dependabot-common 0.248.0 → 0.250.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket_with_retries.rb +2 -0
- data/lib/dependabot/clients/codecommit.rb +4 -1
- data/lib/dependabot/file_fetchers/base.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +23 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +2 -2
- data/lib/dependabot/requirements_updater/base.rb +28 -0
- data/lib/dependabot.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz: '
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0983823ada7f861d47f3399954e68acd51ac9489e92a8720db43eff4d3cefb49'
|
|
4
|
+
data.tar.gz: 2fdc3a9999f7ed9d5127a350d17677618765f6c57bdf751c1f67402f48f35ef6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 27bc497b5c23a14648786d5406bb7e53c70b369fdb0e9f37c91fb6820bf6534bb4d4f6ecae92fb2d479eaf4624ee4d3788a69b563ae6803969397fd8e65a8227
|
|
7
|
+
data.tar.gz: 387cbc59de29fedd731f0c82352006e6f935a28afcae87a9ada8f78e0378c754482dc988ff690d9e68d858a08a302a29e10c8a2d945c11150bbea270c8069763
|
|
@@ -82,7 +82,10 @@ module Dependabot
|
|
|
82
82
|
repo: String, commit: T.nilable(String),
|
|
83
83
|
path: T.nilable(String)
|
|
84
84
|
)
|
|
85
|
-
.returns(
|
|
85
|
+
# See PR 9344: should .returns(Seahorse::Client::Response)
|
|
86
|
+
# but it not extend Delegator, unblocking until shim or
|
|
87
|
+
# another fix is implemented
|
|
88
|
+
.returns(T.untyped)
|
|
86
89
|
end
|
|
87
90
|
def fetch_repo_contents(repo, commit = nil, path = nil)
|
|
88
91
|
actual_path = path
|
|
@@ -159,7 +159,7 @@ module Dependabot
|
|
|
159
159
|
end
|
|
160
160
|
|
|
161
161
|
# Returns the path to the cloned repo
|
|
162
|
-
sig { returns(String) }
|
|
162
|
+
sig { overridable.returns(String) }
|
|
163
163
|
def clone_repo_contents
|
|
164
164
|
@clone_repo_contents ||= T.let(
|
|
165
165
|
_clone_repo_contents(target_directory: repo_contents_path),
|
|
@@ -15,6 +15,8 @@ module Dependabot
|
|
|
15
15
|
|
|
16
16
|
sig { override.returns(String) }
|
|
17
17
|
def new_branch_name
|
|
18
|
+
return short_branch_name if branch_name_might_be_long?
|
|
19
|
+
|
|
18
20
|
@name ||=
|
|
19
21
|
T.let(
|
|
20
22
|
begin
|
|
@@ -198,6 +200,27 @@ module Dependabot
|
|
|
198
200
|
def requirements_changed?(dependency)
|
|
199
201
|
(dependency.requirements - T.must(dependency.previous_requirements)).any?
|
|
200
202
|
end
|
|
203
|
+
|
|
204
|
+
sig { returns(T::Boolean) }
|
|
205
|
+
def branch_name_might_be_long?
|
|
206
|
+
dependencies.count > 1 && !updating_a_property? && !updating_a_dependency_set?
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
sig { returns(String) }
|
|
210
|
+
def short_branch_name
|
|
211
|
+
# Fix long branch names by using a digest of the dependencies instead of their names.
|
|
212
|
+
sanitize_branch_name(File.join(prefixes, "multi-#{dependency_digest}"))
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
sig { returns(T.nilable(String)) }
|
|
216
|
+
def dependency_digest
|
|
217
|
+
T.let(
|
|
218
|
+
Digest::MD5.hexdigest(dependencies.map do |dependency|
|
|
219
|
+
"#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
|
|
220
|
+
end.sort.join(",")).slice(0, 10),
|
|
221
|
+
T.nilable(String)
|
|
222
|
+
)
|
|
223
|
+
end
|
|
201
224
|
end
|
|
202
225
|
end
|
|
203
226
|
end
|
|
@@ -242,7 +242,7 @@ module Dependabot
|
|
|
242
242
|
updates = dependencies.map(&:name).uniq.count
|
|
243
243
|
|
|
244
244
|
if source.directories
|
|
245
|
-
"bump the #{T.must(dependency_group).name} across #{T.must(directories_with_updates).count} " \
|
|
245
|
+
"bump the #{T.must(dependency_group).name} group across #{T.must(directories_with_updates).count} " \
|
|
246
246
|
"#{T.must(directories_with_updates).count > 1 ? 'directories' : 'directory'} " \
|
|
247
247
|
"with #{updates} update#{'s' if updates > 1}"
|
|
248
248
|
else
|
|
@@ -466,7 +466,7 @@ module Dependabot
|
|
|
466
466
|
|
|
467
467
|
update_count = dependencies_in_directory.map(&:name).uniq.count
|
|
468
468
|
|
|
469
|
-
msg += "Bumps the #{T.must(dependency_group).name} " \
|
|
469
|
+
msg += "Bumps the #{T.must(dependency_group).name} group " \
|
|
470
470
|
"with #{update_count} update#{update_count > 1 ? 's' : ''} in the #{directory} directory:"
|
|
471
471
|
|
|
472
472
|
msg += if update_count >= 5
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module RequirementsUpdater
|
|
8
|
+
module Base
|
|
9
|
+
extend T::Sig
|
|
10
|
+
extend T::Helpers
|
|
11
|
+
extend T::Generic
|
|
12
|
+
|
|
13
|
+
Version = type_member { { upper: Gem::Version } }
|
|
14
|
+
Requirement = type_member { { upper: Gem::Requirement } }
|
|
15
|
+
|
|
16
|
+
interface!
|
|
17
|
+
|
|
18
|
+
sig { abstract.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
19
|
+
def updated_requirements; end
|
|
20
|
+
|
|
21
|
+
sig { abstract.returns(T::Class[Version]) }
|
|
22
|
+
def version_class; end
|
|
23
|
+
|
|
24
|
+
sig { abstract.returns(T::Class[Requirement]) }
|
|
25
|
+
def requirement_class; end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.250.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-04-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -562,6 +562,7 @@ files:
|
|
|
562
562
|
- lib/dependabot/registry_client.rb
|
|
563
563
|
- lib/dependabot/requirement.rb
|
|
564
564
|
- lib/dependabot/requirements_update_strategy.rb
|
|
565
|
+
- lib/dependabot/requirements_updater/base.rb
|
|
565
566
|
- lib/dependabot/security_advisory.rb
|
|
566
567
|
- lib/dependabot/shared_helpers.rb
|
|
567
568
|
- lib/dependabot/simple_instrumentor.rb
|
|
@@ -582,7 +583,7 @@ licenses:
|
|
|
582
583
|
- Nonstandard
|
|
583
584
|
metadata:
|
|
584
585
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
585
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
586
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.250.0
|
|
586
587
|
post_install_message:
|
|
587
588
|
rdoc_options: []
|
|
588
589
|
require_paths:
|