dependabot-bazel 0.382.0 → 0.384.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17c70990ec6056251eb58da809bbc2dbb385dc52977febf54234a4d9ea1018f9
4
- data.tar.gz: f8f677381b8b6ebec9974219de1afca38ba913c62d55ee2b4693af9af7ec3441
3
+ metadata.gz: 5de24f1c771f85a2f7751cc31cd33ab540aa5e2490238bce50e8911e3d5cf6af
4
+ data.tar.gz: aa3e5a4d9693afb18c3128d80c0d452352d9857ed75a23511beb7b5fdc3ff201
5
5
  SHA512:
6
- metadata.gz: 540da1c84b3d29f7a78dd050d0a50630e00d7dbc79daea157b26d4257f70ecd3a0881e98d1062b7392f1d0a9e43edd7dbf8fdca511b0ad1b0c3e67e648643256
7
- data.tar.gz: 9c385d81ed2d64872865104ad771e20feff129f1ec42b95aa0c9fb955e1d192947b138fb0c8763e75e3fa4578b5122d060917bcaacf50f5d9ea6b81a9d4fe766
6
+ metadata.gz: 1c573a560bdba70da9752dd96278b5257863f9263d43bfaf0e540211ba6ecb30236a5525b070efc88bc10cd4f66bf763a63ddb3447c13710ca39837a4b8b315f
7
+ data.tar.gz: f91bd0b1fed7a75d6a4ad75795a93d9d2b88d573edc1d6097cf61b779187a2ab21d5b6900af3ff2964e444446e1525b3c19c1579bcf0a2272cf4dfef192bb934
@@ -1,6 +1,7 @@
1
1
  # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "dependabot/dependency_requirement"
4
5
  require "dependabot/bazel/update_checker"
5
6
 
6
7
  module Dependabot
@@ -9,13 +10,16 @@ module Dependabot
9
10
  class RequirementsUpdater
10
11
  extend T::Sig
11
12
 
12
- sig { params(requirements: T::Array[T::Hash[Symbol, T.untyped]], latest_version: String).void }
13
+ sig { params(requirements: T::Array[Dependabot::DependencyRequirement], latest_version: String).void }
13
14
  def initialize(requirements:, latest_version:)
14
- @requirements = requirements
15
+ @requirements = T.let(
16
+ requirements.map { |req| Dependabot::DependencyRequirement.create(req) },
17
+ T::Array[Dependabot::DependencyRequirement]
18
+ )
15
19
  @latest_version = latest_version
16
20
  end
17
21
 
18
- sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
22
+ sig { returns(T::Array[Dependabot::DependencyRequirement]) }
19
23
  def updated_requirements
20
24
  @requirements.map do |requirement|
21
25
  updated_requirement = requirement.dup
@@ -26,7 +30,7 @@ module Dependabot
26
30
 
27
31
  private
28
32
 
29
- sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
33
+ sig { returns(T::Array[Dependabot::DependencyRequirement]) }
30
34
  attr_reader :requirements
31
35
 
32
36
  sig { returns(String) }
@@ -38,12 +38,10 @@ module Dependabot
38
38
  def updated_requirements
39
39
  return dependency.requirements unless latest_version
40
40
 
41
- wrap_requirements(
42
- RequirementsUpdater.new(
43
- requirements: dependency.requirements,
44
- latest_version: latest_version.to_s
45
- ).updated_requirements
46
- )
41
+ RequirementsUpdater.new(
42
+ requirements: dependency.requirements,
43
+ latest_version: latest_version.to_s
44
+ ).updated_requirements
47
45
  end
48
46
 
49
47
  sig { returns(T.class_of(Dependabot::Bazel::Version)) }
@@ -81,7 +79,9 @@ module Dependabot
81
79
  versions = registry_client.all_module_versions(dependency.name)
82
80
  return nil if versions.empty?
83
81
 
84
- filtered_versions = filter_ignored_versions(versions)
82
+ # Prerelease filter must run first so stable releases remain visible when upgrading from a prerelease.
83
+ filtered_versions = filter_prerelease_versions(versions)
84
+ filtered_versions = filter_ignored_versions(filtered_versions)
85
85
  filtered_versions = filter_lower_versions(filtered_versions)
86
86
  filtered_versions = apply_cooldown_filter(filtered_versions)
87
87
  return nil if filtered_versions.empty?
@@ -105,17 +105,21 @@ module Dependabot
105
105
 
106
106
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
107
107
  def filter_ignored_versions(versions)
108
- filtered = versions.reject do |version_string|
108
+ valid = versions.select { |v| version_class.correct?(v) }
109
+ filtered = valid.reject do |version_string|
109
110
  version = version_class.new(version_string)
110
111
  ignore_requirements.any? { |req| req.satisfied_by?(version) }
111
112
  end
112
113
 
113
- if versions.count > filtered.count
114
- Dependabot.logger.info("Filtered out #{versions.count - filtered.count} ignored versions")
114
+ if valid.count > filtered.count
115
+ Dependabot.logger.info("Filtered out #{valid.count - filtered.count} ignored versions")
115
116
  end
116
117
 
117
- if raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
118
- Dependabot.logger.info("All updates for #{dependency.name} were ignored")
118
+ if raise_on_ignored
119
+ lower_filtered = filter_lower_versions(filtered)
120
+ if lower_filtered.empty? && filter_lower_versions(valid).any?
121
+ Dependabot.logger.info("All updates for #{dependency.name} were ignored")
122
+ end
119
123
  end
120
124
 
