dependabot-common 0.231.0 → 0.233.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +32 -26
- data/lib/dependabot/clients/bitbucket.rb +1 -1
- data/lib/dependabot/clients/bitbucket_with_retries.rb +2 -2
- data/lib/dependabot/clients/codecommit.rb +3 -1
- data/lib/dependabot/clients/github_with_retries.rb +3 -3
- data/lib/dependabot/clients/gitlab_with_retries.rb +3 -3
- data/lib/dependabot/config/file.rb +1 -1
- data/lib/dependabot/config/file_fetcher.rb +1 -1
- data/lib/dependabot/config/ignore_condition.rb +1 -1
- data/lib/dependabot/config/update_config.rb +1 -1
- data/lib/dependabot/config.rb +1 -1
- data/lib/dependabot/dependency.rb +1 -1
- data/lib/dependabot/dependency_file.rb +1 -1
- data/lib/dependabot/dependency_group.rb +2 -11
- data/lib/dependabot/errors.rb +15 -1
- data/lib/dependabot/experiments.rb +1 -1
- data/lib/dependabot/file_fetchers.rb +9 -2
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
- data/lib/dependabot/file_parsers/base.rb +1 -1
- data/lib/dependabot/file_parsers.rb +9 -2
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -1
- data/lib/dependabot/file_updaters/base.rb +1 -1
- data/lib/dependabot/file_updaters.rb +9 -2
- data/lib/dependabot/git_commit_checker.rb +18 -17
- data/lib/dependabot/git_metadata_fetcher.rb +1 -1
- data/lib/dependabot/logger.rb +1 -1
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +1 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +1 -1
- data/lib/dependabot/metadata_finders/base/release_finder.rb +1 -1
- data/lib/dependabot/metadata_finders/base.rb +1 -1
- data/lib/dependabot/metadata_finders.rb +1 -1
- data/lib/dependabot/pull_request_creator/azure.rb +1 -1
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -1
- data/lib/dependabot/pull_request_creator/codecommit.rb +1 -1
- data/lib/dependabot/pull_request_creator/github.rb +2 -3
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_creator/labeler.rb +1 -1
- data/lib/dependabot/pull_request_creator/message.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +1 -1
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +1 -1
- data/lib/dependabot/pull_request_updater/azure.rb +1 -1
- data/lib/dependabot/pull_request_updater/github.rb +1 -1
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_updater.rb +1 -1
- data/lib/dependabot/registry_client.rb +1 -1
- data/lib/dependabot/security_advisory.rb +1 -1
- data/lib/dependabot/shared_helpers.rb +2 -2
- data/lib/dependabot/simple_instrumentor.rb +1 -1
- data/lib/dependabot/source.rb +1 -1
- data/lib/dependabot/update_checkers/base.rb +1 -1
- data/lib/dependabot/update_checkers/version_filters.rb +1 -1
- data/lib/dependabot/update_checkers.rb +9 -2
- data/lib/dependabot/utils.rb +15 -5
- data/lib/dependabot/version.rb +1 -1
- data/lib/dependabot/workspace/change_attempt.rb +1 -1
- data/lib/dependabot/workspace.rb +1 -1
- data/lib/dependabot.rb +2 -2
- data/lib/wildcard_matcher.rb +4 -1
- metadata +19 -19
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ba05ac04f06978df28a0ffbecc810d6671c19143b3269e9d4193de876c79468b
|
|
4
|
+
data.tar.gz: 2bae619b79ec71ebc2374fb9aec7e97143b6c3feeac3cd0ebc76bf32ba3dbea9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d8d4069e12c86a96b798f4ec75ecd60b86f6a48ac7062a8d26375712af2bc226539363cb4a9796d0e353b338205b01e2e926bd972a30724110ca610f7642e3aa
|
|
7
|
+
data.tar.gz: e40dfea60323c3105a743afaa6a908637ee37e5fa5ea2fbc2d9892637e301f5aa44c489afd22ae7369739a4ba8a1510eda3614c048a35a4c4df3435720ea65a0
|
|
@@ -1,12 +1,15 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/shared_helpers"
|
|
5
5
|
require "excon"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Clients
|
|
9
10
|
class Azure
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
10
13
|
class NotFound < StandardError; end
|
|
11
14
|
|
|
12
15
|
class InternalServerError < StandardError; end
|
|
@@ -253,8 +256,9 @@ module Dependabot
|
|
|
253
256
|
JSON.parse(response.body).fetch("value")
|
|
254
257
|
end
|
|
255
258
|
|
|
259
|
+
sig { params(url: String).returns(Excon::Response) }
|
|
256
260
|
def get(url)
|
|
257
|
-
response = nil
|
|
261
|
+
response = T.let(nil, T.nilable(Excon::Response))
|
|
258
262
|
|
|
259
263
|
retry_connection_failures do
|
|
260
264
|
response = Excon.get(
|
|
@@ -267,20 +271,21 @@ module Dependabot
|
|
|
267
271
|
)
|
|
268
272
|
)
|
|
269
273
|
|
|
270
|
-
raise InternalServerError if response
|
|
271
|
-
raise BadGateway if response
|
|
272
|
-
raise ServiceNotAvailable if response
|
|
274
|
+
raise InternalServerError if response&.status == 500
|
|
275
|
+
raise BadGateway if response&.status == 502
|
|
276
|
+
raise ServiceNotAvailable if response&.status == 503
|
|
273
277
|
end
|
|
274
278
|
|
|
275
|
-
raise Unauthorized if response
|
|
276
|
-
raise Forbidden if response
|
|
277
|
-
raise NotFound if response
|
|
279
|
+
raise Unauthorized if response&.status == 401
|
|
280
|
+
raise Forbidden if response&.status == 403
|
|
281
|
+
raise NotFound if response&.status == 404
|
|
278
282
|
|
|
279
|
-
response
|
|
283
|
+
T.must(response)
|
|
280
284
|
end
|
|
281
285
|
|
|
282
|
-
|
|
283
|
-
|
|
286
|
+
sig { params(url: String, json: String).returns(Excon::Response) }
|
|
287
|
+
def post(url, json) # rubocop:disable Metrics/PerceivedComplexity
|
|
288
|
+
response = T.let(nil, T.nilable(Excon::Response))
|
|
284
289
|
|
|
285
290
|
retry_connection_failures do
|
|
286
291
|
response = Excon.post(
|
|
@@ -298,25 +303,26 @@ module Dependabot
|
|
|
298
303
|
)
|
|
299
304
|
)
|
|
300
305
|
|
|
301
|
-
raise InternalServerError if response
|
|
302
|
-
raise BadGateway if response
|
|
303
|
-
raise ServiceNotAvailable if response
|
|
306
|
+
raise InternalServerError if response&.status == 500
|
|
307
|
+
raise BadGateway if response&.status == 502
|
|
308
|
+
raise ServiceNotAvailable if response&.status == 503
|
|
304
309
|
end
|
|
305
310
|
|
|
306
|
-
raise Unauthorized if response
|
|
311
|
+
raise Unauthorized if response&.status == 401
|
|
307
312
|
|
|
308
|
-
if response
|
|
313
|
+
if response&.status == 403
|
|
309
314
|
raise TagsCreationForbidden if tags_creation_forbidden?(response)
|
|
310
315
|
|
|
311
316
|
raise Forbidden
|
|
312
317
|
end
|
|
313
|
-
raise NotFound if response
|
|
318
|
+
raise NotFound if response&.status == 404
|
|
314
319
|
|
|
315
|
-
response
|
|
320
|
+
T.must(response)
|
|
316
321
|
end
|
|
317
322
|
|
|
323
|
+
sig { params(url: String, json: String).returns(Excon::Response) }
|
|
318
324
|
def patch(url, json)
|
|
319
|
-
response = nil
|
|
325
|
+
response = T.let(nil, T.nilable(Excon::Response))
|
|
320
326
|
|
|
321
327
|
retry_connection_failures do
|
|
322
328
|
response = Excon.patch(
|
|
@@ -334,16 +340,16 @@ module Dependabot
|
|
|
334
340
|
)
|
|
335
341
|
)
|
|
336
342
|
|
|
337
|
-
raise InternalServerError if response
|
|
338
|
-
raise BadGateway if response
|
|
339
|
-
raise ServiceNotAvailable if response
|
|
343
|
+
raise InternalServerError if response&.status == 500
|
|
344
|
+
raise BadGateway if response&.status == 502
|
|
345
|
+
raise ServiceNotAvailable if response&.status == 503
|
|
340
346
|
end
|
|
341
347
|
|
|
342
|
-
raise Unauthorized if response
|
|
343
|
-
raise Forbidden if response
|
|
344
|
-
raise NotFound if response
|
|
348
|
+
raise Unauthorized if response&.status == 401
|
|
349
|
+
raise Forbidden if response&.status == 403
|
|
350
|
+
raise NotFound if response&.status == 404
|
|
345
351
|
|
|
346
|
-
response
|
|
352
|
+
T.must(response)
|
|
347
353
|
end
|
|
348
354
|
|
|
349
355
|
private
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require_relative "bitbucket"
|
|
@@ -30,7 +30,7 @@ module Dependabot
|
|
|
30
30
|
|
|
31
31
|
def initialize(max_retries: 3, **args)
|
|
32
32
|
@max_retries = max_retries || 3
|
|
33
|
-
@client = Bitbucket.new(**args)
|
|
33
|
+
@client = Bitbucket.new(**T.unsafe(args))
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def method_missing(method_name, *args, &block)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/shared_helpers"
|
|
@@ -6,6 +6,8 @@ require "dependabot/shared_helpers"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Clients
|
|
8
8
|
class CodeCommit
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
9
11
|
class NotFound < StandardError; end
|
|
10
12
|
|
|
11
13
|
#######################
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "octokit"
|
|
@@ -67,7 +67,7 @@ module Dependabot
|
|
|
67
67
|
#################
|
|
68
68
|
|
|
69
69
|
def fetch_commit(repo, branch)
|
|
70
|
-
response = ref(repo, "heads/#{branch}")
|
|
70
|
+
response = T.unsafe(self).ref(repo, "heads/#{branch}")
|
|
71
71
|
|
|
72
72
|
raise Octokit::NotFound if response.is_a?(Array)
|
|
73
73
|
|
|
@@ -75,7 +75,7 @@ module Dependabot
|
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def fetch_default_branch(repo)
|
|
78
|
-
repository(repo).default_branch
|
|
78
|
+
T.unsafe(self).repository(repo).default_branch
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
############
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "gitlab"
|
|
@@ -50,11 +50,11 @@ module Dependabot
|
|
|
50
50
|
#################
|
|
51
51
|
|
|
52
52
|
def fetch_commit(repo, branch)
|
|
53
|
-
branch(repo, branch).commit.id
|
|
53
|
+
T.unsafe(self).branch(repo, branch).commit.id
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def fetch_default_branch(repo)
|
|
57
|
-
project(repo).default_branch
|
|
57
|
+
T.unsafe(self).project(repo).default_branch
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
############
|
data/lib/dependabot/config.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/experiments"
|
|
@@ -10,21 +10,12 @@ require "yaml"
|
|
|
10
10
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
class DependencyGroup
|
|
13
|
-
attr_reader :name, :rules, :dependencies
|
|
13
|
+
attr_reader :name, :rules, :dependencies
|
|
14
14
|
|
|
15
15
|
def initialize(name:, rules:)
|
|
16
16
|
@name = name
|
|
17
17
|
@rules = rules
|
|
18
18
|
@dependencies = []
|
|
19
|
-
@handled_dependencies = Set.new
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def add_to_handled(*dependencies)
|
|
23
|
-
@handled_dependencies += dependencies.map(&:name)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def add_all_to_handled
|
|
27
|
-
@handled_dependencies += dependencies.map(&:name)
|
|
28
19
|
end
|
|
29
20
|
|
|
30
21
|
def contains?(dependency)
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/utils"
|
|
@@ -76,6 +76,20 @@ module Dependabot
|
|
|
76
76
|
# File level errors #
|
|
77
77
|
#####################
|
|
78
78
|
|
|
79
|
+
class ToolVersionNotSupported < DependabotError
|
|
80
|
+
attr_reader :tool_name, :detected_version, :supported_versions
|
|
81
|
+
|
|
82
|
+
def initialize(tool_name, detected_version, supported_versions)
|
|
83
|
+
@tool_name = tool_name
|
|
84
|
+
@detected_version = detected_version
|
|
85
|
+
@supported_versions = supported_versions
|
|
86
|
+
|
|
87
|
+
msg = "Dependabot detected the following #{tool_name} requirement for your project: '#{detected_version}'." \
|
|
88
|
+
"\n\nCurrently, the following #{tool_name} versions are supported in Dependabot: #{supported_versions}."
|
|
89
|
+
super(msg)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
79
93
|
class DependencyFileNotFound < DependabotError
|
|
80
94
|
attr_reader :file_path
|
|
81
95
|
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/file_fetchers/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module FileFetchers
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@file_fetchers = T.let({}, T::Hash[String, T.class_of(Dependabot::FileFetchers::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::FileFetchers::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
file_fetcher = @file_fetchers[package_manager]
|
|
10
16
|
return file_fetcher if file_fetcher
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, file_fetcher: T.class_of(Dependabot::FileFetchers::Base)).void }
|
|
15
22
|
def self.register(package_manager, file_fetcher)
|
|
16
23
|
@file_fetchers[package_manager] = file_fetcher
|
|
17
24
|
end
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/file_parsers/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module FileParsers
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@file_parsers = T.let({}, T::Hash[String, T.class_of(Dependabot::FileParsers::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::FileParsers::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
file_parser = @file_parsers[package_manager]
|
|
10
16
|
return file_parser if file_parser
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, file_parser: T.class_of(Dependabot::FileParsers::Base)).void }
|
|
15
22
|
def self.register(package_manager, file_parser)
|
|
16
23
|
@file_parsers[package_manager] = file_parser
|
|
17
24
|
end
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/file_updaters/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module FileUpdaters
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@file_updaters = T.let({}, T::Hash[String, T.class_of(Dependabot::FileUpdaters::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::FileUpdaters::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
file_updater = @file_updaters[package_manager]
|
|
10
16
|
return file_updater if file_updater
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, file_updater: T.class_of(Dependabot::FileUpdaters::Base)).void }
|
|
15
22
|
def self.register(package_manager, file_updater)
|
|
16
23
|
@file_updaters[package_manager] = file_updater
|
|
17
24
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
@@ -24,12 +24,13 @@ module Dependabot
|
|
|
24
24
|
|
|
25
25
|
def initialize(dependency:, credentials:,
|
|
26
26
|
ignored_versions: [], raise_on_ignored: false,
|
|
27
|
-
consider_version_branches_pinned: false)
|
|
27
|
+
consider_version_branches_pinned: false, dependency_source_details: nil)
|
|
28
28
|
@dependency = dependency
|
|
29
29
|
@credentials = credentials
|
|
30
30
|
@ignored_versions = ignored_versions
|
|
31
31
|
@raise_on_ignored = raise_on_ignored
|
|
32
32
|
@consider_version_branches_pinned = consider_version_branches_pinned
|
|
33
|
+
@dependency_source_details = dependency_source_details
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def git_dependency?
|
|
@@ -65,7 +66,11 @@ module Dependabot
|
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
def pinned_ref_looks_like_commit_sha?
|
|
68
|
-
ref_looks_like_commit_sha?(ref)
|
|
69
|
+
return false unless ref && ref_looks_like_commit_sha?(ref)
|
|
70
|
+
|
|
71
|
+
return false unless pinned?
|
|
72
|
+
|
|
73
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
|
69
74
|
end
|
|
70
75
|
|
|
71
76
|
def head_commit_for_pinned_ref
|
|
@@ -73,11 +78,7 @@ module Dependabot
|
|
|
73
78
|
end
|
|
74
79
|
|
|
75
80
|
def ref_looks_like_commit_sha?(ref)
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
return false unless pinned?
|
|
79
|
-
|
|
80
|
-
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
|
81
|
+
ref.match?(/^[0-9a-f]{6,40}$/)
|
|
81
82
|
end
|
|
82
83
|
|
|
83
84
|
def branch_or_ref_in_release?(version)
|
|
@@ -160,7 +161,15 @@ module Dependabot
|
|
|
160
161
|
end
|
|
161
162
|
|
|
162
163
|
def dependency_source_details
|
|
163
|
-
dependency.source_details(allowed_types: ["git"])
|
|
164
|
+
@dependency_source_details || dependency.source_details(allowed_types: ["git"])
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
def most_specific_version_tag_for_sha(commit_sha)
|
|
168
|
+
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
|
169
|
+
.sort_by { |t| version_class.new(t.name) }
|
|
170
|
+
return if tags.empty?
|
|
171
|
+
|
|
172
|
+
tags[-1].name
|
|
164
173
|
end
|
|
165
174
|
|
|
166
175
|
private
|
|
@@ -188,14 +197,6 @@ module Dependabot
|
|
|
188
197
|
version.split(".").length
|
|
189
198
|
end
|
|
190
199
|
|
|
191
|
-
def most_specific_version_tag_for_sha(commit_sha)
|
|
192
|
-
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
|
193
|
-
.sort_by { |t| version_class.new(t.name) }
|
|
194
|
-
return if tags.empty?
|
|
195
|
-
|
|
196
|
-
tags[-1].name
|
|
197
|
-
end
|
|
198
|
-
|
|
199
200
|
def allowed_versions(local_tags)
|
|
200
201
|
tags =
|
|
201
202
|
local_tags
|
data/lib/dependabot/logger.rb
CHANGED
|
@@ -44,7 +44,7 @@ module Dependabot
|
|
|
44
44
|
|
|
45
45
|
def create
|
|
46
46
|
if branch_exists?(branch_name) && unmerged_pull_request_exists?
|
|
47
|
-
raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.
|
|
47
|
+
raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
|
|
48
48
|
end
|
|
49
49
|
if require_up_to_date_base? && !base_commit_is_up_to_date?
|
|
50
50
|
raise BaseCommitNotUpToDate, "HEAD #{head_commit} does not match base #{base_commit}"
|
|
@@ -247,8 +247,7 @@ module Dependabot
|
|
|
247
247
|
@branch_name = ref.gsub(%r{^refs/heads/}, "")
|
|
248
248
|
branch
|
|
249
249
|
rescue Octokit::UnprocessableEntity => e
|
|
250
|
-
|
|
251
|
-
return nil if e.message.match?(/Reference already exists/i)
|
|
250
|
+
raise if e.message.match?(/Reference already exists/i)
|
|
252
251
|
|
|
253
252
|
retrying_branch_creation ||= false
|
|
254
253
|
raise if retrying_branch_creation
|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
|
64
64
|
|
|
65
65
|
def initialize(message:, error_context:, error_class: nil, trace: nil)
|
|
66
66
|
super(message)
|
|
67
|
-
@error_class = error_class || ""
|
|
67
|
+
@error_class = error_class || "HelperSubprocessFailed"
|
|
68
68
|
@error_context = error_context
|
|
69
69
|
@fingerprint = error_context[:fingerprint] || error_context[:command]
|
|
70
70
|
@trace = trace
|
|
@@ -142,8 +142,8 @@ module Dependabot
|
|
|
142
142
|
error_context: error_context
|
|
143
143
|
)
|
|
144
144
|
end
|
|
145
|
-
# rubocop:enable Metrics/MethodLength
|
|
146
145
|
|
|
146
|
+
# rubocop:enable Metrics/MethodLength
|
|
147
147
|
def self.check_out_of_memory_error(stderr, error_context)
|
|
148
148
|
return unless stderr&.include?("JavaScript heap out of memory")
|
|
149
149
|
|
data/lib/dependabot/source.rb
CHANGED
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/update_checkers/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module UpdateCheckers
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@update_checkers = T.let({}, T::Hash[String, T.class_of(Dependabot::UpdateCheckers::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::UpdateCheckers::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
update_checker = @update_checkers[package_manager]
|
|
10
16
|
return update_checker if update_checker
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, update_checker: T.class_of(Dependabot::UpdateCheckers::Base)).void }
|
|
15
22
|
def self.register(package_manager, update_checker)
|
|
16
23
|
@update_checkers[package_manager] = update_checker
|
|
17
24
|
end
|
data/lib/dependabot/utils.rb
CHANGED
|
@@ -1,18 +1,23 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "tmpdir"
|
|
5
5
|
require "set"
|
|
6
|
+
require "sorbet-runtime"
|
|
7
|
+
require "dependabot/version"
|
|
6
8
|
|
|
7
9
|
# TODO: in due course, these "registries" should live in a wrapper gem, not
|
|
8
10
|
# dependabot-core.
|
|
9
11
|
module Dependabot
|
|
10
12
|
module Utils
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
11
15
|
BUMP_TMP_FILE_PREFIX = "dependabot_"
|
|
12
|
-
BUMP_TMP_DIR_PATH = File.expand_path(Dir::Tmpname.create("", "tmp") { nil })
|
|
16
|
+
BUMP_TMP_DIR_PATH = T.let(File.expand_path(Dir::Tmpname.create("", "tmp") { nil }), String)
|
|
13
17
|
|
|
14
|
-
@version_classes = {}
|
|
18
|
+
@version_classes = T.let({}, T::Hash[String, T.class_of(Dependabot::Version)])
|
|
15
19
|
|
|
20
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::Version)) }
|
|
16
21
|
def self.version_class_for_package_manager(package_manager)
|
|
17
22
|
version_class = @version_classes[package_manager]
|
|
18
23
|
return version_class if version_class
|
|
@@ -20,12 +25,14 @@ module Dependabot
|
|
|
20
25
|
raise "Unsupported package_manager #{package_manager}"
|
|
21
26
|
end
|
|
22
27
|
|
|
28
|
+
sig { params(package_manager: String, version_class: T.class_of(Dependabot::Version)).void }
|
|
23
29
|
def self.register_version_class(package_manager, version_class)
|
|
24
30
|
@version_classes[package_manager] = version_class
|
|
25
31
|
end
|
|
26
32
|
|
|
27
|
-
@requirement_classes = {}
|
|
33
|
+
@requirement_classes = T.let({}, T::Hash[String, T.class_of(Gem::Requirement)])
|
|
28
34
|
|
|
35
|
+
sig { params(package_manager: String).returns(T.class_of(Gem::Requirement)) }
|
|
29
36
|
def self.requirement_class_for_package_manager(package_manager)
|
|
30
37
|
requirement_class = @requirement_classes[package_manager]
|
|
31
38
|
return requirement_class if requirement_class
|
|
@@ -33,16 +40,19 @@ module Dependabot
|
|
|
33
40
|
raise "Unsupported package_manager #{package_manager}"
|
|
34
41
|
end
|
|
35
42
|
|
|
43
|
+
sig { params(package_manager: String, requirement_class: T.class_of(Gem::Requirement)).void }
|
|
36
44
|
def self.register_requirement_class(package_manager, requirement_class)
|
|
37
45
|
@requirement_classes[package_manager] = requirement_class
|
|
38
46
|
end
|
|
39
47
|
|
|
40
|
-
@cloning_package_managers = Set[]
|
|
48
|
+
@cloning_package_managers = T.let(Set[], T::Set[String])
|
|
41
49
|
|
|
50
|
+
sig { params(package_manager: String).returns(T::Boolean) }
|
|
42
51
|
def self.always_clone_for_package_manager?(package_manager)
|
|
43
52
|
@cloning_package_managers.include?(package_manager)
|
|
44
53
|
end
|
|
45
54
|
|
|
55
|
+
sig { params(package_manager: String).void }
|
|
46
56
|
def self.register_always_clone(package_manager)
|
|
47
57
|
@cloning_package_managers << package_manager
|
|
48
58
|
end
|
data/lib/dependabot/version.rb
CHANGED
data/lib/dependabot/workspace.rb
CHANGED
data/lib/dependabot.rb
CHANGED
data/lib/wildcard_matcher.rb
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
class WildcardMatcher
|
|
5
|
+
extend T::Sig
|
|
6
|
+
|
|
7
|
+
sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
|
|
5
8
|
def self.match?(wildcard_string, candidate_string)
|
|
6
9
|
return false unless wildcard_string && candidate_string
|
|
7
10
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.233.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -228,14 +228,14 @@ dependencies:
|
|
|
228
228
|
requirements:
|
|
229
229
|
- - "~>"
|
|
230
230
|
- !ruby/object:Gem::Version
|
|
231
|
-
version:
|
|
231
|
+
version: 0.5.11026
|
|
232
232
|
type: :runtime
|
|
233
233
|
prerelease: false
|
|
234
234
|
version_requirements: !ruby/object:Gem::Requirement
|
|
235
235
|
requirements:
|
|
236
236
|
- - "~>"
|
|
237
237
|
- !ruby/object:Gem::Version
|
|
238
|
-
version:
|
|
238
|
+
version: 0.5.11026
|
|
239
239
|
- !ruby/object:Gem::Dependency
|
|
240
240
|
name: toml-rb
|
|
241
241
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -284,20 +284,6 @@ dependencies:
|
|
|
284
284
|
- - "~>"
|
|
285
285
|
- !ruby/object:Gem::Version
|
|
286
286
|
version: '2.0'
|
|
287
|
-
- !ruby/object:Gem::Dependency
|
|
288
|
-
name: parallel_tests
|
|
289
|
-
requirement: !ruby/object:Gem::Requirement
|
|
290
|
-
requirements:
|
|
291
|
-
- - "~>"
|
|
292
|
-
- !ruby/object:Gem::Version
|
|
293
|
-
version: 4.2.0
|
|
294
|
-
type: :development
|
|
295
|
-
prerelease: false
|
|
296
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
297
|
-
requirements:
|
|
298
|
-
- - "~>"
|
|
299
|
-
- !ruby/object:Gem::Version
|
|
300
|
-
version: 4.2.0
|
|
301
287
|
- !ruby/object:Gem::Dependency
|
|
302
288
|
name: rake
|
|
303
289
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -396,6 +382,20 @@ dependencies:
|
|
|
396
382
|
- - "~>"
|
|
397
383
|
- !ruby/object:Gem::Version
|
|
398
384
|
version: 0.2.16
|
|
385
|
+
- !ruby/object:Gem::Dependency
|
|
386
|
+
name: turbo_tests
|
|
387
|
+
requirement: !ruby/object:Gem::Requirement
|
|
388
|
+
requirements:
|
|
389
|
+
- - "~>"
|
|
390
|
+
- !ruby/object:Gem::Version
|
|
391
|
+
version: 2.2.0
|
|
392
|
+
type: :development
|
|
393
|
+
prerelease: false
|
|
394
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
395
|
+
requirements:
|
|
396
|
+
- - "~>"
|
|
397
|
+
- !ruby/object:Gem::Version
|
|
398
|
+
version: 2.2.0
|
|
399
399
|
- !ruby/object:Gem::Dependency
|
|
400
400
|
name: vcr
|
|
401
401
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -514,7 +514,7 @@ licenses:
|
|
|
514
514
|
- Nonstandard
|
|
515
515
|
metadata:
|
|
516
516
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
517
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
517
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
|
|
518
518
|
post_install_message:
|
|
519
519
|
rdoc_options: []
|
|
520
520
|
require_paths:
|