dependabot-common 0.238.0 → 0.239.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +3 -3
- data/lib/dependabot/errors.rb +20 -9
- data/lib/dependabot/experiments.rb +9 -2
- data/lib/dependabot/metadata_finders.rb +9 -2
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +38 -5
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +10 -5
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +15 -15
- data/lib/dependabot/pull_request_creator/branch_namer.rb +6 -3
- data/lib/dependabot/pull_request_creator/github.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -2
- data/lib/dependabot/pull_request_creator/message_builder.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +2 -1
- data/lib/dependabot/requirement.rb +20 -0
- data/lib/dependabot/utils.rb +5 -3
- data/lib/dependabot.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 05ce845694a06ef06ec108aada0ff902b7b08a7a8fc41c23531e00b2252436ae
|
|
4
|
+
data.tar.gz: 72cc39025cf3a411bed2f82d113474dae965e57c06b15d1abe78f93794562c8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee1859d83b60cf7ddeab1b98c04666198da262a86c5875ed6ff586c9637c877075d9687b3657f38e0bcbf5669584d545a790a2c68e82e9499e5c30b4353d9890
|
|
7
|
+
data.tar.gz: c4f99509fbd5846a9d07caa227cc67152933da70bea50246c1d6fe20ab9fc67cbb6d141753b89a4b7ed08bf9a73e4520a3c738fa33f4169ea5a19225db9698c6
|
|
@@ -13,19 +13,19 @@ module Dependabot
|
|
|
13
13
|
sig { returns(T::Array[T::Hash[Symbol, String]]) }
|
|
14
14
|
attr_reader :updates
|
|
15
15
|
|
|
16
|
-
sig { returns T::
|
|
16
|
+
sig { returns(T::Hash[Symbol, T::Hash[Symbol, String]]) }
|
|
17
17
|
attr_reader :registries
|
|
18
18
|
|
|
19
19
|
sig do
|
|
20
20
|
params(
|
|
21
21
|
updates: T.nilable(T::Array[T::Hash[Symbol, String]]),
|
|
22
|
-
registries: T.nilable(T::
|
|
22
|
+
registries: T.nilable(T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
23
23
|
)
|
|
24
24
|
.void
|
|
25
25
|
end
|
|
26
26
|
def initialize(updates:, registries: nil)
|
|
27
27
|
@updates = T.let(updates || [], T::Array[T::Hash[Symbol, String]])
|
|
28
|
-
@registries = T.let(registries || [
|
|
28
|
+
@registries = T.let(registries || {}, T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
sig do
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/utils"
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
8
10
|
# rubocop:disable Metrics/MethodLength
|
|
11
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
9
12
|
def self.fetcher_error_details(error)
|
|
10
13
|
case error
|
|
11
14
|
when Dependabot::ToolVersionNotSupported
|
|
@@ -70,12 +73,13 @@ module Dependabot
|
|
|
70
73
|
{
|
|
71
74
|
"error-type": "octokit_rate_limited",
|
|
72
75
|
"error-detail": {
|
|
73
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
76
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
74
77
|
}
|
|
75
78
|
}
|
|
76
79
|
end
|
|
77
80
|
end
|
|
78
81
|
|
|
82
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
79
83
|
def self.parser_error_details(error)
|
|
80
84
|
case error
|
|
81
85
|
when Dependabot::DependencyFileNotEvaluatable
|
|
@@ -136,6 +140,7 @@ module Dependabot
|
|
|
136
140
|
end
|
|
137
141
|
end
|
|
138
142
|
|
|
143
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
139
144
|
def self.updater_error_details(error)
|
|
140
145
|
case error
|
|
141
146
|
when Dependabot::DependencyFileNotResolvable
|
|
@@ -207,7 +212,7 @@ module Dependabot
|
|
|
207
212
|
{
|
|
208
213
|
"error-type": "octokit_rate_limited",
|
|
209
214
|
"error-detail": {
|
|
210
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
215
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
211
216
|
}
|
|
212
217
|
}
|
|
213
218
|
end
|
|
@@ -376,23 +381,28 @@ module Dependabot
|
|
|
376
381
|
class DependencyFileNotFound < DependabotError
|
|
377
382
|
extend T::Sig
|
|
378
383
|
|
|
379
|
-
sig { returns(String) }
|
|
384
|
+
