dependabot-common 0.143.2 → 0.144.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/file.rb +1 -10
  3. data/lib/dependabot/config/ignore_condition.rb +40 -43
  4. data/lib/dependabot/config/update_config.rb +4 -3
  5. data/lib/dependabot/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 82f605b43ae5d4332b84cd8bca628b5621e518f26dfab590b680401b17fb2282
4
- data.tar.gz: 6913eb7ddb27d985b3aa28ad9e40f239f0efbfeb4f22400a45d9755a9b566287
3
+ metadata.gz: 06f9de893151cd2ab1d29916da6c5d821cc70dc6878e3ccd144eb887a4588322
4
+ data.tar.gz: 26bcac9593d947e959aecc53e6c9f7b1474214dda334206df517c0f71cd446ec
5
5
  SHA512:
6
- metadata.gz: 1114b083a13b2416c8be267f37bc0c2f3ac21cabf97613c879419d21cd506271972efb3d7519b1af54b092ca7b46542e53f2b6edaae3ebd342ed51c885d065cc
7
- data.tar.gz: 26f6b95978c3d8492486687cf275285eee383a9b12328e06d8477ddb2707affeacd498abfa7436bfe1f5226e7d485ac84e391a1797408386c2d75ab28ec2184d
6
+ metadata.gz: f27252cbb1d0ee59aaee1a619b9546a1a7c22613b07f38c014eaac88be8d7ad75ebdcf5f5891f30d715441b80821ba62f99e17749cacbdb9fe4c16a2b7ca2de9
7
+ data.tar.gz: a7e5d2b6f8f3bf3689cd490e9b8b7c35898ae6ad15a832afda6693a64f850f3dbfbe21397de2cb8e943ab167e2b69d542c2fe8364f5d36841661c1112907af94
data/lib/dependabot/config/file.rb CHANGED
@@ -55,22 +55,13 @@ module Dependabot
55
55
  "terraform" => "terraform"
56
56
  }.freeze
57
57
 
58
- UPDATE_TYPE_LOOKUP = {
59
- "version-update:semver-patch" => :ignore_patch_versions,
60
- "version-update:semver-minor" => :ignore_minor_versions,
61
- "version-update:semver-major" => :ignore_major_versions
62
- }.freeze
63
-
64
58
  def ignore_conditions(cfg)
65
59
  ignores = cfg&.dig(:ignore) || []
66
60
  ignores.map do |ic|
67
- update_types = ic[:"update-types"]&.
68
- map { |t| UPDATE_TYPE_LOOKUP[t.downcase.strip] }&.
69
- compact
70
61
  Dependabot::Config::IgnoreCondition.new(
71
62
  dependency_name: ic[:"dependency-name"],
72
63
  versions: ic[:versions],
73
- update_types: update_types
64
+ update_types: ic[:"update-types"]
74
65
  )
75
66
  end
76
67
  end
data/lib/dependabot/config/ignore_condition.rb CHANGED
@@ -4,37 +4,43 @@ module Dependabot
4
4
  module Config
5
5
  # Filters versions that should not be considered for dependency updates
6
6
  class IgnoreCondition
7
- UPDATE_TYPES = %i(
8
- ignore_major_versions
9
- ignore_minor_versions
10
- ignore_patch_versions
11
- ).freeze
7
+ PATCH_VERSION_TYPE = "version-update:semver-patch"
8
+ MINOR_VERSION_TYPE = "version-update:semver-minor"
9
+ MAJOR_VERSION_TYPE = "version-update:semver-major"
12
10
 
13
11
  ALL_VERSIONS = ">= 0"
14
12
 
15
13
  attr_reader :dependency_name, :versions, :update_types
14
+
16
15
  def initialize(dependency_name:, versions: nil, update_types: nil)
17
16
  @dependency_name = dependency_name
18
17
  @versions = versions || []
19
18
  @update_types = update_types || []
20
19
  end
21
20
 
22
- def ignored_versions(dependency)
23
- return [ALL_VERSIONS] if @versions.empty? && @update_types.empty?
21
+ def ignored_versions(dependency, security_updates_only)
22
+ return versions if security_updates_only
23
+ return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
24
24
 
25
- versions_by_type(dependency) + @versions
25
+ versions_by_type(dependency) + versions
26
26
  end
27
27
 
28
28
  private
29
29
 
30
+ def transformed_update_types
31
+ update_types.map(&:downcase).map(&:strip).compact
32
+ end
33
+
30
34
  def versions_by_type(dependency)
31
- @update_types.flat_map do |t|
35
+ return [] unless dependency.version
36
+
37
+ transformed_update_types.flat_map do |t|
32
38
  case t
33
- when :ignore_patch_versions
39
+ when PATCH_VERSION_TYPE
34
40
  ignore_patch(dependency.version)
35
- when :ignore_minor_versions
41
+ when MINOR_VERSION_TYPE
36
42
  ignore_minor(dependency.version)
37
- when :ignore_major_versions
43
+ when MAJOR_VERSION_TYPE
38
44
  ignore_major(dependency.version)
39
45
  else
40
46
  []
@@ -43,53 +49,44 @@ module Dependabot
43
49
  end
44
50
 
45
51
  def ignore_patch(version)
46
- parts = version.split(".")
47
- return [] unless parts.size > 2
52
+ return [] unless rubygems_compatible?(version)
48
53
 
49
- lower_parts = parts.first(2) + ["a"]
50
- upper_parts = parts.first(2)
51
- upper_parts[1] = upper_parts[1].to_i + 1
52
- lower_bound = ">= #{lower_parts.join('.')}"
54
+ parts = version.split(".")
55
+ version_parts = parts.fill(0, parts.length...2)
56
+ upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
57
+ lower_bound = "> #{version}"
53
58
  upper_bound = "< #{upper_parts.join('.')}"
59
+
54
60
  ["#{lower_bound}, #{upper_bound}"]
55
61
  end
56
62
 
57
63
  def ignore_minor(version)
58
- parts = version.split(".")
59
- return [] if parts.size < 2
60
-
61
- if Gem::Version.correct?(version)
62
- lower_parts = parts.first(2) + ["a"]
63
- upper_parts = parts.first(1)
64
- lower_parts[1] = lower_parts[1].to_i + 1
65
- upper_parts[0] = upper_parts[0].to_i + 1
66
- else
67
- lower_parts = parts.first(1) + ["a"]
68
- upper_parts = parts.first(1)
69
- begin
70
- upper_parts[0] = Integer(upper_parts[0]) + 1
71
- rescue ArgumentError
72
- upper_parts.push(999_999)
73
- end
74
- end
64
+ return [] unless rubygems_compatible?(version)
75
65
 
66
+ parts = version.split(".")
67
+ version_parts = parts.fill(0, parts.length...2)
68
+ lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
69
+ upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
76
70
  lower_bound = ">= #{lower_parts.join('.')}"
77
71
  upper_bound = "< #{upper_parts.join('.')}"
72
+
78
73
  ["#{lower_bound}, #{upper_bound}"]
79
74
  end
80
75
 
81
76
  def ignore_major(version)
82
- parts = version.split(".")
83
- return [] unless parts.size > 1
77
+ return [] unless rubygems_compatible?(version)
84
78
 
85
- lower_parts = parts.first(1) + ["a"]
86
- upper_parts = parts.first(1)
87
- lower_parts[0] = lower_parts[0].to_i + 1
88
- upper_parts[0] = upper_parts[0].to_i + 2
79
+ version_parts = version.split(".")
80
+ lower_parts = [version_parts[0].to_i + 1] + ["a"]
89
81
  lower_bound = ">= #{lower_parts.join('.')}"
90
- upper_bound = "< #{upper_parts.join('.')}"
91
82
 
92
- ["#{lower_bound}, #{upper_bound}"]
83
+ [lower_bound]
84
+ end
85
+
86
+ def rubygems_compatible?(version)
87
+ return false if version.nil? || version.empty?
88
+
89
+ Gem::Version.correct?(version)
93
90
  end
94
91
  end
95
92
  end
data/lib/dependabot/config/update_config.rb CHANGED
@@ -12,12 +12,13 @@ module Dependabot
12
12
  @commit_message_options = commit_message_options
13
13
  end
14
14
 
15
- def ignored_versions_for(dependency)
15
+ def ignored_versions_for(dependency, security_updates_only: false)
16
16
  normalizer = name_normaliser_for(dependency)
17
- dep_name = name_normaliser_for(dependency).call(dependency.name)
17
+ dep_name = normalizer.call(dependency.name)
18
+
18
19
  @ignore_conditions.
19
20
  select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
20
- map { |ic| ic.ignored_versions(dependency) }.
21
+ map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
21
22
  flatten.
22
23
  compact.
23
24
  uniq
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.143.2"
4
+ VERSION = "0.144.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.143.2
4
+ version: 0.144.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-23 00:00:00.000000000 Z
11
+ date: 2021-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport