diff --git a/deps.edn b/deps.edn index f9552e5..8fe52db 100644 --- a/deps.edn +++ b/deps.edn @@ -6,7 +6,8 @@ org.slf4j/slf4j-simple {:mvn/version "2.0.7"} org.owasp/dependency-check-core {:mvn/version "8.4.0"} rm-hull/table {:mvn/version "0.7.1"} - trptcolin/versioneer {:mvn/version "0.2.0"}} + trptcolin/versioneer {:mvn/version "0.2.0"} + org.clojure/tools.deps {:mvn/version "0.18.1354"}} :mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"} "clojars" {:url "https://repo.clojars.org/"}} :tools/usage {:ns-default nvd.task} diff --git a/src/nvd/task.clj b/src/nvd/task.clj index cdfc258..a6de521 100644 --- a/src/nvd/task.clj +++ b/src/nvd/task.clj @@ -23,9 +23,25 @@ (ns nvd.task "Clojure CLI tool entry points: `check`." (:require - [nvd.task.check :refer [-main]])) + [clojure.tools.deps :as deps] + [clojure.tools.deps.util.session :as session] + [nvd.task.check :refer [-main]])) + +(defn- get-classpath [{:keys [aliases]}] + (let [{:keys [root-edn user-edn project-edn]} (deps/find-edn-maps "deps.edn") + master-edn (deps/merge-edns [root-edn user-edn project-edn]) + aliases (or aliases []) + combined-aliases (deps/combine-aliases master-edn aliases) + basis (session/with-session + (deps/calc-basis master-edn {:resolve-args (merge combined-aliases {:trace true}) + :classpath-args combined-aliases}))] + (deps/join-classpath (:classpath-roots basis)))) (defn check - "Arguments: `:config-filename` (optional), `:classpath` (required)." - [{:keys [config-filename classpath]}] - (-main (or config-filename "") classpath)) + "Arguments: + `:config-filename` (optional), + `:classpath` (optional, defaults to the classpath of deps.edn in the current directory) + `:aliases` (optional, defaults to [])." + [{:keys [config-filename classpath] :as opts}] + (-main (or config-filename "") (or classpath + (get-classpath opts)))) diff --git a/test/nvd/tools_deps_conflict_test.clj b/test/nvd/tools_deps_conflict_test.clj new file mode 100644 index 0000000..406fbd2 --- /dev/null +++ b/test/nvd/tools_deps_conflict_test.clj @@ -0,0 +1,51 @@ +(ns nvd.tools-deps-conflict-test + (:require [clojure.set :as set] + [clojure.test :as t] + [clojure.tools.deps :as deps] + [clojure.edn :as edn] + [clojure.tools.deps.util.session :as session])) + +(defn get-libs + [deps] + (let [master-edn (merge {:mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"}, "clojars" {:url "https://repo.clojars.org/"}}} + {:deps deps}) + combined-aliases (deps/combine-aliases master-edn []) + basis (session/with-session + (deps/calc-basis master-edn {:resolve-args (merge combined-aliases {:trace true}) + :classpath-args combined-aliases})) + libs (:libs basis)] + (into (sorted-map) libs))) + +(defn show-diff [lib] + (let [base-deps (-> (edn/read-string (slurp "deps.edn")) + :deps) + new-dep (get-libs {lib (get base-deps lib)}) + base-deps (get-libs (dissoc base-deps lib)) + td-set (into #{} (keys new-dep)) + base-set (into #{} (keys base-deps))] + (doseq [shared-lib (into (sorted-set) (set/intersection td-set base-set))] + (when-not (= (get-in new-dep [shared-lib :mvn/version]) + (get-in base-deps [shared-lib :mvn/version])) + (println shared-lib + "deps.edn:" (get-in base-deps [shared-lib :mvn/version]) + "vs" + (str lib ":") (get-in new-dep [shared-lib :mvn/version])))))) + +(comment + (show-diff 'org.clojure/tools.deps)) + +(t/deftest tools-deps-conflict-test + (let [td-deps (get-libs {'org.clojure/tools.deps {:mvn/version "0.18.1354"}}) + base-deps (get-libs (-> (edn/read-string (slurp "deps.edn")) + :deps + (dissoc 'org.clojure/tools.deps))) + td-set (into #{} (keys td-deps)) + base-set (into #{} (keys base-deps))] + (doseq [shared-lib (into (sorted-set) (set/intersection td-set base-set))] + (when-not (= (get-in td-deps [shared-lib :mvn/version]) + (get-in base-deps [shared-lib :mvn/version])) + (println shared-lib + (get-in base-deps [shared-lib :mvn/version]) + "vs" + (get-in td-deps [shared-lib :mvn/version])))))) +