class Danger::DangerWCC::Dependencies
Constants
- DEFAULT_OPTIONS
Public Class Methods
new(plugin, options = {})
click to toggle source
# File lib/wcc/dependencies.rb, line 20 def initialize(plugin, options = {}) @plugin = plugin @options = DEFAULT_OPTIONS.merge(options) end
Public Instance Methods
perform()
click to toggle source
# File lib/wcc/dependencies.rb, line 25 def perform return unless File.exist?(@options[:lockfile]) find_yarn_violations end
yarn_info()
click to toggle source
# File lib/wcc/dependencies.rb, line 15 def yarn_info @yarn_info ||= Danger::DangerWCC::Util::YarnInfo.new(self, @options) end
Private Instance Methods
dangerous_change?(old_version, new_version)
click to toggle source
# File lib/wcc/dependencies.rb, line 86 def dangerous_change?(old_version, new_version) # the package was deleted return true unless new_version old_segments = old_version.segments new_segments = new_version.segments # the major or minor version changed. new_segments[0] > old_segments[0] || new_segments[1] > old_segments[1] end
find_yarn_violations()
click to toggle source
# File lib/wcc/dependencies.rb, line 47 def find_yarn_violations # rubocop:disable Metrics/AbcSize, Metrics/MethodLength # if there are any explicit major version changes in top level deps, # say nothing about anything b/c it'll likely be noisy has_explicit_mods = yarn_info.modified_yarn_dependencies .slice(*yarn_info.package_json_changes) .any? { |_, v| major_version_change?(v[0], v[1]) } return if has_explicit_mods # Do say something if top level minor version change induces dangerous # changes in other deps mods = yarn_info.modified_yarn_dependencies .select { |_, versions| dangerous_change?(versions[0], versions[1]) } has_dangerous_top_level_changes = false mods.slice(*yarn_info.package_json_dependencies) .each do |package, versions| has_dangerous_top_level_changes = true issue_yarn_violation(package, versions) end # issue warnings if a sub-dependency changed without a dangerous change in # a top level dependency return if has_dangerous_top_level_changes mods.except(*yarn_info.package_json_dependencies) .each do |package, versions| issue_yarn_violation(package, versions) end end
issue_yarn_violation(package, versions)
click to toggle source
# File lib/wcc/dependencies.rb, line 33 def issue_yarn_violation(package, versions) line_index = yarn_info.find_index_in_lockfile(package, versions[1]) msg = "Dangerous change! #{package} was updated "\ "from #{versions[0]} to #{versions[1]}"\ ' without a corresponding change to package.json!' plugin.public_send( @options[:severity], msg, file: @options[:lockfile], line: line_index ) end
major_version_change?(old_version, new_version)
click to toggle source
# File lib/wcc/dependencies.rb, line 80 def major_version_change?(old_version, new_version) return false unless new_version new_version.segments[0] > old_version.segments[0] end