Skip to content

test(enrichment): cover extractDependencyChanges edge cases in dependency-scan#3378

Merged
gittensory-orb[bot] merged 1 commit into
JSONbored:mainfrom
dhgoal:test/dependency-scan-coverage
Jul 5, 2026
Merged

test(enrichment): cover extractDependencyChanges edge cases in dependency-scan#3378
gittensory-orb[bot] merged 1 commit into
JSONbored:mainfrom
dhgoal:test/dependency-scan-coverage

Conversation

@dhgoal

@dhgoal dhgoal commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

Hardens unit coverage for the dependency-scan analyzer's pure extractDependencyChanges parser, which previously had a single test case (a version bump). Adds five focused cases for its real branches:

  • a newly added dependency → from: null, to: <version>
  • a removed-only dependency → no change (nothing present after the change)
  • an unchanged version (added === removed) → no change
  • a non-manifest file (e.g. src/index.ts) → skipped
  • multiple version bumps in one manifest → extracted in order

Test-only, all against the compiled dist/, following the existing file's style. fixedOf/severityOf are deliberately left alone — they're already covered by osv-fixed-version.test.ts / osv-severity.test.ts, so this adds no duplicate coverage.

No linked issue — this is straightforward test-coverage hardening of an under-tested pure function (the parser had 1 case for its several branches); it changes no runtime behavior.

Scope

  • Conventional Commit; focused; touches only review-enrichment/test/dependency-scan.test.ts. No site//CNAME/**/lovable/**; no CHANGELOG.md; no source or shared-registry change.

Validation

  • npm --prefix review-enrichment test722 pass / 0 fail (build + sourcemap validate + metadata --check + node tests; exactly CI). The 5 new cases assert extractDependencyChanges's documented behavior on inputs its single prior test didn't exercise.
  • npm run typecheck clean; git diff --check clean.

Safety

  • Test-only, no runtime change. No secrets/wallets/hotkeys/trust/reward terms.

…ency-scan

Adds focused unit coverage for the pure extractDependencyChanges parser, which
had only a single version-bump case: a newly added dependency (null from), a
removed-only dependency (no change), an unchanged version, a skipped
non-manifest file, and multiple bumps in one manifest. Test-only.
@dhgoal dhgoal requested a review from JSONbored as a code owner July 5, 2026 05:38
@superagent-security

Copy link
Copy Markdown

Superagent didn't find any vulnerabilities or security issues in this PR.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier. label Jul 5, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 5, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-05 05:42:47 UTC

1 file · 1 AI reviewer · no blockers · readiness 80/100 · CI green · clean

⏸️ Suggested Action - Manual Review

Review summary
This is a focused test-only change that adds coverage for additional `extractDependencyChanges` parser outcomes without touching runtime code. The added cases cover added, removed-only, unchanged, non-manifest, and multi-change package diff shapes, and the assertions are consistent with the documented behavior in the PR description and the existing test style of importing from `dist/`. I do not see a correctness blocker in the visible diff.

Nits — 2 non-blocking
  • nit: review-enrichment/test/dependency-scan.test.ts:32 and review-enrichment/test/dependency-scan.test.ts:43 use dense one-line patch arrays where the surrounding tests mostly keep multi-line patches readable; expand them if you want the edge-case fixtures to stay easy to scan.
  • review-enrichment/test/dependency-scan.test.ts:32 could use the same multi-line `patch: [...]` formatting as the header and multi-bump tests so future parser regressions are easier to diagnose from the fixture.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ✅ No-issue rationale PR body explains why no issue is linked.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ❌ 5/25 Preflight is holding this PR: the review lane is unavailable, so it is not ready for automated review.
Contributor workload ✅ 10/10 Author activity: 69 registered-repo PR(s), 42 merged, 0 issue(s).
Contributor context ✅ Confirmed Gittensor contributor dhgoal; Gittensor profile; 69 PR(s), 0 issue(s).
Gate result ✅ Passing No configured blocker found.
Review context
  • Author: dhgoal
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository registration is not available in the local Gittensory cache.
  • Public profile languages: not available
  • Official Gittensor activity: 69 PR(s), 0 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Await review-lane availability.
  • Refresh registry data or choose a registered active repo.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gittensory approves — the gate is satisfied and CI is green.

@gittensory-orb gittensory-orb Bot merged commit 4ce6b61 into JSONbored:main Jul 5, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.5x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant