dependabot-bundler 0.245.0 → 0.247.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5b064f061277407a92133970d8c0287c6aacf60cf52e8813d793d374dce4dd2b
4
- data.tar.gz: 403e7e5d8b01c1deb8df4f00b04360e21c456f76bb434624fbc0a5f931e22bbf
3
+ metadata.gz: dcd4f16b3bd7636cd65c77255a1d3b37888a0b3b0294ac4974035e9642debd02
4
+ data.tar.gz: 011fb6db795058131d051d1533973d0df2c61a5bb976bfc7b6a15d4ca337206b
5
5
  SHA512:
6
- metadata.gz: ebfb704cba98fedb9a2d979f1d22ef598ae97cca14866247006e7deda488a17326bfef96c04ea30d0d72e26f9a4b3105728d89da1f1218cbb1fc5768f97a8952
7
- data.tar.gz: 9091bffdc4c7bcf874118684eaf14af6cd232e168abc6c082fa25887815ea03df36b5adedd0b054000f7d38582aa44a89c89f769bdc9a43f534783e31d1ab8d8
6
+ metadata.gz: 9a59aa6f31d04899347ea046f1b94211d1816bae26a23f7ef228adc8ed2204e8835dc456de2047b467a7d0a5a8f7532b2aa148a554d7d988094b8055aa824bd4
7
+ data.tar.gz: b2896086152ffa5138f47e1eea0b628869eab812348c7e988f834b5aa69c54f1971d7937251670ee08453f93e6d3e03df54ccec309d229768435f36d951a83cd
@@ -4,12 +4,15 @@
4
4
  require "dependabot/registry_client"
5
5
  require "dependabot/bundler/native_helpers"
6
6
  require "dependabot/bundler/helpers"
7
+ require "sorbet-runtime"
7
8
 
8
9
  module Dependabot
9
10
  module Bundler
10
11
  class UpdateChecker
11
12
  class LatestVersionFinder
12
13
  class DependencySource
14
+ extend T::Sig
15
+
13
16
  require_relative "../shared_bundler_helpers"
14
17
  include SharedBundlerHelpers
15
18
 
@@ -33,7 +36,7 @@ module Dependabot
33
36
 
34
37
  # The latest version details for the dependency from a registry
35
38
  #
36
- # @return [Array<Gem::Version>]
39
+ sig { returns(T::Array[Gem::Version]) }
37
40
  def versions
38
41
  return rubygems_versions if dependency.name == "bundler"
39
42
  return rubygems_versions unless gemfile
@@ -10,11 +10,14 @@ require "dependabot/shared_helpers"
10
10
  require "dependabot/errors"
11
11
  require "dependabot/bundler/update_checker/latest_version_finder/" \
12
12
  "dependency_source"
13
+ require "sorbet-runtime"
13
14
 
14
15
  module Dependabot
15
16
  module Bundler
16
17
  class UpdateChecker
17
18
  class LatestVersionFinder
19
+ extend T::Sig
20
+
18
21
  def initialize(dependency:, dependency_files:, repo_contents_path: nil,
19
22
  credentials:, ignored_versions:, raise_on_ignored: false,
20
23
  security_advisories:, options:)
@@ -65,12 +68,18 @@ module Dependabot
65
68
  relevant_versions.min
66
69
  end
67
70
 
71
+ sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
68
72
  def filter_prerelease_versions(versions_array)
69
73
  return versions_array if wants_prerelease?
70
74
 
71
- versions_array.reject(&:prerelease?)
75
+ filtered = versions_array.reject(&:prerelease?)
76
+ if versions_array.count > filtered.count
77
+ Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
78
+ end
79
+ filtered
72
80
  end
73
81
 
82
+ sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
74
83
  def filter_ignored_versions(versions_array)
75
84
  filtered = versions_array
76
85
  .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
@@ -78,6 +87,10 @@ module Dependabot
78
87
  raise AllVersionsIgnored
79
88
  end
80
89
 
90
+ if versions_array.count > filtered.count
91
+ Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
92
+ end
93
+
81
94
  filtered
82
95
  end
83
96
 
@@ -1,16 +1,27 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/bundler/update_checker"
7
+ require "dependabot/requirements_update_strategy"
5
8
 
6
9
  module Dependabot
7
10
  module Bundler
8
11
  class UpdateChecker
9
12
  class RequirementsUpdater
13
+ extend T::Sig
14
+
10
15
  class UnfixableRequirement < StandardError; end
11
16
 
12
- ALLOWED_UPDATE_STRATEGIES =
13
- %i(lockfile_only bump_versions bump_versions_if_necessary).freeze
17
+ ALLOWED_UPDATE_STRATEGIES = T.let(
18
+ [
19
+ RequirementsUpdateStrategy::LockfileOnly,
20
+ RequirementsUpdateStrategy::BumpVersions,
21
+ RequirementsUpdateStrategy::BumpVersionsIfNecessary
22
+ ].freeze,
23
+ T::Array[Dependabot::RequirementsUpdateStrategy]
24
+ )
14
25
 
15
26
  def initialize(requirements:, update_strategy:, updated_source:,
16
27
  latest_version:, latest_resolvable_version:)
@@ -28,7 +39,7 @@ module Dependabot
28
39
  end
29
40
 
30
41
  def updated_requirements
31
- return requirements if update_strategy == :lockfile_only
42
+ return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
32
43
 
33
44
  requirements.map do |req|
34
45
  if req[:file].include?(".gemspec")
@@ -58,9 +69,9 @@ module Dependabot
58
69
  return req unless latest_resolvable_version
59
70
 
60
71
  case update_strategy
61
- when :bump_versions
72
+ when RequirementsUpdateStrategy::BumpVersions
62
73
  update_version_requirement(req)
63
- when :bump_versions_if_necessary
74
+ when RequirementsUpdateStrategy::BumpVersionsIfNecessary
64
75
  update_version_requirement_if_needed(req)
65
76
  else raise "Unexpected update strategy: #{update_strategy}"
66
77
  end
@@ -1,11 +1,13 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
- require "dependabot/update_checkers"
5
- require "dependabot/update_checkers/base"
6
4
  require "dependabot/bundler/file_updater/requirement_replacer"
7
5
  require "dependabot/bundler/version"
8
6
  require "dependabot/git_commit_checker"
7
+ require "dependabot/requirements_update_strategy"
8
+ require "dependabot/update_checkers"
9
+ require "dependabot/update_checkers/base"
10
+
9
11
  module Dependabot
10
12
  module Bundler
11
13
  class UpdateChecker < Dependabot::UpdateCheckers::Base
@@ -75,11 +77,11 @@ module Dependabot
75
77
 
76
78
  def requirements_unlocked_or_can_be?
77
79
  return true if requirements_unlocked?
78
- return false if requirements_update_strategy == :lockfile_only
80
+ return false if requirements_update_strategy == RequirementsUpdateStrategy::LockfileOnly
79
81
 
80
82
  dependency.specific_requirements
81
83
  .all? do |req|
82
- file = dependency_files.find { |f| f.name == req.fetch(:file) }
84
+ file = T.must(dependency_files.find { |f| f.name == req.fetch(:file) })
83
85
  updated = FileUpdater::RequirementReplacer.new(
84
86
  dependency: dependency,
85
87
  file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
@@ -92,10 +94,14 @@ module Dependabot
92
94
 
93
95
  def requirements_update_strategy
94
96
  # If passed in as an option (in the base class) honour that option
95
- return @requirements_update_strategy.to_sym if @requirements_update_strategy
97
+ return @requirements_update_strategy if @requirements_update_strategy
96
98
 
97
99
  # Otherwise, widen ranges for libraries and bump versions for apps
98
- dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
100
+ if dependency.version.nil?
101
+ RequirementsUpdateStrategy::BumpVersionsIfNecessary
102
+ else
103
+ RequirementsUpdateStrategy::BumpVersions
104
+ end
99
105
  end
100
106
 
101
107
  def conflicting_dependencies
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.245.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-22 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.245.0
19
+ version: 0.247.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.245.0
26
+ version: 0.247.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-rspec
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 2.27.1
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 2.27.1
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: rubocop-sorbet
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -313,7 +327,7 @@ licenses:
313
327
  - Nonstandard
314
328
  metadata:
315
329
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
316
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.245.0
330
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
317
331
  post_install_message:
318
332
  rdoc_options: []
319
333
  require_paths: