From 01c4dc9739784ab05439ecd1d9feecf8677f0d53 Mon Sep 17 00:00:00 2001
From: Alfred Mazimbe <amazimbe@github.com>
Date: Thu, 12 Dec 2024 16:24:00 +0000
Subject: [PATCH] Add support for NPM V6 deprecation warning and unsupported
 error

---
 .../npm_and_yarn/package_manager.rb           |  12 +-
 .../npm_and_yarn/npm_package_manager_spec.rb  | 108 ++++++++++++++++++
 2 files changed, 116 insertions(+), 4 deletions(-)

diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb
index 6b146d6143..dfe419ccd1 100644
--- a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb
+++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb
@@ -62,14 +62,13 @@ class NpmPackageManager < Ecosystem::VersionManager
 
       # Keep versions in ascending order
       SUPPORTED_VERSIONS = T.let([
-        Version.new(NPM_V6),
         Version.new(NPM_V7),
         Version.new(NPM_V8),
         Version.new(NPM_V9),
         Version.new(NPM_V10)
       ].freeze, T::Array[Dependabot::Version])
 
-      DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
+      DEPRECATED_VERSIONS = T.let([Version.new(NPM_V6)].freeze, T::Array[Dependabot::Version])
 
       sig do
         params(
@@ -89,12 +88,17 @@ def initialize(raw_version, requirement: nil)
 
       sig { override.returns(T::Boolean) }
       def deprecated?
-        false
+        return false if unsupported?
+        return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning)
+
+        deprecated_versions.include?(version)
       end
 
       sig { override.returns(T::Boolean) }
       def unsupported?
-        false
+        return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error)
+
+        supported_versions.all? { |supported| supported > version }
       end
     end
 
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb
index 77ac6c251b..f0e68da32a 100644
--- a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb
+++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb
@@ -38,6 +38,54 @@
     it "returns false" do
       expect(package_manager.deprecated?).to be false
     end
+
+    context "with feature flag npm_v6_deprecation_warning" do
+      before do
+        allow(Dependabot::Experiments).to receive(:enabled?)
+          .with(:npm_v6_deprecation_warning)
+          .and_return(deprecation_enabled)
+        allow(Dependabot::Experiments).to receive(:enabled?)
+          .with(:npm_v6_unsupported_error)
+          .and_return(unsupported_enabled)
+      end
+
+      context "when npm_v6_deprecation_warning is enabled and version is deprecated" do
+        let(:deprecation_enabled) { true }
+        let(:unsupported_enabled) { false }
+
+        it "returns true" do
+          expect(package_manager.deprecated?).to be true
+        end
+      end
+
+      context "when npm_v6_deprecation_warning is enabled but version is not deprecated" do
+        let(:version) { "9" }
+        let(:deprecation_enabled) { true }
+        let(:unsupported_enabled) { false }
+
+        it "returns false" do
+          expect(package_manager.deprecated?).to be false
+        end
+      end
+
+      context "when npm_v6_deprecation_warning is disabled" do
+        let(:deprecation_enabled) { false }
+        let(:unsupported_enabled) { false }
+
+        it "returns false" do
+          expect(package_manager.deprecated?).to be false
+        end
+      end
+
+      context "when version is unsupported" do
+        let(:deprecation_enabled) { true }
+        let(:unsupported_enabled) { true }
+
+        it "returns false, as unsupported takes precedence" do
+          expect(package_manager.deprecated?).to be false
+        end
+      end
+    end
   end
 
   describe "#unsupported?" do
@@ -46,5 +94,65 @@
     it "returns false for supported versions" do
       expect(package_manager.unsupported?).to be false
     end
+
+    context "with feature flag npm_v6_unsupported_error" do
+      before do
+        allow(Dependabot::Experiments).to receive(:enabled?)
+          .with(:npm_v6_unsupported_error)
+          .and_return(unsupported_enabled)
+      end
+
+      context "when npm_v6_unsupported_error is enabled and version is unsupported" do
+        let(:version) { "6" }
+        let(:unsupported_enabled) { true }
+
+        it "returns true" do
+          expect(package_manager.unsupported?).to be true
+        end
+      end
+
+      context "when npm_v6_unsupported_error is enabled but version is supported" do
+        let(:version) { "7" }
+        let(:unsupported_enabled) { true }
+
+        it "returns false" do
+          expect(package_manager.unsupported?).to be false
+        end
+      end
+
+      context "when npm_v6_unsupported_error is disabled" do
+        let(:unsupported_enabled) { false }
+
+        it "returns false" do
+          expect(package_manager.unsupported?).to be false
+        end
+      end
+    end
+  end
+
+  describe "#raise_if_unsupported!" do
+    before do
+      allow(Dependabot::Experiments).to receive(:enabled?)
+        .with(:npm_v6_unsupported_error)
+        .and_return(unsupported_enabled)
+    end
+
+    context "when npm_v6_unsupported_error is enabled and version is unsupported" do
+      let(:version) { "6" }
+      let(:unsupported_enabled) { true }
+
+      it "raises a ToolVersionNotSupported error" do
+        expect { package_manager.raise_if_unsupported! }.to raise_error(Dependabot::ToolVersionNotSupported)
+      end
+    end
+
+    context "when npm_v6_unsupported_error is disabled" do
+      let(:version) { "6" }
+      let(:unsupported_enabled) { false }
+
+      it "does not raise an error" do
+        expect { package_manager.raise_if_unsupported! }.not_to raise_error
+      end
+    end
   end
 end