-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Bun with bun.lock
#11209
Support Bun with bun.lock
#11209
Conversation
fea8765
to
4c0f1b0
Compare
# install from npm/cli/lib/pack.js as --ca="contents of ca file" - "ca" is | ||
# populated automatically by npm when setting "--cafile" and passed through in | ||
# when spawning the cli to install git dependencies. | ||
cafile=/usr/local/share/ca-certificates/dbot-ca.crt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A note for the reviewers: That CA file does not appear in the dev-shell. While npm and yarn silently ignore its absence, Bun throws an error since it can't be found. Let me know if this is okay to remove, it appears all the tests continue to pass without this.
Ready for review! The relevant tests run and are passing! Regarding the CI status, some of the e2e tests unrelated to this PR fail with a transient error:
|
|
||
return @bun_lock if @bun_lock || directory == "/" | ||
|
||
# Loop through parent directories looking for a pnpm-lock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Loop through parent directories looking for a pnpm-lock | |
# Loop through parent directories looking for a bun.lock |
|
||
version = content["lockfileVersion"] | ||
raise_invalid!("expected 'lockfileVersion' to be an integer") unless version.is_a?(Integer) | ||
raise_invalid!("expected 'lockfileVersion' to be >= 0") unless version >= 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps stick to version 0
only, until newer versions are known to be compatible?
Thank you so much @Electroid ! We'll try to expedite the reviews on our end |
Thanks for the PR @Electroid 🙇♂️ |
Thanks very much for this PR @Electroid Closed by #11267, #11268, #11287, and #11300 See also, #6528 (comment) |
What are you trying to accomplish?
This PR adds support for Bun, which is the most upvoted, open issue for Dependabot:
bun
#6528Bun is an
npm
-compatible package manager, so it has been added to thenpm_and_yarn
source code, alongside other package managers like yarn and pnpm.Previously, Bun used a binary lockfile,
bun.lockb
. In Bun 1.1.39, It was changed to a text-based format and renamed tobun.lock
. Support for previous binary lockfile is possible, but it's easier to just support the text-based one, since it's the new default.Here's an example
bun.lock
file.Example
Using the dry-run scripts, here's an example diff from Dependabot with Bun support.
Commands:
Output:
Anything you want to highlight for special attention from reviewers?
Of course, tests and fixtures have been added to test Bun! Let me know if I missed anything.
How will you know you've accomplished your goal?
Here is a random sample of repositories using
bun.lock
that you can try with the dry-run scripts:Checklist