dependabot-common 0.246.0 → 0.247.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/errors.rb +12 -0
  3. data/lib/dependabot/file_fetchers/base.rb +8 -19
  4. data/lib/dependabot/file_updaters/base.rb +2 -0
  5. data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +1 -1
  6. data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +13 -4
  7. data/lib/dependabot/pull_request_creator/message_builder.rb +8 -1
  8. data/lib/dependabot/registry_client.rb +2 -2
  9. data/lib/dependabot/requirements_update_strategy.rb +13 -0
  10. data/lib/dependabot/update_checkers/base.rb +4 -3
  11. data/lib/dependabot/update_checkers/version_filters.rb +15 -5
  12. data/lib/dependabot/version.rb +6 -43
  13. data/lib/dependabot.rb +1 -1
  14. metadata +18 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: afa14b1e2f804f1713004ae03cf9ba9ac2ed546794d736bbeedef24d18f8be7b
4
- data.tar.gz: 012a72964c4ae5f6140ab6a81d101f227bd84445a2e04b77395252ae66771bc8
3
+ metadata.gz: c92ad460f0349deb2012116104501e807bd6d061fe4f5a96a0cfbd8128d3b78b
4
+ data.tar.gz: f0668f3d3a2106c3245416727393e8a0a2e284fa1f44d05b40d531c4b31b2f38
5
5
  SHA512:
6
- metadata.gz: 367510a477d1b7a1d362f69a8a4a8bdcfb1d89f355f442291d3640c247391e924612b51bbe3393b146dcfb621d1faf53ab7dc364bf4eba134c17389a781d4ba0
7
- data.tar.gz: ae0d0af76bbea879c4cf4faec7c1be85067cec9918c1c7ad2818b60c160d5da93bcb11a5c3bd9287d4b9f11256de46eb0758f56db98ef2586ec2c3d4e514ed17
6
+ metadata.gz: 8a12d9ebf2c2ab8075e431704cdd3733c854b91b4c0abe761e33d8a9b64a18d9ecb303d063d11f5e0f10200a4b0199409e28ff0e36593eb0288163074cb2e74a
7
+ data.tar.gz: cb05c3efac2f10c2d6eea5758d0d50eed8cd77d7681c3d0a505b94f43a3cccb2fd436efdbd08bab73cd2940f8dfbba91e61dbbea6a929054d7318dd71d3d7ae3
data/lib/dependabot/errors.rb CHANGED
@@ -7,6 +7,18 @@ require "dependabot/utils"
7
7
  module Dependabot
8
8
  extend T::Sig
9
9
 
10
+ module ErrorAttributes
11
+ BACKTRACE = "error-backtrace"
12
+ CLASS = "error-class"
13
+ DETAILS = "error-details"
14
+ FINGERPRINT = "fingerprint"
15
+ MESSAGE = "error-message"
16
+ DEPENDENCIES = "job-dependencies"
17
+ DEPENDENCY_GROUPS = "job-dependency-groups"
18
+ JOB_ID = "job-id"
19
+ PACKAGE_MANAGER = "package-manager"
20
+ end
21
+
10
22
  # rubocop:disable Metrics/MethodLength
11
23
  sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
12
24
  def self.fetcher_error_details(error)
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -354,11 +354,6 @@ module Dependabot
354
354
  end
355
355
  end
356
356
 
357
- sig { returns(T::Boolean) }
358
- def recurse_submodules_when_cloning?
359
- false
360
- end
361
-
362
357
  sig do
363
358
  returns(
364
359
  T.any(
@@ -776,7 +771,6 @@ module Dependabot
776
771
  # rubocop:disable Metrics/MethodLength
777
772
  # rubocop:disable Metrics/PerceivedComplexity
778
773
  # rubocop:disable Metrics/BlockLength
779
- # rubocop:disable Metrics/CyclomaticComplexity
780
774
  sig { params(target_directory: T.nilable(String)).returns(String) }
781
775
  def _clone_repo_contents(target_directory:)
782
776
  SharedHelpers.with_git_configured(credentials: credentials) do
@@ -789,11 +783,7 @@ module Dependabot
789
783
 