121
125
  filtered
@@ -123,10 +127,45 @@ module Dependabot
123
127
 
124
128
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
125
129
  def filter_lower_versions(versions)
126
- return versions unless dependency.version
130
+ return versions unless dependency.version && version_class.correct?(dependency.version)
127
131
 
128
132
  current_version = version_class.new(dependency.version)
129
- versions.select { |v| version_class.new(v) > current_version }
133
+ versions.select { |v| version_class.correct?(v) && version_class.new(v) > current_version }
134
+ end
135
+
136
+ # Filters prereleases keyed off dependency.version only (Bazel uses exact pins, not ranges).
137
+ sig { params(versions: T::Array[String]).returns(T::Array[String]) }
138
+ def filter_prerelease_versions(versions)
139
+ current_release = current_prerelease_release_line
140
+ filtered = versions.reject { |v| prerelease_to_exclude?(v, current_release) }
141
+
142
+ if versions.count > filtered.count
143
+ Dependabot.logger.info("Filtered out #{versions.count - filtered.count} pre-release versions")
144
+ end
145
+
146
+ filtered
147
+ end
148
+
149
+ # Returns the release line of the current version if it's a prerelease, nil otherwise.
150
+ sig { returns(T.nilable(Gem::Version)) }
151
+ def current_prerelease_release_line
152
+ current = dependency.version
153
+ return nil unless current && version_class.correct?(current)
154
+
155
+ parsed = version_class.new(current)
156
+ parsed.prerelease? ? parsed.release : nil
157
+ end
158
+
159
+ sig { params(version_string: String, current_release: T.nilable(Gem::Version)).returns(T::Boolean) }
160
+ def prerelease_to_exclude?(version_string, current_release)
161
+ # Filters malformed versions — they cannot be parsed for prerelease detection.
162
+ return false unless version_class.correct?(version_string)
163
+
164
+ candidate = version_class.new(version_string)
165
+ return false unless candidate.prerelease?
166
+
167
+ # On stable: exclude all prereleases. On prerelease: exclude only unrelated ones.
168
+ current_release.nil? || candidate.release != current_release
130
169
  end
131
170
 
132
171
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
@@ -13,15 +13,25 @@ module Dependabot
13
13
  class Version < Dependabot::Version
14
14
  extend T::Sig
15
15
 
16
+ sig { override.params(version: VersionParameter).returns(T::Boolean) }
17
+ def self.correct?(version)
18
+ return false if version.nil?
19
+
20
+ super(normalize_bazel_version(version.to_s))
21
+ end
22
+
16
23
  sig { override.params(version: VersionParameter).void }
17
24
  def initialize(version)
18
25
  @version_string = T.let(version.to_s, String)
19
26
  @bcr_suffix = T.let(parse_bcr_suffix(@version_string), T.nilable(Integer))
20
27
 
21
- # Remove the .bcr.X suffix for comparison, and strip leading 'v' if present
22
- base_version = remove_bcr_suffix(@version_string)
23
- base_version = base_version.sub(/^v/i, "")
24
- super(base_version)
28
+ super(Dependabot::Bazel::Version.normalize_bazel_version(@version_string))
29
+ end
30
+
31
+ # Strips .bcr.N suffix and v prefix to yield a Gem::Version-compatible string.
32
+ sig { params(version_string: String).returns(String) }
33
+ def self.normalize_bazel_version(version_string)
34
+ version_string.sub(/\.bcr\.\d+$/, "").sub(/^v/i, "")
25
35
  end
26
36
 
27
37
  sig { override.returns(String) }
@@ -32,7 +42,7 @@ module Dependabot
32
42
  sig { returns(T.nilable(Integer)) }
33
43
  attr_reader :bcr_suffix
34
44
 
35
- sig { override.params(other: T.untyped).returns(T.nilable(Integer)) }
45
+ sig { override.params(other: BasicObject).returns(T.nilable(Integer)) }
36
46
  def <=>(other)
37
47
  other_bazel = convert_to_bazel_version(other)
38
48
  return nil unless other_bazel
@@ -51,12 +61,7 @@ module Dependabot
51
61
  match ? T.must(match[1]).to_i : nil
52
62
  end
53
63
 
54
- sig { params(version_string: String).returns(String) }
55
- def remove_bcr_suffix(version_string)
56
- version_string.sub(/\.bcr\.\d+$/, "")
57
- end
58
-
59
- sig { params(other: T.untyped).returns(T.nilable(Dependabot::Bazel::Version)) }
64
+ sig { params(other: BasicObject).returns(T.nilable(Dependabot::Bazel::Version)) }
60
65
  def convert_to_bazel_version(other)
61
66
  case other
62
67
  when Dependabot::Bazel::Version
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bazel
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.382.0
4
+ version: 0.384.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.382.0
18
+ version: 0.384.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.382.0
25
+ version: 0.384.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -269,7 +269,7 @@ licenses:
269
269
  - MIT
270
270
  metadata:
271
271
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
272
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
272
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
273
273
  rdoc_options: []
274
274
  require_paths:
275
275
  - lib
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 3.3.0
286
286
  requirements: []
287
- rubygems_version: 3.7.2
287
+ rubygems_version: 4.0.14
288
288
  specification_version: 4
289
289
  summary: Provides Dependabot support for Bazel
290
290
  test_files: []