dependabot-bazel 0.383.0 → 0.384.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bazel/update_checker.rb +49 -8
- data/lib/dependabot/bazel/version.rb +14 -9
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5de24f1c771f85a2f7751cc31cd33ab540aa5e2490238bce50e8911e3d5cf6af
|
|
4
|
+
data.tar.gz: aa3e5a4d9693afb18c3128d80c0d452352d9857ed75a23511beb7b5fdc3ff201
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c573a560bdba70da9752dd96278b5257863f9263d43bfaf0e540211ba6ecb30236a5525b070efc88bc10cd4f66bf763a63ddb3447c13710ca39837a4b8b315f
|
|
7
|
+
data.tar.gz: f91bd0b1fed7a75d6a4ad75795a93d9d2b88d573edc1d6097cf61b779187a2ab21d5b6900af3ff2964e444446e1525b3c19c1579bcf0a2272cf4dfef192bb934
|
|
@@ -79,7 +79,9 @@ module Dependabot
|
|
|
79
79
|
versions = registry_client.all_module_versions(dependency.name)
|
|
80
80
|
return nil if versions.empty?
|
|
81
81
|
|
|
82
|
-
|
|
82
|
+
# Prerelease filter must run first so stable releases remain visible when upgrading from a prerelease.
|
|
83
|
+
filtered_versions = filter_prerelease_versions(versions)
|
|
84
|
+
filtered_versions = filter_ignored_versions(filtered_versions)
|
|
83
85
|
filtered_versions = filter_lower_versions(filtered_versions)
|
|
84
86
|
filtered_versions = apply_cooldown_filter(filtered_versions)
|
|
85
87
|
return nil if filtered_versions.empty?
|
|
@@ -103,17 +105,21 @@ module Dependabot
|
|
|
103
105
|
|
|
104
106
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
105
107
|
def filter_ignored_versions(versions)
|
|
106
|
-
|
|
108
|
+
valid = versions.select { |v| version_class.correct?(v) }
|
|
109
|
+
filtered = valid.reject do |version_string|
|
|
107
110
|
version = version_class.new(version_string)
|
|
108
111
|
ignore_requirements.any? { |req| req.satisfied_by?(version) }
|
|
109
112
|
end
|
|
110
113
|
|
|
111
|
-
if
|
|
112
|
-
Dependabot.logger.info("Filtered out #{
|
|
114
|
+
if valid.count > filtered.count
|
|
115
|
+
Dependabot.logger.info("Filtered out #{valid.count - filtered.count} ignored versions")
|
|
113
116
|
end
|
|
114
117
|
|
|
115
|
-
if raise_on_ignored
|
|
116
|
-
|
|
118
|
+
if raise_on_ignored
|
|
119
|
+
lower_filtered = filter_lower_versions(filtered)
|
|
120
|
+
if lower_filtered.empty? && filter_lower_versions(valid).any?
|
|
121
|
+
Dependabot.logger.info("All updates for #{dependency.name} were ignored")
|
|
122
|
+
end
|
|
117
123
|
end
|
|
118
124
|
|
|
119
125
|
filtered
|
|
@@ -121,10 +127,45 @@ module Dependabot
|
|
|
121
127
|
|
|
122
128
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
123
129
|
def filter_lower_versions(versions)
|
|
124
|
-
return versions unless dependency.version
|
|
130
|
+
return versions unless dependency.version && version_class.correct?(dependency.version)
|
|
125
131
|
|
|
126
132
|
current_version = version_class.new(dependency.version)
|
|
127
|
-
versions.select { |v| version_class.new(v) > current_version }
|
|
133
|
+
versions.select { |v| version_class.correct?(v) && version_class.new(v) > current_version }
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
# Filters prereleases keyed off dependency.version only (Bazel uses exact pins, not ranges).
|
|
137
|
+
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
138
|
+
def filter_prerelease_versions(versions)
|
|
139
|
+
current_release = current_prerelease_release_line
|
|
140
|
+
filtered = versions.reject { |v| prerelease_to_exclude?(v, current_release) }
|
|
141
|
+
|
|
142
|
+
if versions.count > filtered.count
|
|
143
|
+
Dependabot.logger.info("Filtered out #{versions.count - filtered.count} pre-release versions")
