dependabot-bun 0.302.0 → 0.303.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bun/metadata_finder.rb +47 -18
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 27edfc9fc442ae68e0e2c82be8cc05bac045eb4f3fbabe7ccc57723399d119e7
|
|
4
|
+
data.tar.gz: 784300996dcb070425ce461848e9c8887805aeaf174563ecdd55128a7b4cf750
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 05003d07765b28ceab7cfca523382a983652ce8bede462c1ae5975c77e58026f46b81d59ab621ba3fb7618170250f32195515ea899c40e0923011b654e074bc7
|
|
7
|
+
data.tar.gz: 6fc8e6bc5e2be73805ebb101bb0d57586ea788461393528a265d21e5f3b0438e1ebf4659a484fc10ac3c1b716f9d30ca67d8e02397a7bf7883f68f5eadce9791
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
require "time"
|
|
6
7
|
|
|
7
8
|
require "dependabot/metadata_finders"
|
|
@@ -13,19 +14,23 @@ require "dependabot/bun/version"
|
|
|
13
14
|
module Dependabot
|
|
14
15
|
module Bun
|
|
15
16
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
|
17
|
+
extend T::Sig
|
|
18
|
+
|
|
19
|
+
sig { override.returns(T.nilable(String)) }
|
|
16
20
|
def homepage_url
|
|
17
21
|
# Attempt to use version_listing first, as fetching the entire listing
|
|
18
22
|
# array can be slow (if it's large)
|
|
19
23
|
return latest_version_listing["homepage"] if latest_version_listing["homepage"]
|
|
20
24
|
|
|
21
|
-
listing = all_version_listings.find { |
|
|
22
|
-
listing&.
|
|
25
|
+
listing = all_version_listings.find { |l| l["homepage"] }
|
|
26
|
+
listing&.fetch("homepage", nil) || super
|
|
23
27
|
end
|
|
24
28
|
|
|
29
|
+
sig { override.returns(T.nilable(String)) }
|
|
25
30
|
def maintainer_changes
|
|
26
31
|
return unless npm_releaser
|
|
27
32
|
return unless npm_listing.dig("time", dependency.version)
|
|
28
|
-
return if previous_releasers
|
|
33
|
+
return if previous_releasers&.include?(npm_releaser)
|
|
29
34
|
|
|
30
35
|
"This version was pushed to npm by " \
|
|
31
36
|
"[#{npm_releaser}](https://www.npmjs.com/~#{npm_releaser}), a new " \
|
|
@@ -34,10 +39,11 @@ module Dependabot
|
|
|
34
39
|
|
|
35
40
|
private
|
|
36
41
|
|
|
42
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
|
37
43
|
def look_up_source
|
|
38
44
|
return find_source_from_registry if new_source.nil?
|
|
39
45
|
|
|
40
|
-
source_type = new_source[:type
|
|
46
|
+
source_type = new_source&.[](:type) || new_source&.fetch("type")
|
|
41
47
|
|
|
42
48
|
case source_type
|
|
43
49
|
when "git" then find_source_from_git_url
|
|
@@ -46,12 +52,14 @@ module Dependabot
|
|
|
46
52
|
end
|
|
47
53
|
end
|
|
48
54
|
|
|
55
|
+
sig { returns(T.nilable(String)) }
|
|
49
56
|
def npm_releaser
|
|
50
57
|
all_version_listings
|
|
51
|
-
.find { |v
|
|
52
|
-
&.
|
|
58
|
+
.find { |v| v["version"] == dependency.version }
|
|
59
|
+
&.dig("_npmUser", "name")
|
|
53
60
|
end
|
|
54
61
|
|
|
62
|
+
sig { returns(T.nilable(T::Array[String])) }
|
|
55
63
|
def previous_releasers
|
|
56
64
|
times = npm_listing.fetch("time")
|
|
57
65
|
|
|
@@ -65,9 +73,10 @@ module Dependabot
|
|
|
65
73
|
|
|
66
74
|
all_version_listings
|
|
67
75
|
.reject { |v, _| Time.parse(times[v]) > cutoff }
|
|
68
|
-
.filter_map { |
|
|
76
|
+
.filter_map { |d| d.fetch("_npmUser", nil)&.fetch("name", nil) }
|
|
69
77
|
end
|
|
70
78
|
|
|
79
|
+
sig { returns(T.nilable(Source)) }
|
|
71
80
|
def find_source_from_registry
|
|
72
81
|
# Attempt to use version_listing first, as fetching the entire listing
|
|
73
82
|
# array can be slow (if it's large)
|
|
@@ -81,7 +90,7 @@ module Dependabot
|
|
|
81
90
|
return potential_sources.first if potential_sources.any?
