dependabot-common 0.246.0 → 0.247.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/errors.rb +12 -0
  3. data/lib/dependabot/file_fetchers/base.rb +8 -19
  4. data/lib/dependabot/file_updaters/base.rb +2 -0
  5. data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +1 -1
  6. data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +13 -4
  7. data/lib/dependabot/pull_request_creator/message_builder.rb +8 -1
  8. data/lib/dependabot/registry_client.rb +2 -2
  9. data/lib/dependabot/requirements_update_strategy.rb +13 -0
  10. data/lib/dependabot/update_checkers/base.rb +4 -3
  11. data/lib/dependabot/update_checkers/version_filters.rb +15 -5
  12. data/lib/dependabot/version.rb +6 -43
  13. data/lib/dependabot.rb +1 -1
  14. metadata +18 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: afa14b1e2f804f1713004ae03cf9ba9ac2ed546794d736bbeedef24d18f8be7b
4
- data.tar.gz: 012a72964c4ae5f6140ab6a81d101f227bd84445a2e04b77395252ae66771bc8
3
+ metadata.gz: c92ad460f0349deb2012116104501e807bd6d061fe4f5a96a0cfbd8128d3b78b
4
+ data.tar.gz: f0668f3d3a2106c3245416727393e8a0a2e284fa1f44d05b40d531c4b31b2f38
5
5
  SHA512:
6
- metadata.gz: 367510a477d1b7a1d362f69a8a4a8bdcfb1d89f355f442291d3640c247391e924612b51bbe3393b146dcfb621d1faf53ab7dc364bf4eba134c17389a781d4ba0
7
- data.tar.gz: ae0d0af76bbea879c4cf4faec7c1be85067cec9918c1c7ad2818b60c160d5da93bcb11a5c3bd9287d4b9f11256de46eb0758f56db98ef2586ec2c3d4e514ed17
6
+ metadata.gz: 8a12d9ebf2c2ab8075e431704cdd3733c854b91b4c0abe761e33d8a9b64a18d9ecb303d063d11f5e0f10200a4b0199409e28ff0e36593eb0288163074cb2e74a
7
+ data.tar.gz: cb05c3efac2f10c2d6eea5758d0d50eed8cd77d7681c3d0a505b94f43a3cccb2fd436efdbd08bab73cd2940f8dfbba91e61dbbea6a929054d7318dd71d3d7ae3
data/lib/dependabot/errors.rb CHANGED
@@ -7,6 +7,18 @@ require "dependabot/utils"
7
7
  module Dependabot
8
8
  extend T::Sig
9
9
 
10
+ module ErrorAttributes
11
+ BACKTRACE = "error-backtrace"
12
+ CLASS = "error-class"
13
+ DETAILS = "error-details"
14
+ FINGERPRINT = "fingerprint"
15
+ MESSAGE = "error-message"
16
+ DEPENDENCIES = "job-dependencies"
17
+ DEPENDENCY_GROUPS = "job-dependency-groups"
18
+ JOB_ID = "job-id"
19
+ PACKAGE_MANAGER = "package-manager"
20
+ end
21
+
10
22
  # rubocop:disable Metrics/MethodLength
11
23
  sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
12
24
  def self.fetcher_error_details(error)
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -354,11 +354,6 @@ module Dependabot
354
354
  end
355
355
  end
356
356
 
357
- sig { returns(T::Boolean) }
358
- def recurse_submodules_when_cloning?
359
- false
360
- end
361
-
362
357
  sig do
363
358
  returns(
364
359
  T.any(
@@ -776,7 +771,6 @@ module Dependabot
776
771
  # rubocop:disable Metrics/MethodLength
777
772
  # rubocop:disable Metrics/PerceivedComplexity
778
773
  # rubocop:disable Metrics/BlockLength
779
- # rubocop:disable Metrics/CyclomaticComplexity
780
774
  sig { params(target_directory: T.nilable(String)).returns(String) }
781
775
  def _clone_repo_contents(target_directory:)
782
776
  SharedHelpers.with_git_configured(credentials: credentials) do
@@ -789,11 +783,7 @@ module Dependabot
789
783
 
790
784
  clone_options = StringIO.new
791
785
  clone_options << "--no-tags --depth 1"
792
- clone_options << if recurse_submodules_when_cloning?
793
- " --recurse-submodules --shallow-submodules"
794
- else
795
- " --no-recurse-submodules"
796
- end
786
+ clone_options << " --recurse-submodules --shallow-submodules"
797
787
  clone_options << " --branch #{source.branch} --single-branch" if source.branch
798
788
 
799
789
  submodule_cloning_failed = false
@@ -805,7 +795,7 @@ module Dependabot
805
795
  CMD
806
796
  )
807
797
 
808
- @submodules = find_submodules(path) if recurse_submodules_when_cloning?
798
+ @submodules = find_submodules(path)
809
799
  rescue SharedHelpers::HelperSubprocessFailed => e
810
800
  if GIT_RETRYABLE_ERRORS.any? { |error| error.match?(e.message) } && retries < 5
811
801
  retries += 1
@@ -835,20 +825,20 @@ module Dependabot
835
825
  Dir.chdir(path) do
836
826
  fetch_options = StringIO.new
837
827
  fetch_options << "--depth 1"
838
- fetch_options << if recurse_submodules_when_cloning? && !submodule_cloning_failed
839
- " --recurse-submodules=on-demand"
840
- else
828
+ fetch_options << if submodule_cloning_failed
841
829
  " --no-recurse-submodules"
830
+ else
831
+ " --recurse-submodules=on-demand"
842
832
  end
843
833
  # Need to fetch the commit due to the --depth 1 above.
844
834
  SharedHelpers.run_shell_command("git fetch #{fetch_options.string} origin #{source.commit}")
845
835
 
846
836
  reset_options = StringIO.new
847
837
  reset_options << "--hard"
848
- reset_options << if recurse_submodules_when_cloning? && !submodule_cloning_failed
849
- " --recurse-submodules"
850
- else
838
+ reset_options << if submodule_cloning_failed
851
839
  " --no-recurse-submodules"
840
+ else
841
+ " --recurse-submodules"
852
842
  end
853
843
  # Set HEAD to this commit so later calls so git reset HEAD will work.
854
844
  SharedHelpers.run_shell_command("git reset #{reset_options.string} #{source.commit}")
@@ -862,7 +852,6 @@ module Dependabot
862
852
  # rubocop:enable Metrics/MethodLength
863
853
  # rubocop:enable Metrics/PerceivedComplexity
864
854
  # rubocop:enable Metrics/BlockLength
865
- # rubocop:enable Metrics/CyclomaticComplexity
866
855
 
867
856
  sig { params(str: String).returns(String) }
868
857
  def decode_binary_string(str)
data/lib/dependabot/file_updaters/base.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
+
5
6
  require "dependabot/credential"
6
7
 
7
8
  module Dependabot
@@ -9,6 +10,7 @@ module Dependabot
9
10
  class Base
10
11
  extend T::Sig
11
12
  extend T::Helpers
13
+
12
14
  abstract!
13
15
 
14
16
  sig { returns(T::Array[Dependabot::Dependency]) }
data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb CHANGED
@@ -46,7 +46,7 @@ module Dependabot
46
46
  [
47
47
  prefix,
48
48
  package_manager,
49
- T.must(files.first).directory.tr(" ", "-"),
49
+ files.first&.directory&.tr(" ", "-"),
50
50
  target_branch
51
51
  ].compact
52
52
  end
data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb CHANGED
@@ -21,10 +21,10 @@ module Dependabot
21
21
  /\[(?<tag>(?:\#|GH-)?\d+)\]\(\)/i
22
22
  ].freeze, T::Array[Regexp])
23
23
 
24
- sig { returns(String) }
24
+ sig { returns(T.nilable(String)) }
25
25
  attr_reader :source_url
26
26
 
27
- sig { params(source_url: String).void }
27
+ sig { params(source_url: T.nilable(String)).void }
28
28
  def initialize(source_url:)
29
29
  @source_url = source_url
30
30
  end
@@ -46,9 +46,18 @@ module Dependabot
46
46
  .match("#{REPO_REGEX}#{TAG_REGEX}")
47
47
  &.named_captures
48
48
  &.fetch("repo", nil)
49
- source = repo ? "https://github.com/#{repo}" : source_url
50
49
 
