RubyGems - dependabot-bundler - Versions diffs - 0.333.0 → 0.335.0 - Mend

dependabot-bundler 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -23,21 +23,41 @@ module Dependabot
           T::Array[Dependabot::RequirementsUpdateStrategy]
         )
-        def initialize(requirements:, update_strategy:, updated_source:,
-                       latest_version:, latest_resolvable_version:)
+        sig do
+          params(
+            requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            update_strategy: Dependabot::RequirementsUpdateStrategy,
+            updated_source: T.nilable(T::Hash[Symbol, T.untyped]),
+            latest_version: T.nilable(String),
+            latest_resolvable_version: T.nilable(String)
+          ).void
+        end
+        def initialize(
+          requirements:,
+          update_strategy:,
+          updated_source:,
+          latest_version:,
+          latest_resolvable_version:
+        )
           @requirements = requirements
-          @latest_version = Dependabot::Bundler::Version.new(latest_version) if latest_version
+          @latest_version = T.let(
+            (T.cast(Dependabot::Bundler::Version.new(latest_version), Dependabot::Bundler::Version) if latest_version),
+            T.nilable(Dependabot::Bundler::Version)
+          )
           @updated_source = updated_source
           @update_strategy = update_strategy
           check_update_strategy
-          return unless latest_resolvable_version
-          @latest_resolvable_version =
-            Dependabot::Bundler::Version.new(latest_resolvable_version)
+          @latest_resolvable_version = T.let(
+            if latest_resolvable_version
+              T.cast(Dependabot::Bundler::Version.new(latest_resolvable_version), Dependabot::Bundler::Version)
+            end,
+            T.nilable(Dependabot::Bundler::Version)
+          )
         end
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         def updated_requirements
           return requirements if update_strategy.lockfile_only?
@@ -54,18 +74,29 @@ module Dependabot
         private
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :requirements
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         attr_reader :updated_source
+        sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_version
+        sig { returns(T.nilable(Dependabot::Bundler::Version)) }
         attr_reader :latest_resolvable_version
+        sig { returns(Dependabot::RequirementsUpdateStrategy) }
         attr_reader :update_strategy
+        sig { void }
         def check_update_strategy
           return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
           raise "Unknown update strategy: #{update_strategy}"
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_gemfile_requirement(req)
           req = req.merge(source: updated_source)
           return req unless latest_resolvable_version
@@ -79,12 +110,14 @@ module Dependabot
           end
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement_if_needed(req)
           return req if new_version_satisfies?(req)
           update_version_requirement(req)
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_version_requirement(req)
           requirements =
             req[:requirement].split(",").map { |r| Gem::Requirement.new(r) }
@@ -93,7 +126,7 @@ module Dependabot
             if requirements.any?(&:exact?) then latest_resolvable_version.to_s
             elsif requirements.any? { |r| r.to_s.start_with?("~>") }
               tw_req = requirements.find { |r| r.to_s.start_with?("~>") }
-              update_twiddle_version(tw_req, latest_resolvable_version).to_s
+              update_twiddle_version(tw_req, T.must(latest_resolvable_version)).to_s
             else
               update_gemfile_range(requirements).map(&:to_s).join(", ")
             end
@@ -101,10 +134,14 @@ module Dependabot
           req.merge(requirement: new_requirement)
         end
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Boolean) }
         def new_version_satisfies?(req)
-          Requirement.satisfied_by?(req, latest_resolvable_version)
+          return false unless latest_resolvable_version
+          Requirement.satisfied_by?(req, T.must(latest_resolvable_version))
         end
+        sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
         def update_gemfile_range(requirements)
           updated_requirements =
             requirements.flat_map do |r|
@@ -112,7 +149,7 @@ module Dependabot
               case op = r.requirements.first.first
               when "<", "<="
-                [update_greatest_version(r, latest_resolvable_version)]
+                [update_greatest_version(r, T.must(latest_resolvable_version))]
               when "!="
                 []
               else
@@ -124,6 +161,7 @@ module Dependabot
           binding_requirements(updated_requirements)
         end
+        sig { params(new_version: Dependabot::Bundler::Version, old_version: Gem::Version).returns(String) }
         def at_same_precision(new_version, old_version)
           release_precision = old_version.to_s.split(".")
                                          .take_while { |i| i.match?(/^\d+$/) }.count
@@ -141,6 +179,7 @@ module Dependabot
         end
         # rubocop:disable Metrics/PerceivedComplexity
+        sig { params(req: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped]) }
         def update_gemspec_requirement(req)
           req = req.merge(source: updated_source) if req.fetch(:source)
           return req unless latest_version && latest_resolvable_version
@@ -169,14 +208,16 @@ module Dependabot
         end
         # rubocop:enable Metrics/PerceivedComplexity
+        sig { params(req: Gem::Requirement, groups: T::Array[String]).returns(T::Boolean) }
         def requirement_satisfied?(req, groups)
           if groups == ["development"]
-            req.satisfied_by?(latest_resolvable_version)
+            req.satisfied_by?(T.must(latest_resolvable_version))
           else
-            req.satisfied_by?(latest_version)
+            req.satisfied_by?(T.must(latest_version))
           end
         end
+        sig { params(requirements: T::Array[Gem::Requirement]).returns(T::Array[Gem::Requirement]) }
         def binding_requirements(requirements)
           grouped_by_operator =
             requirements.group_by { |r| r.requirements.first.first }
@@ -187,12 +228,13 @@ module Dependabot
             when ">", ">=" then reqs.max_by { |r| r.requirements.first.last }
             else requirements
             end
-          end.uniq
+          end.compact.uniq
           binding_reqs << Gem::Requirement.new if binding_reqs.empty?
           binding_reqs.sort_by { |r| r.requirements.first.last }
         end
+        sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
         def widened_requirements(req)
           op, version = req.requirements.first
@@ -203,61 +245,77 @@ module Dependabot
             else
               req
             end
-          when "<", "<=" then [update_greatest_version(req, latest_version)]
-          when "~>" then convert_twiddle_to_range(req, latest_version)
+          when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
+          when "~>" then convert_twiddle_to_range(req, T.must(latest_version))
           when "!=" then []
           when ">", ">=" then raise UnfixableRequirement
           else raise "Unexpected operation for requirement: #{op}"
           end
         end
+        sig { params(req: Gem::Requirement).returns(T.any(T::Array[Gem::Requirement], Gem::Requirement)) }
         def bumped_requirements(req)
           op, version = req.requirements.first
           case op
           when "=", nil
-            if version < latest_resolvable_version
+            if version < T.must(latest_resolvable_version)
               [Gem::Requirement.new("#{op} #{latest_resolvable_version}")]
             else
               req
             end
           when "~>"
-            [update_twiddle_version(req, latest_resolvable_version)]
-          when "<", "<=" then [update_greatest_version(req, latest_version)]
+            [update_twiddle_version(req, T.must(latest_resolvable_version))]
+          when "<", "<=" then [update_greatest_version(req, T.must(latest_version))]
           when "!=" then []
           when ">", ">=" then raise UnfixableRequirement
           else raise "Unexpected operation for requirement: #{op}"
           end
         end
+        # rubocop:disable Metrics/AbcSize
+        sig do
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          )
+            .returns(T::Array[Gem::Requirement])
+        end
         def convert_twiddle_to_range(requirement, version_to_be_permitted)
           version = requirement.requirements.first.last
           version = version.release if version.prerelease?
           index_to_update = [version.segments.count - 2, 0].max
-          ub_segments = version_to_be_permitted.segments
-          ub_segments << 0 while ub_segments.count <= index_to_update
-          ub_segments = ub_segments[0..index_to_update]
-          ub_segments[index_to_update] += 1
+          ub_segments = version_to_be_permitted.segments.map(&:to_s)
+          ub_segments << "0" while ub_segments.count <= index_to_update
+          ub_segments = T.must(ub_segments[0..index_to_update])
+          ub_segments[index_to_update] = (ub_segments[index_to_update].to_i + 1).to_s
-          lb_segments = version.segments
-          lb_segments.pop while lb_segments.any? && lb_segments.last.zero?
+          lb_segments = version.segments.map(&:to_s)
+          lb_segments.pop while lb_segments.any? && lb_segments.last == "0"
           return [Gem::Requirement.new("< #{ub_segments.join('.')}")] if lb_segments.none?
           # Ensure versions have the same length as each other (cosmetic)
           length = [lb_segments.count, ub_segments.count].max
-          lb_segments.fill(0, lb_segments.count...length)
-          ub_segments.fill(0, ub_segments.count...length)
+          lb_segments.fill("0", lb_segments.count...length)
+          ub_segments.fill("0", ub_segments.count...length)
           [
             Gem::Requirement.new(">= #{lb_segments.join('.')}"),
             Gem::Requirement.new("< #{ub_segments.join('.')}")
           ]
         end
+        # rubocop:enable Metrics/AbcSize
         # Updates the version in a "~>" constraint to allow the given version
+        sig do
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          ).returns(Gem::Requirement)
+        end
         def update_twiddle_version(requirement, version_to_be_permitted)
           old_version = requirement.requirements.first.last
           updated_v = at_same_precision(version_to_be_permitted, old_version)
@@ -266,10 +324,13 @@ module Dependabot
         # Updates the version in a "<" or "<=" constraint to allow the given
         # version
+        sig do
+          params(
+            requirement: Gem::Requirement,
+            version_to_be_permitted: Dependabot::Bundler::Version
+          ).returns(Gem::Requirement)
+        end
         def update_greatest_version(requirement, version_to_be_permitted)
-          if version_to_be_permitted.is_a?(String)
-            version_to_be_permitted = Dependabot::Bundler::Version.new(version_to_be_permitted)
-          end
           op, version = requirement.requirements.first
           version = version.release if version.prerelease?
@@ -282,7 +343,7 @@ module Dependabot
             if index < index_to_update
               version_to_be_permitted.segments[index]
             elsif index == index_to_update
-              version_to_be_permitted.segments[index] + 1
+              (version_to_be_permitted.segments[index].to_i + 1)
             elsif index > version_to_be_permitted.segments.count - 1
               nil
             else

data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED Viewed

@@ -39,13 +39,20 @@ module Dependabot
             cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
           ).void
         end
-        def initialize(dependency:, unprepared_dependency_files:, credentials:, ignored_versions:, options:,
-                       repo_contents_path: nil,
-                       raise_on_ignored: false,
-                       replacement_git_pin: nil, remove_git_source: false,
-                       unlock_requirement: true,
-                       latest_allowable_version: nil,
-                       cooldown_options: nil)
+        def initialize(
+          dependency:,
+          unprepared_dependency_files:,
+          credentials:,
+          ignored_versions:,
+          options:,
+          repo_contents_path: nil,
+          raise_on_ignored: false,
+          replacement_git_pin: nil,
+          remove_git_source: false,
+          unlock_requirement: true,
+          latest_allowable_version: nil,
+          cooldown_options: nil
+        )
           @dependency                  = dependency
           @unprepared_dependency_files = unprepared_dependency_files
           @credentials                 = credentials

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -82,7 +82,7 @@ module Dependabot
         RequirementsUpdater.new(
           requirements: dependency.requirements,
-          update_strategy: requirements_update_strategy,
+          update_strategy: T.must(requirements_update_strategy),
           updated_source: updated_source,
           latest_version: latest_version_for_req_updater,
           latest_resolvable_version: latest_resolvable_version_for_req_updater
@@ -354,8 +354,10 @@ module Dependabot
       sig { returns(Dependabot::Bundler::UpdateChecker::ForceUpdater) }
       def force_updater
         if @force_updater.nil?
-          @force_updater = T.let(@force_updater,
-                                 T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater))
+          @force_updater = T.let(
+            @force_updater,
+            T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater)
+          )
         end
         @force_updater ||=
           ForceUpdater.new(
@@ -372,8 +374,10 @@ module Dependabot
       sig { returns(Dependabot::GitCommitChecker) }
       def git_commit_checker
         if @git_commit_checker.nil?
-          @git_commit_checker = T.let(@git_commit_checker,
-                                      T.nilable(Dependabot::GitCommitChecker))
+          @git_commit_checker = T.let(
+            @git_commit_checker,
+            T.nilable(Dependabot::GitCommitChecker)
+          )
         end
         @git_commit_checker ||=
           GitCommitChecker.new(
@@ -432,8 +436,11 @@ module Dependabot
           latest_allowable_version: T.nilable(T.any(String, Dependabot::Bundler::Version))
         ).returns(T::Array[Dependabot::DependencyFile])
       end
-      def prepared_dependency_files(remove_git_source:, unlock_requirement:,
-                                    latest_allowable_version: nil)
+      def prepared_dependency_files(
+        remove_git_source:,
+        unlock_requirement:,
+        latest_allowable_version: nil
+      )
         FilePreparer.new(
           dependency: dependency,
           dependency_files: dependency_files,

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.333.0
+  version: 0.335.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.335.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.333.0
+        version: 0.335.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -127,56 +127,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.67'
+        version: '1.80'
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: '1.26'
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.29'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
 rdoc_options: []
 require_paths:
 - lib