dependabot-bundler 0.332.0 → 0.334.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_fetcher.rb +23 -3
  3. data/lib/dependabot/bundler/file_parser.rb +1 -0
  4. data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +27 -6
  5. data/lib/dependabot/bundler/file_updater/git_source_remover.rb +14 -2
  6. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +85 -26
  7. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +74 -10
  8. data/lib/dependabot/bundler/file_updater.rb +48 -19
  9. data/lib/dependabot/bundler/metadata_finder.rb +51 -23
  10. data/lib/dependabot/bundler/requirement.rb +3 -2
  11. data/lib/dependabot/bundler/update_checker/file_preparer.rb +69 -19
  12. data/lib/dependabot/bundler/update_checker/force_updater.rb +1 -1
  13. data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +47 -11
  14. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +2 -6
  15. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +77 -29
  16. data/lib/dependabot/bundler/update_checker.rb +73 -20
  17. metadata +6 -6
data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -23,21 +23,36 @@ module Dependabot
23
23
  T::Array[Dependabot::RequirementsUpdateStrategy]
24
24
  )
25
25
 
26
+ sig do
27
+ params(
28
+ requirements: T::Array[T::Hash[Symbol, T.untyped]],
29
+ update_strategy: Dependabot::RequirementsUpdateStrategy,
30
+ updated_source: T.nilable(T::Hash[Symbol, T.untyped]),
31
+ latest_version: T.nilable(String),
32
+ latest_resolvable_version: T.nilable(String)
33
+ ).void
34
+ end
26
35
  def initialize(requirements:, update_strategy:, updated_source:,
27
36
  latest_version:, latest_resolvable_version:)
28
37
  @requirements = requirements
29
- @latest_version = Dependabot::Bundler::Version.new(latest_version) if latest_version
38
+ @latest_version = T.let(
39
+ (T.cast(Dependabot::Bundler::Version.new(latest_version), Dependabot::Bundler::Version) if latest_version),
40
+ T.nilable(Dependabot::Bundler::Version)
41
+ )
30
42
  @updated_source = updated_source
31
43
  @update_strategy = update_strategy
32
44
 
33
45
  check_update_strategy
34
46
 
35
- return unless latest_resolvable_version
36
-
37
- @latest_resolvable_version =
38
- Dependabot::Bundler::Version.new(latest_resolvable_version)
47
+ @latest_resolvable_version = T.let(
48
+ if latest_resolvable_version
49
+ T.cast(Dependabot::Bundler::Version.new(latest_resolvable_version), Dependabot::Bundler::Version)
50
+ end,
51
+ T.nilable(Dependabot::Bundler::Version)
52
+ )
39
53
  end
40
54
 
55
+ sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
41
56
  def updated_requirements
42
57
  return requirements if update_strategy.lockfile_only?
43
58
 
@@ -54,18 +69,25 @@ module Dependabot
54
69
 
55
70
  private
56
71
 
72
+ sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
57
73
  attr_reader :requirements
74
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
58
75
  attr_reader :updated_source
76
+ sig { returns(T.nilable(Dependabot::Bundler::Version)) }
59
77
  attr_reader :latest_version
78
+ sig { returns(T.nilable(Dependabot::Bundler::Version)) }
60
79
  attr_reader :latest_resolvable_version
80
+ sig { returns(Dependabot::RequirementsUpdateStrategy) }
61
81
  attr_reader :update_strategy
62
82
 
83
+ sig { void }
63
84
  def check_update_strategy
64
85
  return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
65
86
 
66
87
  raise "Unknown update strategy: #{update_strategy}"
67
88
  end
68
89
 
90
+ sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
69
91
  def update_gemfile_requirement(req)
70
92
  req = req.merge(source: updated_source)
71
93
  return req unless latest_resolvable_version
@@ -79,12 +101,14 @@ module Dependabot
79
101
  end
80
102
  end
81
103
 
104
+ sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
82
105
  def update_version_requirement_if_needed(req)
83
106
  return req if new_version_satisfies?(req)
84
107
 
85
108
  update_version_requirement(req)
86
109
  end
87
110
 
111
+ sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
88
112
  def update_version_requirement(req)
89
113
  requirements =
90
114
  req[:requirement].split(",").map { |r| Gem::Requirement.new(r) }
@@ -93,7 +117,7 @@ module Dependabot
93
117
  if requirements.any?(&:exact?) then latest_resolvable_version.to_s
94
118
  elsif requirements.any? { |r| r.to_s.start_with?("~>") }
95
119
  tw_req = requirements.find { |r| r.to_s.start_with?("~>") }
96
- update_twiddle_version(tw_req, latest_resolvable_version).to_s
120
+ update_twiddle_version(tw_req, T.must(latest_resolvable_version)).to_s
97
121
  else
98
122
  update_gemfile_range(requirements).map(&:to_s).join(", ")
99
123
  end
@@ -101,10 +125,14 @@ module Dependabot
101
125
  req.merge(requirement: new_requirement)
102
126
  end
103
127
 
128
+ sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Boolean) }
104
129
  def new_version_satisfies?(req)
105
- Requirement.satisfied_by?(req, latest_resolvable_version)
130
+ return false unless latest_resolvable_version
131
+
132
+ Requirement.satisfied_by?(req, T.must(latest_resolvable_version))
106
133
  end
107
134
 
135
+ sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
108
136
  def update_gemfile_range(requirements)
109
137
  updated_requirements =
110
138
  requirements.flat_map do |r|
@@ -112,7 +140,7 @@ module Dependabot
112
140
 
113
141
  case op = r.requirements.first.first
114
142
  when "<", "<="
115
- [update_greatest_version(r, latest_resolvable_version)]
143
+ [update_greatest_version(r, T.must(latest_resolvable_version))]
116
144
  when "!="
117
145
  []
118
146
  else
@@ -124,6 +152,7 @@ module Dependabot
124
152
  binding_requirements(updated_requirements)
125
153
  end
126
154
 
155
+ sig { params(new_version: Dependabot::Bundler::Version, old_version: Gem::Version).returns(String) }
127
156
  def at_same_precision(new_version, old_version)
128
157
  release_precision = old_version.to_s.split(".")
129
158
  .take_while { |i| i.match?(/^\d+$/) }.count
@@ -141,6 +170,7 @@ module Dependabot
141
170
  end
142
171
 
143
172
  # rubocop:disable Metrics/PerceivedComplexity
173
+ sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
144
174
  def update_gemspec_requirement(req)
145
175
  req = req.merge(source: updated_source) if req.fetch(:source)
146
176
  return req unless latest_version && latest_resolvable_version
@@ -169,14 +199,16 @@ module Dependabot
169
199
  end
170
200
  # rubocop:enable Metrics/PerceivedComplexity
171
201
 
202
+ sig { params(req: Gem::Requirement, groups: T::Array[String]).returns(T::Boolean) }
172
203
  def requirement_satisfied?(req, groups)
173
204
  if groups == ["development"]
174
- req.satisfied_by?(latest_resolvable_version)
205
+ req.satisfied_by?(T.must(latest_resolvable_version))
175
206
  else
176
- req.satisfied_by?(latest_version)
207
+ req.satisfied_by?(T.must(latest_version))
177
208
  end
178
209
  end
179
210
 
211
+ sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
180
212
  def binding_requirements(requirements)
181
213
  grouped_by_operator =
182
214
  requirements.group_by { |r| r.requirements.first.first }
@@ -187,12 +219,13 @@ module Dependabot
187
219
  when ">", ">=" then reqs.max_by { |r| r.requirements.first.last }
188
220
  else requirements
189
221
  end
190
- end.uniq
222
+ end.compact.uniq
191
223
 
192
224
  binding_reqs << Gem::Requirement.new if binding_reqs.empty?
193
225
  binding_reqs.sort_by { |r| r.requirements.first.last }
194
226
  end
195
227
 
228
+ sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
196
229
  def widened_requirements(req)
197
230
  op, version = req.requirements.first
198
231
 
@@ -203,61 +236,75 @@ module Dependabot
203
236
  else
204
237
  req
205
238
  end
206
- when "<", "<=" then [update_greatest_version(req, latest_version)]
207
- when "~>" then convert_twiddle_to_range(req, latest_version)
239
+ when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
240
+ when "~>" then convert_twiddle_to_range(req, T.must(latest_version))
208
241
  when "!=" then []
209
242
  when ">", ">=" then raise UnfixableRequirement
210
243
  else raise "Unexpected operation for requirement: #{op}"
211
244
  end
212
245
  end
213
246
 
247
+ sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
214
248
  def bumped_requirements(req)
215
249
  op, version = req.requirements.first
216
250
 
217
251
  case op
218
252
  when "=", nil
219
- if version < latest_resolvable_version
253
+ if version < T.must(latest_resolvable_version)
220
254
  [Gem::Requirement.new("#{op} #{latest_resolvable_version}")]
221
255
  else
222
256
  req
223
257
  end
224
258
  when "~>"
225
- [update_twiddle_version(req, latest_resolvable_version)]
226
- when "<", "<=" then [update_greatest_version(req, latest_version)]
259
+ [update_twiddle_version(req, T.must(latest_resolvable_version))]
260
+ when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
227
261
  when "!=" then []
228
262
  when ">", ">=" then raise UnfixableRequirement
229
263
  else raise "Unexpected operation for requirement: #{op}"
230
264
  end
231
265
  end
232
266
 
267
+ # rubocop:disable Metrics/AbcSize
268
+ sig do
269
+ params(
270
+ requirement: Gem::Requirement,
271
+ version_to_be_permitted: Dependabot::Bundler::Version
272
+ )
273
+ .returns(T::Array[Gem::Requirement])
274
+ end
233
275
  def convert_twiddle_to_range(requirement, version_to_be_permitted)
234
276
  version = requirement.requirements.first.last
235
277
  version = version.release if version.prerelease?
236
278
 
237
279
  index_to_update = [version.segments.count - 2, 0].max
238
280
 
239
- ub_segments = version_to_be_permitted.segments
240
- ub_segments << 0 while ub_segments.count <= index_to_update
241
- ub_segments = ub_segments[0..index_to_update]
242
- ub_segments[index_to_update] += 1
281
+ ub_segments = version_to_be_permitted.segments.map(&:to_s)
282
+ ub_segments << "0" while ub_segments.count <= index_to_update
283
+ ub_segments = T.must(ub_segments[0..index_to_update])
284
+ ub_segments[index_to_update] = (ub_segments[index_to_update].to_i + 1).to_s
243
285
 
244
- lb_segments = version.segments
245
- lb_segments.pop while lb_segments.any? && lb_segments.last.zero?
286
+ lb_segments = version.segments.map(&:to_s)
287
+ lb_segments.pop while lb_segments.any? && lb_segments.last == "0"
246
288
 
247
289
  return [Gem::Requirement.new("< #{ub_segments.join('.')}")] if lb_segments.none?
248
290
 
249
291
  # Ensure versions have the same length as each other (cosmetic)
250
292
  length = [lb_segments.count, ub_segments.count].max
251
- lb_segments.fill(0, lb_segments.count...length)
252
- ub_segments.fill(0, ub_segments.count...length)
293
+ lb_segments.fill("0", lb_segments.count...length)
294
+ ub_segments.fill("0", ub_segments.count...length)
253
295
 
254
296
  [
255
297
  Gem::Requirement.new(">= #{lb_segments.join('.')}"),
256
298
  Gem::Requirement.new("< #{ub_segments.join('.')}")
257
299
  ]
258
300
  end
301
+ # rubocop:enable Metrics/AbcSize
259
302
 
260
303
  # Updates the version in a "~>" constraint to allow the given version
304
+ sig do
305
+ params(requirement: Gem::Requirement,
306
+ version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
307
+ end
261
308
  def update_twiddle_version(requirement, version_to_be_permitted)
262
309
  old_version = requirement.requirements.first.last
263
310
  updated_v = at_same_precision(version_to_be_permitted, old_version)
@@ -266,10 +313,11 @@ module Dependabot
266
313
 
267
314
  # Updates the version in a "<" or "<=" constraint to allow the given
268
315
  # version
316
+ sig do
317
+ params(requirement: Gem::Requirement,
318
+ version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
319
+ end
269
320
  def update_greatest_version(requirement, version_to_be_permitted)
270
- if version_to_be_permitted.is_a?(String)
271
- version_to_be_permitted = Dependabot::Bundler::Version.new(version_to_be_permitted)
272
- end
273
321
  op, version = requirement.requirements.first
274
322
  version = version.release if version.prerelease?
275
323
 
@@ -282,7 +330,7 @@ module Dependabot
282
330
  if index < index_to_update
283
331
  version_to_be_permitted.segments[index]
284
332
  elsif index == index_to_update
285
- version_to_be_permitted.segments[index] + 1
333
+ (version_to_be_permitted.segments[index].to_i + 1)
286
334
  elsif index > version_to_be_permitted.segments.count - 1
287
335
  nil
288
336
  else
data/lib/dependabot/bundler/update_checker.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/bundler/file_updater/requirement_replacer"
@@ -17,40 +17,53 @@ module Dependabot
17
17
  require_relative "update_checker/version_resolver"
18
18
  require_relative "update_checker/latest_version_finder"
19
19
  require_relative "update_checker/conflicting_dependency_resolver"
20
+ extend T::Sig
20
21
 
22
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
21
23
  def latest_version
22
24
  return latest_version_for_git_dependency if git_dependency?
23
25
 
24
26
  latest_version_details&.fetch(:version)
25
27
  end
26
28
 
29
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
27
30
  def latest_resolvable_version
28
31
  return latest_resolvable_version_for_git_dependency if git_dependency?
29
32
 
30
33
  latest_resolvable_version_details&.fetch(:version)
31
34
  end
32
35
 
36
+ sig { override.returns(T.nilable(Dependabot::Bundler::Version)) }
33
37
  def lowest_security_fix_version
34
- latest_version_finder(remove_git_source: false)
35
- .lowest_security_fix_version
38
+ T.cast(
39
+ latest_version_finder(remove_git_source: false).lowest_security_fix_version,
40
+ T.nilable(Dependabot::Bundler::Version)
41
+ )
36
42
  end
37
43
 
44
+ sig { override.returns(T.nilable(Dependabot::Bundler::Version)) }
38
45
  def lowest_resolvable_security_fix_version
39
46
  raise "Dependency not vulnerable!" unless vulnerable?
40
- return latest_resolvable_version if git_dependency?
47
+ return T.cast(latest_resolvable_version, T.nilable(Dependabot::Bundler::Version)) if git_dependency?
41
48
 
42
49
  lowest_fix =
43
50
  latest_version_finder(remove_git_source: false)
44
51
  .lowest_security_fix_version
45
- return unless lowest_fix && resolvable?(lowest_fix)
52
+ return unless lowest_fix && resolvable?(T.cast(lowest_fix, Dependabot::Bundler::Version))
46
53
 
47
- lowest_fix
54
+ T.cast(lowest_fix, Dependabot::Bundler::Version)
48
55
  end
49
56
 
57
+ sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
50
58
  def latest_resolvable_version_with_no_unlock
51
59
  current_ver = dependency.version
52
60
  return current_ver if git_dependency? && git_commit_checker.pinned?
53
61
 
62
+ @latest_resolvable_version_detail_with_no_unlock = T.let(
63
+ @latest_resolvable_version_detail_with_no_unlock,
64
+ T.nilable(T::Hash[Symbol, T.untyped])
65
+ )
66
+
54
67
  @latest_resolvable_version_detail_with_no_unlock ||=
55
68
  version_resolver(remove_git_source: false, unlock_requirement: false)
56
69
  .latest_resolvable_version_details
@@ -62,22 +75,24 @@ module Dependabot
62
75
  end
63
76
  end
64
77
 
78
+ sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
65
79
  def updated_requirements
66
80
  latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
67
81
  latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s
68
82
 
69
83
  RequirementsUpdater.new(
70
84
  requirements: dependency.requirements,
71
- update_strategy: requirements_update_strategy,
85
+ update_strategy: T.must(requirements_update_strategy),
72
86
  updated_source: updated_source,
73
87
  latest_version: latest_version_for_req_updater,
74
88
  latest_resolvable_version: latest_resolvable_version_for_req_updater
75
89
  ).updated_requirements
76
90
  end
77
91
 
92
+ sig { returns(T::Boolean) }
78
93
  def requirements_unlocked_or_can_be?
79
94
  return true if requirements_unlocked?
80
- return false if requirements_update_strategy.lockfile_only?
95
+ return false if T.must(requirements_update_strategy).lockfile_only?
81
96
 
82
97
  dependency.specific_requirements
83
98
  .all? do |req|
@@ -92,6 +107,7 @@ module Dependabot
92
107
  end
93
108
  end
94
109
 
110
+ sig { returns(T.nilable(Dependabot::RequirementsUpdateStrategy)) }
95
111
  def requirements_update_strategy
96
112
  # If passed in as an option (in the base class) honour that option
97
113
  return @requirements_update_strategy if @requirements_update_strategy
@@ -104,6 +120,7 @@ module Dependabot
104
120
  end
105
121
  end
106
122
 
123
+ sig { override.returns(T::Array[T::Hash[String, String]]) }
107
124
  def conflicting_dependencies
108
125
  ConflictingDependencyResolver.new(
109
126
  dependency_files: dependency_files,
@@ -112,16 +129,18 @@ module Dependabot
112
129
  options: options
113
130
  ).conflicting_dependencies(
114
131
  dependency: dependency,
115
- target_version: lowest_security_fix_version
132
+ target_version: lowest_security_fix_version.to_s # Convert Version to String
116
133
  )
117
134
  end
118
135
 
119
136
  private
120
137
 
138
+ sig { returns(T::Boolean) }
121
139
  def requirements_unlocked?
122
140
  dependency.specific_requirements.none?
123
141
  end
124
142
 
143
+ sig { override.returns(T::Boolean) }
125
144
  def latest_version_resolvable_with_full_unlock?
126
145
  return false unless latest_version
127
146
  return false if version_resolver(remove_git_source: false).latest_allowable_version_incompatible_with_ruby?
@@ -139,22 +158,26 @@ module Dependabot
139
158
  false
140
159
  end
141
160
 
161
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
142
162
  def updated_dependencies_after_full_unlock
143
163
  force_updater.updated_dependencies
144
164
  end
145
165
 
166
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
146
167
  def preferred_resolvable_version_details
147
168
  return { version: lowest_resolvable_security_fix_version } if vulnerable?
148
169
 
149
170
  latest_resolvable_version_details
150
171
  end
151
172
 
173
+ sig { returns(T::Boolean) }
152
174
  def git_dependency?
153
175
  git_commit_checker.git_dependency?
154
176
  end
155
177
 
178
+ sig { params(version: Dependabot::Bundler::Version).returns(T.untyped) }
156
179
  def resolvable?(version)
157
- @resolvable ||= {}
180
+ @resolvable ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
158
181
  return @resolvable[version] if @resolvable.key?(version)
159
182
 
160
183
  @resolvable[version] =
@@ -165,7 +188,7 @@ module Dependabot
165
188
  repo_contents_path: repo_contents_path,
166
189
  credentials: credentials,
167
190
  target_version: version,
168
- requirements_update_strategy: requirements_update_strategy,
191
+ requirements_update_strategy: T.must(requirements_update_strategy),
169
192
  update_multiple_dependencies: false,
170
193
  options: options
171
194
  ).updated_dependencies
@@ -175,8 +198,9 @@ module Dependabot
175
198
  end
176
199
  end
177
200
 
201
+ sig { params(tag: T.nilable(String)).returns(T.untyped) }
178
202
  def git_tag_resolvable?(tag)
179
- @git_tag_resolvable ||= {}
203
+ @git_tag_resolvable ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
180
204
  return @git_tag_resolvable[tag] if @git_tag_resolvable.key?(tag)
181
205
 