51
- "[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
50
+ source = if repo
51
+ "https://github.com/#{repo}"
52
+ elsif source_url
53
+ source_url
54
+ end
55
+
56
+ if source
57
+ "[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
58
+ else
59
+ issue_link
60
+ end
52
61
  end
53
62
  end
54
63
  end
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -233,10 +233,17 @@ module Dependabot
233
233
 
234
234
  sig { returns(String) }
235
235
  def group_pr_name
236
+ directories_from_dependencies = dependencies.to_set { |dep| dep.metadata[:directory] }
237
+
238
+ directories_with_updates = source.directories&.filter do |directory|
239
+ directories_from_dependencies.include?(directory)
240
+ end
241
+
236
242
  updates = dependencies.map(&:name).uniq.count
237
243
 
238
244
  if source.directories
239
- "bump the #{T.must(dependency_group).name} across #{T.must(source.directories).count} directories " \
245
+ "bump the #{T.must(dependency_group).name} across #{T.must(directories_with_updates).count} " \
246
+ "#{T.must(directories_with_updates).count > 1 ? 'directories' : 'directory'} " \
240
247
  "with #{updates} update#{'s' if updates > 1}"
241
248
  else
242
249
  "bump the #{T.must(dependency_group).name} group#{pr_name_directory} with #{updates} update#{if updates > 1
data/lib/dependabot/registry_client.rb CHANGED
@@ -19,7 +19,7 @@ module Dependabot
19
19
  sig do
20
20
  params(
21
21
  url: String,
22
- headers: T::Hash[Symbol, T.untyped],
22
+ headers: T::Hash[T.any(String, Symbol), T.untyped],
23
23
  options: T::Hash[Symbol, T.untyped]
24
24
  )
25
25
  .returns(Excon::Response)
@@ -40,7 +40,7 @@ module Dependabot
40
40
  sig do
41
41
  params(
42
42
  url: String,
43
- headers: T::Hash[Symbol, T.untyped],
43
+ headers: T::Hash[T.any(String, Symbol), T.untyped],
44
44
  options: T::Hash[Symbol, T.untyped]
45
45
  )
46
46
  .returns(Excon::Response)
data/lib/dependabot/requirements_update_strategy.rb ADDED
@@ -0,0 +1,13 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ module Dependabot
5
+ class RequirementsUpdateStrategy < T::Enum
6
+ enums do
7
+ BumpVersions = new("bump_versions")
8
+ BumpVersionsIfNecessary = new("bump_versions_if_necessary")
9
+ LockfileOnly = new("lockfile_only")
10
+ WidenRanges = new("widen_ranges")
11
+ end
12
+ end
13
+ end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -4,8 +4,9 @@
4
4
  require "json"
5
5
  require "sorbet-runtime"
6
6
 
7
- require "dependabot/utils"
7
+ require "dependabot/requirements_update_strategy"
8
8
  require "dependabot/security_advisory"
9
+ require "dependabot/utils"
9
10
 
10
11
  module Dependabot
11
12
  module UpdateCheckers
@@ -34,7 +35,7 @@ module Dependabot
34
35
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
35
36
  attr_reader :security_advisories
36
37
 
37
- sig { returns(T.nilable(Symbol)) }
38
+ sig { returns(T.nilable(Dependabot::RequirementsUpdateStrategy)) }
38
39
  attr_reader :requirements_update_strategy
39
40
 
40
41
  sig { returns(T.nilable(Dependabot::DependencyGroup)) }
@@ -52,7 +53,7 @@ module Dependabot
52
53
  ignored_versions: T::Array[String],
53
54
  raise_on_ignored: T::Boolean,
54
55
  security_advisories: T::Array[Dependabot::SecurityAdvisory],
55
- requirements_update_strategy: T.nilable(Symbol),
56
+ requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
56
57
  dependency_group: T.nilable(Dependabot::DependencyGroup),
57
58
  options: T::Hash[Symbol, T.untyped]
58
59
  )
data/lib/dependabot/update_checkers/version_filters.rb CHANGED
@@ -9,11 +9,21 @@ module Dependabot
9
9
  extend T::Sig
10
10
 
