test(enrichment): cover extractDependencyChanges edge cases in dependency-scan#3378
Conversation
…ency-scan Adds focused unit coverage for the pure extractDependencyChanges parser, which had only a single version-bump case: a newly added dependency (null from), a removed-only dependency (no change), an unchanged version, a skipped non-manifest file, and multiple bumps in one manifest. Test-only.
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
|
Warning 🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨 ⏸️ Gittensory review result - manual review recommendedReview updated: 2026-07-05 05:42:47 UTC
⏸️ Suggested Action - Manual Review Review summary Nits — 2 non-blocking
Review context
Contributor next steps
Signal definitions
🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Summary
Hardens unit coverage for the
dependency-scananalyzer's pureextractDependencyChangesparser, which previously had a single test case (a version bump). Adds five focused cases for its real branches:from: null,to: <version>added === removed) → no changesrc/index.ts) → skippedTest-only, all against the compiled
dist/, following the existing file's style.fixedOf/severityOfare deliberately left alone — they're already covered byosv-fixed-version.test.ts/osv-severity.test.ts, so this adds no duplicate coverage.No linked issue — this is straightforward test-coverage hardening of an under-tested pure function (the parser had 1 case for its several branches); it changes no runtime behavior.
Scope
review-enrichment/test/dependency-scan.test.ts. Nosite//CNAME/**/lovable/**; noCHANGELOG.md; no source or shared-registry change.Validation
npm --prefix review-enrichment test— 722 pass / 0 fail (build + sourcemap validate +metadata --check+ node tests; exactly CI). The 5 new cases assertextractDependencyChanges's documented behavior on inputs its single prior test didn't exercise.npm run typecheckclean;git diff --checkclean.Safety