dependabot · feelepxyz · Jan 14, 2021 · Jan 13, 2021 · Jan 13, 2021
@@ -61,6 +61,7 @@
 require "optparse"
 require "json"
 require "byebug"
+require "logger"
 
 require "dependabot/file_fetchers"
 require "dependabot/file_parsers"
@@ -85,6 +86,8 @@
 require "dependabot/python"
 require "dependabot/terraform"
 
+Dependabot.logger = Logger.new($stdout)
+
 # GitHub credentials with write permission to the repo you want to update
 # (so that you can create a new branch, commit and pull request).
 # If using a private registry it's also possible to add details of that here.

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "logger"
+
+module Dependabot
+  def self.logger
+    @logger ||= Logger.new(nil)
+  end
+
+  def self.logger=(logger)
+    @logger = logger
+  end
+end
@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
-require "dependabot/npm_and_yarn/file_updater"
+require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
-require "dependabot/npm_and_yarn/update_checker/registry_finder"
+require "dependabot/npm_and_yarn/file_updater"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/npm_and_yarn/update_checker/registry_finder"
 require "dependabot/shared_helpers"
-require "dependabot/errors"
 
 # rubocop:disable Metrics/ClassLength
 module Dependabot
@@ -32,7 +34,7 @@ def updated_lockfile_content(lockfile)
               lockfile_name = Pathname.new(lockfile.name).basename.to_s
               write_temporary_dependency_files(lockfile.name)
               updated_files = Dir.chdir(path) do
-                run_current_npm_update(lockfile_name: lockfile_name)
+                run_current_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
               end
               updated_content = updated_files.fetch(lockfile_name)
               post_process_npm_lockfile(lockfile.content, updated_content)
@@ -107,18 +109,19 @@ def top_level_dependency_update_not_required?(dependency,
           dependency.top_level? && requirements_for_path.empty?
         end
 
-        def run_current_npm_update(lockfile_name:)
+        def run_current_npm_update(lockfile_name:, lockfile_content:)
           top_level_dependency_updates = top_level_dependencies.map do |d|
             { name: d.name, version: d.version, requirements: d.requirements }
           end
 
           run_npm_updater(
             lockfile_name: lockfile_name,
-            top_level_dependency_updates: top_level_dependency_updates
+            top_level_dependency_updates: top_level_dependency_updates,
+            lockfile_content: lockfile_content
           )
         end
 
-        def run_previous_npm_update(lockfile_name:)
+        def run_previous_npm_update(lockfile_name:, lockfile_content:)
           previous_top_level_dependencies = top_level_dependencies.map do |d|
             {
               name: d.name,
@@ -129,25 +132,29 @@ def run_previous_npm_update(lockfile_name:)
 
           run_npm_updater(
             lockfile_name: lockfile_name,
-            top_level_dependency_updates: previous_top_level_dependencies
+            top_level_dependency_updates: previous_top_level_dependencies,
+            lockfile_content: lockfile_content
           )
         end
 
-        def run_npm_updater(lockfile_name:, top_level_dependency_updates:)
+        def run_npm_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
           SharedHelpers.with_git_configured(credentials: credentials) do
             if top_level_dependency_updates.any?
               run_npm_top_level_updater(
                 lockfile_name: lockfile_name,
-                top_level_dependency_updates: top_level_dependency_updates
+                top_level_dependency_updates: top_level_dependency_updates,
+                lockfile_content: lockfile_content
               )
             else
-              run_npm_subdependency_updater(lockfile_name: lockfile_name)
+              run_npm_subdependency_updater(lockfile_name: lockfile_name, lockfile_content: lockfile_content)
             end
           end
         end
 
-        def run_npm_top_level_updater(lockfile_name:,
-                                      top_level_dependency_updates:)
+        def run_npm_top_level_updater(lockfile_name:, top_level_dependency_updates:, lockfile_content:)
+          npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+          Dependabot.logger.info(npm_version)
+
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
             function: "npm6:update",
@@ -159,7 +166,10 @@ def run_npm_top_level_updater(lockfile_name:,
           )
         end
 
-        def run_npm_subdependency_updater(lockfile_name:)
+        def run_npm_subdependency_updater(lockfile_name:, lockfile_content:)
+          npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+          Dependabot.logger.info(npm_version)
+
           SharedHelpers.run_helper_subprocess(
             command: NativeHelpers.helper_path,
             function: "npm6:updateSubdependency",
@@ -341,7 +351,7 @@ def resolvable_before_update?(lockfile)
                 lockfile_name = Pathname.new(lockfile.name).basename.to_s
                 path = Pathname.new(lockfile.name).dirname.to_s
                 Dir.chdir(path) do
-                  run_previous_npm_update(lockfile_name: lockfile_name)
+                  run_previous_npm_update(lockfile_name: lockfile_name, lockfile_content: lockfile.content)
                 end
               end
 

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module NpmAndYarn
+    module Helpers
+      def self.npm_version(lockfile_content)
+        return "npm6" unless lockfile_content
+        return "npm7" if JSON.parse(lockfile_content)["lockfileVersion"] == 2
+
+        "npm6"
+      rescue JSON::ParserError
+        "npm6"
+      end
+    end
+  end
+end
@@ -2,7 +2,9 @@
 
 require "dependabot/dependency"
 require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
 require "dependabot/npm_and_yarn/update_checker"
 require "dependabot/npm_and_yarn/update_checker/dependency_files_builder"
@@ -43,6 +45,10 @@ def conflicting_dependencies(dependency:, target_version:)
             # parser doesn't deal with at the moment.
             if dependency_files_builder.package_locks.any? ||
                dependency_files_builder.shrinkwraps.any?
+              package_lock = dependency_files_builder.package_locks.find { |f| f.name == "package-lock.json" }
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
                 function: "npm6:findConflictingDependencies",

@@ -2,9 +2,11 @@
 
 require "dependabot/dependency"
 require "dependabot/errors"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
 require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
+require "dependabot/npm_and_yarn/helpers"
 require "dependabot/npm_and_yarn/native_helpers"
 require "dependabot/npm_and_yarn/sub_dependency_files_filterer"
 require "dependabot/npm_and_yarn/update_checker"
@@ -60,7 +62,7 @@ def update_subdependency_in_lockfile(lockfile)
           updated_files = if lockfile.name.end_with?("yarn.lock")
                             run_yarn_updater(path, lockfile_name)
                           else
-                            run_npm_updater(path, lockfile_name)
+                            run_npm_updater(path, lockfile_name, lockfile.content)
                           end
 
           updated_files.fetch(lockfile_name)
@@ -107,9 +109,12 @@ def run_yarn_updater(path, lockfile_name)
           sleep(rand(3.0..10.0)) && retry
         end
 
-        def run_npm_updater(path, lockfile_name)
+        def run_npm_updater(path, lockfile_name, lockfile_content)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(lockfile_content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
                 function: "npm6:updateSubdependency",

@@ -1,16 +1,18 @@
 # frozen_string_literal: true
 
+require "dependabot/errors"
 require "dependabot/git_commit_checker"
-require "dependabot/npm_and_yarn/update_checker"
-require "dependabot/npm_and_yarn/file_parser"
-require "dependabot/npm_and_yarn/version"
-require "dependabot/npm_and_yarn/requirement"
-require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/logger"
 require "dependabot/npm_and_yarn/dependency_files_filterer"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
+require "dependabot/npm_and_yarn/file_parser"
 require "dependabot/npm_and_yarn/file_updater/npmrc_builder"
 require "dependabot/npm_and_yarn/file_updater/package_json_preparer"
+require "dependabot/npm_and_yarn/helpers"
+require "dependabot/npm_and_yarn/native_helpers"
+require "dependabot/npm_and_yarn/requirement"
+require "dependabot/npm_and_yarn/update_checker"
+require "dependabot/npm_and_yarn/version"
+require "dependabot/shared_helpers"
 
 # rubocop:disable Metrics/ClassLength
 module Dependabot
@@ -413,6 +415,13 @@ def run_yarn_checker(path:, version:)
         def run_npm_checker(path:, version:)
           SharedHelpers.with_git_configured(credentials: credentials) do
             Dir.chdir(path) do
+              package_lock = dependency_files_builder.package_locks.find do |f|
+                # Find the lockfile that's in the current directory
+                f.name == [path, "package-lock.json"].join("/").sub(%r{\A.?\/}, "")
+              end
+              npm_version = Dependabot::NpmAndYarn::Helpers.npm_version(package_lock&.content)
+              Dependabot.logger.info(npm_version)
+
               SharedHelpers.run_helper_subprocess(
                 command: NativeHelpers.helper_path,
                 function: "npm6:checkPeerDependencies",