sig { returns(T.nilable(String)) }
|
|
380
385
|
attr_reader :file_path
|
|
381
386
|
|
|
387
|
+
sig { params(file_path: T.nilable(String), msg: T.nilable(String)).void }
|
|
382
388
|
def initialize(file_path, msg = nil)
|
|
383
389
|
@file_path = file_path
|
|
384
390
|
super(msg || "#{file_path} not found")
|
|
385
391
|
end
|
|
386
392
|
|
|
387
|
-
sig { returns(String) }
|
|
393
|
+
sig { returns(T.nilable(String)) }
|
|
388
394
|
def file_name
|
|
389
|
-
|
|
395
|
+
return unless file_path
|
|
396
|
+
|
|
397
|
+
T.must(file_path).split("/").last
|
|
390
398
|
end
|
|
391
399
|
|
|
392
|
-
sig { returns(String) }
|
|
400
|
+
sig { returns(T.nilable(String)) }
|
|
393
401
|
def directory
|
|
394
402
|
# Directory should always start with a `/`
|
|
395
|
-
|
|
403
|
+
return unless file_path
|
|
404
|
+
|
|
405
|
+
T.must(T.must(file_path).split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
396
406
|
end
|
|
397
407
|
end
|
|
398
408
|
|
|
@@ -434,8 +444,9 @@ module Dependabot
|
|
|
434
444
|
sig { returns(String) }
|
|
435
445
|
attr_reader :source
|
|
436
446
|
|
|
447
|
+
sig { params(source: T.nilable(String)).void }
|
|
437
448
|
def initialize(source)
|
|
438
|
-
@source = T.let(sanitize_source(source), String)
|
|
449
|
+
@source = T.let(sanitize_source(T.must(source)), String)
|
|
439
450
|
msg = "The following source could not be reached as it requires " \
|
|
440
451
|
"authentication (and any provided details were invalid or lacked " \
|
|
441
452
|
"the required permissions): #{@source}"
|
|
@@ -1,18 +1,25 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module Experiments
|
|
6
|
-
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
10
|
+
@experiments = T.let({}, T::Hash[T.any(String, Symbol), T.untyped])
|
|
7
11
|
|
|
12
|
+
sig { returns(T::Hash[T.any(String, Symbol), T.untyped]) }
|
|
8
13
|
def self.reset!
|
|
9
14
|
@experiments = {}
|
|
10
15
|
end
|
|
11
16
|
|
|
17
|
+
sig { params(name: T.any(String, Symbol), value: T.untyped).void }
|
|
12
18
|
def self.register(name, value)
|
|
13
19
|
@experiments[name.to_sym] = value
|
|
14
20
|
end
|
|
15
21
|
|
|
22
|
+
sig { params(name: T.any(String, Symbol)).returns(T::Boolean) }
|
|
16
23
|
def self.enabled?(name)
|
|
17
24
|
!!@experiments[name.to_sym]
|
|
18
25
|
end
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/metadata_finders/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module MetadataFinders
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@metadata_finders = T.let({}, T::Hash[String, T.class_of(Dependabot::MetadataFinders::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::MetadataFinders::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
metadata_finder = @metadata_finders[package_manager]
|
|
10
16
|
return metadata_finder if metadata_finder
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, metadata_finder: T.class_of(Dependabot::MetadataFinders::Base)).void }
|
|
15
22
|
def self.register(package_manager, metadata_finder)
|
|
16
23
|
@metadata_finders[package_manager] = metadata_finder
|
|
17
24
|
end
|
|
@@ -1,12 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
class PullRequestCreator
|
|
6
8
|
class BranchNamer
|
|
7
9
|
class Base
|
|
8
|
-
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
sig { returns(T::Array[Dependency]) }
|
|
13
|
+
attr_reader :dependencies
|
|
14
|
+
|
|
15
|
+
sig { returns(T::Array[DependencyFile]) }
|
|
16
|
+
attr_reader :files
|
|
17
|
+
|
|
18
|
+
sig { returns(T.nilable(String)) }
|
|
19
|
+
attr_reader :target_branch
|
|
9
20
|
|
|
21
|
+
sig { returns(String) }
|
|
22
|
+
attr_reader :separator
|
|
23
|
+
|
|
24
|
+
sig { returns(String) }
|
|
25
|
+
attr_reader :prefix
|
|
26
|
+
|
|
27
|
+
sig { returns(T.nilable(Integer)) }
|
|
28
|
+
attr_reader :max_length
|
|
29
|
+
|
|
30
|
+
sig do
|
|
31
|
+
params(
|
|
32
|
+
