Class: Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

Inherits:

Object

Object
Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

show all

Defined in:: lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

Constant Summary collapse

TIGHTLY_COUPLED_MONOREPOS =

{
  "vue" => %w(vue vue-template-compiler)
}.freeze

YARN_PEER_DEP_ERROR_REGEX = Error message from yarn add: “ > @reach/[email protected]” has incorrect \ peer dependency “[email protected] || 16.x || 16.4.0-alpha.0911da3” “ > [email protected]” has unmet \ peer dependency “react@>=0.14.0 <16.0.0”.

/
  "\s>\s(?<requiring_dep>[^"]+)"\s
  has\s(incorrect|unmet)\speer\sdependency\s
  "(?<required_dep>[^"]+)"
/x.freeze

NPM6_PEER_DEP_ERROR_REGEX = Error message from npm install: [email protected] requires a peer of react@^15.2.0 \ but none is installed. You must install peer dependencies yourself.

/
  (?<requiring_dep>[^\s]+)\s
  requires\sa\speer\sof\s
  (?<required_dep>.+?)\sbut\snone\sis\sinstalled.
/x.freeze

NPM8_PEER_DEP_ERROR_REGEX = Error message from npm install: npm ERR! Could not resolve dependency: npm ERR! peer react@“^16.14.0” from [email protected] or with two semver constraints: npm ERR! Could not resolve dependency: npm ERR! peer @opentelemetry/api@“>=1.0.0 <1.1.0” from @opentelemetry/[email protected]

/
  npm\s(?:WARN|ERR!)\sCould\snot\sresolve\sdependency:\n
  npm\s(?:WARN|ERR!)\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
/x.freeze

Instance Method Summary collapse

#dependency_updates_from_full_unlock ⇒ Object

rubocop:disable Metrics/PerceivedComplexity.
#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ VersionResolver constructor

A new instance of VersionResolver.
#latest_resolvable_previous_version(updated_version) ⇒ Object
#latest_resolvable_version ⇒ Object
#latest_version_resolvable_with_full_unlock? ⇒ Boolean

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ `VersionResolver`

Returns a new instance of VersionResolver.

# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 64

def initialize(dependency:, credentials:, dependency_files:,
               latest_allowable_version:, latest_version_finder:)
  @dependency               = dependency
  @credentials              = credentials
  @dependency_files         = dependency_files
  @latest_allowable_version = latest_allowable_version

  @latest_version_finder = {}
  @latest_version_finder[dependency] = latest_version_finder
end

Instance Method Details

#dependency_updates_from_full_unlock ⇒ `Object`

rubocop:disable Metrics/PerceivedComplexity

# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 97

def dependency_updates_from_full_unlock
  return if git_dependency?(dependency)
  return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
  return if newly_broken_peer_reqs_from_dep.any?
  return if original_package_update_available?

  updates = [{
    dependency: dependency,
    version: latest_allowable_version,
    previous_version: latest_resolvable_previous_version(
      latest_allowable_version
    )
  }]
  newly_broken_peer_reqs_on_dep.each do |peer_req|
    dep_name = peer_req.fetch(:requiring_dep_name)
    dep = top_level_dependencies.find { |d| d.name == dep_name }

    # Can't handle reqs from sub-deps or git source deps (yet)
    return nil if dep.nil?
    return nil if git_dependency?(dep)

    updated_version =
      latest_version_of_dep_with_satisfied_peer_reqs(dep)
    return nil unless updated_version

    updates << {
      dependency: dep,
      version: updated_version,
      previous_version: resolve_latest_previous_version(
        dep, updated_version
      )
    }
  end
  updates += updated_types_dependencies if types_update_available?
  updates.uniq
end

#latest_resolvable_previous_version(updated_version) ⇒ `Object`



92
93
94

# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 92

def latest_resolvable_previous_version(updated_version)
  resolve_latest_previous_version(dependency, updated_version)
end

#latest_resolvable_version ⇒ `Object`

# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 75

def latest_resolvable_version
  return latest_allowable_version if git_dependency?(dependency)
  return if part_of_tightly_locked_monorepo?
  return if types_update_available?
  return if original_package_update_available?

  return latest_allowable_version unless relevant_unmet_peer_dependencies.any?

  satisfying_versions.first
end

#latest_version_resolvable_with_full_unlock? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 86

def latest_version_resolvable_with_full_unlock?
  return false if dependency_updates_from_full_unlock.nil?

  true
end

Class: Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ VersionResolver

Instance Method Details

#dependency_updates_from_full_unlock ⇒ Object

#latest_resolvable_previous_version(updated_version) ⇒ Object

#latest_resolvable_version ⇒ Object

#latest_version_resolvable_with_full_unlock? ⇒ Boolean

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) ⇒ `VersionResolver`

#dependency_updates_from_full_unlock ⇒ `Object`

#latest_resolvable_previous_version(updated_version) ⇒ `Object`

#latest_resolvable_version ⇒ `Object`

#latest_version_resolvable_with_full_unlock? ⇒ `Boolean`