Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix parsing issues #47

Closed
wants to merge 2 commits into from
Closed

Fix parsing issues #47

wants to merge 2 commits into from

Conversation

erichs
Copy link

@erichs erichs commented Apr 13, 2021

@prabhu This attempts to fix two parsing issues, one related to comma-delimited package declarations, and the other related to "@-scoped" packages. I believe this minimal yarn.lock snippet demonstrates both edge cases here:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1

"@apollo/client@^3.1.5":
  version "3.2.5"
  resolved "https://registry.yarnpkg.com/@apollo/client/-/client-3.2.5.tgz#24e0a6faa1d231ab44807af237c6227410c75c4d"
  integrity sha512-zpruxnFMz6K94gs2pqc3sidzFDbQpKT5D6P/J/I9s8ekHZ5eczgnRp6pqXC86Bh7+44j/btpmOT0kwiboyqTnA==
  dependencies:
    "@graphql-typed-document-node/core" "^3.0.0"
    "@types/zen-observable" "^0.8.0"
    "@wry/context" "^0.5.2"
    "@wry/equality" "^0.2.0"
    fast-json-stable-stringify "^2.0.0"
    graphql-tag "^2.11.0"
    hoist-non-react-statics "^3.3.2"
    optimism "^0.13.0"
    prop-types "^15.7.2"
    symbol-observable "^2.0.0"
    ts-invariant "^0.4.4"
    tslib "^1.10.0"
    zen-observable "^0.8.14"

ms@2.1.2, ms@^2.1.1, ms@^2.1.2:
  version "2.1.2"
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
  integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==

mustache@~4.1.0:
  version "4.1.0"
  resolved "https://registry.yarnpkg.com/mustache/-/mustache-4.1.0.tgz#8c1b042238a982d2eb2d30efc6c14296ae3f699d"
  integrity sha512-0FsgP/WVq4mKyjolIyX+Z9Bd+3WS8GOwoUTyKXT5cTYMGeauNTi2HPCwERqseC1IHAy0Z7MDZnJBfjabd4O8GQ==

Erich Smith added 2 commits April 13, 2021 10:46
Fix yarn.lock comma parsing bug
6b73646 
Yarn.lock entries like this:

ms@2.1.2, ms@^2.1.1, ms@^2.1.2:

Would cause off-by-one errors, incorrectly attributing the version of
the comma-delimited strings to packages lexically below this line.
Fix yarn.lock scoped-package parsing bug
bbd2fd0 
Yarn lock entries of the form:

---
"@apollo/client@^3.1.5":
  version "3.2.5"
  integrity sha512-zpruxnFMz6K94gs2pqc3sidzFDbQpKT5D6P/J/I9s8ekHZ5eczgnRp6pqXC86Bh7+44j/btpmOT0kwiboyqTnA==
  dependencies:
    "@graphql-typed-document-node/core" "^3.0.0"
    ...
---

were being parsed incorrectly. This change correctly identifies the
group, name, and version for these entries, and also accounts for
optional surrounding quotes.
@erichs
Copy link
Author

erichs commented Apr 13, 2021

This is a partial fix for #45. (There remains buggy behavior when node_modules is present, possibly related to the read-installed module.)

@prabhu
Copy link
Contributor

prabhu commented Apr 14, 2021

oh nice PR! I will take this and include other changes related to multiple entries appearing in the lock file.

lodash@4.17.20, lodash@^4.13.1, lodash@^4.17.20:
  version "4.17.20"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52"
  integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==

lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.12, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.3.0, lodash@~4.17.15:
  version "4.17.19"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==

I will also change the integrity to use sha512.

@erichs
Copy link
Author

erichs commented Apr 15, 2021

Thanks, @prabhu! Most excellent.

@erichs
Copy link
Author

erichs commented Jul 1, 2021

@prabhu I believe this PR can be declined, as the above behaviors were addressed separately and no longer appear to be problematic as of:

❯ cdxgen --version
3.0.6

@prabhu
Copy link
Contributor

prabhu commented Jul 1, 2021

Thanks mate!

@prabhu prabhu closed this Jul 1, 2021
@timmyteo timmyteo mentioned this pull request Dec 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@erichs @prabhu