dependabot-bundler 0.302.0 → 0.303.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/package/package_details_fetcher.rb +149 -0
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fea7b824346608c85aa153277a3d95c1490b32601fd390390bad519a76264b69
|
|
4
|
+
data.tar.gz: 50530f2584e007afa21e905f9ef29cb7e9fe894b7bc5127fa6001ad19be805a3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc9b5a20c3812ca94c287432710e021c925c75e6bfd044a6d084e97d0c1f00f4ab51f46ef9015202c9de75b8627445c3c0a31b3c2d198462fde57ab7e8b0976a
|
|
7
|
+
data.tar.gz: a91e3098508822b8afb01ec20feb86d1e3dba8631be244629869560635e414256e8f0c4628c1cb00fcbe1a019460fe7fb5a14292d6a973f92ad6269538ab24dc
|
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
# typed: strict
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "json"
|
|
5
|
+
require "time"
|
|
6
|
+
require "cgi"
|
|
7
|
+
require "excon"
|
|
8
|
+
require "nokogiri"
|
|
9
|
+
require "sorbet-runtime"
|
|
10
|
+
require "dependabot/registry_client"
|
|
11
|
+
require "dependabot/bundler"
|
|
12
|
+
require "dependabot/package/package_release"
|
|
13
|
+
require "dependabot/package/package_details"
|
|
14
|
+
|
|
15
|
+
module Dependabot
|
|
16
|
+
module Bundler
|
|
17
|
+
module Package
|
|
18
|
+
class PackageDetailsFetcher
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
21
|
+
RELEASES_URL = "https://rubygems.org/api/v1/versions/%s.json"
|
|
22
|
+
GEM_URL = "https://rubygems.org/gems/%s.gem"
|
|
23
|
+
PACKAGE_TYPE = "gem"
|
|
24
|
+
PACKAGE_LANGUAGE = "ruby"
|
|
25
|
+
APPLICATION_JSON = "application/json"
|
|
26
|
+
|
|
27
|
+
sig do
|
|
28
|
+
params(
|
|
29
|
+
dependency: Dependabot::Dependency,
|
|
30
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
31
|
+
credentials: T::Array[Dependabot::Credential]
|
|
32
|
+
).void
|
|
33
|
+
end
|
|
34
|
+
def initialize(dependency:, dependency_files:, credentials:)
|
|
35
|
+
@dependency = dependency
|
|
36
|
+
@dependency_files = dependency_files
|
|
37
|
+
@credentials = credentials
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
sig { returns(Dependabot::Dependency) }
|
|
41
|
+
attr_reader :dependency
|
|
42
|
+
|
|
43
|
+
sig { returns(T::Array[T.untyped]) }
|
|
44
|
+
attr_reader :dependency_files
|
|
45
|
+
|
|
46
|
+
sig { returns(T::Array[T.untyped]) }
|
|
47
|
+
attr_reader :credentials
|
|
48
|
+
|
|
49
|
+
# Example JSON Response Format:
|
|
50
|
+
# eg https://rubygems.org/api/v1/versions/dependabot-common.json
|
|
51
|
+
# response:
|
|
52
|
+
# [
|
|
53
|
+
# {
|
|
54
|
+
# authors: "Dependabot",
|
|
55
|
+
# built_at: "2025-03-20T00:00:00.000Z",
|
|
56
|
+
# created_at: "2025-03-20T14:48:33.295Z",
|
|
57
|
+
# description: "Dependabot-Common provides the shared code used across Dependabot. If you want support for
|
|
58
|
+
# multiple package managers, you probably want the meta-gem dependabot-omnibus.",
|
|
59
|
+
# downloads_count: 382,
|
|
60
|
+
# metadata: {
|
|
61
|
+
# changelog_uri: "https://github.com/dependabot/dependabot-core/releases/tag/v0.302.0",
|
|
62
|
+
# bug_tracker_uri: "https://github.com/dependabot/dependabot-core/issues"
|
|
63
|
+
# },
|
|
64
|
+
# number: "0.302.0",
|
|
65
|
+
# summary: "Shared code used across Dependabot Core",
|
|
66
|
+
# platform: "ruby",
|
|
67
|
+
# rubygems_version: ">= 3.3.7",
|
|
68
|
+
# ruby_version: ">= 3.1.0",
|
|
69
|
+
# prerelease: false,
|
|
70
|
+
# licenses: [
|
|
71
|
+
# "MIT"
|
|
72
|
+
# ],
|
|
73
|
+
# requirements: [ ],
|
|
74
|
+
# sha: "e8ef286a91add81534c297425f2f2efc0c5671f3307307f7fad62c059ed8fca2",
|
|
75
|
+
# spec_sha: "cd0ac8f3462449bf19e7356dbc2ec83eec378b41702e03221ededc49875b1e1c"
|
|
76
|
+
# },
|
|
77
|
+
# {
|
|
78
|
+
# authors: "Dependabot",
|
|
79
|
+
# built_at: "2025-03-14T00:00:00.000Z",
|
|
80
|
+
# created_at: "2025-03-14T18:46:18.547Z",
|
|
81
|
+
# description: "Dependabot-Common provides the shared code used across Dependabot. If you want support for
|
|
82
|
+
# multiple package managers, you probably want the meta-gem dependabot-omnibus.",
|
|
83
|
+
# downloads_count: 324,
|
|
84
|
+
# metadata: {
|
|
85
|
+
# changelog_uri: "https://github.com/dependabot/dependabot-core/releases/tag/v0.301.1",
|
|
86
|
+
# bug_tracker_uri: "https://github.com/dependabot/dependabot-core/issues"
|
|
87
|
+
# },
|
|
88
|
+
# number: "0.301.1",
|
|
89
|
+
# summary: "Shared code used across Dependabot Core",
|
|
90
|
+
# platform: "ruby",
|
|
91
|
+
# rubygems_version: ">= 3.3.7",
|
|
92
|
+
# ruby_version: ">= 3.1.0",
|
|
93
|
+
# prerelease: false,
|
|
94
|
+
# licenses: [
|
|
95
|
+
# "MIT"
|
|
96
|
+
# ],
|
|
97
|
+
# requirements: [ ],
|
|
98
|
+
# sha: "47e5948069571271d72c12f8c03106b415a00550857b6c5fb22aeb780cfe1da7",
|
|
99
|
+
# spec_sha: "7191388ac6fa0ea72ed7588f848b2b244a0dc5a4ec3e6b7c9d395296b0fa93d9"
|
|
100
|
+
# },
|
|
101
|
+
# ...
|
|
102
|
+
# ]
|
|
103
|
+
sig { returns(Dependabot::Package::PackageDetails) }
|
|
104
|
+
def fetch
|
|
105
|
+
response = registry_json_response_for_dependency
|
|
106
|
+
raise unless response.status == 200
|
|
107
|
+
|
|
108
|
+
package_releases = JSON.parse(response.body).map do |release|
|
|
109
|
+
Dependabot::Package::PackageRelease.new(
|
|
110
|
+
version: Dependabot::Bundler::Version.new(release["number"]),
|
|
111
|
+
released_at: Time.parse(release["created_at"]),
|
|
112
|
+
yanked: false,
|
|
113
|
+
yanked_reason: nil,
|
|
114
|
+
downloads: release["downloads_count"],
|
|
115
|
+
url: GEM_URL % "#{@dependency.name}-#{release['number']}",
|
|
116
|
+
package_type: PACKAGE_TYPE,
|
|
117
|
+
language: Dependabot::Package::PackageLanguage.new(
|
|
118
|
+
name: PACKAGE_LANGUAGE,
|
|
119
|
+
version: nil,
|
|
120
|
+
requirement: language_requirement(release["ruby_version"])
|
|
121
|
+
)
|
|
122
|
+
)
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
Dependabot::Package::PackageDetails.new(
|
|
126
|
+
dependency: dependency,
|
|
127
|
+
releases: package_releases.reverse.uniq(&:version)
|
|
128
|
+
)
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
private
|
|
132
|
+
|
|
133
|
+
sig { returns(Excon::Response) }
|
|
134
|
+
def registry_json_response_for_dependency
|
|
135
|
+
url = RELEASES_URL % dependency.name
|
|
136
|
+
Dependabot::RegistryClient.get(
|
|
137
|
+
url: url,
|
|
138
|
+
headers: { "Accept" => APPLICATION_JSON }
|
|
139
|
+
)
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
sig { params(req_string: String).returns(Requirement) }
|
|
143
|
+
def language_requirement(req_string)
|
|
144
|
+
Requirement.new(req_string)
|
|
145
|
+
end
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.303.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-03-
|
|
11
|
+
date: 2025-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.303.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.303.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,14 +170,14 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.8.
|
|
173
|
+
version: 0.8.7
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - "~>"
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 0.8.
|
|
180
|
+
version: 0.8.7
|
|
181
181
|
- !ruby/object:Gem::Dependency
|
|
182
182
|
name: simplecov
|
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -305,6 +305,7 @@ files:
|
|
|
305
305
|
- lib/dependabot/bundler/language.rb
|
|
306
306
|
- lib/dependabot/bundler/metadata_finder.rb
|
|
307
307
|
- lib/dependabot/bundler/native_helpers.rb
|
|
308
|
+
- lib/dependabot/bundler/package/package_details_fetcher.rb
|
|
308
309
|
- lib/dependabot/bundler/package_manager.rb
|
|
309
310
|
- lib/dependabot/bundler/requirement.rb
|
|
310
311
|
- lib/dependabot/bundler/update_checker.rb
|
|
@@ -322,7 +323,7 @@ licenses:
|
|
|
322
323
|
- MIT
|
|
323
324
|
metadata:
|
|
324
325
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
326
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.303.0
|
|
326
327
|
post_install_message:
|
|
327
328
|
rdoc_options: []
|
|
328
329
|
require_paths:
|