dependabot-bun 0.308.0 → 0.309.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bun/update_checker/latest_version_finder.rb +36 -28
  3. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df5c9bc08db27b356fc7ada3f8da5f778523465ae1b926e33daffd1cc1fb554e
4
- data.tar.gz: 228693c29a5da30aa9ee4366c041f51dce91b9158142dbef7b8b6121c7a27de5
3
+ metadata.gz: a896e9586e6aa0db1c681ea1eaaff0bbb2d785de7791d19077ba4216ad95de4c
4
+ data.tar.gz: 159ebc8a0f44dbffd0e3907d7f7992b35110eac1cbd7b6a7487e1cbaee08db0b
5
5
  SHA512:
6
- metadata.gz: e0c36f0b0c93f72b3cf6fbc1e7bf5a0ad7ad669927dfb45c1b3453cd84209ed8871d10704c9443d5ba448c6938096bef96feb9070a28a78a71cb6ffac50b763f
7
- data.tar.gz: b3cb11cd5ad915dc5c833fe02d4eb96dfe84ba7a9a16c152eb5958f7d9c4fa9c4443232d3145e110a2aae981f15926159026f25a8b3e66a9779aa0260762454f
6
+ metadata.gz: dc35d9e0f988774f61a4f60c01a68322287085cf3a85a3e2c38de3a55422a7e40aa17c9a4b403527f9b04b7532319c4891964e032de2b9f5e0e00fd9bf579c92
7
+ data.tar.gz: c36e41684ec0f8b08ab338e7191ba44253b6dbc56060e5d5aeb4a3a14814cbab974bf50dad7f52165c7525259171cef9ef8ce81871c3f2244840a6a8eb7985ae
data/lib/dependabot/bun/update_checker/latest_version_finder.rb CHANGED
@@ -77,7 +77,7 @@ module Dependabot
77
77
  def latest_version_with_no_unlock(language_version: nil)
78
78
  with_custom_registry_rescue do
79
79
  return unless valid_npm_details?
80
- return version_from_dist_tags if specified_dist_tag_requirement?
80
+ return version_from_dist_tags&.version if specified_dist_tag_requirement?
81
81
 
82
82
  super
83
83
  end
@@ -100,8 +100,8 @@ module Dependabot
100
100
  with_custom_registry_rescue do
101
101
  return unless valid_npm_details?
102
102
 
103
- tag_version = version_from_dist_tags
104
- return tag_version if tag_version
103
+ tag_release = version_from_dist_tags
104
+ return tag_release.version if tag_release
105
105
 
106
106
  return if specified_dist_tag_requirement?
107
107
 
@@ -117,16 +117,20 @@ module Dependabot
117
117
  def fetch_latest_version_with_no_unlock(language_version: nil)
118
118
  with_custom_registry_rescue do
119
119
  return unless valid_npm_details?
120
- return version_from_dist_tags if specified_dist_tag_requirement?
120
+ return version_from_dist_tags&.version if specified_dist_tag_requirement?
121
121
 
122
122
  super
123
123
  end
124
124
  end
125
125
 
126
- sig { override.params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
127
- def apply_post_fetch_latest_versions_filter(versions)
128
- original_count = versions.count
129
- filtered_versions = lazy_filter_yanked_versions_by_min_max(versions, check_max: true)
126
+ sig do
127
+ override
128
+ .params(releases: T::Array[Dependabot::Package::PackageRelease])
129
+ .returns(T::Array[Dependabot::Package::PackageRelease])
130
+ end
131
+ def apply_post_fetch_latest_versions_filter(releases)
132
+ original_count = releases.count
133
+ filtered_versions = lazy_filter_yanked_versions_by_min_max(releases, check_max: true)
130
134
 
131
135
  # Log the filter if any versions were removed
132
136
  if original_count > filtered_versions.count
@@ -141,26 +145,30 @@ module Dependabot
141
145
 
142
146
  sig do
143
147
  params(
144
- versions: T::Array[Dependabot::Version],
148
+ releases: T::Array[Dependabot::Package::PackageRelease],
145
149
  check_max: T::Boolean
146
- ).returns(T::Array[Dependabot::Version])
150
+ ).returns(T::Array[Dependabot::Package::PackageRelease])
147
151
  end
148
- def lazy_filter_yanked_versions_by_min_max(versions, check_max: true)
152
+ def lazy_filter_yanked_versions_by_min_max(releases, check_max: true)
149
153
  # Sort the versions based on the check_max flag (max -> descending, min -> ascending)
150
- sorted_versions = check_max ? versions.sort.reverse : versions.sort
154
+ sorted_releases = if check_max
155
+ releases.sort_by(&:version).reverse
156
+ else
157
+ releases.sort_by(&:version)
158
+ end
151
159
 
152
160
  filtered_versions = []
153
161
 
154
162
  not_yanked = T.let(false, T::Boolean)
155
163
 
156
164
  # Iterate through the sorted versions lazily, filtering out yanked versions
157
- sorted_versions.each do |version|
158
- next if !not_yanked && yanked_version?(version)
165
+ sorted_releases.each do |release|
166
+ next if !not_yanked && yanked_version?(release.version)
159
167
 
160
168
  not_yanked = true
161
169
 
162
170
  # Once we find a valid (non-yanked) version, add it to the filtered list
163
- filtered_versions << version
171
+ filtered_versions << release
164
172
  break
165
173
  end
166
174
 
@@ -172,7 +180,7 @@ module Dependabot
172
180
  .params(language_version: T.nilable(T.any(String, Dependabot::Version)))
173
181
  .returns(T.nilable(Dependabot::Version))
174
182
  end
175
- def fetch_lowest_security_fix_version(language_version:) # rubocop:disable Lint/UnusedMethodArgument
183
+ def fetch_lowest_security_fix_version(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
176
184
  with_custom_registry_rescue do
177
185
  return unless valid_npm_details?
178
186
 
@@ -180,7 +188,7 @@ module Dependabot
180
188
  if specified_dist_tag_requirement?
181
189
  [version_from_dist_tags].compact
182
190
  else
183
- possible_versions(filter_ignored: false)
191
+ possible_releases(filter_ignored: false)
184
192
  end
185
193
 
186
194
  secure_versions =
@@ -196,22 +204,22 @@ module Dependabot
196
204
  secure_versions = lazy_filter_yanked_versions_by_min_max(secure_versions, check_max: false)
197
205
 
198
206
  # Return the lowest non-yanked version
199
- secure_versions.max
207
+ secure_versions.max_by(&:version)&.version
200
208
  end
201
209
  end
202
210
 
203
211
  sig do
204
- params(versions_array: T::Array[Dependabot::Version])
205
- .returns(T::Array[Dependabot::Version])
212
+ params(releases: T::Array[Dependabot::Package::PackageRelease])
213
+ .returns(T::Array[Dependabot::Package::PackageRelease])
206
214
  end
207
- def filter_prerelease_versions(versions_array)
208
- filtered = versions_array.reject do |v|
209
- v.prerelease? && !related_to_current_pre?(v)
215
+ def filter_prerelease_versions(releases)
216
+ filtered = releases.reject do |release|
217
+ release.version.prerelease? && !related_to_current_pre?(release.version)
210
218
  end
211
219
 
212
- if versions_array.count > filtered.count
220
+ if releases.count > filtered.count
213
221
  Dependabot.logger.info(
214
- "Filtered out #{versions_array.count - filtered.count} unrelated pre-release versions"
222
+ "Filtered out #{releases.count - filtered.count} unrelated pre-release versions"
215
223
  )
216
224
  end
217
225
 
@@ -317,7 +325,7 @@ module Dependabot
317
325
  !!package_details&.releases&.any?
318
326
  end
319
327
 
320
- sig { returns(T.nilable(Dependabot::Version)) }
328
+ sig { returns(T.nilable(Dependabot::Package::PackageRelease)) }
321
329
  def version_from_dist_tags # rubocop:disable Metrics/PerceivedComplexity
322
330
  dist_tags = package_details&.dist_tags
323
331
  return nil unless dist_tags
@@ -332,14 +340,14 @@ module Dependabot
332
340
 
333
341
  if dist_tag_req
334
342
  release = find_dist_tag_release(dist_tag_req, releases)
335
- return release.version if release && !release.yanked?
343
+ return release if release && !release.yanked?
336
344
  end
337
345
 
338
346
  latest_release = find_dist_tag_release("latest", releases)
339
347
 
340
348
  return nil unless latest_release
341
349
 
342
- return latest_release.version if wants_latest_dist_tag?(latest_release.version) && !latest_release.yanked?
350
+ return latest_release if wants_latest_dist_tag?(latest_release.version) && !latest_release.yanked?
343
351
 
344
352
  nil
345
353
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bun
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.308.0
4
+ version: 0.309.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2025-04-12 00:00:00.000000000 Z
10
+ date: 2025-04-17 00:00:00.000000000 Z
11
11
  dependencies:
12
12
  - !ruby/object:Gem::Dependency
13
13
  name: dependabot-common
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.308.0
18
+ version: 0.309.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.308.0
25
+ version: 0.309.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -347,7 +347,7 @@ licenses:
347
347
  - MIT
348
348
  metadata:
349
349
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
350
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.308.0
350
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.309.0
351
351
  rdoc_options: []
352
352
  require_paths:
353
353
  - lib