RubyGems - dependabot-common - Versions diffs - 0.143.0 → 0.143.5 - Mend

dependabot-common 0.143.0 → 0.143.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/config/file.rb +32 -7
data/lib/dependabot/config/ignore_condition.rb +100 -0
data/lib/dependabot/config/update_config.rb +46 -28
data/lib/dependabot/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57330557c4c6b5c67064d741415cf5ec79dcb8f43bf9f3919048a3464260ab3c
-  data.tar.gz: c2c2540484356b1beeb3b72dfff70a4d0da24ee20cfbeb4b9c2e465bdd4dc2e1
+  metadata.gz: 519d829e63edf21602f5031e532dbccce99323676b624ff130e089b6f3ec44ef
+  data.tar.gz: 3fb4986daa15f8d92a5af167473d3b32ed3132699fa4f2c85ebf2060632f55e7
 SHA512:
-  metadata.gz: ab1843750e40351dd4a63830cb45e466bda21006140c4b39540010b0cd00e30a09dec6bf08aa744a42e870d2693e09d861aed43b0ec59b0854910f4dfcdbde8f
-  data.tar.gz: be02824d97291c474f1074e3070abf82fa1576bc9f5898fea338734bd4f11d811526bccb3888a3a279b893dec717fffe77fd7218b47d0b16025e3e680372109e
+  metadata.gz: dd23c91a75da2f3a93719a031c42d259dee57c7b7f489a044c3480dee8cfb5f55a48a19a961a90064d6939710574d3ef0531755d685bbff7457475306969b16e
+  data.tar.gz: c1b8bbdadea4755383f7585752d1bcedd1f875475e31b452ffb8e74578fac2152b250bf071840361bd958eb9240b5adcb0671e04a915fc2baf86b0297f382585

data/lib/dependabot/config/file.rb CHANGED Viewed

@@ -20,9 +20,23 @@ module Dependabot
           u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
             (target_branch.nil? || u[:"target-branch"] == target_branch)
         end
-        Dependabot::Config::UpdateConfig.new(cfg)
+        Dependabot::Config::UpdateConfig.new(
+          ignore_conditions: ignore_conditions(cfg),
+          commit_message_options: commit_message_options(cfg)
+        )
       end
+      # Parse the YAML config file
+      def self.parse(config)
+        parsed = YAML.safe_load(config, symbolize_names: true)
+        version = parsed[:version]
+        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
+        File.new(updates: parsed[:updates], registries: parsed[:registries])
+      end
+      private
       PACKAGE_MANAGER_LOOKUP = {
         "bundler" => "bundler",
         "cargo" => "cargo",
@@ -41,13 +55,24 @@ module Dependabot
         "terraform" => "terraform"
       }.freeze
-      # Parse the YAML config file
-      def self.parse(config)
-        parsed = YAML.safe_load(config, symbolize_names: true)
-        version = parsed[:version]
-        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
+      def ignore_conditions(cfg)
+        ignores = cfg&.dig(:ignore) || []
+        ignores.map do |ic|
+          Dependabot::Config::IgnoreCondition.new(
+            dependency_name: ic[:"dependency-name"],
+            versions: ic[:versions],
+            update_types: ic[:"update-types"]
+          )
+        end
+      end
-        File.new(updates: parsed[:updates], registries: parsed[:registries])
+      def commit_message_options(cfg)
+        commit_message = cfg&.dig(:"commit-message") || {}
+        Dependabot::Config::UpdateConfig::CommitMessageOptions.new(
+          prefix: commit_message[:prefix],
+          prefix_development: commit_message[:"prefix-development"],
+          include: commit_message[:include]
+        )
       end
     end
   end

data/lib/dependabot/config/ignore_condition.rb ADDED Viewed

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+module Dependabot
+  module Config
+    # Filters versions that should not be considered for dependency updates
+    class IgnoreCondition
+      PATCH_VERSION_TYPE = "version-update:semver-patch"
+      MINOR_VERSION_TYPE = "version-update:semver-minor"
+      MAJOR_VERSION_TYPE = "version-update:semver-major"
+      ALL_VERSIONS = ">= 0"
+      attr_reader :dependency_name, :versions, :update_types
+      def initialize(dependency_name:, versions: nil, update_types: nil)
+        @dependency_name = dependency_name
+        @versions = versions || []
+        @update_types = update_types || []
+      end
+      def ignored_versions(dependency, security_updates_only)
+        return versions if security_updates_only
+        return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
+        versions_by_type(dependency) + versions
+      end
+      private
+      def transformed_update_types
+        update_types.map(&:downcase).map(&:strip).compact
+      end
+      def versions_by_type(dependency)
+        transformed_update_types.flat_map do |t|
+          case t
+          when PATCH_VERSION_TYPE
+            ignore_patch(dependency.version)
+          when MINOR_VERSION_TYPE
+            ignore_minor(dependency.version)
+          when MAJOR_VERSION_TYPE
+            ignore_major(dependency.version)
+          else
+            []
+          end
+        end.compact
+      end
+      def ignore_patch(version)
+        parts = version.split(".")
+        return [] unless parts.size > 2
+        lower_parts = parts.first(2) + ["a"]
+        upper_parts = parts.first(2)
+        upper_parts[1] = upper_parts[1].to_i + 1
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+      def ignore_minor(version)
+        parts = version.split(".")
+        return [] if parts.size < 2
+        if Gem::Version.correct?(version)
+          lower_parts = parts.first(2) + ["a"]
+          upper_parts = parts.first(1)
+          lower_parts[1] = lower_parts[1].to_i + 1
+          upper_parts[0] = upper_parts[0].to_i + 1
+        else
+          lower_parts = parts.first(1) + ["a"]
+          upper_parts = parts.first(1)
+          begin
+            upper_parts[0] = Integer(upper_parts[0]) + 1
+          rescue ArgumentError
+            upper_parts.push(999_999)
+          end
+        end
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+      def ignore_major(version)
+        parts = version.split(".")
+        return [] unless parts.size > 1
+        lower_parts = parts.first(1) + ["a"]
+        upper_parts = parts.first(1)
+        lower_parts[0] = lower_parts[0].to_i + 1
+        upper_parts[0] = upper_parts[0].to_i + 2
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+    end
+  end
+end

data/lib/dependabot/config/update_config.rb CHANGED Viewed

@@ -1,47 +1,65 @@
 # frozen_string_literal: true
+require "dependabot/config/ignore_condition"
 module Dependabot
   module Config
     # Configuration for a single ecosystem
     class UpdateConfig
-      module Interval
-        DAILY = "daily"
-        WEEKLY = "weekly"
-        MONTHLY = "monthly"
+      attr_reader :commit_message_options, :ignore_conditions
+      def initialize(ignore_conditions: nil, commit_message_options: nil)
+        @ignore_conditions = ignore_conditions || []
+        @commit_message_options = commit_message_options
       end
-      def initialize(config)
-        @config = config || {}
+      def ignored_versions_for(dependency, security_updates_only: false)
+        normalizer = name_normaliser_for(dependency)
+        dep_name = name_normaliser_for(dependency).call(dependency.name)
+        @ignore_conditions.
+          select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
+          map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
+          flatten.
+          compact.
+          uniq
       end
-      def ignored_versions_for(dep)
-        return [] unless @config[:ignore]
+      def self.wildcard_match?(wildcard_string, candidate_string)
+        return false unless wildcard_string && candidate_string
-        @config[:ignore].
-          select { |ic| ic[:"dependency-name"] == dep.name }. # FIXME: wildcard support
-          map { |ic| ic[:versions] }.
-          flatten
+        regex_string = "a#{wildcard_string.downcase}a".split("*").
+                       map { |p| Regexp.quote(p) }.
+                       join(".*").gsub(/^a|a$/, "")
+        regex = /^#{regex_string}$/
+        regex.match?(candidate_string.downcase)
       end
-      def commit_message_options
-        commit_message = @config[:"commit-message"] || {}
-        {
-          prefix: commit_message[:prefix],
-          prefix_development: commit_message[:"prefix-development"],
-          include_scope: commit_message[:include] == "scope"
-        }
+      private
+      def name_normaliser_for(dep)
+        name_normaliser ||= {}
+        name_normaliser[dep] ||= Dependency.name_normaliser_for_package_manager(dep.package_manager)
       end
-      def interval
-        return unless @config[:schedule]
-        return unless @config[:schedule][:interval]
+      class CommitMessageOptions
+        attr_reader :prefix, :prefix_development, :include
+        def initialize(prefix:, prefix_development:, include:)
+          @prefix = prefix
+          @prefix_development = prefix_development
+          @include = include
+        end
+        def include_scope?
+          @include == "scope"
+        end
-        interval = @config[:schedule][:interval]
-        case interval.downcase
-        when Interval::DAILY, Interval::WEEKLY, Interval::MONTHLY
-          interval.downcase
-        else
-          raise InvalidConfigError, "unknown interval: #{interval}"
+        def to_h
+          {
+            prefix: @prefix,
+            prefix_development: @prefix_development,
+            include_scope: include_scope?
+          }
         end
       end
     end

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.143.0"
+  VERSION = "0.143.5"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.143.0
+  version: 0.143.5
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-21 00:00:00.000000000 Z
+date: 2021-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -394,6 +394,7 @@ files:
 - lib/dependabot/config.rb
 - lib/dependabot/config/file.rb
 - lib/dependabot/config/file_fetcher.rb
+- lib/dependabot/config/ignore_condition.rb
 - lib/dependabot/config/update_config.rb
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb