implement bun update

[alexlamsl]

• analogous to npm update
• bun update <name> to refresh specified package under package.json
• bun update to refresh all package to latest versions

What does this PR do?

• Documentation or TypeScript types (it's okay to leave the rest blank in this case)
• Code changes

How did you verify your code works?

• I checked the lifetime of memory allocated to verify it's (1) freed and (2) only freed when it should be
• I or my editor ran zig fmt on the changed files
• I included a test for the new code, or an existing test covers it
• JSValue used outside outside of the stack is either wrapped in a JSC.Strong or is JSValueProtect'ed

[Jarred-Sumner]

Can you add a test with dependencies of dependencies that get updated?

From reading the code, I'm a little confused why this works when the dependency is not passed in the list. Where does it choose to update the package?

I'm also wondering how it deals with version tags like "latest", if those get updated. And if "*" is chosen.

[alexlamsl]

From reading the code, I'm a little confused why this works when the dependency is not passed in the list. Where does it choose to update the package?

I'm assuming you meant bun update without any package names − in which case PackageManager.package_json_updates would indeed an empty list, but since we've set .to_update = true we can differentiate this and mark all existing packages to be updated.

I'm also wondering how it deals with version tags like "latest", if those get updated. And if "*" is chosen.

Same way as it would be handled by bun install without an existing lockfile, which is covered here IIRC:

bun/test/cli/install/bun-install.test.ts

Lines 1228 to 1288 in f2f2277

	it("should prefer latest-tagged dependency", async () => {
	const urls: string[] = [];
	setHandler(
	dummyRegistry(urls, {
	"0.0.3": {
	bin: {
	"baz-run": "index.js",
	},
	},
	"0.0.5": {
	bin: {
	"baz-exec": "index.js",
	},
	},
	latest: "0.0.3",
	}),
	);
	await writeFile(
	join(package_dir, "package.json"),
	JSON.stringify({
	name: "foo",
	version: "0.0.1",
	dependencies: {
	baz: "~0.0.2",
	},
	}),
	);
	const { stdout, stderr, exited } = spawn({
	cmd: [bunExe(), "install"],
	cwd: package_dir,
	stdout: null,
	stdin: "pipe",
	stderr: "pipe",
	env,
	});
	expect(stderr).toBeDefined();
	const err = await new Response(stderr).text();
	expect(err).toContain("Saved lockfile");
	expect(stdout).toBeDefined();
	const out = await new Response(stdout).text();
	expect(out.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
	" + baz@0.0.3",
	"",
	" 1 packages installed",
	]);
	expect(await exited).toBe(0);
	expect(urls.sort()).toEqual([`${root_url}/baz`, `${root_url}/baz-0.0.3.tgz`]);
	expect(requested).toBe(2);
	expect(await readdirSorted(join(package_dir, "node_modules"))).toEqual([".bin", ".cache", "baz"]);
	expect(await readdirSorted(join(package_dir, "node_modules", ".bin"))).toEqual(["baz-run"]);
	expect(await readlink(join(package_dir, "node_modules", ".bin", "baz-run"))).toBe(join("..", "baz", "index.js"));
	expect(await readdirSorted(join(package_dir, "node_modules", "baz"))).toEqual(["index.js", "package.json"]);
	expect(await file(join(package_dir, "node_modules", "baz", "package.json")).json()).toEqual({
	name: "baz",
	version: "0.0.3",
	bin: {
	"baz-run": "index.js",
	},
	});
	await access(join(package_dir, "bun.lockb"));
	});

Can you add a test with dependencies of dependencies that get updated?

Will do 👌

[Jarred-Sumner]

We need to update zsh/fish/bash completions to add the update command.

[Jarred-Sumner]

Thank you