diff --git a/bun/spec/dependabot/bun/file_updater_spec.rb b/bun/spec/dependabot/bun/file_updater_spec.rb index 9846f0a0709..623e3c9f85a 100644 --- a/bun/spec/dependabot/bun/file_updater_spec.rb +++ b/bun/spec/dependabot/bun/file_updater_spec.rb @@ -66,8 +66,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) allow(Dependabot::Experiments).to receive(:enabled?) .with(:avoid_duplicate_updates_package_json).and_return(false) end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb index 1cafe0f2a62..ffad678b688 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb @@ -48,13 +48,7 @@ module Helpers # rubocop:disable Metrics/ModuleLength # Otherwise, we are going to use old versionining npm 6 sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) } def self.npm_version_numeric(lockfile) - return npm_version_numeric_latest(lockfile) if Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning) - - fallback_version_npm8 = Dependabot::Experiments.enabled?(:npm_fallback_version_above_v6) - - return npm_version_numeric_npm8_or_higher(lockfile) if fallback_version_npm8 - - npm_version_numeric_npm6_or_higher(lockfile) + npm_version_numeric_latest(lockfile) end sig { params(lockfile: T.nilable(DependencyFile)).returns(Integer) } @@ -184,10 +178,6 @@ def self.fetch_yarnrc_yml_value(key, default_value) def self.npm8?(package_lock) return true unless package_lock&.content - if Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning) - return npm_version_numeric_latest(package_lock) >= NPM_V8 - end - npm_version_numeric(package_lock) == NPM_V8 end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/npm_package_manager.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/npm_package_manager.rb index 07dc7650e3f..74d09da6ca3 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/npm_package_manager.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/npm_package_manager.rb @@ -45,20 +45,6 @@ def initialize(detected_version: nil, raw_version: nil, requirement: nil) requirement: requirement ) end - - sig { override.returns(T::Boolean) } - def deprecated? - return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning) - - super - end - - sig { override.returns(T::Boolean) } - def unsupported? - return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error) - - super - end end end end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index 9d6f2a10b85..38d5e76eb8d 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -597,6 +597,8 @@ context "with a package-lock.json file but no yarn.lock" do before do + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) + stub_request(:get, url + "?ref=sha") .with(headers: { "Authorization" => "token token" }) .to_return( @@ -607,13 +609,6 @@ stub_request(:get, File.join(url, "yarn.lock?ref=sha")) .with(headers: { "Authorization" => "token token" }) .to_return(status: 404) - stub_request(:get, File.join(url, "package-lock.json?ref=sha")) - .with(headers: { "Authorization" => "token token" }) - .to_return( - status: 200, - body: fixture("github", "package_lock_content.json"), - headers: json_header - ) end it "fetches the package.json and package-lock.json" do @@ -623,13 +618,14 @@ it "parses the npm lockfile" do expect(file_fetcher_instance.ecosystem_versions).to eq( - { package_managers: { "npm" => 6 } } + { package_managers: { "npm" => 8 } } ) end end context "with both a package-lock.json file and a yarn.lock" do before do + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) stub_request(:get, url + "?ref=sha") .with(headers: { "Authorization" => "token token" }) .to_return( @@ -660,7 +656,7 @@ it "parses the package manager version" do expect(file_fetcher_instance.ecosystem_versions).to eq( - { package_managers: { "npm" => 6, "yarn" => 1 } } + { package_managers: { "npm" => 8, "yarn" => 1 } } ) end end @@ -1379,6 +1375,12 @@ "bun.lock?ref=sha" ).with(headers: { "Authorization" => "token token" }) .to_return(status: 404) + stub_request( + :get, + "https://api.github.com/repos/gocardless/bump/contents/" \ + "pnpm-workspace.yaml?ref=sha" + ).with(headers: { "Authorization" => "token token" }) + .to_return(status: 404) end it "fetches package.json from the workspace dependencies" do @@ -1954,6 +1956,12 @@ "bun.lock?ref=sha" ).with(headers: { "Authorization" => "token token" }) .to_return(status: 404) + stub_request( + :get, + "https://api.github.com/repos/gocardless/bump/contents/" \ + "pnpm-workspace.yaml?ref=sha" + ).with(headers: { "Authorization" => "token token" }) + .to_return(status: 404) end it "fetches package.json from the workspace dependencies" do @@ -2180,6 +2188,7 @@ context "with both packageManager with version and valid engines fields (yarn)" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") @@ -2202,6 +2211,7 @@ context "with both packageManager with version and valid engines fields (pnpm)" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") @@ -2247,6 +2257,7 @@ context "with only packageManager and no engines fields (yarn)" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") @@ -2270,6 +2281,7 @@ context "with packageManager and engines fields with engine field having non relevant version (pnpm)" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") @@ -2293,6 +2305,7 @@ context "with packageManager and engines fields with engine field having non relevant version (yarn)" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") @@ -2316,6 +2329,7 @@ context "with both packageManager and engines fields of same package-manager" do before do Dependabot::Experiments.register(:enable_pnpm_yarn_dynamic_engine, true) + Dependabot::Experiments.register(:npm_fallback_version_above_v6, true) allow(file_fetcher_instance).to receive(:commit).and_return("sha") diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb index 23dbfe0067c..41a7084e860 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_parser_spec.rb @@ -44,8 +44,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) end after do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb index 8cdb390e19b..1322a7e554a 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb @@ -74,8 +74,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) allow(Dependabot::Experiments).to receive(:enabled?) .with(:avoid_duplicate_updates_package_json).and_return(false) end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb index 7f3366cc70f..2a3be75d122 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb @@ -70,8 +70,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) allow(Dependabot::Experiments).to receive(:enabled?) .with(:avoid_duplicate_updates_package_json).and_return(false) end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb index 367bbc2976c..f0b72a1e7c5 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/helpers_spec.rb @@ -370,7 +370,7 @@ context "when the feature flag :enable_corepack_for_npm_and_yarn is enabled" do before do allow(Dependabot::Experiments).to receive(:enabled?).with(:enable_corepack_for_npm_and_yarn).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?).with(:npm_v6_deprecation_warning).and_return(true) + allow(Dependabot::Experiments).to receive(:enabled?).with(:npm_fallback_version_above_v6).and_return(true) end it "returns true if lockfileVersion is 3 or higher" do @@ -393,17 +393,11 @@ context "when the feature flag :enable_corepack_for_npm_and_yarn is disabled" do before do allow(Dependabot::Experiments).to receive(:enabled?).with(:enable_corepack_for_npm_and_yarn).and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(true) end context "when :npm_fallback_version_above_v6 is enabled" do before do allow(Dependabot::Experiments).to receive(:enabled?).with(:npm_fallback_version_above_v6).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(true) end it "returns true if lockfileVersion is 2 or higher" do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb index 8de1a03ed59..53673538d58 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb @@ -43,132 +43,56 @@ end describe "#deprecated?" do - let(:detected_version) { "6" } - let(:raw_version) { "8.0.1" } - it "returns false" do expect(package_manager.deprecated?).to be false end - context "with feature flag npm_v6_deprecation_warning" do - before do - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(deprecation_enabled) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(unsupported_enabled) - end - - context "when npm_v6_deprecation_warning is enabled and version is deprecated" do - let(:deprecation_enabled) { true } - let(:unsupported_enabled) { false } - - it "returns true" do - expect(package_manager.deprecated?).to be true - end - end - - context "when npm_v6_deprecation_warning is enabled but version is not deprecated" do - let(:detected_version) { "9" } - let(:deprecation_enabled) { true } - let(:unsupported_enabled) { false } + context "when detected version is unsupported" do + let(:detected_version) { "6" } - it "returns false" do - expect(package_manager.deprecated?).to be false - end + it "returns false as unsupported takes precedence" do + expect(package_manager.deprecated?).to be false end + end - context "when npm_v6_deprecation_warning is disabled" do - let(:deprecation_enabled) { false } - let(:unsupported_enabled) { false } + context "when detected version is deprecated but not unsupported" do + let(:detected_version) { "6" } - it "returns false" do - expect(package_manager.deprecated?).to be false - end + before do + allow(package_manager).to receive(:unsupported?).and_return(false) end - context "when version is unsupported" do - let(:deprecation_enabled) { true } - let(:unsupported_enabled) { true } - - it "returns false, as unsupported takes precedence" do - expect(package_manager.deprecated?).to be false - end + it "returns true" do + expect(package_manager.deprecated?).to be true end end end describe "#unsupported?" do - let(:detected_version) { "5" } - let(:raw_version) { "8.0.1" } - - it "returns false for supported versions" do + it "returns false" do expect(package_manager.unsupported?).to be false end - context "with feature flag npm_v6_unsupported_error" do - before do - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(unsupported_enabled) - end - - context "when npm_v6_unsupported_error is enabled and version is unsupported" do - let(:detected_version) { "6" } - let(:raw_version) { "8.0.1" } - - let(:unsupported_enabled) { true } - - it "returns true" do - expect(package_manager.unsupported?).to be true - end - end - - context "when npm_v6_unsupported_error is enabled but version is supported" do - let(:detected_version) { "7" } - let(:raw_version) { "8.0.1" } - - let(:unsupported_enabled) { true } - - it "returns false" do - expect(package_manager.unsupported?).to be false - end - end - - context "when npm_v6_unsupported_error is disabled" do - let(:unsupported_enabled) { false } + context "when version is unsupported" do + let(:detected_version) { "6" } - it "returns false" do - expect(package_manager.unsupported?).to be false - end + it "returns true" do + expect(package_manager.unsupported?).to be true end end end describe "#raise_if_unsupported!" do - before do - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(unsupported_enabled) + it "does not raise error" do + expect { package_manager.raise_if_unsupported! }.not_to raise_error end - context "when npm_v6_unsupported_error is enabled and version is unsupported" do + context "when detected version is deprecated" do let(:detected_version) { "6" } - let(:unsupported_enabled) { true } it "raises a ToolVersionNotSupported error" do expect { package_manager.raise_if_unsupported! }.to raise_error(Dependabot::ToolVersionNotSupported) end end - - context "when npm_v6_unsupported_error is disabled" do - let(:detected_version) { "6" } - let(:unsupported_enabled) { false } - - it "does not raise an error" do - expect { package_manager.raise_if_unsupported! }.not_to raise_error - end - end end end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/package_manager_helper_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/package_manager_helper_spec.rb index 59a79597460..6040aa227da 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/package_manager_helper_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/package_manager_helper_spec.rb @@ -73,12 +73,6 @@ allow(Dependabot::Experiments).to receive(:enabled?) .with(:npm_fallback_version_above_v6) .and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(false) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout) .and_return(true) @@ -139,39 +133,6 @@ end end - context "when package manager has been deprecated" do - subject(:package_manager) { helper.package_manager } - - let(:lockfiles) { { npm: npm_lockfile } } - let(:package_json) { { "packageManager" => "npm@6" } } - let(:npm_lockfile) do - instance_double( - Dependabot::DependencyFile, - name: "package-lock.json", - content: <<~LOCKFILE - { - "name": "example-npm-project", - "version": "1.0.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-abc123" - } - } - } - LOCKFILE - ) - end - - it "returns the deprecated package manager" do - expect(package_manager.deprecated?).to be true - expect(package_manager.detected_version.to_s).to eq "6" - end - end - context "when package manager is no longer supported" do subject(:package_manager) { helper.package_manager } @@ -203,12 +164,6 @@ allow(Dependabot::Experiments).to receive(:enabled?) .with(:npm_fallback_version_above_v6) .and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(true) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout) .and_return(true) @@ -253,12 +208,6 @@ allow(Dependabot::Experiments).to receive(:enabled?) .with(:npm_fallback_version_above_v6) .and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning) - .and_return(false) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_unsupported_error) - .and_return(true) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout) .and_return(true) diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver_spec.rb index 290a2e6b4d2..10247cb1719 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver_spec.rb @@ -43,8 +43,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) end after do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb index 778745eb63a..05a001c0a4b 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb @@ -85,8 +85,6 @@ .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) end after do diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb index cb2f35b6e11..1af401cf5a5 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb @@ -73,8 +73,6 @@ .with(:npm_fallback_version_above_v6).and_return(npm_fallback_version_above_v6_enabled) allow(Dependabot::Experiments).to receive(:enabled?) .with(:enable_shared_helpers_command_timeout).and_return(true) - allow(Dependabot::Experiments).to receive(:enabled?) - .with(:npm_v6_deprecation_warning).and_return(true) end after do diff --git a/npm_and_yarn/spec/fixtures/projects/generic/package_manager_with_ver_with_no_engine_info_pnpm/package.json b/npm_and_yarn/spec/fixtures/projects/generic/package_manager_with_ver_with_no_engine_info_pnpm/package.json index 64d49bba981..2afec3874cb 100644 --- a/npm_and_yarn/spec/fixtures/projects/generic/package_manager_with_ver_with_no_engine_info_pnpm/package.json +++ b/npm_and_yarn/spec/fixtures/projects/generic/package_manager_with_ver_with_no_engine_info_pnpm/package.json @@ -7,7 +7,7 @@ "engines": { "node": "^18.12.1", "yarn": "1.2.3", - "npm": "2.3.2" + "npm": "11.0.0" }, "private": true, "packageManager": "pnpm@9.5.0" diff --git a/npm_and_yarn/spec/fixtures/projects/generic/with_package_manager_and_pnpm_npm_engine_info/package.json b/npm_and_yarn/spec/fixtures/projects/generic/with_package_manager_and_pnpm_npm_engine_info/package.json index 8284f0da8b7..f1c85d8ff7f 100644 --- a/npm_and_yarn/spec/fixtures/projects/generic/with_package_manager_and_pnpm_npm_engine_info/package.json +++ b/npm_and_yarn/spec/fixtures/projects/generic/with_package_manager_and_pnpm_npm_engine_info/package.json @@ -7,7 +7,7 @@ "engines": { "node": "^18.12.1", "yarn": "<=1.9.1", - "npm": "3.9.1", + "npm": "11.1.1", "pnpm": "8.9.1" }, "private": true,