dependabot-common 0.271.0 → 0.273.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/errors.rb +12 -0
- data/lib/dependabot/file_parsers/base.rb +6 -0
- data/lib/dependabot/file_updaters/base.rb +2 -2
- data/lib/dependabot/notices.rb +210 -0
- data/lib/dependabot/package_manager.rb +84 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +24 -3
- data/lib/dependabot/sem_version2.rb +131 -0
- data/lib/dependabot.rb +1 -1
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: be0c28765d665424088cb737d933cf376c29d931e1d642f96562d362c406fcf0
|
|
4
|
+
data.tar.gz: de8f912ee099ed27b8d14811f7fb67f9b83119dc7db2483645947b2cd12b380d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e45c119606e121da9f919de9e40ff1ae63e22ad0167308bcb1e74b626296607fa8d05634ccb7ac922943d547c0f99820fab5c89fe105580146b5dc2224fbd97a
|
|
7
|
+
data.tar.gz: 2bc6a5d526316d9d81cbfb0e03d06699a28e03757ff36f07a46d870a1e55a89794ffd834f3c1c8e21c7ccf737ed325bc1af111a2e22234641c54e1bb9d8cd56b
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -226,6 +226,11 @@ module Dependabot
|
|
|
226
226
|
"error-message": error.message
|
|
227
227
|
}
|
|
228
228
|
}
|
|
229
|
+
when Dependabot::OutOfDisk
|
|
230
|
+
{
|
|
231
|
+
"error-type": "out_of_disk",
|
|
232
|
+
"error-detail": {}
|
|
233
|
+
}
|
|
229
234
|
when Dependabot::GoModulePathMismatch
|
|
230
235
|
{
|
|
231
236
|
"error-type": "go_module_path_mismatch",
|
|
@@ -235,6 +240,11 @@ module Dependabot
|
|
|
235
240
|
"go-mod": error.go_mod
|
|
236
241
|
}
|
|
237
242
|
}
|
|
243
|
+
when BadRequirementError
|
|
244
|
+
{
|
|
245
|
+
"error-type": "illformed_requirement",
|
|
246
|
+
"error-detail": { message: error.message }
|
|
247
|
+
}
|
|
238
248
|
when
|
|
239
249
|
IncompatibleCPU,
|
|
240
250
|
NetworkUnsafeHTTP
|
|
@@ -508,6 +518,8 @@ module Dependabot
|
|
|
508
518
|
|
|
509
519
|
class DependencyFileNotResolvable < DependabotError; end
|
|
510
520
|
|
|
521
|
+
class BadRequirementError < Gem::Requirement::BadRequirementError; end
|
|
522
|
+
|
|
511
523
|
#######################
|
|
512
524
|
# Source level errors #
|
|
513
525
|
#######################
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/credential"
|
|
6
|
+
require "dependabot/package_manager"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module FileParsers
|
|
@@ -53,6 +54,11 @@ module Dependabot
|
|
|
53
54
|
sig { abstract.returns(T::Array[Dependabot::Dependency]) }
|
|
54
55
|
def parse; end
|
|
55
56
|
|
|
57
|
+
sig { returns(T.nilable(PackageManagerBase)) }
|
|
58
|
+
def package_manager
|
|
59
|
+
nil
|
|
60
|
+
end
|
|
61
|
+
|
|
56
62
|
private
|
|
57
63
|
|
|
58
64
|
sig { abstract.void }
|
|
@@ -28,8 +28,8 @@ module Dependabot
|
|
|
28
28
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
29
29
|
attr_reader :options
|
|
30
30
|
|
|
31
|
-
sig { overridable.
|
|
32
|
-
def self.updated_files_regex
|
|
31
|
+
sig { overridable.returns(T::Array[Regexp]) }
|
|
32
|
+
def self.updated_files_regex
|
|
33
33
|
raise NotImplementedError
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/package_manager"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
class Notice
|
|
9
|
+
module NoticeMode
|
|
10
|
+
INFO = "INFO"
|
|
11
|
+
WARN = "WARN"
|
|
12
|
+
ERROR = "ERROR"
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
sig { returns(String) }
|
|
18
|
+
attr_reader :mode, :type, :package_manager_name, :title, :description
|
|
19
|
+
|
|
20
|
+
sig { returns(T::Boolean) }
|
|
21
|
+
attr_reader :show_in_pr, :show_alert
|
|
22
|
+
|
|
23
|
+
# Initializes a new Notice object.
|
|
24
|
+
# @param mode [String] The mode of the notice (e.g., "WARN", "ERROR").
|
|
25
|
+
# @param type [String] The type of the notice (e.g., "bundler_deprecated_warn").
|
|
26
|
+
# @param package_manager_name [String] The name of the package manager (e.g., "bundler").
|
|
27
|
+
# @param title [String] The title of the notice.
|
|
28
|
+
# @param description [String] The main description of the notice.
|
|
29
|
+
# @param show_in_pr [Boolean] Whether the notice should be shown in a pull request.
|
|
30
|
+
# @param show_alert [Boolean] Whether the notice should be shown in alerts.
|
|
31
|
+
sig do
|
|
32
|
+
params(
|
|
33
|
+
mode: String,
|
|
34
|
+
type: String,
|
|
35
|
+
package_manager_name: String,
|
|
36
|
+
title: String,
|
|
37
|
+
description: String,
|
|
38
|
+
show_in_pr: T::Boolean,
|
|
39
|
+
show_alert: T::Boolean
|
|
40
|
+
).void
|
|
41
|
+
end
|
|
42
|
+
def initialize(
|
|
43
|
+
mode:, type:, package_manager_name:,
|
|
44
|
+
title: "", description: "",
|
|
45
|
+
show_in_pr: false, show_alert: false
|
|
46
|
+
)
|
|
47
|
+
@mode = mode
|
|
48
|
+
@type = type
|
|
49
|
+
@package_manager_name = package_manager_name
|
|
50
|
+
@title = title
|
|
51
|
+
@description = description
|
|
52
|
+
@show_in_pr = show_in_pr
|
|
53
|
+
@show_alert = show_alert
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Converts the Notice object to a hash.
|
|
57
|
+
# @return [Hash] The hash representation of the notice.
|
|
58
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
59
|
+
def to_hash
|
|
60
|
+
{
|
|
61
|
+
mode: @mode,
|
|
62
|
+
type: @type,
|
|
63
|
+
package_manager_name: @package_manager_name,
|
|
64
|
+
title: @title,
|
|
65
|
+
description: @description,
|
|
66
|
+
show_in_pr: @show_in_pr,
|
|
67
|
+
show_alert: @show_alert
|
|
68
|
+
}
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# Generates a description for supported versions.
|
|
72
|
+
# @param supported_versions [Array<Dependabot::Version>, nil] The supported versions of the package manager.
|
|
73
|
+
# @param support_later_versions [Boolean] Whether later versions are supported.
|
|
74
|
+
# @return [String, nil] The generated description or nil if no supported versions are provided.
|
|
75
|
+
sig do
|
|
76
|
+
params(
|
|
77
|
+
supported_versions: T.nilable(T::Array[Dependabot::Version]),
|
|
78
|
+
support_later_versions: T::Boolean
|
|
79
|
+
).returns(String)
|
|
80
|
+
end
|
|
81
|
+
def self.generate_supported_versions_description(supported_versions, support_later_versions)
|
|
82
|
+
return "Please upgrade your package manager version" unless supported_versions&.any?
|
|
83
|
+
|
|
84
|
+
versions_string = supported_versions.map { |version| "`v#{version}`" }
|
|
85
|
+
|
|
86
|
+
versions_string[-1] = "or #{versions_string[-1]}" if versions_string.count > 1 && !support_later_versions
|
|
87
|
+
|
|
88
|
+
versions_string = versions_string.join(", ")
|
|
89
|
+
|
|
90
|
+
later_description = support_later_versions ? ", or later" : ""
|
|
91
|
+
|
|
92
|
+
return "Please upgrade to version #{versions_string}#{later_description}." if supported_versions.count == 1
|
|
93
|
+
|
|
94
|
+
"Please upgrade to one of the following versions: #{versions_string}#{later_description}."
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Generates a support notice for the given package manager.
|
|
98
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
99
|
+
# @return [Notice, nil] The generated notice or nil if no notice is applicable.
|
|
100
|
+
sig do
|
|
101
|
+
params(
|
|
102
|
+
package_manager: PackageManagerBase
|
|
103
|
+
).returns(T.nilable(Notice))
|
|
104
|
+
end
|
|
105
|
+
def self.generate_support_notice(package_manager)
|
|
106
|
+
deprecation_notice = generate_pm_deprecation_notice(package_manager)
|
|
107
|
+
|
|
108
|
+
return deprecation_notice if deprecation_notice
|
|
109
|
+
|
|
110
|
+
generate_pm_unsupported_notice(package_manager)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
# Generates a deprecation notice for the given package manager.
|
|
114
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
115
|
+
# @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
|
|
116
|
+
sig do
|
|
117
|
+
params(
|
|
118
|
+
package_manager: PackageManagerBase
|
|
119
|
+
).returns(T.nilable(Notice))
|
|
120
|
+
end
|
|
121
|
+
def self.generate_pm_deprecation_notice(package_manager)
|
|
122
|
+
return nil unless package_manager.deprecated?
|
|
123
|
+
|
|
124
|
+
mode = NoticeMode::WARN
|
|
125
|
+
supported_versions_description = generate_supported_versions_description(
|
|
126
|
+
package_manager.supported_versions,
|
|
127
|
+
package_manager.support_later_versions?
|
|
128
|
+
)
|
|
129
|
+
notice_type = "#{package_manager.name}_deprecated_warn"
|
|
130
|
+
title = "Package manager deprecation notice"
|
|
131
|
+
description = "Dependabot will stop supporting `#{package_manager.name} v#{package_manager.version}`!"
|
|
132
|
+
|
|
133
|
+
## Add the supported versions to the description
|
|
134
|
+
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
135
|
+
|
|
136
|
+
Notice.new(
|
|
137
|
+
mode: mode,
|
|
138
|
+
type: notice_type,
|
|
139
|
+
package_manager_name: package_manager.name,
|
|
140
|
+
title: title,
|
|
141
|
+
description: description,
|
|
142
|
+
show_in_pr: true,
|
|
143
|
+
show_alert: true
|
|
144
|
+
)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
# Generates an unsupported notice for the given package manager.
|
|
148
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
149
|
+
# @return [Notice, nil] The generated unsupported notice or nil if the package manager is not unsupported.
|
|
150
|
+
sig do
|
|
151
|
+
params(
|
|
152
|
+
package_manager: PackageManagerBase
|
|
153
|
+
).returns(T.nilable(Notice))
|
|
154
|
+
end
|
|
155
|
+
def self.generate_pm_unsupported_notice(package_manager)
|
|
156
|
+
return nil unless package_manager.unsupported?
|
|
157
|
+
|
|
158
|
+
mode = NoticeMode::ERROR
|
|
159
|
+
supported_versions_description = generate_supported_versions_description(
|
|
160
|
+
package_manager.supported_versions,
|
|
161
|
+
package_manager.support_later_versions?
|
|
162
|
+
)
|
|
163
|
+
notice_type = "#{package_manager.name}_unsupported_error"
|
|
164
|
+
title = "Package manager unsupported notice"
|
|
165
|
+
description = "Dependabot no longer supports `#{package_manager.name} v#{package_manager.version}`!"
|
|
166
|
+
|
|
167
|
+
## Add the supported versions to the description
|
|
168
|
+
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
169
|
+
|
|
170
|
+
Notice.new(
|
|
171
|
+
mode: mode,
|
|
172
|
+
type: notice_type,
|
|
173
|
+
package_manager_name: package_manager.name,
|
|
174
|
+
title: title,
|
|
175
|
+
description: description,
|
|
176
|
+
show_in_pr: true,
|
|
177
|
+
show_alert: true
|
|
178
|
+
)
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
sig { params(notice: Notice).returns(T.nilable(String)) }
|
|
182
|
+
def self.markdown_from_description(notice)
|
|
183
|
+
description = notice.description
|
|
184
|
+
|
|
185
|
+
return if description.empty?
|
|
186
|
+
|
|
187
|
+
markdown = "> [!#{markdown_mode(notice.mode)}]\n"
|
|
188
|
+
# Log each non-empty line of the deprecation notice description
|
|
189
|
+
description.each_line do |line|
|
|
190
|
+
line = line.strip
|
|
191
|
+
markdown += "> #{line}\n"
|
|
192
|
+
end
|
|
193
|
+
markdown
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
sig { params(mode: String).returns(String) }
|
|
197
|
+
def self.markdown_mode(mode)
|
|
198
|
+
case mode
|
|
199
|
+
when NoticeMode::INFO
|
|
200
|
+
"INFO"
|
|
201
|
+
when NoticeMode::WARN
|
|
202
|
+
"WARNING"
|
|
203
|
+
when NoticeMode::ERROR
|
|
204
|
+
"IMPORTANT"
|
|
205
|
+
else
|
|
206
|
+
"INFO"
|
|
207
|
+
end
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class PackageManagerBase
|
|
8
|
+
extend T::Sig
|
|
9
|
+
extend T::Helpers
|
|
10
|
+
|
|
11
|
+
abstract!
|
|
12
|
+
|
|
13
|
+
# The name of the package manager (e.g., "bundler").
|
|
14
|
+
# @example
|
|
15
|
+
# package_manager.name #=> "bundler"
|
|
16
|
+
sig { abstract.returns(String) }
|
|
17
|
+
def name; end
|
|
18
|
+
|
|
19
|
+
# The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
|
|
20
|
+
# @example
|
|
21
|
+
# package_manager.version #=> Dependabot::Version.new("2.1.4")
|
|
22
|
+
sig { abstract.returns(Dependabot::Version) }
|
|
23
|
+
def version; end
|
|
24
|
+
|
|
25
|
+
# Returns an array of deprecated versions of the package manager.
|
|
26
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
27
|
+
# @example
|
|
28
|
+
# package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
|
|
29
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
30
|
+
def deprecated_versions
|
|
31
|
+
[]
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
# Returns an array of unsupported versions of the package manager.
|
|
35
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
36
|
+
# @example
|
|
37
|
+
# package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
|
|
38
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
39
|
+
def unsupported_versions
|
|
40
|
+
[]
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Returns an array of supported versions of the package manager.
|
|
44
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
45
|
+
# @example
|
|
46
|
+
# package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
|
|
47
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
48
|
+
def supported_versions
|
|
49
|
+
[]
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Checks if the current version is deprecated.
|
|
53
|
+
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
54
|
+
# @example
|
|
55
|
+
# package_manager.deprecated? #=> true
|
|
56
|
+
sig { returns(T::Boolean) }
|
|
57
|
+
def deprecated?
|
|
58
|
+
deprecated_versions.include?(version)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# Checks if the current version is unsupported.
|
|
62
|
+
# Returns true if the version is in the unsupported_versions array; false otherwise.
|
|
63
|
+
# @example
|
|
64
|
+
# package_manager.unsupported? #=> false
|
|
65
|
+
sig { returns(T::Boolean) }
|
|
66
|
+
def unsupported?
|
|
67
|
+
return true if unsupported_versions.include?(version)
|
|
68
|
+
|
|
69
|
+
supported_versions = self.supported_versions
|
|
70
|
+
return version < supported_versions.first if supported_versions.any?
