Class: Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

Constant Summary collapse

TIGHTLY_COUPLED_MONOREPOS = 
{
  "vue" => %w(vue vue-template-compiler)
}.freeze
YARN_PEER_DEP_ERROR_REGEX =

Error message from yarn add: “ > @reach/[email protected]” has incorrect \ peer dependency “[email protected] || 16.x || 16.4.0-alpha.0911da3” “ > [email protected]” has unmet \ peer dependency “react@>=0.14.0 <16.0.0”.

/
  "\s>\s(?<requiring_dep>[^"]+)"\s
  has\s(incorrect|unmet)\speer\sdependency\s
  "(?<required_dep>[^"]+)"
/x.freeze
NPM_PEER_DEP_ERROR_REGEX =

Error message from npm install: [email protected] requires a peer of react@^15.2.0 \ but none is installed. You must install peer dependencies yourself.

/
  (?<requiring_dep>[^\s]+)\s
  requires\sa\speer\sof\s
  (?<required_dep>.+?)\sbut\snone\sis\sinstalled.
/x.freeze

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ VersionResolver

Returns a new instance of VersionResolver.



48
49
50
51
52
53
54
55
56
57
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 48

def initialize(dependency:, credentials:, dependency_files:,
               latest_allowable_version:, latest_version_finder:)
  @dependency               = dependency
  @credentials              = credentials
  @dependency_files         = dependency_files
  @latest_allowable_version = latest_allowable_version

  @latest_version_finder = {}
  @latest_version_finder[dependency] = latest_version_finder
end

Instance Method Details

#dependency_updates_from_full_unlockObject 



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 78

def dependency_updates_from_full_unlock
  return if git_dependency?(dependency)
  return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
  return if newly_broken_peer_reqs_from_dep.any?

  updates = [{
    dependency: dependency,
    version: latest_allowable_version,
    previous_version: latest_resolvable_previous_version(
      latest_allowable_version
    )
  }]
  newly_broken_peer_reqs_on_dep.each do |peer_req|
    dep_name = peer_req.fetch(:requiring_dep_name)
    dep = top_level_dependencies.find { |d| d.name == dep_name }

    # Can't handle reqs from sub-deps or git source deps (yet)
    return nil if dep.nil?
    return nil if git_dependency?(dep)

    updated_version =
      latest_version_of_dep_with_satisfied_peer_reqs(dep)
    return nil unless updated_version

    updates << {
      dependency: dep,
      version: updated_version,
      previous_version: resolve_latest_previous_version(
        dep, updated_version
      )
    }
  end
  updates.uniq
end

#latest_resolvable_previous_version(updated_version) ⇒ Object 



74
75
76
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 74

def latest_resolvable_previous_version(updated_version)
  resolve_latest_previous_version(dependency, updated_version)
end

#latest_resolvable_versionObject 



59
60
61
62
63
64
65
66
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 59

def latest_resolvable_version
  return latest_allowable_version if git_dependency?(dependency)
  return if part_of_tightly_locked_monorepo?

  return latest_allowable_version unless relevant_unmet_peer_dependencies.any?

  satisfying_versions.first
end

#latest_version_resolvable_with_full_unlock?Boolean

Returns:

  • (Boolean) 


68
69
70
71
72
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 68

def latest_version_resolvable_with_full_unlock?
  return false if dependency_updates_from_full_unlock.nil?

  true
end