Skip to content

Commit

Permalink
Return deprecated version if user requests it so that we can trigger …
Browse files Browse the repository at this point in the history 
…warning or logging (#11155)

* Return deprecated version if user requests it

* Move rubocop disable to be consistent with earlier example
  • Loading branch information
@amazimbe
amazimbe authored Dec 19, 2024
1 parent 282d52f commit 5772445
Show file tree
Hide file tree
Showing 2 changed files with 148 additions and 1 deletion.
13 changes: 12 additions & 1 deletion npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,7 @@ def find_engine_constraints_as_requirement(name)
# rubocop:disable Metrics/CyclomaticComplexity
# rubocop:disable Metrics/AbcSize
# rubocop:disable Metrics/PerceivedComplexity
# rubocop:disable Metrics/MethodLength
sig { params(name: String).returns(T.nilable(T.any(Integer, String))) }
def setup(name)
# we prioritize version mentioned in "packageManager" instead of "engines"
Expand All @@ -405,6 +406,8 @@ def setup(name)
return
end

return package_manager.version.to_s if package_manager.deprecated? || package_manager.unsupported?

if @engines && @manifest_package_manager.nil?
# if "packageManager" doesn't exists in manifest file,
# we check if we can extract "engines" information
Expand Down Expand Up @@ -453,6 +456,7 @@ def setup(name)
# rubocop:enable Metrics/CyclomaticComplexity
# rubocop:enable Metrics/AbcSize
# rubocop:enable Metrics/PerceivedComplexity
# rubocop:enable Metrics/MethodLength

sig { params(name: T.nilable(String)).returns(Ecosystem::VersionManager) }
def package_manager_by_name(name)
Expand All @@ -461,6 +465,13 @@ def package_manager_by_name(name)
name = ensure_valid_package_manager(name)
package_manager_class = T.must(PACKAGE_MANAGER_CLASSES[name])

if name == NpmPackageManager::NAME
detected_version = Helpers.npm_version_numeric_latest(@lockfiles[:npm])
package_manager = package_manager_class.new(detected_version.to_s)

return package_manager if package_manager.deprecated? || package_manager.unsupported?
end

installed_version = installed_version(name)
Dependabot.logger.info("Installed version for #{name}: #{installed_version}")

Expand All @@ -472,7 +483,7 @@ def package_manager_by_name(name)
end

package_manager_class.new(
installed_version,
installed_version.to_s,
requirement: package_manager_requirement
)
rescue StandardError => e
Expand Down
136 changes: 136 additions & 0 deletions npm_and_yarn/spec/dependabot/npm_and_yarn/package_manager_helper_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,142 @@
expect(helper.package_manager).to be_a(Dependabot::NpmAndYarn::NpmPackageManager)
end
end

context "when package manager has been deprecated" do
subject(:package_manager) { helper.package_manager }

let(:lockfiles) { { npm: npm_lockfile } }
let(:package_json) { { "packageManager" => "npm@6" } }
let(:npm_lockfile) do
instance_double(
Dependabot::DependencyFile,
name: "package-lock.json",
content: <<~LOCKFILE
{
"name": "example-npm-project",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-abc123"
}
}
}
LOCKFILE
)
end

before do
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_fallback_version_above_v6)
.and_return(false)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_deprecation_warning)
.and_return(true)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_unsupported_error)
.and_return(false)
end

it "returns the deprecated package manager" do
expect(package_manager.deprecated?).to be true
expect(package_manager.version.to_s).to eq "6"
end
end

context "when package manager is no longer supported" do
subject(:package_manager) { helper.package_manager }

let(:lockfiles) { { npm: npm_lockfile } }
let(:package_json) { { "packageManager" => "npm@6" } }
let(:npm_lockfile) do
instance_double(
Dependabot::DependencyFile,
name: "package-lock.json",
content: <<~LOCKFILE
{
"name": "example-npm-project",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-abc123"
}
}
}
LOCKFILE
)
end

before do
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_fallback_version_above_v6)
.and_return(false)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_deprecation_warning)
.and_return(false)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_unsupported_error)
.and_return(true)
end

it "returns the unsupported package manager" do
expect(package_manager.version.to_s).to eq "6"
expect(package_manager.unsupported?).to be true
end
end
end

describe "#setup" do
context "when lockfile specifies a deprecated version" do
subject(:package_manager) { helper.package_manager }

let(:lockfiles) { { npm: npm_lockfile } }
let(:package_json) { { "packageManager" => "npm@6" } }
let(:npm_lockfile) do
instance_double(
Dependabot::DependencyFile,
name: "package-lock.json",
content: <<~LOCKFILE
{
"name": "example-npm-project",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"lodash": {
"version": "4.17.21",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-abc123"
}
}
}
LOCKFILE
)
end

before do
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_fallback_version_above_v6)
.and_return(false)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_deprecation_warning)
.and_return(false)
allow(Dependabot::Experiments).to receive(:enabled?)
.with(:npm_v6_unsupported_error)
.and_return(true)
end

it "returns the deprecated version" do
expect(package_manager.version.to_s).to eq "6"
end
end
end

describe "#installed_version" do
Expand Down

0 comments on commit 5772445

Please sign in to comment.