Skip to content

feat: add automated dependency bump checker and changelog validator #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cryptodev-2s wants to merge 17 commits into
base: main
Choose a base branch
from
Draft

feat: add automated dependency bump checker and changelog validator #186

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
71ff282
feat: add automated dependency bump checker and changelog validator
cryptodev-2s Nov 6, 2025
8ee555d
refactor: inline package name resolution during diff parsing
cryptodev-2s Nov 6, 2025
084415e
refactor: use example repo name instead of core
cryptodev-2s Nov 6, 2025
2a87c2e
fix: remove useless re-exported types
cryptodev-2s Nov 6, 2025
88d116a
docs: add changelog entry for check-deps command
cryptodev-2s Nov 12, 2025
044b46e
fix: correct changelog entry order - BREAKING first, then deps
cryptodev-2s Dec 2, 2025
ccc66e2
fix: distinguish BREAKING entries when matching changelog entries
cryptodev-2s Dec 2, 2025
48221f2
fix: show correct section name in changelog validation error
cryptodev-2s Dec 2, 2025
045331a
feat: support renamed packages in changelog validation
cryptodev-2s Dec 2, 2025
8af5181
fix: include packageRename in second parseChangelog call
cryptodev-2s Dec 2, 2025
19c3ccd
fix: detect non-scoped package dependency changes
cryptodev-2s Dec 2, 2025
0d1de51
tests: add functional tests (#189)
cryptodev-2s Dec 3, 2025
49b197d
Fix optionalDependencies incorrectly attributed to dependencies section
cryptodev-2s Dec 3, 2025
b53e89c
Fix operator precedence in section boundary check
cryptodev-2s Dec 3, 2025
2f73bd8
Fix default branch check to use defaultBranch parameter instead of ha…
cryptodev-2s Dec 3, 2025
259d980
Reset section state when parsing new file in diff
cryptodev-2s Dec 3, 2025
703e1c3
Fix check-deps command usage in CHANGELOG
cryptodev-2s Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: detect non-scoped package dependency changes 
Remove restrictive '@' filter that was silently ignoring non-scoped
packages like lodash, react, and typescript. The regex pattern already
handles both scoped and non-scoped packages correctly.
  • Loading branch information
@cryptodev-2s
cryptodev-2s committed Dec 2, 2025
commit 19c3ccd45b03957bbb7dc2e95d19c0a364924b94
99 changes: 99 additions & 0 deletions src/check-dependency-bumps.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,105 @@ index 1234567..890abcd 100644
);
});

it('detects non-scoped package dependency changes', async () => {
const getStdoutSpy = jest.spyOn(miscUtilsModule, 'getStdoutFromCommand');

const diffWithNonScopedDeps = `
diff --git a/packages/controller-utils/package.json b/packages/controller-utils/package.json
index 1234567..890abcd 100644
--- a/packages/controller-utils/package.json
+++ b/packages/controller-utils/package.json
@@ -10,7 +10,7 @@
},
"dependencies": {
- "lodash": "^4.17.20"
+ "lodash": "^4.17.21"
}
}
`;

when(getStdoutSpy)
.calledWith(
'git',
['diff', '-U9999', 'abc123', 'HEAD', '--', '**/package.json'],
{ cwd: '/path/to/project' },
)
.mockResolvedValue(diffWithNonScopedDeps);

when(jest.spyOn(packageManifestModule, 'readPackageManifest'))
.calledWith('/path/to/project/package.json')
.mockResolvedValue({
unvalidated: {
repository: 'https://github.com/example-org/example-repo',
},
validated: buildMockManifest(),
});

when(jest.spyOn(packageManifestModule, 'readPackageManifest'))
.calledWith('/path/to/project/packages/controller-utils/package.json')
.mockResolvedValue({
unvalidated: {},
validated: buildMockManifest({
name: '@metamask/controller-utils',
}),
});

jest
.spyOn(projectModule, 'getValidRepositoryUrl')
.mockResolvedValue('https://github.com/example-org/example-repo');

jest
.spyOn(changelogValidatorModule, 'validateChangelogs')
.mockResolvedValue([
{
package: 'controller-utils',
hasChangelog: true,
hasUnreleasedSection: true,
missingEntries: [],
existingEntries: ['lodash'],
checkedVersion: null,
},
]);

const result = await checkDependencyBumps({
fromRef: 'abc123',
projectRoot: '/path/to/project',
stdout,
stderr,
});

expect(result).toStrictEqual({
'controller-utils': {
packageName: '@metamask/controller-utils',
dependencyChanges: [
{
package: 'controller-utils',
dependency: 'lodash',
type: 'dependencies',
oldVersion: '^4.17.20',
newVersion: '^4.17.21',
},
],
},
});

expect(changelogValidatorModule.validateChangelogs).toHaveBeenCalledWith(
expect.objectContaining({
'controller-utils': expect.objectContaining({
dependencyChanges: [
expect.objectContaining({
dependency: 'lodash',
oldVersion: '^4.17.20',
newVersion: '^4.17.21',
}),
],
}),
}),
'/path/to/project',
'https://github.com/example-org/example-repo',
);
});

it('calls updateChangelogs when fix flag is set', async () => {
const getStdoutSpy = jest.spyOn(miscUtilsModule, 'getStdoutFromCommand');

Expand Down
4 changes: 2 additions & 2 deletions src/check-dependency-bumps.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ async function parseDiff(
}

// Parse removed dependencies
if (line.startsWith('-') && currentSection && line.includes('"@')) {
if (line.startsWith('-') && currentSection) {
const match = line.match(/^-\s*"([^"]+)":\s*"([^"]+)"/u);

if (match && currentSection) {
Expand All @@ -136,7 +136,7 @@ async function parseDiff(
}

// Parse added dependencies and match with removed
if (line.startsWith('+') && currentSection && line.includes('"@')) {
if (line.startsWith('+') && currentSection) {
const match = line.match(/^\+\s*"([^"]+)":\s*"([^"]+)"/u);

if (match) {
Expand Down
Loading