RubyGems - dependabot-bun - Versions diffs - 0.296.2 → 0.296.3 - Mend

dependabot-bun 0.296.2 → 0.296.3

Files changed (144) hide show

data/lib/dependabot/javascript/shared/registry_parser.rb DELETED Viewed

@@ -1,93 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Shared
-      class RegistryParser
-        extend T::Sig
-        sig { params(resolved_url: String, credentials: T::Array[Dependabot::Credential]).void }
-        def initialize(resolved_url:, credentials:)
-          @resolved_url = resolved_url
-          @credentials = credentials
-        end
-        sig { params(name: String).returns(T::Hash[Symbol, T.untyped]) }
-        def registry_source_for(name)
-          url =
-            if resolved_url.include?("/~/")
-              # Gemfury format
-              resolved_url.split("/~/").first
-            elsif resolved_url.include?("/#{name}/-/#{name}")
-              # MyGet / Bintray format
-              T.must(resolved_url.split("/#{name}/-/#{name}").first)
-               .gsub("dl.bintray.com//", "api.bintray.com/npm/").
-                # GitLab format
-                gsub(%r{\/projects\/\d+}, "")
-            elsif resolved_url.include?("/#{name}/-/#{name.split('/').last}")
-              # Sonatype Nexus / Artifactory JFrog format
-              resolved_url.split("/#{name}/-/#{name.split('/').last}").first
-            elsif (cred_url = url_for_relevant_cred) then cred_url
-            else
-              T.must(resolved_url.split("/")[0..2]).join("/")
-            end
-          { type: "registry", url: url }
-        end
-        sig { returns(String) }
-        def dependency_name
-          url_base = if resolved_url.include?("/-/")
-                       T.must(resolved_url.split("/-/").first)
-                     else
-                       resolved_url
-                     end
-          package_name = url_base.gsub("%2F", "/").match(%r{@.*/})
-          return T.must(url_base.gsub("%2F", "/").split("/").last) unless package_name
-          "#{package_name}#{T.must(url_base.gsub('%2F', '/').split('/').last)}"
-        end
-        private
-        sig { returns(String) }
-        attr_reader :resolved_url
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-        # rubocop:disable Metrics/PerceivedComplexity
-        sig { returns(T.nilable(String)) }
-        def url_for_relevant_cred
-          resolved_url_host = URI(resolved_url).host
-          credential_matching_url =
-            credentials
-            .select { |cred| cred["type"] == "npm_registry" && cred["registry"] }
-            .sort_by { |cred| cred.fetch("registry").length }
-            .find do |details|
-              next true if resolved_url_host == details["registry"]
-              uri = if details["registry"]&.include?("://")
-                      URI(details.fetch("registry"))
-                    else
-                      URI("https://#{details['registry']}")
-                    end
-              resolved_url_host == uri.host && resolved_url.include?(details.fetch("registry"))
-            end
-          return unless credential_matching_url
-          # Trim the resolved URL so that it ends at the same point as the
-          # credential registry
-          reg = credential_matching_url.fetch("registry")
-          resolved_url.gsub(/#{Regexp.quote(reg)}.*/, "") + reg
-        end
-        # rubocop:enable Metrics/PerceivedComplexity
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/shared/requirement.rb DELETED Viewed

