dependabot-common 0.143.1 → 0.143.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04061b64d2ec9c8ff56b799d8ea0c7426dadcca2701581f1917faa494ba3f76d
-  data.tar.gz: 1129318553b00a3e77274d84cff91987b9c2d20f69a57deb3f171eee4729555a
+  metadata.gz: c507c27ae833e3fe63860d4dc1540e660a1552174fd9144e10234bb74f94407f
+  data.tar.gz: 459365a8dafc748237967f3090a10e0d6f7be7f2ecbf9b9b3726a475973eb4d7
 SHA512:
-  metadata.gz: 81049fffec22a52e685fd08d7f8afc8947f6cd66532491d4e16eb6420cd46ba0d65e863f5f11659968572c8bc6b8d3339601fffa57631ffeb0503823ba53e03d
-  data.tar.gz: '0955f36ca302e038b4dae7d97fd4f83d4ffa3a1cb1668eb353e16f7501851ba567c6b7eebf2bed72776343cf39a54116d326c45e2261320514a0c53d3e360aba'
+  metadata.gz: 12870c6cddfb8447569d35e08e769c492aef0d05cc9d74e81ea80497b8e487d3ce6e763fa21073abc3ac8f88b72938b753a0acef80574c5ec0c954082b2e5514
+  data.tar.gz: dba3dab805156d4f6eb84fd7122861e8b9f5c4df06aad5146bc974c2e8e9cff06a3594061b6bed6bc3a3017b829b3c900f820abb78591cb09c60efe571cd53f5

data/lib/dependabot/config/file.rb

@@ -26,6 +26,17 @@ module Dependabot
         )
       end
 
+      # Parse the YAML config file
+      def self.parse(config)
+        parsed = YAML.safe_load(config, symbolize_names: true)
+        version = parsed[:version]
+        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
+
+        File.new(updates: parsed[:updates], registries: parsed[:registries])
+      end
+
+      private
+
       PACKAGE_MANAGER_LOOKUP = {
         "bundler" => "bundler",
         "cargo" => "cargo",
@@ -44,23 +55,13 @@ module Dependabot
         "terraform" => "terraform"
       }.freeze
 
-      # Parse the YAML config file
-      def self.parse(config)
-        parsed = YAML.safe_load(config, symbolize_names: true)
-        version = parsed[:version]
-        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
-
-        File.new(updates: parsed[:updates], registries: parsed[:registries])
-      end
-
-      private
-
       def ignore_conditions(cfg)
         ignores = cfg&.dig(:ignore) || []
         ignores.map do |ic|
-          Dependabot::Config::UpdateConfig::IgnoreCondition.new(
+          Dependabot::Config::IgnoreCondition.new(
             dependency_name: ic[:"dependency-name"],
-            versions: ic[:versions]
+            versions: ic[:versions],
+            update_types: ic[:"update-types"]
           )
         end
       end

data/lib/dependabot/config/ignore_condition.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Config
+    # Filters versions that should not be considered for dependency updates
+    class IgnoreCondition
+      PATCH_VERSION_TYPE = "version-update:semver-patch"
+      MINOR_VERSION_TYPE = "version-update:semver-minor"
+      MAJOR_VERSION_TYPE = "version-update:semver-major"
+
+      ALL_VERSIONS = ">= 0"
+
+      attr_reader :dependency_name, :versions, :update_types
+
+      def initialize(dependency_name:, versions: nil, update_types: nil)
+        @dependency_name = dependency_name
+        @versions = versions || []
+        @update_types = update_types || []
+      end
+
+      def ignored_versions(dependency, security_updates_only)
+        return versions if security_updates_only
+        return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
+
+        versions_by_type(dependency) + versions
+      end
+
+      private
+
+      def transformed_update_types
+        update_types.map(&:downcase).map(&:strip).compact
+      end
+
+      def versions_by_type(dependency)
+        transformed_update_types.flat_map do |t|
+          case t
+          when PATCH_VERSION_TYPE
+            ignore_patch(dependency.version)
+          when MINOR_VERSION_TYPE
+            ignore_minor(dependency.version)
+          when MAJOR_VERSION_TYPE
+            ignore_major(dependency.version)
+          else
+            []
+          end
+        end.compact
+      end
+
+      def ignore_patch(version)
+        return [] unless rubygems_compatible?(version)
+
+        parts = version.split(".")
+        version_parts = parts.fill(0, parts.length...2)
+        upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
+        lower_bound = "> #{version}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      def ignore_minor(version)
+        return [] unless rubygems_compatible?(version)
+
+        parts = version.split(".")
+        version_parts = parts.fill(0, parts.length...2)
+        lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
+        upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
+        lower_bound = ">= #{lower_parts.join('.')}"
+        upper_bound = "< #{upper_parts.join('.')}"
+
+        ["#{lower_bound}, #{upper_bound}"]
+      end
+
+      def ignore_major(version)
+        return [] unless rubygems_compatible?(version)
+
+        version_parts = version.split(".")
+        lower_parts = [version_parts[0].to_i + 1] + ["a"]
+        lower_bound = ">= #{lower_parts.join('.')}"
+
+        [lower_bound]
+      end
+
+      def rubygems_compatible?(version)
+        return false if version.nil? || version.empty?
+
+        Gem::Version.correct?(version)
+      end
+    end
+  end
+end

data/lib/dependabot/config/update_config.rb

@@ -1,30 +1,44 @@
 # frozen_string_literal: true
 
+require "dependabot/config/ignore_condition"
+
 module Dependabot
   module Config
     # Configuration for a single ecosystem
     class UpdateConfig
-      attr_reader :commit_message_options
-
+      attr_reader :commit_message_options, :ignore_conditions
       def initialize(ignore_conditions: nil, commit_message_options: nil)
         @ignore_conditions = ignore_conditions || []
         @commit_message_options = commit_message_options
       end
 
-      def ignored_versions_for(dep)
+      def ignored_versions_for(dependency, security_updates_only: false)
+        normalizer = name_normaliser_for(dependency)
+        dep_name = name_normaliser_for(dependency).call(dependency.name)
+
         @ignore_conditions.
-          select { |ic| ic.dependency_name == dep.name }. # FIXME: wildcard support
-          map(&:versions).
+          select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
+          map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
           flatten.
-          compact
+          compact.
+          uniq
       end
 
-      class IgnoreCondition
-        attr_reader :dependency_name, :versions
-        def initialize(dependency_name:, versions:)
-          @dependency_name = dependency_name
-          @versions = versions
-        end
+      def self.wildcard_match?(wildcard_string, candidate_string)
+        return false unless wildcard_string && candidate_string
+
+        regex_string = "a#{wildcard_string.downcase}a".split("*").
+                       map { |p| Regexp.quote(p) }.
+                       join(".*").gsub(/^a|a$/, "")
+        regex = /^#{regex_string}$/
+        regex.match?(candidate_string.downcase)
+      end
+
+      private
+
+      def name_normaliser_for(dep)
+        name_normaliser ||= {}
+        name_normaliser[dep] ||= Dependency.name_normaliser_for_package_manager(dep.package_manager)
       end
 
       class CommitMessageOptions

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.143.1"
+  VERSION = "0.143.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.143.1
+  version: 0.143.6
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-21 00:00:00.000000000 Z
+date: 2021-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -394,6 +394,7 @@ files:
 - lib/dependabot/config.rb
 - lib/dependabot/config/file.rb
 - lib/dependabot/config/file_fetcher.rb
+- lib/dependabot/config/ignore_condition.rb
 - lib/dependabot/config/update_config.rb
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb