdater) }
       def yarn_lockfile_updater
         @yarn_lockfile_updater ||= T.let(
@@ -442,19 +411,6 @@ module Dependabot
         )
       end
 
-      sig { returns(Dependabot::NpmAndYarn::FileUpdater::BunLockfileUpdater) }
-      def bun_lockfile_updater
-        @bun_lockfile_updater ||= T.let(
-          BunLockfileUpdater.new(
-            dependencies: dependencies,
-            dependency_files: dependency_files,
-            repo_contents_path: T.must(repo_contents_path),
-            credentials: credentials
-          ),
-          T.nilable(Dependabot::NpmAndYarn::FileUpdater::BunLockfileUpdater)
-        )
-      end
-
       sig { params(file: Dependabot::DependencyFile).returns(T.nilable(String)) }
       def updated_lockfile_content(file)
         @updated_lockfile_content ||= T.let({}, T.nilable(T::Hash[String, T.nilable(String)]))

data/lib/dependabot/npm_and_yarn/helpers.rb

@@ -30,10 +30,6 @@ module Dependabot
       PNPM_DEFAULT_VERSION = PNPM_V10
       PNPM_FALLBACK_VERSION = PNPM_V6
 
-      # BUN Version Constants
-      BUN_V1 = 1
-      BUN_DEFAULT_VERSION = BUN_V1
-
       # YARN Version Constants
       YARN_V3 = 3
       YARN_V2 = 2
@@ -115,11 +111,6 @@ module Dependabot
         PNPM_FALLBACK_VERSION
       end
 
-      sig { params(_bun_lock: T.nilable(DependencyFile)).returns(Integer) }
-      def self.bun_version_numeric(_bun_lock)
-        BUN_DEFAULT_VERSION
-      end
-
       sig { params(key: String, default_value: String).returns(T.untyped) }
       def self.fetch_yarnrc_yml_value(key, default_value)
         if File.exist?(".yarnrc.yml") && (yarnrc = YAML.load_file(".yarnrc.yml"))
@@ -338,35 +329,6 @@ module Dependabot
         raise
       end
 
-      sig { returns(T.nilable(String)) }
-      def self.bun_version
-        version = run_bun_command("--version", fingerprint: "--version").strip
-        if version.include?("+")
-          version.split("+").first # Remove build info, if present
-        end
-      rescue StandardError => e
-        Dependabot.logger.error("Error retrieving Bun version: #{e.message}")
-        nil
-      end
-
-      sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
-      def self.run_bun_command(command, fingerprint: nil)
-        full_command = "bun #{command}"
-
-        Dependabot.logger.info("Running bun command: #{full_command}")
-
-        result = Dependabot::SharedHelpers.run_shell_command(
-          full_command,
-          fingerprint: "bun #{fingerprint || command}"
-        )
-
-        Dependabot.logger.info("Command executed successfully: #{full_command}")
-        result
-      rescue StandardError => e
-        Dependabot.logger.error("Error running bun command: #{full_command}, Error: #{e.message}")
-        raise
-      end
-
       # Setup yarn and run a single yarn command returning stdout/stderr
       sig { params(command: String, fingerprint: T.nilable(String)).returns(String) }
       def self.run_yarn_command(command, fingerprint: nil)
@@ -525,8 +487,6 @@ module Dependabot
         output_observer: nil,
         env: nil
       )
-        return run_bun_command(command, fingerprint: fingerprint) if name == BunPackageManager::NAME
-
         full_command = "corepack #{name} #{command}"
         fingerprint =  "corepack #{name} #{fingerprint || command}"
 

data/lib/dependabot/npm_and_yarn/package_manager.rb

@@ -9,7 +9,6 @@ require "dependabot/npm_and_yarn/registry_helper"
 require "dependabot/npm_and_yarn/npm_package_manager"
 require "dependabot/npm_and_yarn/yarn_package_manager"
 require "dependabot/npm_and_yarn/pnpm_package_manager"
-require "dependabot/npm_and_yarn/bun_package_manager"
 require "dependabot/npm_and_yarn/language"
 require "dependabot/npm_and_yarn/constraint_helper"
 
@@ -60,8 +59,7 @@ module Dependabot
       T.any(
         T.class_of(Dependabot::NpmAndYarn::NpmPackageManager),
         T.class_of(Dependabot::NpmAndYarn::YarnPackageManager),
-        T.class_of(Dependabot::NpmAndYarn::PNPMPackageManager),
-        T.class_of(Dependabot::NpmAndYarn::BunPackageManager)
+        T.class_of(Dependabot::NpmAndYarn::PNPMPackageManager)
       )
     end
 