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
filtered
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
# Returns the release line of the current version if it's a prerelease, nil otherwise.
|
|
150
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
151
|
+
def current_prerelease_release_line
|
|
152
|
+
current = dependency.version
|
|
153
|
+
return nil unless current && version_class.correct?(current)
|
|
154
|
+
|
|
155
|
+
parsed = version_class.new(current)
|
|
156
|
+
parsed.prerelease? ? parsed.release : nil
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
sig { params(version_string: String, current_release: T.nilable(Gem::Version)).returns(T::Boolean) }
|
|
160
|
+
def prerelease_to_exclude?(version_string, current_release)
|
|
161
|
+
# Filters malformed versions — they cannot be parsed for prerelease detection.
|
|
162
|
+
return false unless version_class.correct?(version_string)
|
|
163
|
+
|
|
164
|
+
candidate = version_class.new(version_string)
|
|
165
|
+
return false unless candidate.prerelease?
|
|
166
|
+
|
|
167
|
+
# On stable: exclude all prereleases. On prerelease: exclude only unrelated ones.
|
|
168
|
+
current_release.nil? || candidate.release != current_release
|
|
128
169
|
end
|
|
129
170
|
|
|
130
171
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
@@ -13,15 +13,25 @@ module Dependabot
|
|
|
13
13
|
class Version < Dependabot::Version
|
|
14
14
|
extend T::Sig
|
|
15
15
|
|
|
16
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
|
17
|
+
def self.correct?(version)
|
|
18
|
+
return false if version.nil?
|
|
19
|
+
|
|
20
|
+
super(normalize_bazel_version(version.to_s))
|
|
21
|
+
end
|
|
22
|
+
|
|
16
23
|
sig { override.params(version: VersionParameter).void }
|
|
17
24
|
def initialize(version)
|
|
18
25
|
@version_string = T.let(version.to_s, String)
|
|
19
26
|
@bcr_suffix = T.let(parse_bcr_suffix(@version_string), T.nilable(Integer))
|
|
20
27
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
28
|
+
super(Dependabot::Bazel::Version.normalize_bazel_version(@version_string))
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Strips .bcr.N suffix and v prefix to yield a Gem::Version-compatible string.
|
|
32
|
+
sig { params(version_string: String).returns(String) }
|
|
33
|
+
def self.normalize_bazel_version(version_string)
|
|
34
|
+
version_string.sub(/\.bcr\.\d+$/, "").sub(/^v/i, "")
|
|
25
35
|
end
|
|
26
36
|
|
|
27
37
|
sig { override.returns(String) }
|
|
@@ -51,11 +61,6 @@ module Dependabot
|
|
|
51
61
|
match ? T.must(match[1]).to_i : nil
|
|
52
62
|
end
|
|
53
63
|
|
|
54
|
-
sig { params(version_string: String).returns(String) }
|
|
55
|
-
def remove_bcr_suffix(version_string)
|
|
56
|
-
version_string.sub(/\.bcr\.\d+$/, "")
|
|
57
|
-
end
|
|
58
|
-
|
|
59
64
|
sig { params(other: BasicObject).returns(T.nilable(Dependabot::Bazel::Version)) }
|
|
60
65
|
def convert_to_bazel_version(other)
|
|
61
66
|
case other
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bazel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.384.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.384.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.384.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -269,7 +269,7 @@ licenses:
|
|
|
269
269
|
- MIT
|
|
270
270
|
metadata:
|
|
271
271
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
272
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
272
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
|
|
273
273
|
rdoc_options: []
|
|
274
274
|
require_paths:
|
|
275
275
|
- lib
|
|
@@ -284,7 +284,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
284
284
|
- !ruby/object:Gem::Version
|
|
285
285
|
version: 3.3.0
|
|
286
286
|
requirements: []
|
|
287
|
-
rubygems_version:
|
|
287
|
+
rubygems_version: 4.0.14
|
|
288
288
|
specification_version: 4
|
|
289
289
|
summary: Provides Dependabot support for Bazel
|
|
290
290
|
test_files: []
|