dependabot-common 0.230.0 → 0.231.0

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "excon"
@@ -111,11 +112,11 @@ module Dependabot
 
         def changelog_from_ref(ref)
           files =
-            dependency_file_list(ref).
-            select { |f| f.type == "file" }.
-            reject { |f| f.name.end_with?(".sh") }.
-            reject { |f| f.size > 1_000_000 }.
-            reject { |f| f.size < 100 }
+            dependency_file_list(ref)
+            .select { |f| f.type == "file" }
+            .reject { |f| f.name.end_with?(".sh") }
+            .reject { |f| f.size > 1_000_000 }
+            .reject { |f| f.size < 100 }
 
           select_best_changelog(files)
         end
@@ -176,7 +177,7 @@ module Dependabot
 
           return unless @file_text[file.download_url].valid_encoding?
 
-          @file_text[file.download_url].sub(/\n*\z/, "")
+          @file_text[file.download_url].rstrip
         end
 
         def fetch_github_file(file_source, file)
@@ -194,13 +195,13 @@ module Dependabot
         end
 
         def fetch_bitbucket_file(file)
-          bitbucket_client.get(file.download_url).body.
-            force_encoding("UTF-8").encode
+          bitbucket_client.get(file.download_url).body
+                          .force_encoding("UTF-8").encode
         end
 
         def fetch_azure_file(file)
-          azure_client.get(file.download_url).body.
-            force_encoding("UTF-8").encode
+          azure_client.get(file.download_url).body
+                      .force_encoding("UTF-8").encode
         end
 
         def upgrade_guide
@@ -210,11 +211,11 @@ module Dependabot
           # than the major version
           return unless major_version_upgrade?
 
-          dependency_file_list.
-            select { |f| f.type == "file" }.
-            select { |f| f.name.casecmp("upgrade.md").zero? }.
-            reject { |f| f.size > 1_000_000 }.
-            max_by(&:size)
+          dependency_file_list
+            .select { |f| f.type == "file" }
+            .select { |f| f.name.casecmp("upgrade.md").zero? }
+            .reject { |f| f.size > 1_000_000 }
+            .max_by(&:size)
         end
 
         def dependency_file_list(ref = nil)
@@ -370,30 +371,30 @@ module Dependabot
         end
 
         def gitlab_client
-          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
-                             for_gitlab_dot_com(credentials: credentials)
+          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries
+                             .for_gitlab_dot_com(credentials: credentials)
         end
 
         def github_client
-          @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_source(source: source, credentials: credentials)
+          @github_client ||= Dependabot::Clients::GithubWithRetries
+                             .for_source(source: source, credentials: credentials)
         end
 
         def azure_client
-          @azure_client ||= Dependabot::Clients::Azure.
-                            for_source(source: source, credentials: credentials)
+          @azure_client ||= Dependabot::Clients::Azure
+                            .for_source(source: source, credentials: credentials)
         end
 
         def github_client_for_source(client_source)
           return github_client if client_source == source
 
-          Dependabot::Clients::GithubWithRetries.
-            for_source(source: client_source, credentials: credentials)
+          Dependabot::Clients::GithubWithRetries
+            .for_source(source: client_source, credentials: credentials)
         end
 
         def bitbucket_client
-          @bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries.
-                                for_bitbucket_dot_org(credentials: credentials)
+          @bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
+                                .for_bitbucket_dot_org(credentials: credentials)
         end
 
         def default_bitbucket_branch

data/lib/dependabot/metadata_finders/base/changelog_pruner.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/metadata_finders/base"
@@ -48,7 +49,7 @@ module Dependabot
               Range.new(0, -1)
             end
 
-          changelog_lines.slice(slice_range).join("\n").sub(/\n*\z/, "")
+          changelog_lines.slice(slice_range).join("\n").rstrip
         end
 
         private

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/github_with_retries"
@@ -57,9 +58,9 @@ module Dependabot
 
           return new_ref if new_ref && ref_changed?
 