@@ -69,8 +67,7 @@ module Dependabot
       {
         NpmPackageManager::NAME => NpmPackageManager,
         YarnPackageManager::NAME => YarnPackageManager,
-        PNPMPackageManager::NAME => PNPMPackageManager,
-        BunPackageManager::NAME => BunPackageManager
+        PNPMPackageManager::NAME => PNPMPackageManager
       }.freeze,
       T::Hash[String, NpmAndYarnPackageManagerClassType]
     )
@@ -482,8 +479,6 @@ module Dependabot
           NpmPackageManager::SUPPORTED_VERSIONS
         when "yarn"
           YarnPackageManager::SUPPORTED_VERSIONS
-        when "bun"
-          BunPackageManager::SUPPORTED_VERSIONS
         when "pnpm"
           PNPMPackageManager::SUPPORTED_VERSIONS
         end

data/lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb

@@ -71,15 +71,6 @@ module Dependabot
           )
         end
 
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def bun_locks
-          @bun_locks ||= T.let(
-            dependency_files
-            .select { |f| f.name.end_with?("bun.lock") },
-            T.nilable(T::Array[Dependabot::DependencyFile])
-          )
-        end
-
         sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def root_yarn_lock
           @root_yarn_lock ||= T.let(
@@ -98,15 +89,6 @@ module Dependabot
           )
         end
 
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def root_bun_lock
-          @root_bun_lock ||= T.let(
-            dependency_files
-            .find { |f| f.name == "bun.lock" },
-            T.nilable(Dependabot::DependencyFile)
-          )
-        end
-
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         def shrinkwraps
           @shrinkwraps ||= T.let(
@@ -118,7 +100,7 @@ module Dependabot
 
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         def lockfiles
-          [*package_locks, *shrinkwraps, *yarn_locks, *pnpm_locks, *bun_locks]
+          [*package_locks, *shrinkwraps, *yarn_locks, *pnpm_locks]
         end
 
         sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -148,7 +130,7 @@ module Dependabot
             File.write(f.name, prepared_yarn_lockfile_content(T.must(f.content)))
           end
 
-          [*package_locks, *shrinkwraps, *pnpm_locks, *bun_locks].each do |f|
+          [*package_locks, *shrinkwraps, *pnpm_locks].each do |f|
             FileUtils.mkdir_p(Pathname.new(f.name).dirname)
             File.write(f.name, f.content)
           end

data/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb

@@ -102,8 +102,6 @@ module Dependabot
                             run_yarn_updater(path, lockfile_name)
                           elsif lockfile.name.end_with?("pnpm-lock.yaml")
                             run_pnpm_updater(path, lockfile_name)
-                          elsif lockfile.name.end_with?("bun.lock")
-                            run_bun_updater(path, lockfile_name)
                           elsif !Helpers.parse_npm8?(lockfile)
                             run_npm6_updater(path, lockfile_name)
                           else
@@ -195,19 +193,6 @@ module Dependabot
           end
         end
 
-        sig { params(path: String, lockfile_name: String).returns(T::Hash[String, String]) }
-        def run_bun_updater(path, lockfile_name)
-          SharedHelpers.with_git_configured(credentials: credentials) do
-            Dir.chdir(path) do
-              Helpers.run_bun_command(
-                "update #{dependency.name} --save-text-lockfile",
-                fingerprint: "update <dependency_name> --save-text-lockfile"
-              )
-              { lockfile_name => File.read(lockfile_name) }
-            end
-          end
-        end
-
         sig { params(path: String, lockfile_name: String).returns(T::Hash[String, String]) }
         def run_npm6_updater(path, lockfile_name)
           SharedHelpers.with_git_configured(credentials: credentials) do

data/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

@@ -686,18 +686,12 @@ module Dependabot
           npm_lockfiles = lockfiles_for_path(lockfiles: dependency_files_builder.package_locks, path: path)
           return run_npm_checker(path: path, version: version) if npm_lockfiles.any?
 
-          bun_lockfiles = lockfiles_for_path(lockfiles: dependency_files_builder.bun_locks, path: path)
-          return run_bun_checker(path: path, version: version) if bun_lockfiles.any?
-
           root_yarn_lock = dependency_files_builder.root_yarn_lock
           return run_yarn_checker(path: path, version: version, lockfile: root_yarn_lock) if root_yarn_lock
 
           root_pnpm_lock = dependency_files_builder.root_pnpm_lock
           return run_pnpm_checker(path: path, version: version) if root_pnpm_lock
 
-          root_bun_lock = dependency_files_builder.root_bun_lock
-          return run_bun_checker(path: path, version: version) if root_bun_lock
-
           run_npm_checker(path: path, version: version)
         rescue SharedHelpers::HelperSubprocessFailed => e
           handle_peer_dependency_errors(e.message)
@@ -739,23 +733,6 @@ module Dependabot
           end
         end
 
-        sig do
-          params(
-            path: String,
-            version: T.nilable(T.any(String, Gem::Version))
-          ).returns(T.untyped)
-        end
-        def run_bun_checker(path:, version:)
-          SharedHelpers.with_git_configured(credentials: credentials) do
-            Dir.chdir(path) do
-              Helpers.run_bun_command(
-                "update #{dependency.name}@#{version} --save-text-lockfile",
-                fingerprint: "update <dependency_name>@<version> --save-text-lockfile"
-              )
-            end
-          end
-        end
-
         sig do
           params(
             path: String,

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-npm_and_yarn
 version: !ruby/object:Gem::Version
-  version: 0.348.1
+  version: 0.349.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.348.1
+        version: 0.349.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.348.1
+        version: 0.349.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -311,19 +311,16 @@ files:
 - helpers/test/yarn/helpers.js
 - helpers/test/yarn/updater.test.js
 - lib/dependabot/npm_and_yarn.rb
-- lib/dependabot/npm_and_yarn/bun_package_manager.rb
 - lib/dependabot/npm_and_yarn/constraint_helper.rb
 - lib/dependabot/npm_and_yarn/dependency_files_filterer.rb
 - lib/dependabot/npm_and_yarn/file_fetcher.rb
 - lib/dependabot/npm_and_yarn/file_fetcher/path_dependency_builder.rb
 - lib/dependabot/npm_and_yarn/file_parser.rb
-- lib/dependabot/npm_and_yarn/file_parser/bun_lock.rb
 - lib/dependabot/npm_and_yarn/file_parser/json_lock.rb
 - lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb
 - lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb
 - lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb
 - lib/dependabot/npm_and_yarn/file_updater.rb
-- lib/dependabot/npm_and_yarn/file_updater/bun_lockfile_updater.rb
 - lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb
 - lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb
 - lib/dependabot/npm_and_yarn/file_updater/package_json_preparer.rb
@@ -362,7 +359,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.348.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.349.0
 rdoc_options: []
 require_paths:
 - lib

data/lib/dependabot/npm_and_yarn/bun_package_manager.rb

@@ -1,47 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-module Dependabot
-  module NpmAndYarn
-    class BunPackageManager < Ecosystem::VersionManager
-      extend T::Sig
-
-      NAME = "bun"
-      LOCKFILE_NAME = "bun.lock"
-
-      # In Bun 1.1.39, the lockfile format was changed from a binary bun.lockb to a text-based bun.lock.
-      # https://bun.sh/blog/bun-lock-text-lockfile
-      MIN_SUPPORTED_VERSION = Version.new("1.1.39")
-      SUPPORTED_VERSIONS = T.let([MIN_SUPPORTED_VERSION].freeze, T::Array[Dependabot::Version])
-      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
-
-      sig do
-        params(
-          detected_version: T.nilable(String),
-          raw_version: T.nilable(String),
-          requirement: T.nilable(Dependabot::NpmAndYarn::Requirement)
-        ).void
-      end
-      def initialize(detected_version: nil, raw_version: nil, requirement: nil)
-        super(
-          name: NAME,
-          detected_version: detected_version ? Version.new(detected_version) : nil,
-          version: raw_version ? Version.new(raw_version) : nil,
-          deprecated_versions: DEPRECATED_VERSIONS,
-          supported_versions: SUPPORTED_VERSIONS,
-          requirement: requirement
-        )
-      end
-
-      sig { override.returns(T::Boolean) }
-      def deprecated?
-        false
-      end
-
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        false
-      end
-    end
-  end
-end

data/lib/dependabot/npm_and_yarn/file_parser/bun_lock.rb

@@ -1,140 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-require "yaml"
-require "dependabot/errors"
-require "dependabot/npm_and_yarn/helpers"
-require "sorbet-runtime"
-
-module Dependabot
-  module NpmAndYarn
-    class FileParser < Dependabot::FileParsers::Base
-      class BunLock
-        extend T::Sig
-
-        sig { params(dependency_file: DependencyFile).void }
-        def initialize(dependency_file)
-          @dependency_file = dependency_file
-        end
-
-        sig { returns(T::Hash[String, T.untyped]) }
-        def parsed
-          @parsed ||= begin
-            content = begin
-              # Since bun.lock is a JSONC file, which is a subset of YAML, we can use YAML to parse it
-              YAML.load(T.must(@dependency_file.content))
-            rescue Psych::SyntaxError => e
-              raise_invalid!("malformed JSONC at line #{e.line}, column #{e.column}")
-            end
-            raise_invalid!("expected to be an object") unless content.is_a?(Hash)
-
-            version = content["lockfileVersion"]
-            raise_invalid!("expected 'lockfileVersion' to be an integer") unless version.is_a?(Integer)
-            raise_invalid!("expected 'lockfileVersion' to be >= 0") unless version >= 0
-
-            T.let(content, T.untyped)
-          end
-        end
-
-        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-        def dependencies
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-
-          # bun.lock v0 format:
-          # https://github.com/oven-sh/bun/blob/c130df6c589fdf28f9f3c7f23ed9901140bc9349/src/install/bun.lock.zig#L595-L605
-
-          packages = parsed["packages"]
-          raise_invalid!("expected 'packages' to be an object") unless packages.is_a?(Hash)
-
-          packages.each do |key, details|
-            raise_invalid!("expected 'packages.#{key}' to be an array") unless details.is_a?(Array)
-
-            resolution = details.first
-            raise_invalid!("expected 'packages.#{key}[0]' to be a string") unless resolution.is_a?(String)
-
-            name, version = resolution.split(/(?<=\w)\@/)
-            next if name.empty?
-
-            semver = Version.semver_for(version)
-            next unless semver
-
-            dependency_set << Dependency.new(
-              name: name,
-              version: semver.to_s,
-              package_manager: "npm_and_yarn",
-              requirements: []
-            )
-          end
-
-          dependency_set
-        end
-
-        sig do
-          params(dependency_name: String, requirement: T.untyped, _manifest_name: String)
-            .returns(T.nilable(T::Hash[String, T.untyped]))
-        end
-        def details(dependency_name, requirement, _manifest_name)
-          packages = parsed["packages"]
-          return unless packages.is_a?(Hash)
-
-          candidates =
-            packages
-            .select { |name, _| name == dependency_name }
-            .values
-
-          # If there's only one entry for this dependency, use it, even if
-          # the requirement in the lockfile doesn't match
-          if candidates.one?
-            parse_details(candidates.first)
-          else
-            candidate = candidates.find do |label, _|
-              label.scan(/(?<=\w)\@(?:npm:)?([^\s,]+)/).flatten.include?(requirement)
-            end&.last
-            parse_details(candidate)
-          end
-        end
-
-        private
-
-        sig { params(message: String).void }
-        def raise_invalid!(message)
-          raise Dependabot::DependencyFileNotParseable.new(@dependency_file.path, "Invalid bun.lock file: #{message}")
-        end
-
-        sig do
-          params(entry: T.nilable(T::Array[T.untyped])).returns(T.nilable(T::Hash[String, T.untyped]))
-        end
-        def parse_details(entry)
-          return unless entry.is_a?(Array)
-
-          # Either:
-          # - "{name}@{version}", registry, details, integrity
-          # - "{name}@{resolution}", details
-          resolution = entry.first
-          return unless resolution.is_a?(String)
-
-          name, version = resolution.split(/(?<=\w)\@/)
-          semver = Version.semver_for(version)
-
-          if semver
-            registry, details, integrity = entry[1..3]
-            {
-              "name" => name,
-              "version" => semver.to_s,
-              "registry" => registry,
-              "details" => details,
-              "integrity" => integrity
-            }
-          else
-            details = entry[1]
-            {
-              "name" => name,
-              "resolution" => version,
-              "details" => details
-            }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/npm_and_yarn/file_updater/bun_lockfile_updater.rb

@@ -1,185 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-
-require "dependabot/npm_and_yarn/helpers"
-require "dependabot/npm_and_yarn/package/registry_finder"
-require "dependabot/npm_and_yarn/registry_parser"
-require "dependabot/shared_helpers"
-
-module Dependabot
-  module NpmAndYarn
-    class FileUpdater < Dependabot::FileUpdaters::Base
-      class BunLockfileUpdater
-        extend T::Sig
-
-        require_relative "npmrc_builder"
-        require_relative "package_json_updater"
-
-        sig do
-          params(
-            dependencies: T::Array[Dependabot::Dependency],
-            dependency_files: T::Array[Dependabot::DependencyFile],
-            repo_contents_path: String,
-            credentials: T::Array[Dependabot::Credential]
-          )
-            .void
-        end
-        def initialize(dependencies:, dependency_files:, repo_contents_path:, credentials:)
-          @dependencies = dependencies
-          @dependency_files = dependency_files
-          @repo_contents_path = repo_contents_path
-          @credentials = credentials
-        end
-
-        sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
-        def updated_bun_lock_content(bun_lock)
-          @updated_bun_lock_content ||= T.let({}, T.nilable(T::Hash[String, String]))
-          return T.must(@updated_bun_lock_content[bun_lock.name]) if @updated_bun_lock_content[bun_lock.name]
-
-          new_content = run_bun_update(bun_lock: bun_lock)
-          @updated_bun_lock_content[bun_lock.name] = new_content
-        rescue SharedHelpers::HelperSubprocessFailed => e
-          handle_bun_lock_updater_error(e, bun_lock)
-        end
-
-        private
-
-        sig { returns(T::Array[Dependabot::Dependency]) }
-        attr_reader :dependencies
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-
-        sig { returns(String) }
-        attr_reader :repo_contents_path
-
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-
-        ERR_PATTERNS = T.let(
-          {
-            /get .* 404/i => Dependabot::DependencyNotFound,
-            /installfailed cloning repository/i => Dependabot::DependencyNotFound,
-            /file:.* failed to resolve/i => Dependabot::DependencyNotFound,
-            /no version matching/i => Dependabot::DependencyFileNotResolvable,
-            /failed to resolve/i => Dependabot::DependencyFileNotResolvable
-          }.freeze,
-          T::Hash[Regexp, Dependabot::DependabotError]
-        )
-
-        sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
-        def run_bun_update(bun_lock:)
-          SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
-            File.write(".npmrc", npmrc_content(bun_lock))
-
-            SharedHelpers.with_git_configured(credentials: credentials) do
-              run_bun_updater
-
-              write_final_package_json_files
-
-              run_bun_install
-
-              File.read(bun_lock.name)
-            end
-          end
-        end
-
-        sig { void }
-        def run_bun_updater
-          dependency_updates = dependencies.map do |d|
-            "#{d.name}@#{d.version}"
-          end.join(" ")
-
-          Helpers.run_bun_command(
-            "install #{dependency_updates} --save-text-lockfile",
-            fingerprint: "install <dependency_updates> --save-text-lockfile"
-          )
-        end
-
-        sig { void }
-        def run_bun_install
-          Helpers.run_bun_command(
-            "install --save-text-lockfile"
-          )
-        end
-
-        sig { params(lockfile: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency]) }
-        def lockfile_dependencies(lockfile)
-          @lockfile_dependencies ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependabot::Dependency]]))
-          @lockfile_dependencies[lockfile.name] ||=
-            NpmAndYarn::FileParser.new(
-              dependency_files: [lockfile, *package_files],
-              source: nil,
-              credentials: credentials
-            ).parse
-        end
-
-        sig { params(error: Dependabot::DependabotError, _bun_lock: Dependabot::DependencyFile).returns(T.noreturn) }
-        def handle_bun_lock_updater_error(error, _bun_lock)
-          error_message = error.message
-
-          ERR_PATTERNS.each do |pattern, error_class|
-            raise error_class, error_message if error_message.match?(pattern)
-          end
-
-          raise error
-        end
-
-        sig { void }
-        def write_final_package_json_files
-          package_files.each do |file|
-            path = file.name
-            FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(path, updated_package_json_content(file))
-          end
-        end
-
-        sig { params(bun_lock: Dependabot::DependencyFile).returns(String) }
-        def npmrc_content(bun_lock)
-          NpmrcBuilder.new(
-            credentials: credentials,
-            dependency_files: dependency_files,
-            dependencies: lockfile_dependencies(bun_lock)
-          ).npmrc_content
-        end
-
-        sig { params(file: Dependabot::DependencyFile).returns(String) }
-        def updated_package_json_content(file)
-          @updated_package_json_content ||= T.let({}, T.nilable(T::Hash[String, String]))
-          @updated_package_json_content[file.name] ||=
-            T.must(
-              PackageJsonUpdater.new(
-                package_json: file,
-                dependencies: dependencies
-              ).updated_package_json.content
-            )
-        end
-
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def package_files
-          @package_files ||= T.let(
-            dependency_files.select { |f| f.name.end_with?("package.json") },
-            T.nilable(T::Array[Dependabot::DependencyFile])
-          )
-        end
-
-        sig { returns(String) }
-        def base_dir
-          T.must(dependency_files.first).directory
-        end
-
-        sig { returns(T.nilable(Dependabot::DependencyFile)) }
-        def npmrc_file
-          dependency_files.find { |f| f.name == ".npmrc" }
-        end
-
-        sig { params(message: String).returns(String) }
-        def sanitize_message(message)
-          message.gsub(/"|\[|\]|\}|\{/, "")
-        end
-      end
-    end
-  end
-end