diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb index 03442155d57..b3d35bb2cb4 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb @@ -59,7 +59,9 @@ def update_subdependency_in_lockfile(lockfile) lockfile_name = Pathname.new(lockfile.name).basename.to_s path = Pathname.new(lockfile.name).dirname.to_s - updated_files = if lockfile.name.end_with?("yarn.lock") + updated_files = if lockfile.name.end_with?("yarn.lock") && yarn_berry?(lockfile) + run_yarn_berry_updater(path, lockfile_name) + elsif lockfile.name.end_with?("yarn.lock") run_yarn_updater(path, lockfile_name) else run_npm_updater(path, lockfile_name, lockfile.content) @@ -68,6 +70,15 @@ def update_subdependency_in_lockfile(lockfile) updated_files.fetch(lockfile_name) end + def yarn_berry?(yarn_lock) + return false unless Experiments.enabled?(:yarn_berry) + + yaml = YAML.safe_load(yarn_lock.content) + yaml.key?("__metadata") + rescue StandardError + false + end + def version_from_updated_lockfiles(updated_lockfiles) updated_files = dependency_files - dependency_files_builder.yarn_locks - @@ -109,6 +120,17 @@ def run_yarn_updater(path, lockfile_name) sleep(rand(3.0..10.0)) && retry end + def run_yarn_berry_updater(path, lockfile_name) + SharedHelpers.with_git_configured(credentials: credentials) do + Dir.chdir(path) do + Helpers.run_yarn_commands( + "yarn up -R #{dependency.name}" + ) + { lockfile_name => File.read(lockfile_name) } + end + end + end + def run_npm_updater(path, lockfile_name, lockfile_content) SharedHelpers.with_git_configured(credentials: credentials) do Dir.chdir(path) do