RubyGems - dependabot-common - Versions diffs - 0.236.0 → 0.238.0 - Mend

dependabot-common 0.236.0 → 0.238.0

Files changed (32) hide show

checksums.yaml +4 -4
data/lib/dependabot/clients/azure.rb +3 -3
data/lib/dependabot/clients/codecommit.rb +1 -0
data/lib/dependabot/config/file.rb +17 -6
data/lib/dependabot/config/update_config.rb +23 -5
data/lib/dependabot/dependency.rb +137 -27
data/lib/dependabot/dependency_file.rb +84 -14
data/lib/dependabot/dependency_group.rb +29 -5
data/lib/dependabot/errors.rb +335 -13
data/lib/dependabot/file_fetchers/base.rb +227 -93
data/lib/dependabot/file_updaters/base.rb +1 -1
data/lib/dependabot/git_commit_checker.rb +6 -0
data/lib/dependabot/git_metadata_fetcher.rb +58 -20
data/lib/dependabot/git_ref.rb +71 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +13 -6
data/lib/dependabot/pull_request_creator/github.rb +11 -8
data/lib/dependabot/pull_request_creator/message.rb +21 -2
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +37 -16
data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +4 -2
data/lib/dependabot/pull_request_creator/message_builder.rb +54 -4
data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +10 -4
data/lib/dependabot/shared_helpers.rb +117 -33
data/lib/dependabot/simple_instrumentor.rb +22 -3
data/lib/dependabot/source.rb +65 -17
data/lib/dependabot/update_checkers/version_filters.rb +12 -1
data/lib/dependabot/utils.rb +21 -2
data/lib/dependabot/workspace/base.rb +42 -7
data/lib/dependabot/workspace/change_attempt.rb +31 -3
data/lib/dependabot/workspace/git.rb +34 -4
data/lib/dependabot/workspace.rb +16 -2
data/lib/dependabot.rb +1 -1
metadata +38 -9

data/lib/dependabot/dependency_file.rb CHANGED Viewed

@@ -1,13 +1,47 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "pathname"
+require "sorbet-runtime"
 module Dependabot
   class DependencyFile
-    attr_accessor :name, :content, :directory, :type, :support_file,
-                  :vendored_file, :symlink_target, :content_encoding,
-                  :operation, :mode
+    extend T::Sig
+    sig { returns(String) }
+    attr_accessor :name
+    sig { returns(T.nilable(String)) }
+    attr_accessor :content
+    sig { returns(String) }
+    attr_accessor :directory
+    sig { returns(String) }
+    attr_accessor :type
+    sig { returns(T::Boolean) }
+    attr_accessor :support_file
+    sig { returns(T::Boolean) }
+    attr_accessor :vendored_file
+    sig { returns(T.nilable(String)) }
+    attr_accessor :symlink_target
+    sig { returns(String) }
+    attr_accessor :content_encoding
+    sig { returns(String) }
+    attr_accessor :operation
+    sig { returns(T.nilable(String)) }
+    attr_accessor :mode
+    # The directory that this file was fetched for. This is useful for multi-directory
+    # updates, where a set of files that are related to each other are updated together.
+    sig { returns(T.nilable(String)) }
+    attr_accessor :job_directory
     class ContentEncoding
       UTF_8 = "utf-8"
@@ -25,18 +59,36 @@ module Dependabot
       SUBMODULE = "160000"
     end
+    sig do
+      params(
+        name: String,
+        content: T.nilable(String),
+        directory: String,
+        type: String,
+        support_file: T::Boolean,
+        vendored_file: T::Boolean,
+        symlink_target: T.nilable(String),
+        content_encoding: String,
+        deleted: T::Boolean,
+        operation: String,
+        mode: T.nilable(String),
+        job_directory: T.nilable(String)
+      )
+        .void
+    end
     def initialize(name:, content:, directory: "/", type: "file",
                    support_file: false, vendored_file: false, symlink_target: nil,
                    content_encoding: ContentEncoding::UTF_8, deleted: false,
-                   operation: Operation::UPDATE, mode: nil)
+                   operation: Operation::UPDATE, mode: nil, job_directory: nil)
       @name = name
       @content = content
-      @directory = clean_directory(directory)
+      @directory = T.let(clean_directory(directory), String)
       @symlink_target = symlink_target
       @support_file = support_file
       @vendored_file = vendored_file
       @content_encoding = content_encoding
       @operation = operation
+      @job_directory = job_directory
       # Make deleted override the operation. Deleted is kept when operation
       # was introduced to keep compatibility with downstream dependants.
@@ -50,7 +102,7 @@ module Dependabot
       @type = type
       begin
-        @mode = File.stat(realpath).mode.to_s(8)
+        @mode = T.let(File.stat(realpath).mode.to_s(8), T.nilable(String))
       rescue StandardError
         @mode = mode
       end
@@ -61,6 +113,7 @@ module Dependabot
       raise "Only symlinked files must specify a target!" if symlink_target
     end
+    sig { returns(T::Hash[String, T.untyped]) }
     def to_h
       details = {
         "name" => name,
@@ -74,66 +127,83 @@ module Dependabot
         "mode" => mode
       }
+      details["job_directory"] = job_directory if job_directory
       details["symlink_target"] = symlink_target if symlink_target
       details
     end
+    sig { returns(String) }
     def path
       Pathname.new(File.join(directory, name)).cleanpath.to_path
     end
+    sig { returns(String) }
     def realpath
       (symlink_target || path).sub(%r{^/}, "")
     end
+    sig { params(other: BasicObject).returns(T::Boolean) }
     def ==(other)
-      return false unless other.instance_of?(self.class)
-      my_hash = to_h.reject { |k| k == "support_file" }
-      their_hash = other.to_h.reject { |k| k == "support_file" }
-      my_hash == their_hash
+      case other
+      when DependencyFile
+        my_hash = to_h.reject { |k| k == "support_file" }
+        their_hash = other.to_h.reject { |k| k == "support_file" }
+        my_hash == their_hash
+      else
+        false
+      end
     end
+    sig { returns(Integer) }
     def hash
       to_h.hash
     end
+    sig { params(other: BasicObject).returns(T::Boolean) }
     def eql?(other)
       self == other
     end
+    sig { returns(T::Boolean) }
     def support_file?
       @support_file
     end
+    sig { returns(T::Boolean) }
     def vendored_file?
       @vendored_file
     end
+    sig { returns(T::Boolean) }
     def deleted
       @operation == Operation::DELETE
     end
+    sig { params(deleted: T::Boolean).void }
     def deleted=(deleted)
       @operation = deleted ? Operation::DELETE : Operation::UPDATE
     end
+    sig { returns(T::Boolean) }
     def deleted?
       deleted
     end
+    sig { returns(T::Boolean) }
     def binary?
       content_encoding == ContentEncoding::BASE64
     end
+    sig { returns(String) }
     def decoded_content
-      return Base64.decode64(content) if binary?
+      return Base64.decode64(T.must(content)) if binary?
-      content
+      T.must(content)
     end
     private
+    sig { params(directory: String).returns(String) }
     def clean_directory(directory)
       # Directory should always start with a `/`
       directory.sub(%r{^/*}, "/")

