dependabot-bundler 0.367.0 → 0.368.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e34c3bf2b7d1d037cff87ab501f90038e63ed2befb7404fe2d34e4043e3c75fd
|
|
4
|
+
data.tar.gz: 8fe5e19a9305bcabf19a90caf59e00c3373cab545922f51420d812535b1fcf23
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03c246c7ddf1eb3ba6f8f40a08a818998fb97564a034a952ade14d24928ab127101a19cbd540b52a1d2b2a2388290ee9b9792ada80e3287264ecc07afcc51cc5
|
|
7
|
+
data.tar.gz: d47a12316edb81d78c36d84ff103a77597a8149993665d76d1a723c6cacb3e1bd35935c931930cad91eb310872f1a082ca948bbdfcf26f5dcf2b63060494f208
|
|
@@ -62,11 +62,11 @@ module Dependabot
|
|
|
62
62
|
sig { override.returns(T.nilable(String)) }
|
|
63
63
|
attr_reader :repo_contents_path
|
|
64
64
|
|
|
65
|
-
sig { returns(Dependabot::Package::PackageDetails) }
|
|
65
|
+
sig { returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
66
66
|
def fetch
|
|
67
67
|
case source_type
|
|
68
68
|
when GIT, OTHER
|
|
69
|
-
|
|
69
|
+
nil
|
|
70
70
|
else
|
|
71
71
|
rubygems_versions
|
|
72
72
|
end
|
|
@@ -132,26 +132,6 @@ module Dependabot
|
|
|
132
132
|
def rubygems_versions
|
|
133
133
|
registry_url = get_url_from_dependency(dependency) || replaces_base_registry_url || "https://rubygems.org"
|
|
134
134
|
|
|
135
|
-
# TODO: Github private registry support
|
|
136
|
-
# registry_url = "https://rubygems.pkg.github.com/#{OWNER_NAME}"
|
|
137
|
-
# Corresponding API URL:
|
|
138
|
-
# curl -H "Accept: application/json" \
|
|
139
|
-
# -H "Authorization: Bearer <<TOKEN>>" \
|
|
140
|
-
# https://api.github.com/orgs/dsp-testing/packages/rubygems/json/version
|
|
141
|
-
|
|
142
|
-
validate_and_check_registry(registry_url)
|
|
143
|
-
end
|
|
144
|
-
|
|
145
|
-
sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
|
|
146
|
-
def validate_and_check_registry(registry_url)
|
|
147
|
-
parsed_url = begin
|
|
148
|
-
URI.parse(registry_url)
|
|
149
|
-
rescue URI::InvalidURIError
|
|
150
|
-
raise "Invalid registry URL: #{registry_url}"
|
|
151
|
-
end
|
|
152
|
-
|
|
153
|
-
return github_packages_versions(registry_url) if parsed_url.host == "rubygems.pkg.github.com"
|
|
154
|
-
|
|
155
135
|
fetch_and_process_rubygems_response(registry_url)
|
|
156
136
|
end
|
|
157
137
|
|
|
@@ -253,61 +233,6 @@ module Dependabot
|
|
|
253
233
|
)
|
|
254
234
|
end
|
|
255
235
|
|
|
256
|
-
sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
|
|
257
|
-
def github_packages_versions(registry_url)
|
|
258
|
-
# Extract org name from URL like "https://rubygems.pkg.github.com/dsp-testing/"
|
|
259
|
-
org_name = registry_url.split("/").last
|
|
260
|
-
|
|
261
|
-
# GitHub Packages API endpoint for RubyGems packages
|
|
262
|
-
api_url = "https://api.github.com/orgs/#{org_name}/packages/rubygems/#{dependency.name}/versions"
|
|
263
|
-
|
|
264
|
-
response = Dependabot::RegistryClient.get(
|
|
265
|
-
url: api_url,
|
|
266
|
-
headers: {
|
|
267
|
-
"Accept" => "application/vnd.github.v3+json",
|
|
268
|
-
"Authorization" => "Bearer #{github_token}"
|
|
269
|
-
}
|
|
270
|
-
)
|
|
271
|
-
|
|
272
|
-
unless response.status == 200
|
|
273
|
-
error_details = "Status: #{response.status}"
|
|
274
|
-
error_details += " (Package not found in GitHub Registry)" if response.status == 404
|
|
275
|
-
error_message = "Failed to fetch versions for '#{dependency.name}' from GitHub Packages. #{error_details}"
|
|
276
|
-
Dependabot.logger.info(error_message)
|
|
277
|
-
return package_details([])
|
|
278
|
-
end
|
|
279
|
-
|
|
280
|
-
begin
|
|
281
|
-
versions_data = JSON.parse(response.body)
|
|
282
|
-
package_releases = versions_data.map do |version_info|
|
|
283
|
-
# GitHub Packages API returns different structure than RubyGems
|
|
284
|
-
version_number = version_info["name"] # GitHub uses "name" for version
|
|
285
|
-
created_at = version_info["created_at"]
|
|
286
|
-
|
|
287
|
-
package_release(
|
|
288
|
-
version: version_number,
|
|
289
|
-
released_at: Time.parse(created_at),
|
|
290
|
-
downloads: 0, # GitHub Packages doesn't provide download counts
|
|
291
|
-
url: "#{registry_url}/gems/#{dependency.name}-#{version_number}.gem",
|
|
292
|
-
ruby_version: nil # GitHub Packages API doesn't provide ruby version requirements
|
|
293
|
-
)
|
|
294
|
-
end
|
|
295
|
-
|
|
296
|
-
package_details(package_releases)
|
|
297
|
-
rescue JSON::ParserError => e
|
|
298
|
-
Dependabot.logger.info("Failed to parse GitHub Packages response: #{e.message}")
|
|
299
|
-
package_details([])
|
|
300
|
-
end
|
|
301
|
-
end
|
|
302
|
-
|
|
303
|
-
sig { returns(T.nilable(String)) }
|
|
304
|
-
def github_token
|
|
305
|
-
github_credential = credentials.find do |cred|
|
|
306
|
-
cred["type"] == "rubygems_server" && cred["host"] == "rubygems.pkg.github.com"
|
|
307
|
-
end
|
|
308
|
-
github_credential&.fetch("token", nil)
|
|
309
|
-
end
|
|
310
|
-
|
|
311
236
|
sig { params(req_string: String).returns(Requirement) }
|
|
312
237
|
def language_requirement(req_string)
|
|
313
238
|
Requirement.new(req_string)
|
|
@@ -72,12 +72,17 @@ module Dependabot
|
|
|
72
72
|
|
|
73
73
|
sig { override.returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
74
74
|
def available_versions
|
|
75
|
-
|
|
75
|
+
releases = package_details&.releases
|
|
76
|
+
return nil if releases.nil?
|
|
76
77
|
|
|
77
78
|
source_versions = releases_from_dependency_source
|
|
78
79
|
return [] if source_versions.empty?
|
|
79
80
|
|
|
80
|
-
|
|
81
|
+
# Some private registries don't support the versions API that we use for fetching release dates for cooldown.
|
|
82
|
+
# In that case, skip cooldown and just return all versions.
|
|
83
|
+
return source_versions if releases.empty?
|
|
84
|
+
|
|
85
|
+
releases.select do |release|
|
|
81
86
|
source_versions.any? { |v| v.to_s == release.version.to_s }
|
|
82
87
|
end
|
|
83
88
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.368.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.368.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.368.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.368.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|