-          tags = dependency_tags.
-                 select { |tag| tag_matches_version?(tag, new_version) }.
-                 sort_by(&:length)
+          tags = dependency_tags
+                 .select { |tag| tag_matches_version?(tag, new_version) }
+                 .sort_by(&:length)
 
           tags.find { |t| t.include?(dependency.name) } || tags.first
         end
@@ -76,9 +77,9 @@ module Dependabot
           elsif previous_ref && ref_changed?
             previous_ref
           elsif previous_version
-            tags = dependency_tags.
-                   select { |tag| tag_matches_version?(tag, previous_version) }.
-                   sort_by(&:length)
+            tags = dependency_tags
+                   .select { |tag| tag_matches_version?(tag, previous_version) }
+                   .sort_by(&:length)
 
             tags.find { |t| t.include?(dependency.name) } || tags.first
           elsif !git_source?(dependency.previous_requirements)
@@ -89,10 +90,10 @@ module Dependabot
         # rubocop:enable Metrics/PerceivedComplexity
 
         def lowest_tag_satisfying_previous_requirements
-          tags = dependency_tags.
-                 select { |t| version_from_tag(t) }.
-                 select { |t| satisfies_previous_reqs?(version_from_tag(t)) }.
-                 sort_by { |t| [version_from_tag(t), t.length] }
+          tags = dependency_tags
+                 .select { |t| version_from_tag(t) }
+                 .select { |t| satisfies_previous_reqs?(version_from_tag(t)) }
+                 .sort_by { |t| [version_from_tag(t), t.length] }
 
           tags.find { |t| t.include?(dependency.name) } || tags.first
         end
@@ -110,9 +111,9 @@ module Dependabot
           dependency.previous_requirements.all? do |req|
             next true unless req.fetch(:requirement)
 
-            requirement_class.
-              requirements_array(req.fetch(:requirement)).
-              all? { |r| r.satisfied_by?(version) }
+            requirement_class
+              .requirements_array(req.fetch(:requirement))
+              .all? { |r| r.satisfied_by?(version) }
           end
         end
 
@@ -172,10 +173,10 @@ module Dependabot
         def fetch_dependency_tags
           return [] unless source
 
-          GitMetadataFetcher.
-            new(url: source.url, credentials: credentials).
-            tags.
-            map(&:name)
+          GitMetadataFetcher
+            .new(url: source.url, credentials: credentials)
+            .tags
+            .map(&:name)
         rescue Dependabot::GitDependenciesNotReachable,
                Octokit::ServiceUnavailable
           # ServiceUnavailable normally means a DMCA takedown
@@ -186,9 +187,9 @@ module Dependabot
           if part_of_monorepo?
             # If part of a monorepo then we're better off linking to the commits
             # for that directory than trying to put together a compare URL
-            Pathname.
-              new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
-              cleanpath.to_path
+            Pathname
+              .new(File.join("commits/#{new_tag || 'HEAD'}", source.directory))
+              .cleanpath.to_path
           elsif new_tag && previous_tag
             "compare/#{previous_tag}...#{new_tag}"
           else
@@ -243,9 +244,9 @@ module Dependabot
               # NOTE: We reverse this so it's consistent with the array we get
               # from `github_client.compare(...)`
               args = { sha: new_tag, path: path }.compact
-              github_client.
-                commits(repo, **args).
-                reject { |c| previous_commit_shas.include?(c.sha) }.reverse
+              github_client
+                .commits(repo, **args)
+                .reject { |c| previous_commit_shas.include?(c.sha) }.reverse
             end
           return [] unless commits
 
@@ -261,9 +262,9 @@ module Dependabot
         end
 
         def fetch_bitbucket_commits
-          bitbucket_client.
-            compare(source.repo, previous_tag, new_tag).
-            map do |commit|
+          bitbucket_client
+            .compare(source.repo, previous_tag, new_tag)
+            .map do |commit|
               {
                 message: commit.dig("summary", "raw"),
                 sha: commit["hash"],
@@ -280,10 +281,10 @@ module Dependabot
         end
 
         def fetch_gitlab_commits
-          gitlab_client.
-            compare(source.repo, previous_tag, new_tag).
-            commits.
-            map do |commit|
+          gitlab_client
+            .compare(source.repo, previous_tag, new_tag)
+            .commits
+            .map do |commit|
               {
                 message: commit["message"],
                 sha: commit["id"],
@@ -296,9 +297,9 @@ module Dependabot
 
         def fetch_azure_commits
           type = git_sha?(new_tag) ? "commit" : "tag"
-          azure_client.
-            compare(previous_tag, new_tag, type).
-            map do |commit|
+          azure_client
+            .compare(previous_tag, new_tag, type)
+            .map do |commit|
             {
               message: commit["comment"],
               sha: commit["commitId"],
@@ -315,23 +316,23 @@ module Dependabot
         end
 
         def gitlab_client
-          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
-                             for_gitlab_dot_com(credentials: credentials)
+          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries
+                             .for_gitlab_dot_com(credentials: credentials)
         end
 
         def github_client
-          @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_source(source: source, credentials: credentials)
+          @github_client ||= Dependabot::Clients::GithubWithRetries
+                             .for_source(source: source, credentials: credentials)
         end
 
         def azure_client
-          @azure_client ||= Dependabot::Clients::Azure.
-                            for_source(source: source, credentials: credentials)
+          @azure_client ||= Dependabot::Clients::Azure
+                            .for_source(source: source, credentials: credentials)
         end
 
         def bitbucket_client
-          @bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries.
-                                for_bitbucket_dot_org(credentials: credentials)
+          @bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
+                                .for_bitbucket_dot_org(credentials: credentials)
         end
 
         def part_of_monorepo?
@@ -355,8 +356,8 @@ module Dependabot
         end
 
         def reliable_source_directory?
-          MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
-            include?(dependency.package_manager)
+          MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
+            .include?(dependency.package_manager)
         end
 
         def default_gitlab_branch

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/github_with_retries"
@@ -49,9 +50,9 @@ module Dependabot
           dep_prefix = dependency.name.downcase
 
           releases_with_dependency_name =
-            releases.
-            reject { |r| r.tag_name.nil? }.
-            select { |r| r.tag_name.downcase.include?(dep_prefix) }
+            releases
+            .reject { |r| r.tag_name.nil? }
+            .select { |r| r.tag_name.downcase.include?(dep_prefix) }
 
           return releases unless releases_with_dependency_name.any?
 
@@ -116,13 +117,13 @@ module Dependabot
           releases.reject do |release|
             cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
             cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
-            dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                        map { |nm| nm.chars.count(".") }.max
+            dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
+                                                   .map { |nm| nm.chars.count(".") }.max
 
-            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                          select { |nm| version_class.correct?(nm) }.
-                          select { |nm| nm.chars.count(".") == dot_count }.
-                          map { |nm| version_class.new(nm) }.max
+            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
+                                                     .select { |nm| version_class.correct?(nm) }
+                                                     .select { |nm| nm.chars.count(".") == dot_count }
+                                                     .map { |nm| version_class.new(nm) }.max
 
             next conservative unless tag_version
 
@@ -138,13 +139,13 @@ module Dependabot
           releases.reject do |release|
             cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
             cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
-            dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                        map { |nm| nm.chars.count(".") }.max
+            dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
+                                                   .map { |nm| nm.chars.count(".") }.max
 
-            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                          select { |nm| version_class.correct?(nm) }.
-                          select { |nm| nm.chars.count(".") == dot_count }.
-                          map { |nm| version_class.new(nm) }.min
+            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
+                                                     .select { |nm| version_class.correct?(nm) }
+                                                     .select { |nm| nm.chars.count(".") == dot_count }
+                                                     .map { |nm| version_class.new(nm) }.min
 
             next conservative unless tag_version
 
@@ -232,11 +233,11 @@ module Dependabot
 
         def fetch_gitlab_releases
           releases =
-            gitlab_client.
-            tags(source.repo).
-            select(&:release).
-            sort_by { |r| r.commit.authored_date }.
-            reverse
+            gitlab_client
+            .tags(source.repo)
+            .select(&:release)
+            .sort_by { |r| r.commit.authored_date }
+            .reverse
 
           releases.map do |tag|
             OpenStruct.new(
@@ -301,13 +302,13 @@ module Dependabot
         end
 
         def gitlab_client
-          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
-                             for_gitlab_dot_com(credentials: credentials)
+          @gitlab_client ||= Dependabot::Clients::GitlabWithRetries
+                             .for_gitlab_dot_com(credentials: credentials)
         end
 
         def github_client
-          @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_source(source: source, credentials: credentials)
+          @github_client ||= Dependabot::Clients::GithubWithRetries
+                             .for_source(source: source, credentials: credentials)
         end
       end
     end

data/lib/dependabot/metadata_finders/base.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/source"
@@ -127,8 +128,8 @@ module Dependabot
       end
 
       def reliable_source_directory?
-        MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
-          include?(dependency.package_manager)
+        MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
+          .include?(dependency.package_manager)
       end
     end
   end

data/lib/dependabot/metadata_finders.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/pull_request_creator/azure.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/azure"

data/lib/dependabot/pull_request_creator/bitbucket.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/bitbucket"

data/lib/dependabot/pull_request_creator/branch_namer/base.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/pull_request_creator/branch_namer/base"

data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "digest"
@@ -18,11 +19,11 @@ module Dependabot
                 elsif dependencies.count > 1 && updating_a_dependency_set?
                   dependency_set.fetch(:group)
                 else
-                  dependencies.
-                    map(&:name).
-                    join("-and-").
-                    tr(":[]", "-").
-                    tr("@", "")
+                  dependencies
+                    .map(&:name)
+                    .join("-and-")
+                    .tr(":[]", "-")
+                    .tr("@", "")
                 end
 
               "#{dependency_name_part}-#{branch_version_suffix}"
@@ -47,21 +48,21 @@ module Dependabot
         end
 
         def updating_a_property?
-          dependencies.first.
-            requirements.
-            any? { |r| r.dig(:metadata, :property_name) }
+          dependencies.first
+                      .requirements
+                      .any? { |r| r.dig(:metadata, :property_name) }
         end
 
         def updating_a_dependency_set?
-          dependencies.first.
-            requirements.
-            any? { |r| r.dig(:metadata, :dependency_set) }
+          dependencies.first
+                      .requirements
+                      .any? { |r| r.dig(:metadata, :dependency_set) }
         end
 
         def property_name
-          @property_name ||= dependencies.first.requirements.
-                             find { |r| r.dig(:metadata, :property_name) }&.
-                             dig(:metadata, :property_name)
+          @property_name ||= dependencies.first.requirements
+                                         .find { |r| r.dig(:metadata, :property_name) }
+                             &.dig(:metadata, :property_name)
 
           raise "No property name!" unless @property_name
 
@@ -69,9 +70,9 @@ module Dependabot
         end
 
         def dependency_set
-          @dependency_set ||= dependencies.first.requirements.
-                              find { |r| r.dig(:metadata, :dependency_set) }&.
-                              dig(:metadata, :dependency_set)
+          @dependency_set ||= dependencies.first.requirements
+                                          .find { |r| r.dig(:metadata, :dependency_set) }
+                              &.dig(:metadata, :dependency_set)
 
           raise "No dependency set!" unless @dependency_set
 
@@ -93,21 +94,21 @@ module Dependabot
         end
 
         def sanitized_requirement(dependency)
-          new_library_requirement(dependency).
-            delete(" ").
-            gsub("!=", "neq-").
-            gsub(">=", "gte-").
-            gsub("<=", "lte-").
-            gsub("~>", "tw-").
-            gsub("^", "tw-").
-            gsub("||", "or-").
-            gsub("~", "approx-").
-            gsub("~=", "tw-").
-            gsub(/==*/, "eq-").
-            gsub(">", "gt-").
-            gsub("<", "lt-").
-            gsub("*", "star").
-            gsub(",", "-and-")
+          new_library_requirement(dependency)
+            .delete(" ")
+            .gsub("!=", "neq-")
+            .gsub(">=", "gte-")
+            .gsub("<=", "lte-")
+            .gsub("~>", "tw-")
+            .gsub("^", "tw-")
+            .gsub("||", "or-")
+            .gsub("~", "approx-")
+            .gsub("~=", "tw-")
+            .gsub(/==*/, "eq-")
+            .gsub(">", "gt-")
+            .gsub("<", "lt-")
+            .gsub("*", "star")
+            .gsub(",", "-and-")
         end
 
         def new_version(dependency)
@@ -119,9 +120,9 @@ module Dependabot
             dependency.version[0..6]
           elsif dependency.version == dependency.previous_version &&
                 package_manager == "docker"
-            dependency.requirements.
-              filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
-              first.split(":").last[0..6]
+            dependency.requirements
+                      .filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
+                      .first.split(":").last[0..6]
           else
             dependency.version
           end

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "digest"

data/lib/dependabot/pull_request_creator/codecommit.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/codecommit"
@@ -102,8 +103,8 @@ module Dependabot
       def unmerged_pull_request_exists?
         unmerged_prs = []
         pull_requests_for_branch.each do |pr|
-          unless pr.pull_request.
-                 pull_request_targets[0].merge_metadata.is_merged
+          unless pr.pull_request
+                   .pull_request_targets[0].merge_metadata.is_merged
             unmerged_prs << pr
           end
         end

data/lib/dependabot/pull_request_creator/commit_signer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "time"