Class: Dependabot::Deno::FileParser
- Inherits:
-
FileParsers::Base
- Object
- FileParsers::Base
- Dependabot::Deno::FileParser
- Extended by:
- T::Sig
- Defined in:
- lib/dependabot/deno/file_parser.rb
Constant Summary collapse
- ECOSYSTEM =
"deno"- MANIFEST_FILENAMES =
T.let(%w(deno.json deno.jsonc).freeze, T::Array[String])
- JSR_SPECIFIER =
Matches jsr:@scope/name[/subpath] or npm:[@scope/]name[/subpath] Constraint and subpath are both optional per Deno’s specifier format.
%r{\Ajsr:(?<name>@[^@/]+/[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}- NPM_SPECIFIER =
%r{\Anpm:(?<name>(?:@[^/]+/)?[^@/]+)(?:@(?<constraint>[^/]+))?(?:/[^\s]*)?\z}
Instance Method Summary collapse
Instance Method Details
#parse ⇒ Object
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/dependabot/deno/file_parser.rb', line 25 def parse # Multiple import aliases can reference the same underlying package # (e.g. "@std/path" and "@std/path/posix"). Keyed dedup by name + # source type collapses those without merging across registries — our # update checker only queries the first requirement's source, so # mixing jsr+npm under one Dependency would silently miss updates. # When the same name+source appears with different constraints, every # constraint is preserved as a separate requirement entry so callers # can update them all. deps_by_key = {} manifest_files.each do |file| imports_for(file).each do |_alias_name, specifier| dep = parse_specifier(specifier.to_s, file) next unless dep key = [dep.name, T.must(dep.requirements.first)[:source][:type]] existing = deps_by_key[key] deps_by_key[key] = if existing Dependabot::Dependency.new( name: existing.name, version: existing.version, requirements: (existing.requirements + dep.requirements).uniq, package_manager: existing.package_manager ) else dep end end end deps_by_key.values.sort_by(&:name) end |