dependabot-bazel 0.383.0 → 0.384.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2d41722565f366dc9662e0c7743dcecb9291a2bd50c703c3dc38355d91d218e6
4
- data.tar.gz: 96e947e020343d0a28fd799f844e14484d55d3d5a1235403e86c8bec1799abea
3
+ metadata.gz: 5de24f1c771f85a2f7751cc31cd33ab540aa5e2490238bce50e8911e3d5cf6af
4
+ data.tar.gz: aa3e5a4d9693afb18c3128d80c0d452352d9857ed75a23511beb7b5fdc3ff201
5
5
  SHA512:
6
- metadata.gz: e8f2d8ea5b90c582b6ae65f578123d969fb2a48f35b9606d4a1396abee0f736a5b4b827386808bf5685520a84dc1363f8bea70c39e0d8a8888fc37312f727634
7
- data.tar.gz: b61bc8a80902f0c9e0589a3204d8b150976f05e12777bf02893d9445da4f930507d61b75ed3566f2b35d16aaab20e4d301cf8abfce8f78eb5856cf1f5d0107d4
6
+ metadata.gz: 1c573a560bdba70da9752dd96278b5257863f9263d43bfaf0e540211ba6ecb30236a5525b070efc88bc10cd4f66bf763a63ddb3447c13710ca39837a4b8b315f
7
+ data.tar.gz: f91bd0b1fed7a75d6a4ad75795a93d9d2b88d573edc1d6097cf61b779187a2ab21d5b6900af3ff2964e444446e1525b3c19c1579bcf0a2272cf4dfef192bb934
@@ -79,7 +79,9 @@ module Dependabot
79
79
  versions = registry_client.all_module_versions(dependency.name)
80
80
  return nil if versions.empty?
81
81
 
82
- filtered_versions = filter_ignored_versions(versions)
82
+ # Prerelease filter must run first so stable releases remain visible when upgrading from a prerelease.
83
+ filtered_versions = filter_prerelease_versions(versions)
84
+ filtered_versions = filter_ignored_versions(filtered_versions)
83
85
  filtered_versions = filter_lower_versions(filtered_versions)
84
86
  filtered_versions = apply_cooldown_filter(filtered_versions)
85
87
  return nil if filtered_versions.empty?
@@ -103,17 +105,21 @@ module Dependabot
103
105
 
104
106
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
105
107
  def filter_ignored_versions(versions)
106
- filtered = versions.reject do |version_string|
108
+ valid = versions.select { |v| version_class.correct?(v) }
109
+ filtered = valid.reject do |version_string|
107
110
  version = version_class.new(version_string)
108
111
  ignore_requirements.any? { |req| req.satisfied_by?(version) }
109
112
  end
110
113
 
111
- if versions.count > filtered.count
112
- Dependabot.logger.info("Filtered out #{versions.count - filtered.count} ignored versions")
114
+ if valid.count > filtered.count
115
+ Dependabot.logger.info("Filtered out #{valid.count - filtered.count} ignored versions")
113
116
  end
114
117
 
115
- if raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
116
- Dependabot.logger.info("All updates for #{dependency.name} were ignored")
118
+ if raise_on_ignored
119
+ lower_filtered = filter_lower_versions(filtered)
120
+ if lower_filtered.empty? && filter_lower_versions(valid).any?
121
+ Dependabot.logger.info("All updates for #{dependency.name} were ignored")
122
+ end
117
123
  end
118
124
 
119
125
  filtered
@@ -121,10 +127,45 @@ module Dependabot
121
127
 
122
128
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
123
129
  def filter_lower_versions(versions)
124
- return versions unless dependency.version
130
+ return versions unless dependency.version && version_class.correct?(dependency.version)
125
131
 
