-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* save remediations * enhance and export NpmResponse * sort branch lists * transitive remediation init * update-lockfile not bump * version not value * remediate package.json * isVulnerabilityAlert * simplify config * fix circular * update snapshots * add config and docs * TODO * flatten tests * remediation -> update * lots of renames * improve readability * refactor * remove fetch * more tests * reduce fiixtures sizes * more tests * fix parent null * remove exec * explicit false * fix * Apply suggestions from code review Co-authored-by: Michael Kriese <[email protected]> * use type-fest PackageJson * more tests * coverage * Update lib/workers/branch/get-updated.ts Co-authored-by: Michael Kriese <[email protected]>
- Loading branch information
Showing
35 changed files
with
1,262 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
export { bumpPackageVersion } from './package-version'; | ||
export { updateDependency } from './dependency'; | ||
export { updateLockedDependency } from './locked-dependency'; | ||
export { bumpPackageVersion } from './package-version'; |
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/accepts.json
Large diffs are not rendered by default.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/express.json
Large diffs are not rendered by default.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/mime.json
Large diffs are not rendered by default.
Oops, something went wrong.
164 changes: 164 additions & 0 deletions
164
lib/manager/npm/update/locked-dependency/__fixtures__/package-lock.json
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
5 changes: 5 additions & 0 deletions
5
lib/manager/npm/update/locked-dependency/__fixtures__/package.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"dependencies": { | ||
"express": "4.0.0" | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/send.json
Large diffs are not rendered by default.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/serve-static.json
Large diffs are not rendered by default.
Oops, something went wrong.
1 change: 1 addition & 0 deletions
1
lib/manager/npm/update/locked-dependency/__fixtures__/type-is.json
Large diffs are not rendered by default.
Oops, something went wrong.
29 changes: 29 additions & 0 deletions
29
lib/manager/npm/update/locked-dependency/__snapshots__/dep-constraints.spec.ts.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`manager/npm/update/locked-dependency/dep-constraints findDepConstraints() finds direct dependency 1`] = ` | ||
Array [ | ||
Object { | ||
"constraint": "4.0.0", | ||
"depType": "dependencies", | ||
}, | ||
] | ||
`; | ||
|
||
exports[`manager/npm/update/locked-dependency/dep-constraints findDepConstraints() finds direct devDependency 1`] = ` | ||
Array [ | ||
Object { | ||
"constraint": "4.0.0", | ||
"depType": "devDependencies", | ||
}, | ||
] | ||
`; | ||
|
||
exports[`manager/npm/update/locked-dependency/dep-constraints findDepConstraints() finds indirect dependency 1`] = ` | ||
Array [ | ||
Object { | ||
"constraint": "0.2.0", | ||
"parentDepName": "express", | ||
"parentVersion": "4.0.0", | ||
}, | ||
] | ||
`; |
46 changes: 46 additions & 0 deletions
46
lib/manager/npm/update/locked-dependency/__snapshots__/get-locked.spec.ts.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`manager/npm/update/locked-dependency/get-locked getLockedDependencies() finds direct dependency 1`] = ` | ||
Array [ | ||
Object { | ||
"integrity": "sha1-J03IKTPJ9XTMOKDOXqgXK+nGsJQ=", | ||
"requires": Object { | ||
"accepts": "1.0.0", | ||
"buffer-crc32": "0.2.1", | ||
"cookie": "0.1.0", | ||
"cookie-signature": "1.0.3", | ||
"debug": ">= 0.7.3 < 1", | ||
"escape-html": "1.0.1", | ||
"fresh": "0.2.2", | ||
"merge-descriptors": "0.0.2", | ||
"methods": "0.1.0", | ||
"parseurl": "1.0.1", | ||
"path-to-regexp": "0.1.2", | ||
"qs": "0.6.6", | ||
"range-parser": "1.0.0", | ||
"send": "0.2.0", | ||
"serve-static": "1.0.1", | ||
"type-is": "1.0.0", | ||
"utils-merge": "1.0.0", | ||
}, | ||
"resolved": "https://registry.npmjs.org/express/-/express-4.0.0.tgz", | ||
"version": "4.0.0", | ||
}, | ||
] | ||
`; | ||
|
||
exports[`manager/npm/update/locked-dependency/get-locked getLockedDependencies() finds indirect dependency 1`] = ` | ||
Array [ | ||
Object { | ||
"integrity": "sha1-Bnq/Rc/4v/spy9t0OXJbMjiKLFg=", | ||
"requires": Object { | ||
"debug": "*", | ||
"fresh": "~0.2.1", | ||
"mime": "~1.2.9", | ||
"range-parser": "~1.0.0", | ||
}, | ||
"resolved": "https://registry.npmjs.org/send/-/send-0.2.0.tgz", | ||
"version": "0.2.0", | ||
}, | ||
] | ||
`; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
export interface PackageLockDependency { | ||
version: string; | ||
resolved?: string; | ||
integrity?: string; | ||
dependencies?: Record<string, PackageLockDependency>; | ||
} | ||
|
||
export type PackageLockDependencies = Record<string, PackageLockDependency>; | ||
|
||
export interface PackageLockOrEntry { | ||
lockfileVersion?: number; | ||
version?: string; | ||
dependencies?: PackageLockDependencies; | ||
requires?: Record<string, string>; | ||
} | ||
|
||
export interface ParentDependency { | ||
parentDepName?: string; | ||
parentVersion?: string; | ||
constraint: string; | ||
depType?: string; | ||
} |
36 changes: 36 additions & 0 deletions
36
lib/manager/npm/update/locked-dependency/dep-constraints.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import { readFileSync } from 'fs'; | ||
import { resolve } from 'upath'; | ||
import { getName } from '../../../../../test/util'; | ||
import { findDepConstraints } from './dep-constraints'; | ||
|
||
jest.mock('../../../../util/fs'); | ||
|
||
const packageJson = JSON.parse( | ||
readFileSync(resolve(__dirname, './__fixtures__/package.json'), 'utf8') | ||
); | ||
const packageLockJson = JSON.parse( | ||
readFileSync(resolve(__dirname, './__fixtures__/package-lock.json'), 'utf8') | ||
); | ||
|
||
describe(getName(__filename), () => { | ||
describe('findDepConstraints()', () => { | ||
it('finds indirect dependency', () => { | ||
expect( | ||
findDepConstraints(packageJson, packageLockJson, 'send', '0.2.0') | ||
).toMatchSnapshot(); | ||
}); | ||
it('finds direct dependency', () => { | ||
expect( | ||
findDepConstraints(packageJson, packageLockJson, 'express', '4.0.0') | ||
).toMatchSnapshot(); | ||
}); | ||
it('finds direct devDependency', () => { | ||
const packageJsonDev = { ...packageJson }; | ||
packageJsonDev.devDependencies = packageJsonDev.dependencies; | ||
delete packageJsonDev.dependencies; | ||
expect( | ||
findDepConstraints(packageJsonDev, packageLockJson, 'express', '4.0.0') | ||
).toMatchSnapshot(); | ||
}); | ||
}); | ||
}); |
Oops, something went wrong.