dependabot-bazel 0.348.1 → 0.349.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bazel/requirement.rb +17 -12
- data/lib/dependabot/bazel/update_checker.rb +29 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed0dbfa97a75fd1406bca951209c70fd4a6662af02ea56ee4358a4a35775a49a
|
|
4
|
+
data.tar.gz: 06572e1e787cd4a06b8a87ca8e9ba64a217ba05a521a7b43734f37f77619a724
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2389b544675a0ea95032e4b7011bb61344c1becd2f238b009d8cc206f8d12c11f32a9707edc05cf4d525738821a0f118b7129f9c72e6777266c832eda6d12aec
|
|
7
|
+
data.tar.gz: a1c6fea7689e7d7518bba8f42f6b5a6c57a17446b8f6f8e349338f4822d4442430ccf77d680da7bfd09c60e2d27caa2e9783461bcb048f32ebb7bf5a6ef6b8f0
|
|
@@ -10,39 +10,44 @@ module Dependabot
|
|
|
10
10
|
class Requirement < Dependabot::Requirement
|
|
11
11
|
extend T::Sig
|
|
12
12
|
|
|
13
|
-
# Bazel dependencies typically use exact versions, not version ranges
|
|
14
|
-
# This class exists for consistency with Dependabot patterns but
|
|
15
|
-
# may not be heavily used since Bazel tends to pin exact versions
|
|
16
|
-
|
|
17
13
|
sig { params(requirement_string: String).returns(String) }
|
|
18
14
|
def self.normalize_requirement(requirement_string)
|
|
19
|
-
# Handle exact version specifications (most common in Bazel)
|
|
20
15
|
return requirement_string if requirement_string.match?(/^[<>=~]/)
|
|
21
16
|
|
|
22
|
-
# For bare version strings, treat as exact match
|
|
23
17
|
return "= #{requirement_string}" if requirement_string.match?(/^\d+(\.\d+)*(-[\w\d.]+)?(\+[\w\d.]+)?$/)
|
|
24
18
|
|
|
25
19
|
requirement_string
|
|
26
20
|
end
|
|
27
21
|
|
|
28
|
-
# This abstract method must be implemented
|
|
29
22
|
sig do
|
|
30
23
|
override
|
|
31
24
|
.params(requirement_string: T.nilable(String))
|
|
32
25
|
.returns(T::Array[Dependabot::Requirement])
|
|
33
26
|
end
|
|
34
27
|
def self.requirements_array(requirement_string)
|
|
35
|
-
# For Bazel, most requirements are simple exact versions
|
|
36
28
|
return [] if requirement_string.nil? || requirement_string.strip.empty?
|
|
37
29
|
|
|
38
|
-
|
|
39
|
-
|
|
30
|
+
# Handle comma-separated constraints (e.g., ">= 1.0, < 2.0")
|
|
31
|
+
constraints = requirement_string.split(",").map do |req_string|
|
|
32
|
+
normalize_requirement(req_string.strip)
|
|
33
|
+
end.reject(&:empty?)
|
|
34
|
+
|
|
35
|
+
return [] if constraints.empty?
|
|
36
|
+
|
|
37
|
+
[new(constraints)]
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
sig { params(requirements: T.nilable(T.any(String, T::Array[String]))).void }
|
|
41
|
+
def initialize(*requirements)
|
|
42
|
+
requirements = requirements.flatten.flat_map do |req_string|
|
|
43
|
+
T.must(req_string).split(",").map(&:strip)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
super(requirements)
|
|
40
47
|
end
|
|
41
48
|
|
|
42
49
|
sig { override.params(version: Gem::Version).returns(T::Boolean) }
|
|
43
50
|
def satisfied_by?(version)
|
|
44
|
-
# For Bazel versions, delegate to the base class
|
|
45
|
-
# but ensure we're working with proper version objects
|
|
46
51
|
bazel_version = case version
|
|
47
52
|
when Dependabot::Bazel::Version
|
|
48
53
|
version
|
|
@@ -78,7 +78,9 @@ module Dependabot
|
|
|
78
78
|
versions = registry_client.all_module_versions(dependency.name)
|
|
79
79
|
return nil if versions.empty?
|
|
80
80
|
|
|
81
|
-
filtered_versions =
|
|
81
|
+
filtered_versions = filter_ignored_versions(versions)
|
|
82
|
+
filtered_versions = filter_lower_versions(filtered_versions)
|
|
83
|
+
filtered_versions = apply_cooldown_filter(filtered_versions)
|
|
82
84
|
return nil if filtered_versions.empty?
|
|
83
85
|
|
|
84
86
|
latest_version_string = filtered_versions.max_by { |v| version_sort_key(v) }
|
|
@@ -98,6 +100,32 @@ module Dependabot
|
|
|
98
100
|
)
|
|
99
101
|
end
|
|
100
102
|
|
|
103
|
+
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
104
|
+
def filter_ignored_versions(versions)
|
|
105
|
+
filtered = versions.reject do |version_string|
|
|
106
|
+
version = version_class.new(version_string)
|
|
107
|
+
ignore_requirements.any? { |req| req.satisfied_by?(version) }
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
if versions.count > filtered.count
|
|
111
|
+
Dependabot.logger.info("Filtered out #{versions.count - filtered.count} ignored versions")
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
if raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
|
|
115
|
+
Dependabot.logger.info("All updates for #{dependency.name} were ignored")
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
filtered
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
122
|
+
def filter_lower_versions(versions)
|
|
123
|
+
return versions unless dependency.version
|
|
124
|
+
|
|
125
|
+
current_version = version_class.new(dependency.version)
|
|
126
|
+
versions.select { |v| version_class.new(v) > current_version }
|
|
127
|
+
end
|
|
128
|
+
|
|
101
129
|
sig { params(versions: T::Array[String]).returns(T::Array[String]) }
|
|
102
130
|
def apply_cooldown_filter(versions)
|
|
103
131
|
return versions if should_skip_cooldown?
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bazel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.349.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.349.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.349.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -263,7 +263,7 @@ licenses:
|
|
|
263
263
|
- MIT
|
|
264
264
|
metadata:
|
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.349.0
|
|
267
267
|
rdoc_options: []
|
|
268
268
|
require_paths:
|
|
269
269
|
- lib
|