|
|
82
91
|
|
|
83
92
|
potential_sources =
|
|
84
|
-
all_version_listings.flat_map do |
|
|
93
|
+
all_version_listings.flat_map do |listing|
|
|
85
94
|
[
|
|
86
95
|
get_source(listing["repository"]),
|
|
87
96
|
get_source(listing["homepage"]),
|
|
@@ -92,6 +101,7 @@ module Dependabot
|
|
|
92
101
|
potential_sources.first
|
|
93
102
|
end
|
|
94
103
|
|
|
104
|
+
sig { returns(T.nilable(T::Hash[T.any(String, Symbol), String])) }
|
|
95
105
|
def new_source
|
|
96
106
|
sources = dependency.requirements
|
|
97
107
|
.map { |r| r.fetch(:source) }.uniq.compact
|
|
@@ -100,6 +110,7 @@ module Dependabot
|
|
|
100
110
|
sources.first
|
|
101
111
|
end
|
|
102
112
|
|
|
113
|
+
sig { params(details: T.any(String, T::Hash[String, String])).returns(T.nilable(Source)) }
|
|
103
114
|
def get_source(details)
|
|
104
115
|
potential_url = get_url(details)
|
|
105
116
|
return unless potential_url
|
|
@@ -111,6 +122,7 @@ module Dependabot
|
|
|
111
122
|
potential_source
|
|
112
123
|
end
|
|
113
124
|
|
|
125
|
+
sig { params(details: T.any(String, T::Hash[String, String])).returns(T.nilable(String)) }
|
|
114
126
|
def get_url(details)
|
|
115
127
|
url =
|
|
116
128
|
case details
|
|
@@ -122,6 +134,7 @@ module Dependabot
|
|
|
122
134
|
"https://github.com/" + url
|
|
123
135
|
end
|
|
124
136
|
|
|
137
|
+
sig { params(details: T.any(String, T::Hash[String, String])).returns(T.nilable(String)) }
|
|
125
138
|
def get_directory(details)
|
|
126
139
|
# Only return a directory if it is explicitly specified
|
|
127
140
|
return unless details.is_a?(Hash)
|
|
@@ -129,22 +142,32 @@ module Dependabot
|
|
|
129
142
|
details.fetch("directory", nil)
|
|
130
143
|
end
|
|
131
144
|
|
|
145
|
+
sig { returns(T.nilable(Source)) }
|
|
132
146
|
def find_source_from_git_url
|
|
133
|
-
url = new_source[:url
|
|
147
|
+
url = new_source&.[](:url) || new_source&.fetch("url")
|
|
134
148
|
Source.from_url(url)
|
|
135
149
|
end
|
|
136
150
|
|
|
151
|
+
sig { returns(T::Hash[String, T.untyped]) }
|
|
137
152
|
def latest_version_listing
|
|
138
|
-
return @latest_version_listing
|
|
153
|
+
return @latest_version_listing unless @latest_version_listing.nil?
|
|
154
|
+
|
|
155
|
+
response = Dependabot::RegistryClient.get(url: "#{dependency_url}/latest",
|
|
156
|
+
headers: registry_auth_headers)
|
|
157
|
+
return @latest_version_listing = {} if response.status >= 500
|
|
139
158
|
|
|
140
|
-
|
|
141
|
-
|
|
159
|
+
begin
|
|
160
|
+
@latest_version_listing = JSON.parse(response.body)
|
|
161
|
+
rescue JSON::ParserError
|
|
162
|
+
raise unless non_standard_registry?
|
|
142
163
|
|
|
143
|
-
|
|
164
|
+
@latest_version_listing = {}
|
|
165
|
+
end
|
|
144
166
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
145
|
-
@latest_version_listing = {}
|
|
167
|
+
@latest_version_listing = T.let({}, T.nilable(T::Hash[String, T.untyped]))
|
|
146
168
|
end
|
|
147
169
|
|
|
170
|
+
sig { returns(T::Array[T::Hash[String, T.untyped]]) }
|
|
148
171
|
def all_version_listings
|
|
149
172
|
return [] if npm_listing["versions"].nil?
|
|
150
173
|
|
|
@@ -154,6 +177,7 @@ module Dependabot
|
|
|
154
177
|
.reverse
|
|
155
178
|
end
|
|
156
179
|
|
|
180
|
+
sig { returns(T::Hash[String, T.untyped]) }
|
|
157
181
|
def npm_listing
|
|
158
182
|
return @npm_listing unless @npm_listing.nil?
|
|
159
183
|
|
|
@@ -168,14 +192,15 @@ module Dependabot
|
|
|
168
192
|
@npm_listing = {}
|
|
169
193
|
end
|
|
170
194
|
rescue Excon::Error::Timeout
|
|
171
|
-
@npm_listing = {}
|
|
195
|
+
@npm_listing = T.let({}, T.nilable(T::Hash[String, T.untyped]))
|
|
172
196
|
end
|
|
173
197
|
|
|
198
|
+
sig { returns(String) }
|
|
174
199
|
def dependency_url
|
|
175
200
|
registry_url =
|
|
176
201
|
if new_source.nil? then "https://registry.npmjs.org"
|
|
177
202
|
else
|
|
178
|
-
new_source
|
|
203
|
+
new_source&.fetch(:url)
|
|
179
204
|
end
|
|
180
205
|
|
|
181
206
|
# NPM registries expect slashes to be escaped
|
|
@@ -183,19 +208,22 @@ module Dependabot
|
|
|
183
208
|
"#{registry_url}/#{escaped_dependency_name}"
|
|
184
209
|
end
|
|
185
210
|
|
|
211
|
+
sig { returns(T::Hash[String, String]) }
|
|
186
212
|
def registry_auth_headers
|
|
187
213
|
return {} unless auth_token
|
|
188
214
|
|
|
189
215
|
{ "Authorization" => "Bearer #{auth_token}" }
|
|
190
216
|
end
|
|
191
217
|
|
|
218
|
+
sig { returns(String) }
|
|
192
219
|
def dependency_registry
|
|
193
220
|
if new_source.nil? then "registry.npmjs.org"
|
|
194
221
|
else
|
|
195
|
-
new_source.fetch(:url).gsub("https://", "").gsub("http://", "")
|
|
222
|
+
T.must(new_source).fetch(:url).gsub("https://", "").gsub("http://", "")
|
|
196
223
|
end
|
|
197
224
|
end
|
|
198
225
|
|
|
226
|
+
sig { returns(T.nilable(String)) }
|
|
199
227
|
def auth_token
|
|
200
228
|
credentials
|
|
201
229
|
.select { |cred| cred["type"] == "npm_registry" }
|
|
@@ -203,6 +231,7 @@ module Dependabot
|
|
|
203
231
|
&.fetch("token", nil)
|
|
204
232
|
end
|
|
205
233
|
|
|
234
|
+
sig { returns(T::Boolean) }
|
|
206
235
|
def non_standard_registry?
|
|
207
236
|
dependency_registry != "registry.npmjs.org"
|
|
208
237
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bun
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.303.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-03-
|
|
11
|
+
date: 2025-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.303.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.303.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -156,14 +156,14 @@ dependencies:
|
|
|
156
156
|
requirements:
|
|
157
157
|
- - "~>"
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 0.8.
|
|
159
|
+
version: 0.8.7
|
|
160
160
|
type: :development
|
|
161
161
|
prerelease: false
|
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
163
|
requirements:
|
|
164
164
|
- - "~>"
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: 0.8.
|
|
166
|
+
version: 0.8.7
|
|
167
167
|
- !ruby/object:Gem::Dependency
|
|
168
168
|
name: simplecov
|
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -347,7 +347,7 @@ licenses:
|
|
|
347
347
|
- MIT
|
|
348
348
|
metadata:
|
|
349
349
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
350
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.303.0
|
|
351
351
|
post_install_message:
|
|
352
352
|
rdoc_options: []
|
|
353
353
|
require_paths:
|