182
206
  @git_tag_resolvable[tag] =
@@ -198,20 +222,23 @@ module Dependabot
198
222
  end
199
223
  end
200
224
 
225
+ sig { params(remove_git_source: T::Boolean).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
201
226
  def latest_version_details(remove_git_source: false)
202
- @latest_version_details ||= {}
227
+ @latest_version_details ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
203
228
  @latest_version_details[remove_git_source] ||=
204
229
  latest_version_finder(remove_git_source: remove_git_source)
205
230
  .latest_version_details
206
231
  end
207
232
 
233
+ sig { params(remove_git_source: T::Boolean).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
208
234
  def latest_resolvable_version_details(remove_git_source: false)
209
- @latest_resolvable_version_details ||= {}
235
+ @latest_resolvable_version_details ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
210
236
  @latest_resolvable_version_details[remove_git_source] ||=
211
237
  version_resolver(remove_git_source: remove_git_source)
212
238
  .latest_resolvable_version_details
213
239
  end
214
240
 
241
+ sig { returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
215
242
  def latest_version_for_git_dependency
216
243
  latest_release =
217
244
  latest_version_details(remove_git_source: true)
@@ -238,6 +265,7 @@ module Dependabot
238
265
  dependency.version
239
266
  end
240
267
 
268
+ sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
241
269
  def latest_resolvable_version_for_git_dependency
242
270
  latest_release = latest_resolvable_version_without_git_source
243
271
 
@@ -255,7 +283,7 @@ module Dependabot
255
283
  if git_commit_checker.pinned_ref_looks_like_version? &&
256
284
  latest_git_tag_is_resolvable?
257
285
  new_tag = git_commit_checker.local_tag_for_latest_version
258
- return new_tag.fetch(:tag_sha)
286
+ return new_tag&.fetch(:tag_sha)
259
287
  end
260
288
 
261
289
  # If the dependency is pinned to a tag that doesn't look like a
@@ -263,6 +291,7 @@ module Dependabot
263
291
  dependency.version
264
292
  end
265
293
 
294
+ sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
266
295
  def latest_resolvable_version_without_git_source
267
296
  return nil unless latest_version.is_a?(Gem::Version)
268
297
 
@@ -272,6 +301,7 @@ module Dependabot
272
301
  nil
273
302
  end
274
303
 
304
+ sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
275
305
  def latest_resolvable_commit_with_unchanged_git_source
276
306
  details = latest_resolvable_version_details(remove_git_source: false)
277
307
 
@@ -285,6 +315,7 @@ module Dependabot
285
315
  nil
286
316
  end
287
317
 
318
+ sig { returns(T::Boolean) }
288
319
  def latest_git_tag_is_resolvable?
289
320
  latest_tag_details = git_commit_checker.local_tag_for_latest_version
290
321
  return false unless latest_tag_details
@@ -292,12 +323,14 @@ module Dependabot
292
323
  git_tag_resolvable?(latest_tag_details.fetch(:tag))
293
324
  end
294
325
 
326
+ sig { params(release: T.untyped).returns(T::Boolean) }
295
327
  def git_branch_or_ref_in_release?(release)
296
328
  return false unless release
297
329
 
298
330
  git_commit_checker.branch_or_ref_in_release?(release)
299
331
  end
300
332
 
333
+ sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
301
334
  def updated_source
302
335
  # Never need to update source, unless a git_dependency
303
336
  return dependency_source_details unless git_dependency?
@@ -306,31 +339,42 @@ module Dependabot
306
339
  if git_commit_checker.pinned_ref_looks_like_version? &&
307
340
  latest_git_tag_is_resolvable?
308
341
  new_tag = git_commit_checker.local_tag_for_latest_version
309
- return dependency_source_details.merge(ref: new_tag.fetch(:tag))
342
+ return T.must(dependency_source_details).merge(ref: T.must(new_tag).fetch(:tag))
310
343
  end
311
344
 
312
345
  # Otherwise return the original source
313
346
  dependency_source_details
314
347
  end
315
348
 
349
+ sig { returns(T.nilable(T::Hash[T.any(String, Symbol), T.untyped])) }
316
350
  def dependency_source_details
317
351
  dependency.source_details
318
352
  end
319
353
 
354
+ sig { returns(Dependabot::Bundler::UpdateChecker::ForceUpdater) }
320
355
  def force_updater
356
+ if @force_updater.nil?
357
+ @force_updater = T.let(@force_updater,
358
+ T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater))
359
+ end
321
360
  @force_updater ||=
322
361
  ForceUpdater.new(
323
362
  dependency: dependency,
324
363
  dependency_files: dependency_files,
325
364
  repo_contents_path: repo_contents_path,
326
365
  credentials: credentials,
327
- target_version: latest_version,
328
- requirements_update_strategy: requirements_update_strategy,
366
+ target_version: T.cast(latest_version, Dependabot::Version),
367
+ requirements_update_strategy: T.must(requirements_update_strategy),
329
368
  options: options
330
369
  )
331
370
  end
332
371
 
372
+ sig { returns(Dependabot::GitCommitChecker) }
333
373
  def git_commit_checker
374
+ if @git_commit_checker.nil?
375
+ @git_commit_checker = T.let(@git_commit_checker,
376
+ T.nilable(Dependabot::GitCommitChecker))
377
+ end
334
378
  @git_commit_checker ||=
335
379
  GitCommitChecker.new(
336
380
  dependency: dependency,
@@ -338,8 +382,9 @@ module Dependabot
338
382
  )
339
383
  end
340
384
 
385
+ sig { params(remove_git_source: T::Boolean, unlock_requirement: T::Boolean).returns(T.untyped) }
341
386
  def version_resolver(remove_git_source:, unlock_requirement: true)
342
- @version_resolver ||= {}
387
+ @version_resolver ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
343
388
  @version_resolver[remove_git_source] ||= {}
344
389
  @version_resolver[remove_git_source][unlock_requirement] ||=
345
390
  VersionResolver.new(
@@ -357,8 +402,9 @@ module Dependabot
357
402
  )
358
403
  end
359
404
 
405
+ sig { params(remove_git_source: T::Boolean).returns(Dependabot::Bundler::UpdateChecker::LatestVersionFinder) }
360
406
  def latest_version_finder(remove_git_source:)
361
- @latest_version_finder ||= {}
407
+ @latest_version_finder ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
362
408
  @latest_version_finder[remove_git_source] ||=
363
409
  begin
364
410
  prepared_dependency_files = prepared_dependency_files(
@@ -379,6 +425,13 @@ module Dependabot
379
425
  end
380
426
  end
381
427
 
428
+ sig do
429
+ params(
430
+ remove_git_source: T::Boolean,
431
+ unlock_requirement: T::Boolean,
432
+ latest_allowable_version: T.nilable(T.any(String, Dependabot::Bundler::Version))
433
+ ).returns(T::Array[Dependabot::DependencyFile])
434
+ end
382
435
  def prepared_dependency_files(remove_git_source:, unlock_requirement:,
383
436
  latest_allowable_version: nil)
384
437
  FilePreparer.new(
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.332.0
4
+ version: 0.334.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.332.0
18
+ version: 0.334.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.332.0
25
+ version: 0.334.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: parallel
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -225,14 +225,14 @@ dependencies:
225
225
  requirements:
226
226
  - - "~>"
227
227
  - !ruby/object:Gem::Version
228
- version: '3.18'
228
+ version: '3.25'
229
229
  type: :development
230
230
  prerelease: false
231
231
  version_requirements: !ruby/object:Gem::Requirement
232
232
  requirements:
233
233
  - - "~>"
234
234
  - !ruby/object:Gem::Version
235
- version: '3.18'
235
+ version: '3.25'
236
236
  - !ruby/object:Gem::Dependency
237
237
  name: webrick
238
238
  requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
322
322
  - MIT
323
323
  metadata:
324
324
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.332.0
325
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
326
326
  rdoc_options: []
327
327
  require_paths:
328
328
  - lib