dependabot-bundler 0.333.0 → 0.334.0

data/lib/dependabot/bundler/update_checker/requirements_updater.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "sorbet-runtime"
@@ -23,21 +23,36 @@ module Dependabot
           T::Array[Dependabot::RequirementsUpdateStrategy]
         )
 
+        sig do
+          params(
+            requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            update_strategy: Dependabot::RequirementsUpdateStrategy,
+            updated_source: T.nilable(T::Hash[Symbol, T.untyped]),
+            latest_version: T.nilable(String),
+            latest_resolvable_version: T.nilable(String)
+          ).void
+        end
         def initialize(requirements:, update_strategy:, updated_source:,
                        latest_version:, latest_resolvable_version:)
           @requirements = requirements
-          @latest_version = Dependabot::Bundler::Version.new(latest_version) if latest_version
+          @latest_version = T.let(
+            (T.cast(Dependabot::Bundler::Version.new(latest_version), Dependabot::Bundler::Version) if latest_version),
+            T.nilable(Dependabot::Bundler::Version)
+          )
           @updated_source = updated_source
           @update_strategy = update_strategy
 
           check_update_strategy
 
-          return unless latest_resolvable_version
-
-          @latest_resolvable_version =
-            Dependabot::Bundler::Version.new(latest_resolvable_version)
+          @latest_resolvable_version = T.let(
+            if latest_resolvable_version
+              T.cast(Dependabot::Bundler::Version.new(latest_resolvable_version), Dependabot::Bundler::Version)
+            end,
+            T.nilable(Dependabot::Bundler::Version)
+          )
         end
 
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         def updated_requirements
           return requirements if update_strategy.lockfile_only?
 
@@ -54,18 +69,25 @@ module Dependabot
 
         private
 
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :requirements
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         attr_reader :updated_source
+        sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_version
+        sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_resolvable_version
+        sig { returns(Dependabot::RequirementsUpdateStrategy) }
         attr_reader :update_strategy
 
+        sig { void }
         def check_update_strategy
           return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
 
           raise "Unknown update strategy: #{update_strategy}"
         end
 
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_gemfile_requirement(req)
           req = req.merge(source: updated_source)
           return req unless latest_resolvable_version
@@ -79,12 +101,14 @@ module Dependabot
           end
         end
 
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement_if_needed(req)
           return req if new_version_satisfies?(req)
 
           update_version_requirement(req)
         end
 
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement(req)
           requirements =
             req[:requirement].split(",").map { |r| Gem::Requirement.new(r) }
@@ -93,7 +117,7 @@ module Dependabot
             if requirements.any?(&:exact?) then latest_resolvable_version.to_s
             elsif requirements.any? { |r| r.to_s.start_with?("~>") }
               tw_req = requirements.find { |r| r.to_s.start_with?("~>") }
-              update_twiddle_version(tw_req, latest_resolvable_version).to_s
+              update_twiddle_version(tw_req, T.must(latest_resolvable_version)).to_s
             else
               update_gemfile_range(requirements).map(&:to_s).join(", ")
             end
@@ -101,10 +125,14 @@ module Dependabot
           req.merge(requirement: new_requirement)
         end
 
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Boolean) }
         def new_version_satisfies?(req)
-          Requirement.satisfied_by?(req, latest_resolvable_version)
+          return false unless latest_resolvable_version
+
+          Requirement.satisfied_by?(req, T.must(latest_resolvable_version))
         end
 
+        sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
         def update_gemfile_range(requirements)
           updated_requirements =
             requirements.flat_map do |r|
@@ -112,7 +140,7 @@ module Dependabot
 
               case op = r.requirements.first.first
               when "<", "<="
-                [update_greatest_version(r, latest_resolvable_version)]
+                [update_greatest_version(r, T.must(latest_resolvable_version))]
               when "!="
                 []
               else
@@ -124,6 +152,7 @@ module Dependabot
           binding_requirements(updated_requirements)
         end
 
+        sig { params(new_version: Dependabot::Bundler::Version, old_version: Gem::Version).returns(String) }
         def at_same_precision(new_version, old_version)
           release_precision = old_version.to_s.split(".")
                                          .take_while { |i| i.match?(/^\d+$/) }.count
@@ -141,6 +170,7 @@ module Dependabot
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_gemspec_requirement(req)
           req = req.merge(source: updated_source) if req.fetch(:source)
           return req unless latest_version && latest_resolvable_version
@@ -169,14 +199,16 @@ module Dependabot
         end
         # rubocop:enable Metrics/PerceivedComplexity
 
+        sig { params(req: Gem::Requirement, groups: T::Array[String]).returns(T::Boolean) }
         def requirement_satisfied?(req, groups)
           if groups == ["development"]
-            req.satisfied_by?(latest_resolvable_version)
+            req.satisfied_by?(T.must(latest_resolvable_version))
           else
-            req.satisfied_by?(latest_version)
+            req.satisfied_by?(T.must(latest_version))
           end
         end
 
+        sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
         def binding_requirements(requirements)
           grouped_by_operator =
             requirements.group_by { |r| r.requirements.first.first }
@@ -187,12 +219,13 @@ module Dependabot
             when ">", ">=" then reqs.max_by { |r| r.requirements.first.last }
             else requirements
             end
-          end.uniq
+          end.compact.uniq
 
           binding_reqs << Gem::Requirement.new if binding_reqs.empty?
           binding_reqs.sort_by { |r| r.requirements.first.last }
         end
 
+        sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
         def widened_requirements(req)
           op, version = req.requirements.first
 
@@ -203,61 +236,75 @@ module Dependabot
             else
               req
             end
-          when "<", "<=" then [update_greatest_version(req, latest_version)]
-          when "~>" then convert_twiddle_to_range(req, latest_version)
+          when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
+          when "~>" then convert_twiddle_to_range(req, T.must(latest_version))
           when "!=" then []
           when ">", ">=" then raise UnfixableRequirement
           else raise "Unexpected operation for requirement: #{op}"
           end
         end
 
+        sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
         def bumped_requirements(req)
           op, version = req.requirements.first
 
           case op
           when "=", nil
-            if version < latest_resolvable_version
+            if version < T.must(latest_resolvable_version)
               [Gem::Requirement.new("#{op} #{latest_resolvable_version}")]
             else
               req
             end
           when "~>"
-            [update_twiddle_version(req, latest_resolvable_version)]
-          when "<", "<=" then [update_greatest_version(req, latest_version)]
+            [update_twiddle_version(req, T.must(latest_resolvable_version))]
+          when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
           when "!=" then []
           when ">", ">=" then raise UnfixableRequirement
           else raise "Unexpected operation for requirement: #{op}"
           end
         end
 
+        # rubocop:disable Metrics/AbcSize
+        sig do
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          )
+            .returns(T::Array[Gem::Requirement])
+        end
         def convert_twiddle_to_range(requirement, version_to_be_permitted)
           version = requirement.requirements.first.last
           version = version.release if version.prerelease?
 
           index_to_update = [version.segments.count - 2, 0].max
 
-          ub_segments = version_to_be_permitted.segments
-          ub_segments << 0 while ub_segments.count <= index_to_update
-          ub_segments = ub_segments[0..index_to_update]
-          ub_segments[index_to_update] += 1
+          ub_segments = version_to_be_permitted.segments.map(&:to_s)
+          ub_segments << "0" while ub_segments.count <= index_to_update
+          ub_segments = T.must(ub_segments[0..index_to_update])
+          ub_segments[index_to_update] = (ub_segments[index_to_update].to_i + 1).to_s
 
-          lb_segments = version.segments
-          lb_segments.pop while lb_segments.any? && lb_segments.last.zero?
+          lb_segments = version.segments.map(&:to_s)
+          lb_segments.pop while lb_segments.any? && lb_segments.last == "0"
 
           return [Gem::Requirement.new("< #{ub_segments.join('.')}")] if lb_segments.none?
 
           # Ensure versions have the same length as each other (cosmetic)
           length = [lb_segments.count, ub_segments.count].max
-          lb_segments.fill(0, lb_segments.count...length)
-          ub_segments.fill(0, ub_segments.count...length)
+          lb_segments.fill("0", lb_segments.count...length)
+          ub_segments.fill("0", ub_segments.count...length)
 
           [
             Gem::Requirement.new(">= #{lb_segments.join('.')}"),
             Gem::Requirement.new("< #{ub_segments.join('.')}")
           ]
         end
+        # rubocop:enable Metrics/AbcSize
 
         # Updates the version in a "~>" constraint to allow the given version
+        sig do
+          params(requirement: Gem::Requirement,
+                 version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
+        end
         def update_twiddle_version(requirement, version_to_be_permitted)
           old_version = requirement.requirements.first.last
           updated_v = at_same_precision(version_to_be_permitted, old_version)
@@ -266,10 +313,11 @@ module Dependabot
 
         # Updates the version in a "<" or "<=" constraint to allow the given
         # version
+        sig do
+          params(requirement: Gem::Requirement,
+                 version_to_be_permitted: Dependabot::Bundler::Version).returns(Gem::Requirement)
+        end
         def update_greatest_version(requirement, version_to_be_permitted)
-          if version_to_be_permitted.is_a?(String)
-            version_to_be_permitted = Dependabot::Bundler::Version.new(version_to_be_permitted)
-          end
           op, version = requirement.requirements.first
           version = version.release if version.prerelease?
 
@@ -282,7 +330,7 @@ module Dependabot
             if index < index_to_update
               version_to_be_permitted.segments[index]
             elsif index == index_to_update
-              version_to_be_permitted.segments[index] + 1
+              (version_to_be_permitted.segments[index].to_i + 1)
             elsif index > version_to_be_permitted.segments.count - 1
               nil
             else

data/lib/dependabot/bundler/update_checker.rb

@@ -82,7 +82,7 @@ module Dependabot
 
         RequirementsUpdater.new(
           requirements: dependency.requirements,
-          update_strategy: requirements_update_strategy,
+          update_strategy: T.must(requirements_update_strategy),
           updated_source: updated_source,
           latest_version: latest_version_for_req_updater,
           latest_resolvable_version: latest_resolvable_version_for_req_updater

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.333.0
+  version: 0.334.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.334.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.334.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
 rdoc_options: []
 require_paths:
 - lib