From 9ccc08af1d86321174defb37b7e8030ef1f75993 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 11 May 2023 21:26:53 +0200 Subject: [PATCH] Allow updating the version of PNPM itself --- common/lib/dependabot/dependency.rb | 10 ++++-- .../file_parsers/base/dependency_set.rb | 3 +- common/lib/dependabot/update_checkers/base.rb | 3 +- .../dependabot/npm_and_yarn/file_parser.rb | 32 ++++++++++++++++++- .../file_updater/package_json_updater.rb | 30 +++++++++++++++-- .../file_updater/pnpm_lockfile_updater.rb | 6 ++-- .../update_checker/version_resolver.rb | 2 +- 7 files changed, 75 insertions(+), 11 deletions(-) diff --git a/common/lib/dependabot/dependency.rb b/common/lib/dependabot/dependency.rb index bc33e56b04..39f921387f 100644 --- a/common/lib/dependabot/dependency.rb +++ b/common/lib/dependabot/dependency.rb @@ -41,7 +41,7 @@ def self.register_name_normaliser(package_manager, name_builder) def initialize(name:, requirements:, package_manager:, version: nil, previous_version: nil, previous_requirements: nil, - subdependency_metadata: [], removed: false, metadata: {}) + subdependency_metadata: [], removed: false, on_package_manager: false, metadata: {}) @name = name @version = version @requirements = requirements.map { |req| symbolize_keys(req) } @@ -54,6 +54,7 @@ def initialize(name:, requirements:, package_manager:, version: nil, map { |h| symbolize_keys(h) } end @removed = removed + @on_package_manager = on_package_manager @metadata = symbolize_keys(metadata || {}) check_values @@ -67,6 +68,10 @@ def removed? @removed end + def on_package_manager? + @on_package_manager + end + def numeric_version @numeric_version ||= version_class.new(version) if version && version_class.correct?(version) end @@ -80,7 +85,8 @@ def to_h "previous_requirements" => previous_requirements, "package_manager" => package_manager, "subdependency_metadata" => subdependency_metadata, - "removed" => removed? ? true : nil + "removed" => removed? ? true : nil, + "on_package_manager" => on_package_manager? ? true : nil }.compact end diff --git a/common/lib/dependabot/file_parsers/base/dependency_set.rb b/common/lib/dependabot/file_parsers/base/dependency_set.rb index cb7eb93ef8..4691b93657 100644 --- a/common/lib/dependabot/file_parsers/base/dependency_set.rb +++ b/common/lib/dependabot/file_parsers/base/dependency_set.rb @@ -96,7 +96,8 @@ def <<(dep) version: dep.version, requirements: dep.requirements, package_manager: dep.package_manager, - subdependency_metadata: dep.subdependency_metadata + subdependency_metadata: dep.subdependency_metadata, + on_package_manager: dep.on_package_manager? ) end diff --git a/common/lib/dependabot/update_checkers/base.rb b/common/lib/dependabot/update_checkers/base.rb index f5c6386bee..c8a26f671b 100644 --- a/common/lib/dependabot/update_checkers/base.rb +++ b/common/lib/dependabot/update_checkers/base.rb @@ -178,7 +178,8 @@ def updated_dependency_with_own_req_unlock requirements: updated_requirements, previous_version: previous_version, previous_requirements: dependency.requirements, - package_manager: dependency.package_manager + package_manager: dependency.package_manager, + on_package_manager: dependency.on_package_manager? ) end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb index dbe2c2711e..0afea4ae76 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb @@ -8,6 +8,7 @@ require "dependabot/shared_helpers" require "dependabot/npm_and_yarn/helpers" require "dependabot/npm_and_yarn/native_helpers" +require "dependabot/npm_and_yarn/package_manager" require "dependabot/npm_and_yarn/version" require "dependabot/git_metadata_fetcher" require "dependabot/git_commit_checker" @@ -76,9 +77,30 @@ def manifest_dependencies end end + pnpm_version = package_manager.locked_version("pnpm") + + if pnpm_version + dependency_set << Dependency.new( + name: "pnpm", + version: pnpm_version, + package_manager: "npm_and_yarn", + requirements: [{ + requirement: pnpm_version, + file: "package.json", + groups: ["dependencies"], + source: nil + }], + on_package_manager: true + ) + end + dependency_set end + def package_manager + @package_manager ||= PackageManager.new(parsed_root_package_file) + end + def lockfile_parser @lockfile_parser ||= LockfileParser.new( dependency_files: dependency_files @@ -314,6 +336,10 @@ def url_for_relevant_cred(resolved_url) resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg end + def parsed_root_package_file + JSON.parse(root_package_file.content) + end + def package_files @package_files ||= begin @@ -325,12 +351,16 @@ def package_files reject(&:support_file?) [ - dependency_files.find { |f| f.name == "package.json" }, + root_package_file, *sub_packages ].compact end end + def root_package_file + @root_package_file ||= dependency_files.find { |f| f.name == "package.json" } + end + def version_class NpmAndYarn::Version end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb index 78751a1b59..011e9154db 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb @@ -28,7 +28,7 @@ def updated_package_json_content new_content = update_package_json_declaration( package_json_content: content, - dependency_name: dep.name, + dependency: dep, old_req: old_req, new_req: new_req ) @@ -79,7 +79,23 @@ def updated_requirements(dependency) end def update_package_json_declaration(package_json_content:, new_req:, - dependency_name:, old_req:) + dependency:, old_req:) + args = { + package_json_content: package_json_content, + new_req: new_req, + dependency_name: dependency.name, + old_req: old_req + } + + if dependency.on_package_manager? + update_package_manager_declaration(**args) + else + update_dependency_declaration(**args) + end + end + + def update_dependency_declaration(package_json_content:, new_req:, + dependency_name:, old_req:) original_line = declaration_line( dependency_name: dependency_name, dependency_req: old_req, @@ -139,6 +155,16 @@ def update_package_json_resolutions(package_json_content:, new_req:, content end + def update_package_manager_declaration(package_json_content:, new_req:, + dependency_name:, old_req:) + parsed_json_content = JSON.parse(package_json_content) + package_manager = parsed_json_content["packageManager"] + + return package_json_content unless package_manager == "#{dependency_name}@#{old_req[:requirement]}" + + package_json_content.sub("\"#{package_manager}\"", "\"#{dependency_name}@#{new_req[:requirement]}\"") + end + def declaration_line(dependency_name:, dependency_req:, content:) git_dependency = dependency_req.dig(:source, :type) == "git" diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb index 17ef8441ed..aecbcb61ad 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/pnpm_lockfile_updater.rb @@ -38,11 +38,11 @@ def updated_pnpm_lock_content(pnpm_lock) def run_pnpm_update(pnpm_lock:) SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do SharedHelpers.with_git_configured(credentials: credentials) do - run_pnpm_updater + run_pnpm_updater unless dependencies.first.on_package_manager? write_final_package_json_files - run_pnpm_install + sync_lockfile File.read(pnpm_lock.name) end @@ -60,7 +60,7 @@ def run_pnpm_updater ) end - def run_pnpm_install + def sync_lockfile SharedHelpers.run_shell_command( "pnpm install --lockfile-only" ) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb index 385307cfb4..dc9a3570cc 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb @@ -91,7 +91,7 @@ def initialize(dependency:, credentials:, dependency_files:, end def latest_resolvable_version - return latest_allowable_version if git_dependency?(dependency) + return latest_allowable_version if git_dependency?(dependency) || dependency.on_package_manager? return if part_of_tightly_locked_monorepo? return if types_update_available? return if original_package_update_available?