dependencies: T::Array[Dependency],
|
|
33
|
+
files: T::Array[DependencyFile],
|
|
34
|
+
target_branch: T.nilable(String),
|
|
35
|
+
separator: String,
|
|
36
|
+
prefix: String,
|
|
37
|
+
max_length: T.nilable(Integer)
|
|
38
|
+
)
|
|
39
|
+
.void
|
|
40
|
+
end
|
|
10
41
|
def initialize(dependencies:, files:, target_branch:, separator: "/",
|
|
11
42
|
prefix: "dependabot", max_length: nil)
|
|
12
43
|
@dependencies = dependencies
|
|
@@ -19,6 +50,7 @@ module Dependabot
|
|
|
19
50
|
|
|
20
51
|
private
|
|
21
52
|
|
|
53
|
+
sig { params(ref_name: String).returns(String) }
|
|
22
54
|
def sanitize_branch_name(ref_name)
|
|
23
55
|
# General git ref validation
|
|
24
56
|
sanitized_name = sanitize_ref(ref_name)
|
|
@@ -27,14 +59,15 @@ module Dependabot
|
|
|
27
59
|
sanitized_name = sanitized_name.gsub("/", separator)
|
|
28
60
|
|
|
29
61
|
# Shorten the ref in case users refs have length limits
|
|
30
|
-
if max_length && (sanitized_name.length > max_length)
|
|
31
|
-
sha = Digest::SHA1.hexdigest(sanitized_name)[0, max_length]
|
|
32
|
-
sanitized_name[[max_length - sha.size, 0].max..] = sha
|
|
62
|
+
if max_length && (sanitized_name.length > T.must(max_length))
|
|
63
|
+
sha = T.must(Digest::SHA1.hexdigest(sanitized_name)[0, T.must(max_length)])
|
|
64
|
+
sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
|
|
33
65
|
end
|
|
34
66
|
|
|
35
67
|
sanitized_name
|
|
36
68
|
end
|
|
37
69
|
|
|
70
|
+
sig { params(ref: String).returns(String) }
|
|
38
71
|
def sanitize_ref(ref)
|
|
39
72
|
# This isn't a complete implementation of git's ref validation, but it
|
|
40
73
|
# covers most cases that crop up. Its list of allowed characters is a
|
|
@@ -8,17 +8,18 @@ module Dependabot
|
|
|
8
8
|
class BranchNamer
|
|
9
9
|
class DependencyGroupStrategy < Base
|
|
10
10
|
def initialize(dependencies:, files:, target_branch:, dependency_group:,
|
|
11
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
|
11
|
+
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes:)
|
|
12
12
|
super(
|
|
13
13
|
dependencies: dependencies,
|
|
14
14
|
files: files,
|
|
15
15
|
target_branch: target_branch,
|
|
16
16
|
separator: separator,
|
|
17
17
|
prefix: prefix,
|
|
18
|
-
max_length: max_length
|
|
18
|
+
max_length: max_length,
|
|
19
19
|
)
|
|
20
20
|
|
|
21
21
|
@dependency_group = dependency_group
|
|
22
|
+
@includes_security_fixes = includes_security_fixes
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def new_branch_name
|
|
@@ -45,7 +46,11 @@ module Dependabot
|
|
|
45
46
|
# Let's append a short hash digest of the dependency changes so that we can
|
|
46
47
|
# meet this guarantee.
|
|
47
48
|
def group_name_with_dependency_digest
|
|
48
|
-
|
|
49
|
+
if @includes_security_fixes
|
|
50
|
+
"group-security-#{package_manager}-#{dependency_digest}"
|
|
51
|
+
else
|
|
52
|
+
"#{dependency_group.name}-#{dependency_digest}"
|
|
53
|
+
end
|
|
49
54
|
end
|
|
50
55
|
|
|
51
56
|
def dependency_digest
|
|
@@ -55,11 +60,11 @@ module Dependabot
|
|
|
55
60
|
end
|
|
56
61
|
|
|
57
62
|
def package_manager
|
|
58
|
-
dependencies.first.package_manager
|
|
63
|
+
T.must(dependencies.first).package_manager
|
|
59
64
|
end
|
|
60
65
|
|
|
61
66
|
def directory
|
|
62
|
-
files.first.directory.tr(" ", "-")
|
|
67
|
+
T.must(files.first).directory.tr(" ", "-")
|
|
63
68
|
end
|
|
64
69
|
end
|
|
65
70
|
end
|
|
@@ -38,31 +38,31 @@ module Dependabot
|
|
|
38
38
|
[
|
|
39
39
|
prefix,
|
|
40
40
|
package_manager,
|
|
41
|
-
files.first.directory.tr(" ", "-"),
|
|
41
|
+
T.must(files.first).directory.tr(" ", "-"),
|
|
42
42
|
target_branch
|
|
43
43
|
].compact
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def package_manager
|
|
47
|
-
dependencies.first.package_manager
|
|
47
|
+
T.must(dependencies.first).package_manager
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def updating_a_property?
|
|
51
|
-
dependencies.first
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
T.must(dependencies.first)
|
|
52
|
+
.requirements
|
|
53
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def updating_a_dependency_set?
|
|
57
|
-
dependencies.first
|
|
58
|
-
|
|
59
|
-
|
|
57
|
+
T.must(dependencies.first)
|
|
58
|
+
.requirements
|
|
59
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
def property_name
|
|
63
|
-
@property_name ||= dependencies.first.requirements
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
@property_name ||= T.must(dependencies.first).requirements
|
|
64
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
65
|
+
&.dig(:metadata, :property_name)
|
|
66
66
|
|
|
67
67
|
raise "No property name!" unless @property_name
|
|
68
68
|
|
|
@@ -70,9 +70,9 @@ module Dependabot
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def dependency_set
|
|
73
|
-
@dependency_set ||= dependencies.first.requirements
|
|
74
|
-
|
|
75
|
-
|
|
73
|
+
@dependency_set ||= T.must(dependencies.first).requirements
|
|
74
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
75
|
+
&.dig(:metadata, :dependency_set)
|
|
76
76
|
|
|
77
77
|
raise "No dependency set!" unless @dependency_set
|
|
78
78
|
|
|
@@ -82,7 +82,7 @@ module Dependabot
|
|
|
82
82
|
def branch_version_suffix
|
|
83
83
|
dep = dependencies.first
|
|
84
84
|
|
|
85
|
-
if dep.removed?
|
|
85
|
+
if T.must(dep).removed?
|
|
86
86
|
"-removed"
|
|
87
87
|
elsif library? && ref_changed?(dep) && new_ref(dep)
|
|
88
88
|
new_ref(dep)
|
|
@@ -11,10 +11,11 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
class PullRequestCreator
|
|
13
13
|
class BranchNamer
|
|
14
|
-
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group
|
|
14
|
+
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group,
|
|
15
|
+
:includes_security_fixes
|
|
15
16
|
|
|
16
17
|
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
|
17
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
|
18
|
+
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
|
18
19
|
@dependencies = dependencies
|
|
19
20
|
@files = files
|
|
20
21
|
@target_branch = target_branch
|
|
@@ -22,6 +23,7 @@ module Dependabot
|
|
|
22
23
|
@separator = separator
|
|
23
24
|
@prefix = prefix
|
|
24
25
|
@max_length = max_length
|
|
26
|
+
@includes_security_fixes = includes_security_fixes
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def new_branch_name
|
|
@@ -49,7 +51,8 @@ module Dependabot
|
|
|
49
51
|
dependency_group: dependency_group,
|
|
50
52
|
separator: separator,
|
|
51
53
|
prefix: prefix,
|
|
52
|
-
max_length: max_length
|
|
54
|
+
max_length: max_length,
|
|
55
|
+
includes_security_fixes: includes_security_fixes
|
|
53
56
|
)
|
|
54
57
|
end
|
|
55
58
|
end
|
|
@@ -148,7 +148,6 @@ module Dependabot
|
|
|
148
148
|
end
|
|
149
149
|
|
|
150
150
|
def build_details_tag(summary:, body:)
|
|
151
|
-
# Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
|
|
152
151
|
# Bitbucket does not support <details> tag (https://jira.atlassian.com/browse/BCLOUD-20231)
|
|
153
152
|
# CodeCommit does not support the <details> tag (no url available)
|
|
154
153
|
if source_provider_supports_html?
|
|
@@ -244,7 +243,7 @@ module Dependabot
|
|
|
244
243
|
end
|
|
245
244
|
|
|
246
245
|
def source_provider_supports_html?
|
|
247
|
-
!%w(
|
|
246
|
+
!%w(bitbucket codecommit).include?(source.provider)
|
|
248
247
|
end
|
|
249
248
|
|
|
250
249
|
def sanitize_links_and_mentions(text, unsafe: false)
|
|
@@ -492,7 +492,7 @@ module Dependabot
|
|
|
492
492
|
end
|
|
493
493
|
|
|
494
494
|
def metadata_links
|
|
495
|
-
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
|
|
495
|
+
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1 && dependency_group.nil?
|
|
496
496
|
|
|
497
497
|
dependencies.map do |dep|
|
|
498
498
|
if dep.removed?
