Class: Dependabot::NpmAndYarn::FileParser

Inherits:
FileParsers::Base
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/file_parser.rb,
lib/dependabot/npm_and_yarn/file_parser/json_lock.rb,
lib/dependabot/npm_and_yarn/file_parser/pnpm_lock.rb,
lib/dependabot/npm_and_yarn/file_parser/yarn_lock.rb,
lib/dependabot/npm_and_yarn/file_parser/lockfile_parser.rb

Overview

rubocop:disable Metrics/ClassLength

Defined Under Namespace

Classes: JsonLock, LockfileParser, PnpmLock, YarnLock

Constant Summary collapse

DEPENDENCY_TYPES = 
T.let(%w(dependencies devDependencies optionalDependencies).freeze, T::Array[String])
GIT_URL_REGEX = 
%r{
  (?<git_prefix>^|^git.*?|^github:|^bitbucket:|^gitlab:|github\.com/)
  (?<username>[a-z0-9-]+)/
  (?<repo>[a-z0-9_.-]+)
  (
    (?:\#semver:(?<semver>.+))|
    (?:\#(?=[\^~=<>*])(?<semver>.+))|
    (?:\#(?<ref>.+))
  )?$
}ix

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.each_dependency(json, &_block) ⇒ Object 



48
49
50
51
52
53
54
55
 
# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 48

def self.each_dependency(json, &_block)
  DEPENDENCY_TYPES.each do |type|
    deps = json[type] || {}
    deps.each do |name, requirement|
      yield(name, requirement, type)
    end
  end
end

Instance Method Details

#ecosystemObject 



84
85
86
87
88
89
90
91
92
93
 
# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 84

def ecosystem
  @ecosystem ||= T.let(
    Ecosystem.new(
      name: ECOSYSTEM,
      package_manager: package_manager_helper.package_manager,
      language: package_manager_helper.language
    ),
    T.nilable(Ecosystem)
  )
end

#parseObject

rubocop:disable Metrics/PerceivedComplexity



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/dependabot/npm_and_yarn/file_parser.rb', line 58

def parse # rubocop:disable Metrics/PerceivedComplexity
  dependency_set = DependencySet.new
  dependency_set += manifest_dependencies
  dependency_set += lockfile_dependencies
  dependency_set += workspace_catalog_dependencies if pnpm_workspace_yml

  dependencies = Helpers.dependencies_with_all_versions_metadata(dependency_set)

  dependencies.reject do |dep|
    reqs = dep.requirements

    # Ignore dependencies defined in support files, since we don't want PRs for those
    support_reqs = reqs.select { |r| support_package_files.any? { |f| f.name == r[:file] } }
    next true if support_reqs.any?

    # TODO: Currently, Dependabot can't handle dependencies that have both
    # a git source *and* a non-git source. Fix that!
    git_reqs = reqs.select { |r| r.dig(:source, :type) == "git" }
    next false if git_reqs.none?
    next true if git_reqs.map { |r| r.fetch(:source) }.uniq.count > 1

    dep.requirements.any? { |r| r.dig(:source, :type) != "git" }
  end
end