@@ -1,144 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Shared
-      class Requirement < Dependabot::Requirement
-        extend T::Sig
-        AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
-        OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/
-        # Override the version pattern to allow a 'v' prefix
-        quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
-        version_pattern = "v?#{Version::VERSION_PATTERN}"
-        PATTERN_RAW = T.let("\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze, String)
-        PATTERN = /\A#{PATTERN_RAW}\z/
-        sig { params(obj: T.untyped).returns(T::Array[T.untyped]) }
-        def self.parse(obj)
-          return ["=", nil] if obj.is_a?(String) && Version::VERSION_TAGS.include?(obj.strip)
-          return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
-          unless (matches = PATTERN.match(obj.to_s))
-            msg = "Illformed requirement [#{obj.inspect}]"
-            raise BadRequirementError, msg
-          end
-          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
-          [matches[1] || "=", Version.new(T.must(matches[2]))]
-        end
-        # Returns an array of requirements. At least one requirement from the
-        # returned array must be satisfied for a version to be valid.
-        sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
-        def self.requirements_array(requirement_string)
-          return [new([])] if requirement_string.nil?
-          # Removing parentheses is technically wrong but they are extremely
-          # rarely used.
-          # TODO: Handle complicated parenthesised requirements
-          requirement_string = requirement_string.gsub(/[()]/, "")
-          requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
-            requirements = req_string.strip.split(AND_SEPARATOR)
-            new(requirements)
-          end
-        end
-        sig { params(requirements: T.any(String, T::Array[String])).void }
-        def initialize(*requirements)
-          requirements = requirements.flatten
-                                     .flat_map { |req_string| req_string.split(",").map(&:strip) }
-                                     .flat_map { |req_string| convert_js_constraint_to_ruby_constraint(req_string) }
-          super(requirements)
-        end
-        private
-        sig { params(req_string: String).returns(T.any(String, T::Array[String])) }
-        def convert_js_constraint_to_ruby_constraint(req_string)
-          return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
-          req_string = req_string.gsub(/(?:\.|^)[xX*]/, "")
-          if req_string.empty? then ">= 0"
-          elsif req_string.start_with?("~>") then req_string
-          elsif req_string.start_with?("=") then req_string.gsub(/^=*/, "")
-          elsif req_string.start_with?("~") then convert_tilde_req(req_string)
-          elsif req_string.start_with?("^") then convert_caret_req(req_string)
-          elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
-          elsif req_string.match?(/[<>]/) then req_string
-          else
-            ruby_range(req_string)
-          end
-        end
-        sig { params(req_string: String).returns(String) }
-        def convert_tilde_req(req_string)
-          version = req_string.gsub(/^~\>?[\s=]*/, "")
-          parts = version.split(".")
-          parts << "0" if parts.count < 3
-          "~> #{parts.join('.')}"
-        end
-        sig { params(req_string: String).returns(T::Array[String]) }
-        def convert_hyphen_req(req_string)
-          lower_bound, upper_bound = req_string.split(/\s+-\s+/)
-          lower_bound_parts = lower_bound&.split(".")
-          lower_bound_parts&.fill("0", lower_bound_parts.length...3)
-          upper_bound_parts = upper_bound&.split(".")
-          upper_bound_range =
-            if upper_bound_parts && upper_bound_parts.length < 3
-              # When upper bound is a partial version treat these as an X-range
-              upper_bound_parts[-1] = upper_bound_parts[-1].to_i + 1 if upper_bound_parts[-1].to_i.positive?
-              upper_bound_parts.fill("0", upper_bound_parts.length...3)
-              "< #{upper_bound_parts.join('.')}.a"
-            else
-              "<= #{upper_bound_parts&.join('.')}"
-            end
-          [">= #{lower_bound_parts&.join('.')}", upper_bound_range]
-        end
-        sig { params(req_string: String).returns(String) }
-        def ruby_range(req_string)
-          parts = req_string.split(".")
-          # If we have three or more parts then this is an exact match
-          return req_string if parts.count >= 3
-          # If we have fewer than three parts we do a partial match
-          parts << "0"
-          "~> #{parts.join('.')}"
-        end
-        sig { params(req_string: String).returns(T::Array[String]) }
-        def convert_caret_req(req_string) # rubocop:disable Metrics/PerceivedComplexity
-          version = req_string.gsub(/^\^[\s=]*/, "")
-          parts = version.split(".")
-          parts.fill("x", parts.length...3)
-          first_non_zero = parts.find { |d| d != "0" }
-          first_non_zero_index =
-            first_non_zero ? parts.index(first_non_zero) : parts.count - 1
-          # If the requirement has a blank minor or patch version increment the
-          # previous index value with 1
-          first_non_zero_index -= 1 if first_non_zero_index && first_non_zero == "x"
-          upper_bound = parts.map.with_index do |part, i|
-            if i < T.must(first_non_zero_index) then part
-            elsif i == first_non_zero_index then (part.to_i + 1).to_s
-            elsif i > T.must(first_non_zero_index) && i == 2 then "0.a"
-            else
-              0
-            end
-          end.join(".")
-          [">= #{version}", "< #{upper_bound}"]
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/shared/sub_dependency_files_filterer.rb DELETED Viewed

@@ -1,79 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-# Used in the sub dependency version resolver and file updater to only run
-# yarn/npm helpers on dependency files that require updates. This is useful for
-# large monorepos with lots of sub-projects that don't all have the same
-# dependencies.
-module Dependabot
-  module Javascript
-    module Shared
-      class SubDependencyFilesFilterer
-        extend T::Sig
-        sig { params(dependency_files: T::Array[DependencyFile], updated_dependencies: T::Array[Dependency]).void }
-        def initialize(dependency_files:, updated_dependencies:)
-          @dependency_files = dependency_files
-          @updated_dependencies = updated_dependencies
-        end
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def files_requiring_update
-          return T.must(@files_requiring_update) if defined? @files_requiring_update
-          files_requiring_update =
-            lockfiles.select do |lockfile|
-              lockfile_dependencies(lockfile).any? do |sub_dep|
-                updated_dependencies.any? do |updated_dep|
-                  next false unless sub_dep.name == updated_dep.name
-                  version_class.new(updated_dep.version) >
-                    version_class.new(sub_dep.version)
-                end
-              end
-            end
-          @files_requiring_update ||= T.let(files_requiring_update, T.nilable(T::Array[DependencyFile]))
-        end
-        private
-        sig { returns(T::Array[DependencyFile]) }
-        attr_reader :dependency_files
-        sig { returns(T::Array[Dependency]) }
-        attr_reader :updated_dependencies
-        sig { params(lockfile: DependencyFile).returns(T::Array[Dependabot::Dependency]) }
-        def lockfile_dependencies(lockfile)
-          @lockfile_dependencies ||= T.let({}, T.nilable(T::Hash[String, T::Array[Dependency]]))
-          @lockfile_dependencies[lockfile.name] ||=
-            NpmAndYarn::FileParser::LockfileParser.new(
-              dependency_files: [lockfile]
-            ).parse
-        end
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        def lockfiles
-          dependency_files.select { |file| lockfile?(file) }
-        end
-        sig { params(file: DependencyFile).returns(T::Boolean) }
-        def lockfile?(file)
-          file.name.end_with?(
-            "package-lock.json",
-            "yarn.lock",
-            "npm-shrinkwrap.json",
-            "bun.lock",
-            "pnpm-lock.yaml"
-          )
-        end
-        sig { returns(T.class_of(Dependabot::NpmAndYarn::Version)) }
-        def version_class
-          NpmAndYarn::Version
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/javascript/shared/update_checker/dependency_files_builder.rb DELETED Viewed

@@ -1,87 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-module Dependabot
-  module Javascript
-    module Shared
-      module UpdateChecker
-        class DependencyFilesBuilder
-          extend T::Helpers
-          extend T::Sig
-          abstract!
-          Credentials = T.type_alias { T::Array[Credential] }
-          sig do
-            params(
-              dependency: Dependency,
-              dependency_files: T::Array[DependencyFile],
-              credentials: Credentials
-            )
-              .void
-          end
-          def initialize(dependency:, dependency_files:, credentials:)
-            @dependency = T.let(dependency, Dependency)
-            @dependency_files = T.let(dependency_files, T::Array[DependencyFile])
-            @credentials = T.let(credentials, Credentials)
-          end
-          sig { void }
-          def write_temporary_dependency_files
-            write_lockfiles
-            File.write(".npmrc", npmrc_content)
-            package_files.each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-              File.write(file.name, prepared_package_json_content(file))
-            end
-          end
-          sig { abstract.returns(T::Array[DependencyFile]) }
-          def lockfiles; end
-          sig { returns(T::Array[DependencyFile]) }
-          def package_files
-            @package_files ||= T.let(
-              dependency_files
-              .select { |f| f.name.end_with?("package.json") },
-              T.nilable(T::Array[DependencyFile])
-            )
-          end
-          private
-          sig { returns(Dependency) }
-          attr_reader :dependency
-          sig { returns(T::Array[DependencyFile]) }
-          attr_reader :dependency_files
-          sig { returns(Credentials) }
-          attr_reader :credentials
-          sig { abstract.returns(T::Array[DependencyFile]) }
-          def write_lockfiles; end
-          sig { params(file: DependencyFile).returns(String) }
-          def prepared_package_json_content(file)
-            FileUpdater::PackageJsonPreparer.new(
-              package_json_content: file.content
-            ).prepared_content
-          end
-          sig { returns(String) }
-          def npmrc_content
-            FileUpdater::NpmrcBuilder.new(
-              credentials: credentials,
-              dependency_files: dependency_files
-            ).npmrc_content
-          end
-        end
-      end
-    end
-  end
-end