126
132
  current_version = version_class.new(dependency.version)
127
- versions.select { |v| version_class.new(v) > current_version }
133
+ versions.select { |v| version_class.correct?(v) && version_class.new(v) > current_version }
134
+ end
135
+
136
+ # Filters prereleases keyed off dependency.version only (Bazel uses exact pins, not ranges).
137
+ sig { params(versions: T::Array[String]).returns(T::Array[String]) }
138
+ def filter_prerelease_versions(versions)
139
+ current_release = current_prerelease_release_line
140
+ filtered = versions.reject { |v| prerelease_to_exclude?(v, current_release) }
141
+
142
+ if versions.count > filtered.count
143
+ Dependabot.logger.info("Filtered out #{versions.count - filtered.count} pre-release versions")
144
+ end
145
+
146
+ filtered
147
+ end
148
+
149
+ # Returns the release line of the current version if it's a prerelease, nil otherwise.
150
+ sig { returns(T.nilable(Gem::Version)) }
151
+ def current_prerelease_release_line
152
+ current = dependency.version
153
+ return nil unless current && version_class.correct?(current)
154
+
155
+ parsed = version_class.new(current)
156
+ parsed.prerelease? ? parsed.release : nil
157
+ end
158
+
159
+ sig { params(version_string: String, current_release: T.nilable(Gem::Version)).returns(T::Boolean) }
160
+ def prerelease_to_exclude?(version_string, current_release)
161
+ # Filters malformed versions — they cannot be parsed for prerelease detection.
162
+ return false unless version_class.correct?(version_string)
163
+
164
+ candidate = version_class.new(version_string)
165
+ return false unless candidate.prerelease?
166
+
167
+ # On stable: exclude all prereleases. On prerelease: exclude only unrelated ones.
168
+ current_release.nil? || candidate.release != current_release
128
169
  end
129
170
 
130
171
  sig { params(versions: T::Array[String]).returns(T::Array[String]) }
@@ -13,15 +13,25 @@ module Dependabot
13
13
  class Version < Dependabot::Version
14
14
  extend T::Sig
15
15
 
16
+ sig { override.params(version: VersionParameter).returns(T::Boolean) }
17
+ def self.correct?(version)
18
+ return false if version.nil?
19
+
20
+ super(normalize_bazel_version(version.to_s))
21
+ end
22
+
16
23
  sig { override.params(version: VersionParameter).void }
17
24
  def initialize(version)
18
25
  @version_string = T.let(version.to_s, String)
19
26
  @bcr_suffix = T.let(parse_bcr_suffix(@version_string), T.nilable(Integer))
20
27
 
21
- # Remove the .bcr.X suffix for comparison, and strip leading 'v' if present
22
- base_version = remove_bcr_suffix(@version_string)
23
- base_version = base_version.sub(/^v/i, "")
24
- super(base_version)
28
+ super(Dependabot::Bazel::Version.normalize_bazel_version(@version_string))
29
+ end
30
+
31
+ # Strips .bcr.N suffix and v prefix to yield a Gem::Version-compatible string.
32
+ sig { params(version_string: String).returns(String) }
33
+ def self.normalize_bazel_version(version_string)
34
+ version_string.sub(/\.bcr\.\d+$/, "").sub(/^v/i, "")
25
35
  end
26
36
 
27
37
  sig { override.returns(String) }
@@ -51,11 +61,6 @@ module Dependabot
51
61
  match ? T.must(match[1]).to_i : nil
52
62
  end
53
63
 
54
- sig { params(version_string: String).returns(String) }
55
- def remove_bcr_suffix(version_string)
56
- version_string.sub(/\.bcr\.\d+$/, "")
57
- end
58
-
59
64
  sig { params(other: BasicObject).returns(T.nilable(Dependabot::Bazel::Version)) }
60
65
  def convert_to_bazel_version(other)
61
66
  case other
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bazel
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.384.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.383.0
18
+ version: 0.384.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.383.0
25
+ version: 0.384.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -269,7 +269,7 @@ licenses:
269
269
  - MIT
270
270
  metadata:
271
271
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
272
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
272
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
273
273
  rdoc_options: []
274
274
  require_paths:
275
275
  - lib
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
284
  - !ruby/object:Gem::Version
285
285
  version: 3.3.0
286
286
  requirements: []
287
- rubygems_version: 3.7.2
287
+ rubygems_version: 4.0.14
288
288
  specification_version: 4
289
289
  summary: Provides Dependabot support for Bazel
290
290
  test_files: []