data/lib/dependabot/dependency_group.rb CHANGED Viewed

@@ -1,23 +1,41 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/experiments"
 require "dependabot/config/ignore_condition"
 require "dependabot/logger"
+require "sorbet-runtime"
 require "wildcard_matcher"
 require "yaml"
 module Dependabot
   class DependencyGroup
-    attr_reader :name, :rules, :dependencies
+    extend T::Sig
+    sig { returns(String) }
+    attr_reader :name
+    sig { returns(T::Hash[String, T.any(String, T::Array[String])]) }
+    attr_reader :rules
+    sig { returns(T::Array[Dependabot::Dependency]) }
+    attr_reader :dependencies
+    sig do
+      params(
+        name: String,
+        rules: T::Hash[String, T.untyped]
+      )
+        .void
+    end
     def initialize(name:, rules:)
       @name = name
       @rules = rules
-      @dependencies = []
+      @dependencies = T.let([], T::Array[Dependabot::Dependency])
     end
+    sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
     def contains?(dependency)
       return true if @dependencies.include?(dependency)
       return false if matches_excluded_pattern?(dependency.name)
@@ -25,11 +43,13 @@ module Dependabot
       matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
     end
+    sig { returns(T::Hash[String, String]) }
     def to_h
       { "name" => name }
     end
     # Provides a debug utility to view the group as it appears in the config file.
+    sig { returns(String) }
     def to_config_yaml
       {
         "groups" => { name => rules }
@@ -38,18 +58,21 @@ module Dependabot
     private
+    sig { params(dependency_name: String).returns(T::Boolean) }
     def matches_pattern?(dependency_name)
       return true unless rules.key?("patterns") # If no patterns are defined, we pass this check by default
-      rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+      T.unsafe(rules["patterns"]).any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
     end
+    sig { params(dependency_name: String).returns(T::Boolean) }
     def matches_excluded_pattern?(dependency_name)
       return false unless rules.key?("exclude-patterns") # If there are no exclusions, fail by default
-      rules["exclude-patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+      T.unsafe(rules["exclude-patterns"]).any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
     end
+    sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
     def matches_dependency_type?(dependency)
       return true unless rules.key?("dependency-type") # If no dependency-type is set, match by default
@@ -60,6 +83,7 @@ module Dependabot
                                   end
     end
+    sig { returns(T::Boolean) }
     def experimental_rules_enabled?
       Dependabot::Experiments.enabled?(:grouped_updates_experimental_rules)
     end