11
11
  sig do
12
- params(
13
- versions_array: T::Array[T.any(Gem::Version, T::Hash[Symbol, Gem::Version])],
14
- security_advisories: T::Array[SecurityAdvisory]
15
- )
16
- .returns(T::Array[T.any(Gem::Version, T::Hash[Symbol, Gem::Version])])
12
+ # Tricky generics explanation:
13
+ # There's a type T that is either a Gem::Version or a Hash with a :version key
14
+ # The method returns an array of T
15
+ # So whichever is provided as input, the output will be an array of the same type.
16
+ # https://sorbet.org/docs/generics#placing-bounds-on-generic-methods
17
+ type_parameters(:T)
18
+ .params(
19
+ versions_array: T::Array[
20
+ T.any(
21
+ T.all(T.type_parameter(:T), Gem::Version),
22
+ T.all(T.type_parameter(:T), T::Hash[Symbol, Gem::Version])
23
+ )],
24
+ security_advisories: T::Array[SecurityAdvisory]
25
+ )
26
+ .returns(T::Array[T.type_parameter(:T)])
17
27
  end
18
28
  def self.filter_vulnerable_versions(versions_array, security_advisories)
19
29
  versions_array.reject do |v|
data/lib/dependabot/version.rb CHANGED
@@ -10,59 +10,22 @@ module Dependabot
10
10
 
11
11
  abstract!
12
12
 
13
- sig do
14
- override
15
- .overridable
16
- .params(
17
- version: T.any(
18
- String,
19
- Integer,
20
- Float,
21
- Gem::Version,
22
- NilClass
23
- )
24
- )
25
- .void
26
- end
13
+ VersionParameter = T.type_alias { T.nilable(T.any(String, Integer, Gem::Version)) }
14
+
15
+ sig { override.overridable.params(version: VersionParameter).void }
27
16
  def initialize(version)
28
17
  @original_version = T.let(version.to_s, String)
29
18
 
30
- T.unsafe(super(version))
19
+ super
31
20
  end
32
21
 
33
- sig do
34
- override
35
- .overridable
36
- .params(
37
- version: T.any(
38
- String,
39
- Integer,
40
- Float,
41
- Gem::Version,
42
- NilClass
43
- )
44
- )
45
- .returns(Dependabot::Version)
46
- end
22
+ sig { override.overridable.params(version: VersionParameter).returns(Dependabot::Version) }
47
23
  def self.new(version)
48
24
  T.cast(super, Dependabot::Version)
49
25
  end
50
26
 
51
27
  # Opt-in to Rubygems 4 behavior
52
- sig do
53
- override
54
- .overridable
55
- .params(
56
- version: T.any(
57
- String,
58
- Integer,
59
- Float,
60
- Gem::Version,
61
- NilClass
62
- )
63
- )
64
- .returns(T::Boolean)
65
- end
28
+ sig { override.overridable.params(version: VersionParameter).returns(T::Boolean) }
66
29
  def self.correct?(version)
67
30
  return false if version.nil?
68
31
 
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.246.0"
5
+ VERSION = "0.247.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.246.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-01 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -390,6 +390,20 @@ dependencies:
390
390
  - - "~>"
391
391
  - !ruby/object:Gem::Version
392
392
  version: 1.19.0
393
+ - !ruby/object:Gem::Dependency
394
+ name: rubocop-rspec
395
+ requirement: !ruby/object:Gem::Requirement
396
+ requirements:
397
+ - - "~>"
398
+ - !ruby/object:Gem::Version
399
+ version: 2.27.1
400
+ type: :development
401
+ prerelease: false
402
+ version_requirements: !ruby/object:Gem::Requirement
403
+ requirements:
404
+ - - "~>"
405
+ - !ruby/object:Gem::Version
406
+ version: 2.27.1
393
407
  - !ruby/object:Gem::Dependency
394
408
  name: rubocop-sorbet
395
409
  requirement: !ruby/object:Gem::Requirement
@@ -547,6 +561,7 @@ files:
547
561
  - lib/dependabot/pull_request_updater/gitlab.rb
548
562
  - lib/dependabot/registry_client.rb
549
563
  - lib/dependabot/requirement.rb
564
+ - lib/dependabot/requirements_update_strategy.rb
550
565
  - lib/dependabot/security_advisory.rb
551
566
  - lib/dependabot/shared_helpers.rb
552
567
  - lib/dependabot/simple_instrumentor.rb
@@ -567,7 +582,7 @@ licenses:
567
582
  - Nonstandard
568
583
  metadata:
569
584
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
570
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
585
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
571
586
  post_install_message:
572
587
  rdoc_options: []
573
588
  require_paths: