Skip to content

Commit

Permalink
feat: include pins optionally
Browse files Browse the repository at this point in the history
  • Loading branch information
lili2311 committed Mar 29, 2021
1 parent 66ca77a commit f94c558
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ const debug = debugLib('snyk-fix:python:update-dependencies');
export function updateDependencies(
parsedRequirementsData: ParsedRequirements,
updates: DependencyPins,
directUpgradesOnly = false,
): { updatedManifest: string; changes: FixChangesSummary[] } {
const {
requirements,
Expand All @@ -38,11 +39,15 @@ export function updateDependencies(
);
debug('Finished generating upgrades to apply');

const { pinnedRequirements, changes: pinChanges } = generatePins(
requirements,
updates,
);
debug('Finished generating pins to apply');
let pinnedRequirements: string[] = [];
let pinChanges: FixChangesSummary[] = [];
if (!directUpgradesOnly) {
({ pinnedRequirements, changes: pinChanges } = generatePins(
requirements,
updates,
));
debug('Finished generating pins to apply');
}

let updatedManifest = [
...applyUpgrades(requirements, updatedRequirements),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -306,4 +306,40 @@ describe('remediation', () => {
);
}
});
it('skips pins if asked', () => {
const upgrades = {
'django@1.6.1': {
upgradeTo: 'django@2.0.1',
vulns: [],
upgrades: [],
isTransitive: false,
},
'transitive@1.0.0': {
upgradeTo: 'transitive@1.1.1',
vulns: [],
upgrades: [],
isTransitive: true,
},
};

const manifestContents = 'Django==1.6.1';

const expectedManifest =
'Django==2.0.1\ntransitive>=1.1.1 # not directly required, pinned by Snyk to avoid a vulnerability';
const directUpgradesOnly = false;
const requirements = parseRequirementsFile(manifestContents);
const result = updateDependencies(
requirements,
upgrades,
directUpgradesOnly,
);
expect(result.changes.map((c) => c.userMessage).sort()).toEqual(
[
'Pinned transitive from 1.0.0 to 1.1.1',
'Upgraded Django from 1.6.1 to 2.0.1',
].sort(),
);
// Note no extra newline was added to the expected manifest
expect(result.updatedManifest).toEqual(expectedManifest);
});
});

0 comments on commit f94c558

Please sign in to comment.