class Dependabot::NpmAndYarn::UpdateChecker::ConflictingDependencyResolver
Attributes
credentials[R]
dependency_files[R]
Public Class Methods
new(dependency_files:, credentials:)
click to toggle source
# File lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb, line 17 def initialize(dependency_files:, credentials:) @dependency_files = dependency_files @credentials = credentials end
Public Instance Methods
conflicting_dependencies(dependency:, target_version:)
click to toggle source
Finds any dependencies in the `yarn.lock` or `package-lock.json` that have a subdependency on the given dependency that does not satisfly the target_version.
@param dependency [Dependabot::Dependency] the dependency to check @param target_version [String] the version to check @return [Array<Hash{String => String}]
* name [String] the blocking dependencies name * version [String] the version of the blocking dependency * requirement [String] the requirement on the target_dependency
# File lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb, line 32 def conflicting_dependencies(dependency:, target_version:) SharedHelpers.in_a_temporary_directory do dependency_files_builder = DependencyFilesBuilder.new( dependency: dependency, dependency_files: dependency_files, credentials: credentials ) dependency_files_builder.write_temporary_dependency_files # TODO: Look into using npm/arborist for parsing yarn lockfiles (there's currently partial yarn support) # # Prefer the npm conflicting dependency parser if there's both a npm lockfile and a yarn.lock file as the # npm parser handles edge cases where the package.json is out of sync with the lockfile, something the yarn # parser doesn't deal with at the moment. if dependency_files_builder.package_locks.any? || dependency_files_builder.shrinkwraps.any? SharedHelpers.run_helper_subprocess( command: NativeHelpers.helper_path, function: "npm:findConflictingDependencies", args: [Dir.pwd, dependency.name, target_version.to_s] ) else SharedHelpers.run_helper_subprocess( command: NativeHelpers.helper_path, function: "yarn:findConflictingDependencies", args: [Dir.pwd, dependency.name, target_version.to_s] ) end end rescue SharedHelpers::HelperSubprocessFailed [] end