790
784
  clone_options = StringIO.new
791
785
  clone_options << "--no-tags --depth 1"
792
- clone_options << if recurse_submodules_when_cloning?
793
- " --recurse-submodules --shallow-submodules"
794
- else
795
- " --no-recurse-submodules"
796
- end
786
+ clone_options << " --recurse-submodules --shallow-submodules"
797
787
  clone_options << " --branch #{source.branch} --single-branch" if source.branch
798
788
 
799
789
  submodule_cloning_failed = false
@@ -805,7 +795,7 @@ module Dependabot
805
795
  CMD
806
796
  )
807
797
 
808
- @submodules = find_submodules(path) if recurse_submodules_when_cloning?
798
+ @submodules = find_submodules(path)
809
799
  rescue SharedHelpers::HelperSubprocessFailed => e
810
800
  if GIT_RETRYABLE_ERRORS.any? { |error| error.match?(e.message) } && retries < 5
811
801
  retries += 1
@@ -835,20 +825,20 @@ module Dependabot
835
825
  Dir.chdir(path) do
836
826
  fetch_options = StringIO.new
837
827
  fetch_options << "--depth 1"
838
- fetch_options << if recurse_submodules_when_cloning? && !submodule_cloning_failed
839
- " --recurse-submodules=on-demand"
840
- else
828
+ fetch_options << if submodule_cloning_failed
841
829
  " --no-recurse-submodules"
830
+ else
831
+ " --recurse-submodules=on-demand"
842
832
  end
843
833
  # Need to fetch the commit due to the --depth 1 above.
844
834
  SharedHelpers.run_shell_command("git fetch #{fetch_options.string} origin #{source.commit}")
845
835
 
846
836
  reset_options = StringIO.new
847
837
  reset_options << "--hard"
848
- reset_options << if recurse_submodules_when_cloning? && !submodule_cloning_failed
849
- " --recurse-submodules"
850
- else
838
+ reset_options << if submodule_cloning_failed
851
839
  " --no-recurse-submodules"
840
+ else
841
+ " --recurse-submodules"
852
842
  end
853
843
  # Set HEAD to this commit so later calls so git reset HEAD will work.
854
844
  SharedHelpers.run_shell_command("git reset #{reset_options.string} #{source.commit}")
@@ -862,7 +852,6 @@ module Dependabot
862
852
  # rubocop:enable Metrics/MethodLength
863
853
  # rubocop:enable Metrics/PerceivedComplexity
864
854
  # rubocop:enable Metrics/BlockLength
865
- # rubocop:enable Metrics/CyclomaticComplexity
866
855
 
867
856
  sig { params(str: String).returns(String) }
868
857
  def decode_binary_string(str)
data/lib/dependabot/file_updaters/base.rb CHANGED
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
+
5
6
  require "dependabot/credential"
6
7
 
7
8
  module Dependabot
@@ -9,6 +10,7 @@ module Dependabot
9
10
  class Base
10
11
  extend T::Sig
11
12
  extend T::Helpers
13
+
12
14
  abstract!
13
15
 
14
16
  sig { returns(T::Array[Dependabot::Dependency]) }
data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb CHANGED
@@ -46,7 +46,7 @@ module Dependabot
46
46
  [
47
47
  prefix,
48
48
  package_manager,
49
- T.must(files.first).directory.tr(" ", "-"),
49
+ files.first&.directory&.tr(" ", "-"),
50
50
  target_branch
51
51
  ].compact
52
52
  end
data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb CHANGED
@@ -21,10 +21,10 @@ module Dependabot
21
21
  /\[(?<tag>(?:\#|GH-)?\d+)\]\(\)/i
22
22
  ].freeze, T::Array[Regexp])
23
23
 
24
- sig { returns(String) }
24
+ sig { returns(T.nilable(String)) }
25
25
  attr_reader :source_url
26
26
 
27
- sig { params(source_url: String).void }
27
+ sig { params(source_url: T.nilable(String)).void }
28
28
  def initialize(source_url:)
29
29
  @source_url = source_url
30
30
  end
@@ -46,9 +46,18 @@ module Dependabot
46
46
  .match("#{REPO_REGEX}#{TAG_REGEX}")
47
47
  &.named_captures
48
48
  &.fetch("repo", nil)
49
- source = repo ? "https://github.com/#{repo}" : source_url
50
49
 
51
- "[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
50
+ source = if repo
51
+ "https://github.com/#{repo}"
52
+ elsif source_url
53
+ source_url
54
+ end
55
+
56
+ if source
57
+ "[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
58
+ else
59
+ issue_link
60
+ end
52
61
  end
53
62
  end
54
63
  end
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -233,10 +233,17 @@ module Dependabot
233
233
 
234
234
  sig { returns(String) }
235
235
  def group_pr_name
236
+ directories_from_dependencies = dependencies.to_set { |dep| dep.metadata[:directory] }
237
+
238
+ directories_with_updates = source.directories&.filter do |directory|
239
+ directories_from_dependencies.include?(directory)
240
+ end
241
+
236
242
  updates = dependencies.map(&:name).uniq.count
237
243
 
238
244
  if source.directories
239
- "bump the #{T.must(dependency_group).name} across #{T.must(source.directories).count} directories " \
245
+ "bump the #{T.must(dependency_group).name} across #{T.must(directories_with_updates).count} " \
246
+ "#{T.must(directories_with_updates).count > 1 ? 'directories' : 'directory'} " \
240
247
  "with #{updates} update#{'s' if updates > 1}"
241
248
  else
242
249
  "bump the #{T.must(dependency_group).name} group#{pr_name_directory} with #{updates} update#{if updates > 1
data/lib/dependabot/registry_client.rb CHANGED
@@ -19,7 +19,7 @@ module Dependabot
19
19
  sig do
20
20
  params(
21
21
  url: String,
22
- headers: T::Hash[Symbol, T.untyped],
22
+ headers: T::Hash[T.any(String, Symbol), T.untyped],
23
23
  options: T::Hash[Symbol, T.untyped]
24
24
  )
25
25
  .returns(Excon::Response)
@@ -40,7 +40,7 @@ module Dependabot
40
40
  sig do
41
41
  params(
42
42
  url: String,
43
- headers: T::Hash[Symbol, T.untyped],
43
+ headers: T::Hash[T.any(String, Symbol), T.untyped],
44
44
  options: T::Hash[Symbol, T.untyped]
45
45
  )
46
46
  .returns(Excon::Response)
data/lib/dependabot/requirements_update_strategy.rb ADDED
@@ -0,0 +1,13 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ module Dependabot
5
+ class RequirementsUpdateStrategy < T::Enum
6
+ enums do
7
+ BumpVersions = new("bump_versions")
8
+ BumpVersionsIfNecessary = new("bump_versions_if_necessary")
9
+ LockfileOnly = new("lockfile_only")
10
+ WidenRanges = new("widen_ranges")
11
+ end
12
+ end
13
+ end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -4,8 +4,9 @@
4
4
  require "json"
5
5
  require "sorbet-runtime"
6
6
 
7
- require "dependabot/utils"
7
+ require "dependabot/requirements_update_strategy"
8
8
  require "dependabot/security_advisory"
9
+ require "dependabot/utils"
9
10
 
10
11
  module Dependabot
11
12
  module UpdateCheckers
@@ -34,7 +35,7 @@ module Dependabot
34
35
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
35
36
  attr_reader :security_advisories
36
37
 
37
- sig { returns(T.nilable(Symbol)) }
38
+ sig { returns(T.nilable(Dependabot::RequirementsUpdateStrategy)) }
38
39
  attr_reader :requirements_update_strategy
39
40
 
40
41
  sig { returns(T.nilable(Dependabot::DependencyGroup)) }
@@ -52,7 +53,7 @@ module Dependabot
52
53
  ignored_versions: T::Array[String],
53
54
  raise_on_ignored: T::Boolean,
54
55
  security_advisories: T::Array[Dependabot::SecurityAdvisory],
55
- requirements_update_strategy: T.nilable(Symbol),
56
+ requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
56
57
  dependency_group: T.nilable(Dependabot::DependencyGroup),
57
58
  options: T::Hash[Symbol, T.untyped]
58
59
  )
data/lib/dependabot/update_checkers/version_filters.rb CHANGED
@@ -9,11 +9,21 @@ module Dependabot
9
9
  extend T::Sig
10
10
 
11
11
  sig do
12
- params(
13
- versions_array: T::Array[T.any(Gem::Version, T::Hash[Symbol, Gem::Version])],
14
- security_advisories: T::Array[SecurityAdvisory]
15
- )
16
- .returns(T::Array[T.any(Gem::Version, T::Hash[Symbol, Gem::Version])])
12
+ # Tricky generics explanation:
13
+ # There's a type T that is either a Gem::Version or a Hash with a :version key
14
+ # The method returns an array of T
15
+ # So whichever is provided as input, the output will be an array of the same type.
16
+ # https://sorbet.org/docs/generics#placing-bounds-on-generic-methods
17
+ type_parameters(:T)
18
+ .params(
19
+ versions_array: T::Array[
20
+ T.any(
21
+ T.all(T.type_parameter(:T), Gem::Version),
22
+ T.all(T.type_parameter(:T), T::Hash[Symbol, Gem::Version])
23
+ )],
24
+ security_advisories: T::Array[SecurityAdvisory]
25
+ )
26
+ .returns(T::Array[T.type_parameter(:T)])
17
27
  end
18
28
  def self.filter_vulnerable_versions(versions_array, security_advisories)
19
29
  versions_array.reject do |v|
data/lib/dependabot/version.rb CHANGED
@@ -10,59 +10,22 @@ module Dependabot
10
10
 
11
11
  abstract!
12
12
 
13
- sig do
14
- override
15
- .overridable
16
- .params(
17
- version: T.any(
18
- String,
19
- Integer,
20
- Float,
21
- Gem::Version,
22
- NilClass
23
- )
24
- )
25
- .void
26
- end
13
+ VersionParameter = T.type_alias { T.nilable(T.any(String, Integer, Gem::Version)) }
14
+
15
+ sig { override.overridable.params(version: VersionParameter).void }
27
16
  def initialize(version)
28
17
  @original_version = T.let(version.to_s, String)
29
18
 
30
- T.unsafe(super(version))
19
+ super
31
20
  end
32
21
 
33
- sig do
34
- override
35
- .overridable
36
- .params(
37
- version: T.any(
38
- String,
39
- Integer,
40
- Float,
41
- Gem::Version,
42
- NilClass
43
- )
44
- )
45
- .returns(Dependabot::Version)
46
- end
22
+ sig { override.overridable.params(version: VersionParameter).returns(Dependabot::Version) }
47
23
  def self.new(version)
48
24
  T.cast(super, Dependabot::Version)
49
25
  end
50
26
 
51
27
  # Opt-in to Rubygems 4 behavior
52
- sig do
53
- override
54
- .overridable
55
- .params(
56
- version: T.any(
57
- String,
58
- Integer,
59
- Float,
60
- Gem::Version,
61
- NilClass
62
- )
63
- )
64
- .returns(T::Boolean)
65
- end
28
+ sig { override.overridable.params(version: VersionParameter).returns(T::Boolean) }
66
29
  def self.correct?(version)
67
30
  return false if version.nil?
68
31
 
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.246.0"
5
+ VERSION = "0.247.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.246.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-01 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -390,6 +390,20 @@ dependencies:
390
390
  - - "~>"
391
391
  - !ruby/object:Gem::Version
392
392
  version: 1.19.0
393
+ - !ruby/object:Gem::Dependency
394
+ name: rubocop-rspec
395
+ requirement: !ruby/object:Gem::Requirement
396
+ requirements:
397
+ - - "~>"
398
+ - !ruby/object:Gem::Version
399
+ version: 2.27.1
400
+ type: :development
401
+ prerelease: false
402
+ version_requirements: !ruby/object:Gem::Requirement
403
+ requirements:
404
+ - - "~>"
405
+ - !ruby/object:Gem::Version
406
+ version: 2.27.1
393
407
  - !ruby/object:Gem::Dependency
394
408
  name: rubocop-sorbet
395
409
  requirement: !ruby/object:Gem::Requirement
@@ -547,6 +561,7 @@ files:
547
561
  - lib/dependabot/pull_request_updater/gitlab.rb
548
562
  - lib/dependabot/registry_client.rb
549
563
  - lib/dependabot/requirement.rb
564
+ - lib/dependabot/requirements_update_strategy.rb
550
565
  - lib/dependabot/security_advisory.rb
551
566
  - lib/dependabot/shared_helpers.rb
552
567
  - lib/dependabot/simple_instrumentor.rb
@@ -567,7 +582,7 @@ licenses:
567
582
  - Nonstandard
568
583
  metadata:
569
584
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
570
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
585
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
571
586
  post_install_message:
572
587
  rdoc_options: []
573
588
  require_paths: