Skip to content

bun: remove the native helpers as they appear to be leftover from copy/paste... #13680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeffwidman wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bun: remove the native helpers as they appear to be leftover from copy/paste... #13680

jeffwidman wants to merge 1 commit into from
+0 −36,225

Conversation

@jeffwidman
Copy link
Member

@jeffwidman jeffwidman commented Dec 1, 2025

I noticed this is all copy/pasted from npm_and_yarn ecosystem...

Can we remove this altogether? A quick grep isn't showing places that we actually call this from the bun code.

Let's see what CI thinks.

@jeffwidman
WIP: Can we remove Bun helpers altogether?
279159d 
I noticed this is all copy/pasted from `npm_and_yarn` ecosystem...

Can we remove this altogether? A quick grep isn't showing places that we
actually call this from the bun code.

Let's see what CI thinks.
@jeffwidman jeffwidman marked this pull request as ready for review December 2, 2025 00:26
@jeffwidman jeffwidman requested a review from a team as a code owner December 2, 2025 00:26
@jeffwidman jeffwidman changed the title WIP: Can we remove Bun helpers altogether? bun: remove the native helpers as they appear to be leftover from copy/paste... Dec 2, 2025
@jeffwidman jeffwidman mentioned this pull request Dec 2, 2025
Open
@kbukum1 kbukum1 requested a review from jurre December 2, 2025 16:24
kbukum1
kbukum1 requested changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@kbukum1 kbukum1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jeffwidman,

I think we need helpers. You can see in the following we are using yarn helper for conflict dependencies

@jeffwidman
Copy link
Member Author

jeffwidman commented Dec 2, 2025
edited
Loading

IMO it's a problem if CI isn't catching this... deleting native helpers is a big swathe change, we should at least have a sanity check somewhere that catches if they're completely broken.

What happens if the Dockerfile gets refactored and accidentally breaks building the native helpers? Today that wouldn't be caught...

Anyway, a discussion outside the scope of this specific PR, I'll chat more with the team responsible for core.

@yeikel
Copy link
Contributor

yeikel commented Dec 2, 2025
edited
Loading

IMO it's a problem if CI isn't catching this... deleting native helpers is a big swathe change, we should at least have a sanity check somewhere that catches if they're completely broken.
What happens if the Dockerfile gets refactored and accidentally breaks building the native helpers? Today that wouldn't be caught...

I can confirm that this is very likely to happen.

For example, I tested removing Node since Bun does not require it and the build currently passes

On a related note, is this actually being used and working as expected?

From the docs:

dependabot-core/bun/lib/dependabot/bun/update_checker/conflicting_dependency_resolver.rb

Lines 34 to 36 in 0186f3c

# Finds any dependencies in the `yarn.lock` or `package-lock.json` that
# have a subdependency on the given dependency that does not satisfly
# the target_version.

But bun does not use yarn.lock or package-lock.json. It supports migrating them
 but it uses its own lockfile (I assume that we don't need to support this?)

Is this more left-over code from the copy-paste?

The code suggests that this won't work in bun as arborist is for npm:

dependabot-core/bun/helpers/lib/npm/conflicting-dependency-parser.js

Line 15 in df67efc

async function findConflictingDependencies(directory, depName, targetVersion) {

I am asking because if this is actually used we may need to revert the removal of Yarn (#13404), as the referenced script depends on it. I suppose that the other path would be to refactor this so it does not depend on Yarn.

But, If this is actually used we should be seeing a failures in production about it. Is that something you can check and confirm?

@kbukum1
Copy link
Contributor

kbukum1 commented Dec 2, 2025
edited
Loading

IMO it's a problem if CI isn't catching this... deleting native helpers is a big swathe change, we should at least have a sanity check somewhere that catches if they're completely broken.
What happens if the Dockerfile gets refactored and accidentally breaks building the native helpers? Today that wouldn't be caught...

I can confirm that this is very likely to happen.

For example, I tested removing Node since Bun does not require it and the build currently passes

On a related note, is this actually being used and working as expected?

From the docs:

dependabot-core/bun/lib/dependabot/bun/update_checker/conflicting_dependency_resolver.rb

Lines 34 to 36 in 0186f3c

# Finds any dependencies in the `yarn.lock` or `package-lock.json` that
# have a subdependency on the given dependency that does not satisfly
# the target_version.

But bun does not use yarn.lock or package-lock.json. It supports migrating them but it uses its own lockfile (I assume that we don't need to support this?)

Is this more left-over code from the copy-paste?

The code suggests that this won't work in bun as arborist is for npm:

dependabot-core/bun/helpers/lib/npm/conflicting-dependency-parser.js

Line 15 in df67efc

async function findConflictingDependencies(directory, depName, targetVersion) {

I am asking because if this is actually used we may need to revert the removal of Yarn (#13404), as the referenced script depends on it. I suppose that the other path would be to refactor this so it does not depend on Yarn.

But, If this is actually used we should be seeing a failures in production about it. Is that something you can check and confirm?

Thanks @yeikel. In that case we need to largen our cleanup scope before removing helpers.

  • Going over the code to find out if any functions from helper is used
  • Check if related code are necessary or we can cleanup them.
  • Accordingly cleanup helpers.

CC: @jeffwidman

@yeikel
Copy link
Contributor

yeikel commented Dec 4, 2025
edited
Loading

@jeffwidman I am sure you are busy taking other work given that core is not your focus right now

If you're open, I can try sending a follow up on top of this PR do the cleanup @kbukum1 suggested above

I am asking mostly to avoid duplicate efforts as I don't know if you started on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbukum1 kbukum1 kbukum1 requested changes

@jurre jurre Awaiting requested review from jurre

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

L: javascript

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jeffwidman @yeikel @kbukum1 @jurre