|
|
@@ -266,7 +266,8 @@ module Dependabot
|
|
|
266
266
|
dependency_group: dependency_group,
|
|
267
267
|
separator: branch_name_separator,
|
|
268
268
|
prefix: branch_name_prefix,
|
|
269
|
-
max_length: branch_name_max_length
|
|
269
|
+
max_length: branch_name_max_length,
|
|
270
|
+
includes_security_fixes: includes_security_fixes?
|
|
270
271
|
)
|
|
271
272
|
end
|
|
272
273
|
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class Requirement < Gem::Requirement
|
|
8
|
+
extend T::Sig
|
|
9
|
+
extend T::Helpers
|
|
10
|
+
|
|
11
|
+
abstract!
|
|
12
|
+
|
|
13
|
+
sig do
|
|
14
|
+
abstract
|
|
15
|
+
.params(requirement_string: T.nilable(String))
|
|
16
|
+
.returns(T::Array[Requirement])
|
|
17
|
+
end
|
|
18
|
+
def self.requirements_array(requirement_string); end
|
|
19
|
+
end
|
|
20
|
+
end
|
data/lib/dependabot/utils.rb
CHANGED
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
require "tmpdir"
|
|
5
5
|
require "set"
|
|
6
6
|
require "sorbet-runtime"
|
|
7
|
+
|
|
8
|
+
require "dependabot/requirement"
|
|
7
9
|
require "dependabot/version"
|
|
8
10
|
require "dependabot/config/file"
|
|
9
11
|
|
|
@@ -33,9 +35,9 @@ module Dependabot
|
|
|
33
35
|
@version_classes[package_manager] = version_class
|
|
34
36
|
end
|
|
35
37
|
|
|
36
|
-
@requirement_classes = T.let({}, T::Hash[String, T.class_of(
|
|
38
|
+
@requirement_classes = T.let({}, T::Hash[String, T.class_of(Dependabot::Requirement)])
|
|
37
39
|
|
|
38
|
-
sig { params(package_manager: String).returns(T.class_of(
|
|
40
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::Requirement)) }
|
|
39
41
|
def self.requirement_class_for_package_manager(package_manager)
|
|
40
42
|
requirement_class = @requirement_classes[package_manager]
|
|
41
43
|
return requirement_class if requirement_class
|
|
@@ -43,7 +45,7 @@ module Dependabot
|
|
|
43
45
|
raise "Unregistered package_manager #{package_manager}"
|
|
44
46
|
end
|
|
45
47
|
|
|
46
|
-
sig { params(package_manager: String, requirement_class: T.class_of(
|
|
48
|
+
sig { params(package_manager: String, requirement_class: T.class_of(Dependabot::Requirement)).void }
|
|
47
49
|
def self.register_requirement_class(package_manager, requirement_class)
|
|
48
50
|
validate_package_manager!(package_manager)
|
|
49
51
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.239.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-12-
|
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -374,14 +374,14 @@ dependencies:
|
|
|
374
374
|
requirements:
|
|
375
375
|
- - "~>"
|
|
376
376
|
- !ruby/object:Gem::Version
|
|
377
|
-
version: 1.
|
|
377
|
+
version: 1.58.0
|
|
378
378
|
type: :development
|
|
379
379
|
prerelease: false
|
|
380
380
|
version_requirements: !ruby/object:Gem::Requirement
|
|
381
381
|
requirements:
|
|
382
382
|
- - "~>"
|
|
383
383
|
- !ruby/object:Gem::Version
|
|
384
|
-
version: 1.
|
|
384
|
+
version: 1.58.0
|
|
385
385
|
- !ruby/object:Gem::Dependency
|
|
386
386
|
name: rubocop-performance
|
|
387
387
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -537,6 +537,7 @@ files:
|
|
|
537
537
|
- lib/dependabot/pull_request_updater/github.rb
|
|
538
538
|
- lib/dependabot/pull_request_updater/gitlab.rb
|
|
539
539
|
- lib/dependabot/registry_client.rb
|
|
540
|
+
- lib/dependabot/requirement.rb
|
|
540
541
|
- lib/dependabot/security_advisory.rb
|
|
541
542
|
- lib/dependabot/shared_helpers.rb
|
|
542
543
|
- lib/dependabot/simple_instrumentor.rb
|
|
@@ -557,7 +558,7 @@ licenses:
|
|
|
557
558
|
- Nonstandard
|
|
558
559
|
metadata:
|
|
559
560
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
560
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
561
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
|
561
562
|
post_install_message:
|
|
562
563
|
rdoc_options: []
|
|
563
564
|
require_paths:
|