dependabot-bazel 0.382.0 → 0.384.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5de24f1c771f85a2f7751cc31cd33ab540aa5e2490238bce50e8911e3d5cf6af
|
|
4
|
+
data.tar.gz: aa3e5a4d9693afb18c3128d80c0d452352d9857ed75a23511beb7b5fdc3ff201
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c573a560bdba70da9752dd96278b5257863f9263d43bfaf0e540211ba6ecb30236a5525b070efc88bc10cd4f66bf763a63ddb3447c13710ca39837a4b8b315f
|
|
7
|
+
data.tar.gz: f91bd0b1fed7a75d6a4ad75795a93d9d2b88d573edc1d6097cf61b779187a2ab21d5b6900af3ff2964e444446e1525b3c19c1579bcf0a2272cf4dfef192bb934
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "dependabot/dependency_requirement"
|
|
4
5
|
require "dependabot/bazel/update_checker"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
@@ -9,13 +10,16 @@ module Dependabot
|
|
|
9
10
|
class RequirementsUpdater
|
|
10
11
|
extend T::Sig
|
|
11
12
|
|
|
12
|
-
sig { params(requirements: T::Array[
|
|
13
|
+
sig { params(requirements: T::Array[Dependabot::DependencyRequirement], latest_version: String).void }
|
|
13
14
|
def initialize(requirements:, latest_version:)
|
|
14
|
-
@requirements =
|
|
15
|
+
@requirements = T.let(
|
|
16
|
+
requirements.map { |req| Dependabot::DependencyRequirement.create(req) },
|
|
17
|
+
T::Array[Dependabot::DependencyRequirement]
|
|
18
|
+
)
|
|
15
19
|
@latest_version = latest_version
|
|
16
20
|
end
|
|
17
21
|
|
|
18
|
-
sig { returns(T::Array[
|
|
22
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
19
23
|
def updated_requirements
|
|
20
24
|
@requirements.map do |requirement|
|
|
21
25
|
updated_requirement = requirement.dup
|
|
@@ -26,7 +30,7 @@ module Dependabot
|
|
|
26
30
|
|
|
27
31
|
private
|
|
28
32
|
|
|
29
|
-
sig { returns(T::Array[
|
|
33
|
+
sig { returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
30
34
|
attr_reader :requirements
|
|
31
35
|
|
|
32
36
|
sig { returns(String) }
|
|
@@ -38,12 +38,10 @@ module Dependabot
|
|
|
38
38
|
def updated_requirements
|
|
39
39
|
return dependency.requirements unless latest_version
|
|
40
40
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
).updated_requirements
|
|
46
|
-
)
|
|
41
|
+
RequirementsUpdater.new(
|
|
42
|
+
requirements: dependency.requirements,
|
|
43
|
+
latest_version: latest_version.to_s
|
|
44
|
+
).updated_requirements
|
|
47
45
|
end
|
|
48
46
|
|
|
49
47
|
sig { returns(T.class_of(Dependabot::Bazel::Version)) }
|
|
@@ -81,7 +79,9 @@ module Dependabot
|
|
|
81
79
|
versions = registry_client.all_module_versions(dependency.name)
|
|
82
80
|
return nil if versions.empty?
|
|
83
81
|
|
|
84
|
-
|
|
82
|
+
# Prerelease filter must run first so stable releases remain visible when upgrading from a prerelease.
|
|
83
|
+
filtered_versions = filter_prerelease_versions(versions)
|
|
84
|
+
filtered_versions = filter_ignored_versions(filtered_versions)
|
|
85
85
|
filtered_versions = filter_lower_versions(filtered_versions)
|
|
86
86
|
filtered_versions = apply_cooldown_filter(filtered_versions)
|
|
87
87
|
return nil if filtered_versions.empty?
|
|
@@ -105,17 +105,21 @@ module Dependabot
|
|
|
105
105
|
|
|
106
106
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
107
107
|
def filter_ignored_versions(versions)
|
|
108
|
-
|
|
108
|
+
valid = versions.select { |v| version_class.correct?(v) }
|
|
109
|
+
filtered = valid.reject do |version_string|
|
|
109
110
|
version = version_class.new(version_string)
|
|
110
111
|
ignore_requirements.any? { |req| req.satisfied_by?(version) }
|
|
111
112
|
end
|
|
112
113
|
|
|
113
|
-
if
|
|
114
|
-
Dependabot.logger.info("Filtered out #{
|
|
114
|
+
if valid.count > filtered.count
|
|
115
|
+
Dependabot.logger.info("Filtered out #{valid.count - filtered.count} ignored versions")
|
|
115
116
|
end
|
|
116
117
|
|
|
117
|
-
if raise_on_ignored
|
|
118
|
-
|
|
118
|
+
if raise_on_ignored
|
|
119
|
+
lower_filtered = filter_lower_versions(filtered)
|
|
120
|
+
if lower_filtered.empty? && filter_lower_versions(valid).any?
|
|
121
|
+
Dependabot.logger.info("All updates for #{dependency.name} were ignored")
|
|
122
|
+
end
|
|
119
123
|
end
|
|
120
124
|
|
|
121
125
|
filtered
|
|
@@ -123,10 +127,45 @@ module Dependabot
|
|
|
123
127
|
|
|
124
128
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
125
129
|
def filter_lower_versions(versions)
|
|
126
|
-
return versions unless dependency.version
|
|
130
|
+
return versions unless dependency.version && version_class.correct?(dependency.version)
|
|
127
131
|
|
|
128
132
|
current_version = version_class.new(dependency.version)
|
|
129
|
-
versions.select { |v| version_class.new(v) > current_version }
|
|
133
|
+
versions.select { |v| version_class.correct?(v) && version_class.new(v) > current_version }
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
# Filters prereleases keyed off dependency.version only (Bazel uses exact pins, not ranges).
|
|
137
|
+
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
138
|
+
def filter_prerelease_versions(versions)
|
|
139
|
+
current_release = current_prerelease_release_line
|
|
140
|
+
filtered = versions.reject { |v| prerelease_to_exclude?(v, current_release) }
|
|
141
|
+
|
|
142
|
+
if versions.count > filtered.count
|
|
143
|
+
Dependabot.logger.info("Filtered out #{versions.count - filtered.count} pre-release versions")
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
filtered
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
# Returns the release line of the current version if it's a prerelease, nil otherwise.
|
|
150
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
151
|
+
def current_prerelease_release_line
|
|
152
|
+
current = dependency.version
|
|
153
|
+
return nil unless current && version_class.correct?(current)
|
|
154
|
+
|
|
155
|
+
parsed = version_class.new(current)
|
|
156
|
+
parsed.prerelease? ? parsed.release : nil
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
sig { params(version_string: String, current_release: T.nilable(Gem::Version)).returns(T::Boolean) }
|
|
160
|
+
def prerelease_to_exclude?(version_string, current_release)
|
|
161
|
+
# Filters malformed versions — they cannot be parsed for prerelease detection.
|
|
162
|
+
return false unless version_class.correct?(version_string)
|
|
163
|
+
|
|
164
|
+
candidate = version_class.new(version_string)
|
|
165
|
+
return false unless candidate.prerelease?
|
|
166
|
+
|
|
167
|
+
# On stable: exclude all prereleases. On prerelease: exclude only unrelated ones.
|
|
168
|
+
current_release.nil? || candidate.release != current_release
|
|
130
169
|
end
|
|
131
170
|
|
|
132
171
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
@@ -13,15 +13,25 @@ module Dependabot
|
|
|
13
13
|
class Version < Dependabot::Version
|
|
14
14
|
extend T::Sig
|
|
15
15
|
|
|
16
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
|
17
|
+
def self.correct?(version)
|
|
18
|
+
return false if version.nil?
|
|
19
|
+
|
|
20
|
+
super(normalize_bazel_version(version.to_s))
|
|
21
|
+
end
|
|
22
|
+
|
|
16
23
|
sig { override.params(version: VersionParameter).void }
|
|
17
24
|
def initialize(version)
|
|
18
25
|
@version_string = T.let(version.to_s, String)
|
|
19
26
|
@bcr_suffix = T.let(parse_bcr_suffix(@version_string), T.nilable(Integer))
|
|
20
27
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
28
|
+
super(Dependabot::Bazel::Version.normalize_bazel_version(@version_string))
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Strips .bcr.N suffix and v prefix to yield a Gem::Version-compatible string.
|
|
32
|
+
sig { params(version_string: String).returns(String) }
|
|
33
|
+
def self.normalize_bazel_version(version_string)
|
|
34
|
+
version_string.sub(/\.bcr\.\d+$/, "").sub(/^v/i, "")
|
|
25
35
|
end
|
|
26
36
|
|
|
27
37
|
sig { override.returns(String) }
|
|
@@ -32,7 +42,7 @@ module Dependabot
|
|
|
32
42
|
sig { returns(T.nilable(Integer)) }
|
|
33
43
|
attr_reader :bcr_suffix
|
|
34
44
|
|
|
35
|
-
sig { override.params(other:
|
|
45
|
+
sig { override.params(other: BasicObject).returns(T.nilable(Integer)) }
|
|
36
46
|
def <=>(other)
|
|
37
47
|
other_bazel = convert_to_bazel_version(other)
|
|
38
48
|
return nil unless other_bazel
|
|
@@ -51,12 +61,7 @@ module Dependabot
|
|
|
51
61
|
match ? T.must(match[1]).to_i : nil
|
|
52
62
|
end
|
|
53
63
|
|
|
54
|
-
sig { params(
|
|
55
|
-
def remove_bcr_suffix(version_string)
|
|
56
|
-
version_string.sub(/\.bcr\.\d+$/, "")
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
sig { params(other: T.untyped).returns(T.nilable(Dependabot::Bazel::Version)) }
|
|
64
|
+
sig { params(other: BasicObject).returns(T.nilable(Dependabot::Bazel::Version)) }
|
|
60
65
|
def convert_to_bazel_version(other)
|
|
61
66
|
case other
|
|
62
67
|
when Dependabot::Bazel::Version
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bazel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.384.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.384.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.384.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -269,7 +269,7 @@ licenses:
|
|
|
269
269
|
- MIT
|
|
270
270
|
metadata:
|
|
271
271
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
272
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
272
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
|
|
273
273
|
rdoc_options: []
|
|
274
274
|
require_paths:
|
|
275
275
|
- lib
|
|
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
284
284
|
- !ruby/object:Gem::Version
|
|
285
285
|
version: 3.3.0
|
|
286
286
|
requirements: []
|
|
287
|
-
rubygems_version:
|
|
287
|
+
rubygems_version: 4.0.14
|
|
288
288
|
specification_version: 4
|
|
289
289
|
summary: Provides Dependabot support for Bazel
|
|
290
290
|
test_files: []
|