Class: Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

Constant Summary collapse

TIGHTLY_COUPLED_MONOREPOS = 
{
  "vue" => %w(vue vue-template-compiler)
}.freeze
YARN_PEER_DEP_ERROR_REGEX =

Error message from yarn add: “ > @reach/[email protected]” has incorrect \ peer dependency “[email protected] || 16.x || 16.4.0-alpha.0911da3” “ > [email protected]” has unmet \ peer dependency “react@>=0.14.0 <16.0.0”.

/
  "\s>\s(?<requiring_dep>[^"]+)"\s
  has\s(incorrect|unmet)\speer\sdependency\s
  "(?<required_dep>[^"]+)"
/x.freeze
NPM_PEER_DEP_ERROR_REGEX =

Error message from npm install: [email protected] requires a peer of react@^15.2.0 \ but none is installed. You must install peer dependencies yourself.

/
  (?<requiring_dep>[^\s]+)\s
  requires\sa\speer\sof\s
  (?<required_dep>.+?)\sbut\snone\sis\sinstalled.
/x.freeze

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ VersionResolver

Returns a new instance of VersionResolver.



48
49
50
51
52
53
54
55
56
57
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 48

def initialize(dependency:, credentials:, dependency_files:,
               latest_allowable_version:, latest_version_finder:)
  @dependency               = dependency
  @credentials              = credentials
  @dependency_files         = dependency_files
  @latest_allowable_version = latest_allowable_version

  @latest_version_finder = {}
  @latest_version_finder[dependency] = latest_version_finder
end

Instance Method Details

#dependency_updates_from_full_unlockObject

rubocop:disable Metrics/MethodLength



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 81

def dependency_updates_from_full_unlock
  return if git_dependency?(dependency)
  if part_of_tightly_locked_monorepo?
    return updated_monorepo_dependencies
  end
  return if newly_broken_peer_reqs_from_dep.any?

  updates = [{
    dependency: dependency,
    version: latest_allowable_version,
    previous_version: latest_resolvable_previous_version(
      latest_allowable_version
    )
  }]
  newly_broken_peer_reqs_on_dep.each do |peer_req|
    dep_name = peer_req.fetch(:requiring_dep_name)
    dep = top_level_dependencies.find { |d| d.name == dep_name }

    # Can't handle reqs from sub-deps or git source deps (yet)
    return nil if dep.nil?
    return nil if git_dependency?(dep)

    updated_version =
      latest_version_of_dep_with_satisfied_peer_reqs(dep)
    return nil unless updated_version

    updates << {
      dependency: dep,
      version: updated_version,
      previous_version: resolve_latest_previous_version(
        dep, updated_version
      )
    }
  end
  updates.uniq
end

#latest_resolvable_previous_version(updated_version) ⇒ Object 



76
77
78
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 76

def latest_resolvable_previous_version(updated_version)
  resolve_latest_previous_version(dependency, updated_version)
end

#latest_resolvable_versionObject 



59
60
61
62
63
64
65
66
67
68
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 59

def latest_resolvable_version
  return latest_allowable_version if git_dependency?(dependency)
  return if part_of_tightly_locked_monorepo?

  unless relevant_unmet_peer_dependencies.any?
    return latest_allowable_version
  end

  satisfying_versions.first
end

#latest_version_resolvable_with_full_unlock?Boolean

Returns:

  • (Boolean) 


70
71
72
73
74
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 70

def latest_version_resolvable_with_full_unlock?
  return false if dependency_updates_from_full_unlock.nil?

  true
end