|
|
71
|
+
|
|
72
|
+
false
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
# Indicates if the package manager supports later versions beyond those listed in supported_versions.
|
|
76
|
+
# By default, returns false if not overridden in the subclass.
|
|
77
|
+
# @example
|
|
78
|
+
# package_manager.support_later_versions? #=> true
|
|
79
|
+
sig { returns(T::Boolean) }
|
|
80
|
+
def support_later_versions?
|
|
81
|
+
false
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
@@ -12,6 +12,7 @@ require "dependabot/logger"
|
|
|
12
12
|
require "dependabot/metadata_finders"
|
|
13
13
|
require "dependabot/pull_request_creator"
|
|
14
14
|
require "dependabot/pull_request_creator/message"
|
|
15
|
+
require "dependabot/notices"
|
|
15
16
|
|
|
16
17
|
# rubocop:disable Metrics/ClassLength
|
|
17
18
|
module Dependabot
|
|
@@ -64,6 +65,9 @@ module Dependabot
|
|
|
64
65
|
sig { returns(T::Array[T::Hash[String, String]]) }
|
|
65
66
|
attr_reader :ignore_conditions
|
|
66
67
|
|
|
68
|
+
sig { returns(T.nilable(T::Array[Dependabot::Notice])) }
|
|
69
|
+
attr_reader :notices
|
|
70
|
+
|
|
67
71
|
TRUNCATED_MSG = "...\n\n_Description has been truncated_"
|
|
68
72
|
|
|
69
73
|
sig do
|
|
@@ -80,7 +84,8 @@ module Dependabot
|
|
|
80
84
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
81
85
|
pr_message_max_length: T.nilable(Integer),
|
|
82
86
|
pr_message_encoding: T.nilable(Encoding),
|
|
83
|
-
ignore_conditions: T::Array[T::Hash[String, String]]
|
|
87
|
+
ignore_conditions: T::Array[T::Hash[String, String]],
|
|
88
|
+
notices: T.nilable(T::Array[Dependabot::Notice])
|
|
84
89
|
)
|
|
85
90
|
.void
|
|
86
91
|
end
|
|
@@ -88,7 +93,8 @@ module Dependabot
|
|
|
88
93
|
pr_message_header: nil, pr_message_footer: nil,
|
|
89
94
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
|
90
95
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
|
91
|
-
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
|
96
|
+
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
|
97
|
+
ignore_conditions: [], notices: nil)
|
|
92
98
|
@dependencies = dependencies
|
|
93
99
|
@files = files
|
|
94
100
|
@source = source
|
|
@@ -102,6 +108,7 @@ module Dependabot
|
|
|
102
108
|
@pr_message_max_length = pr_message_max_length
|
|
103
109
|
@pr_message_encoding = pr_message_encoding
|
|
104
110
|
@ignore_conditions = ignore_conditions
|
|
111
|
+
@notices = notices
|
|
105
112
|
end
|
|
106
113
|
|
|
107
114
|
sig { params(pr_message_max_length: Integer).returns(Integer) }
|
|
@@ -119,7 +126,8 @@ module Dependabot
|
|
|
119
126
|
|
|
120
127
|
sig { returns(String) }
|
|
121
128
|
def pr_message
|
|
122
|
-
msg = "#{
|
|
129
|
+
msg = "#{pr_notices}" \
|
|
130
|
+
"#{suffixed_pr_message_header}" \
|
|
123
131
|
"#{commit_message_intro}" \
|
|
124
132
|
"#{metadata_cascades}" \
|
|
125
133
|
"#{ignore_conditions_table}" \
|
|
@@ -131,6 +139,17 @@ module Dependabot
|
|
|
131
139
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
|
132
140
|
end
|
|
133
141
|
|
|
142
|
+
sig { returns(T.nilable(String)) }
|
|
143
|
+
def pr_notices
|
|
144
|
+
notices = @notices || []
|
|
145
|
+
unique_messages = notices.filter_map do |notice|
