Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SCIO: Resolve npm dependencies based on lockfiles #1237

Closed
1 task done
pombredanne opened this issue May 16, 2024 · 1 comment
Closed
1 task done

SCIO: Resolve npm dependencies based on lockfiles #1237

pombredanne opened this issue May 16, 2024 · 1 comment
Assignees
@AyanSinhaMahapatra

Comments

@pombredanne
Copy link
Member

pombredanne commented May 16, 2024
edited
Loading

I would like to have a pipeline (likely an addon pipeline) that can resolve the dependencies given this context:

We also need the same elsewhere:
@pombredanne pombredanne changed the title Resolve npm dependencies based on lockfiles SCIO: Resolve npm dependencies based on lockfiles May 16, 2024
AyanSinhaMahapatra added a commit that referenced this issue May 22, 2024
@AyanSinhaMahapatra
Resolve dependencies from lockfiles
adc55dc 
Reference: #1237
Reference: #1066
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
This was referenced May 22, 2024
Merged
Closed
AyanSinhaMahapatra added a commit that referenced this issue Jun 13, 2024
@AyanSinhaMahapatra
Resolve dependencies from lockfiles #1237
5cf11ac 
Reference: #1237
Reference: #1066
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
AyanSinhaMahapatra added a commit that referenced this issue Jun 17, 2024
@AyanSinhaMahapatra
Improve dependency resolving from lockfiles #1237
f3385a8 
Resolves dependency for cases where multiple requirements
are resolved by one package and all the version requirements
are joined for that package.

Reference: #1237
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
tdruez pushed a commit that referenced this issue Jul 1, 2024
@AyanSinhaMahapatra
Resolve dependencies from lockfiles (#1244)
08c54b1 
* Resolve dependencies from lockfiles #1237

Reference: #1237
Reference: #1066
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Address feedback and add improvements

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Improve dependency resolving from lockfiles #1237

Resolves dependency for cases where multiple requirements
are resolved by one package and all the version requirements
are joined for that package.

Reference: #1237
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Update scancode-toolkit and fix tests

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Bump scancode-toolkit to v32.2.0

Reference: https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.0
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Regenerate test fixtures and expectations

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Improve dependency resolver for lockfiles

Handle various lockfile cases where:
* Same package/dependencies are present in different lockfiles
* Independent lockfiles without a manifest and root package
* Ecosystems which have only a single version of package in
  their environment
* Dependency graphs where a resolved package can have many
  parent packages.

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Address feedback and refactor code

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* FIx bugs for resolving python packages

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add unit tests and refactor code

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Address comments and add CHANGELOG entries

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

---------

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra
Copy link
Member

This is completed in #1244, closing.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@AyanSinhaMahapatra AyanSinhaMahapatra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pombredanne @AyanSinhaMahapatra