Class: Dependabot::NpmAndYarn::UpdateChecker::VersionResolver

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb

Constant Summary collapse

TIGHTLY_COUPLED_MONOREPOS = 
{
  "vue" => %w(vue vue-template-compiler)
}.freeze
YARN_PEER_DEP_ERROR_REGEX =

Error message returned by ‘yarn add` (for Yarn classic): “ > @reach/router@1.2.1” has incorrect peer dependency “react@15.x || 16.x || 16.4.0-alpha.0911da3” “workspace-aggregator-<random-string> > test > react-dom@15.6.2” has incorrect peer dependency “react@^15.6.2” “ > react-burger-menu@1.9.9” has unmet peer dependency “react@>=0.14.0 <16.0.0”

/
  \s>\s(?<requiring_dep>[^>"]+)"\s
  has\s(incorrect|unmet)\speer\sdependency\s
  "(?<required_dep>[^"]+)"
/x
YARN_BERRY_PEER_DEP_ERROR_REGEX =

Error message returned by ‘yarn add` (for Yarn berry): YN0060: │ eve-roster@workspace:. provides jest (p8d618) \ with version 29.3.0, which doesn’t satisfy \ what ts-jest requestsn

/
  YN0060:.+\sprovides\s(?<required_dep>.+?)\s\((?<info_hash>\w+)\).+what\s(?<requiring_dep>.+?)\srequests
/x
YARN_BERRY_V4_PEER_DEP_ERROR_REGEX =

Error message returned by ‘yarn add` (for Yarn berry v4): YN0060: │ react is listed by your project with version 15.2.0, \ which doesn’t satisfy what react-dom (p89012) requests (^16.0.0).

/
  YN0060:.+\s(?<required_dep>.+?)\sis\s.+what\s(?<requiring_dep>.+?)\s\((?<info_hash>\w+)\)\srequests
/x
PNPM_PEER_DEP_ERROR_REGEX =

Error message returned by ‘pnpm update`: └─┬ react-dom 15.7.0

└── ✕ unmet peer react@^15.7.0: found 16.3.1

/
  ┬\s(?<requiring_dep>[^\n]+)\n
  [^\n]*✕\sunmet\speer\s(?<required_dep>[^:]+):
/mx
NPM6_PEER_DEP_ERROR_REGEX =

Error message returned by ‘npm install` (for NPM 6): react-dom@15.2.0 requires a peer of react@^15.2.0 \ but none is installed. You must install peer dependencies yourself.

/
  (?<requiring_dep>[^\s]+)\s
  requires\sa\speer\sof\s
  (?<required_dep>.+?)\sbut\snone\sis\sinstalled.
/x
NPM8_PEER_DEP_ERROR_REGEX =

Error message returned by ‘npm install` (for NPM 8): npm ERR! Could not resolve dependency: npm ERR! peer react@“^16.14.0” from react-dom@16.14.0

or with two semver constraints: npm ERR! Could not resolve dependency: npm ERR! peer @opentelemetry/api@“>=1.0.0 <1.1.0” from @opentelemetry/context-async-hooks@1.0.1

/
  npm\s(?:WARN|ERR!)\sCould\snot\sresolve\sdependency:\n
  npm\s(?:WARN|ERR!)\speer\s(?<required_dep>\S+@\S+(\s\S+)?)\sfrom\s(?<requiring_dep>\S+@\S+)
/x

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:, repo_contents_path:, dependency_group: nil) ⇒ VersionResolver

Returns a new instance of VersionResolver.



94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 94

def initialize(dependency:, credentials:, dependency_files:,
               latest_allowable_version:, latest_version_finder:, repo_contents_path:, dependency_group: nil)
  @dependency               = dependency
  @credentials              = credentials
  @dependency_files         = dependency_files
  @latest_allowable_version = latest_allowable_version
  @dependency_group = dependency_group

  @latest_version_finder = {}
  @latest_version_finder[dependency] = latest_version_finder
  @repo_contents_path = repo_contents_path
end

Instance Method Details

#dependency_updates_from_full_unlockObject

rubocop:disable Metrics/PerceivedComplexity



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 129

def dependency_updates_from_full_unlock
  return if git_dependency?(dependency)
  return updated_monorepo_dependencies if part_of_tightly_locked_monorepo?
  return if newly_broken_peer_reqs_from_dep.any?
  return if original_package_update_available?

  updates = [{
    dependency: dependency,
    version: latest_allowable_version,
    previous_version: latest_resolvable_previous_version(
      latest_allowable_version
    )
  }]
  newly_broken_peer_reqs_on_dep.each do |peer_req|
    dep_name = peer_req.fetch(:requiring_dep_name)
    dep = top_level_dependencies.find { |d| d.name == dep_name }

    # Can't handle reqs from sub-deps or git source deps (yet)
    return nil if dep.nil?
    return nil if git_dependency?(dep)

    updated_version =
      latest_version_of_dep_with_satisfied_peer_reqs(dep)
    return nil unless updated_version

    updates << {
      dependency: dep,
      version: updated_version,
      previous_version: resolve_latest_previous_version(
        dep, updated_version
      )
    }
  end
  updates += updated_types_dependencies if types_update_available?
  updates.uniq
end

#latest_resolvable_previous_version(updated_version) ⇒ Object 



124
125
126
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 124

def latest_resolvable_previous_version(updated_version)
  resolve_latest_previous_version(dependency, updated_version)
end

#latest_resolvable_versionObject 



107
108
109
110
111
112
113
114
115
116
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 107

def latest_resolvable_version
  return latest_allowable_version if git_dependency?(dependency)
  return if part_of_tightly_locked_monorepo?
  return if types_update_available?
  return if original_package_update_available?

  return latest_allowable_version unless relevant_unmet_peer_dependencies.any?

  satisfying_versions.first
end

#latest_version_resolvable_with_full_unlock?Boolean

Returns:

  • (Boolean) 


118
119
120
121
122
 
# File 'lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb', line 118

def latest_version_resolvable_with_full_unlock?
  return false if dependency_updates_from_full_unlock.nil?

  true
end