|
|
146
|
+
Dependabot::Notice.markdown_from_description(notice) if notice.show_in_pr
|
|
147
|
+
end.uniq
|
|
148
|
+
|
|
149
|
+
message = unique_messages.join("\n\n")
|
|
150
|
+
message.empty? ? nil : message
|
|
151
|
+
end
|
|
152
|
+
|
|
134
153
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
|
135
154
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
|
136
155
|
sig { params(msg: String).returns(String) }
|
|
@@ -316,6 +335,8 @@ module Dependabot
|
|
|
316
335
|
def suffixed_pr_message_header
|
|
317
336
|
return "" unless pr_message_header
|
|
318
337
|
|
|
338
|
+
return "#{pr_message_header}\n\n" if notices
|
|
339
|
+
|
|
319
340
|
"#{pr_message_header}\n\n"
|
|
320
341
|
end
|
|
321
342
|
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
# See https://semver.org/spec/v2.0.0.html for semver 2 details
|
|
7
|
+
#
|
|
8
|
+
module Dependabot
|
|
9
|
+
class SemVersion2
|
|
10
|
+
extend T::Sig
|
|
11
|
+
extend T::Helpers
|
|
12
|
+
include Comparable
|
|
13
|
+
|
|
14
|
+
SEMVER2_REGEX = /^
|
|
15
|
+
(0|[1-9]\d*)\. # major
|
|
16
|
+
(0|[1-9]\d*)\. # minor
|
|
17
|
+
(0|[1-9]\d*) # patch
|
|
18
|
+
(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))? # pre release
|
|
19
|
+
(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))? # build metadata
|
|
20
|
+
$/x
|
|
21
|
+
|
|
22
|
+
sig { returns(String) }
|
|
23
|
+
attr_accessor :major
|
|
24
|
+
|
|
25
|
+
sig { returns(String) }
|
|
26
|
+
attr_accessor :minor
|
|
27
|
+
|
|
28
|
+
sig { returns(String) }
|
|
29
|
+
attr_accessor :patch
|
|
30
|
+
|
|
31
|
+
sig { returns(T.nilable(String)) }
|
|
32
|
+
attr_accessor :build
|
|
33
|
+
|
|
34
|
+
sig { returns(T.nilable(String)) }
|
|
35
|
+
attr_accessor :prerelease
|
|
36
|
+
|
|
37
|
+
sig { params(version: String).void }
|
|
38
|
+
def initialize(version)
|
|
39
|
+
tokens = parse(version)
|
|
40
|
+
@major = T.let(T.must(tokens[:major]), String)
|
|
41
|
+
@minor = T.let(T.must(tokens[:minor]), String)
|
|
42
|
+
@patch = T.let(T.must(tokens[:patch]), String)
|
|
43
|
+
@build = T.let(tokens[:build], T.nilable(String))
|
|
44
|
+
@prerelease = T.let(tokens[:prerelease], T.nilable(String))
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
sig { returns(T::Boolean) }
|
|
48
|
+
def prerelease?
|
|
49
|
+
!!prerelease
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
sig { returns(String) }
|
|
53
|
+
def to_s
|
|
54
|
+
value = [major, minor, patch].join(".")
|
|
55
|
+
value += "-#{prerelease}" if prerelease
|
|
56
|
+
value += "+#{build}" if build
|
|
57
|
+
value
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
sig { returns(String) }
|
|
61
|
+
def inspect
|
|
62
|
+
"#<#{self.class} #{self}>"
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(T::Boolean) }
|
|
66
|
+
def eql?(other)
|
|
67
|
+
other.is_a?(self.class) && to_s == other.to_s
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(Integer) }
|
|
71
|
+
def <=>(other)
|
|
72
|
+
result = major.to_i <=> other.major.to_i
|
|
73
|
+
return result unless result.zero?
|
|
74
|
+
|
|
75
|
+
result = minor.to_i <=> other.minor.to_i
|
|
76
|
+
return result unless result.zero?
|
|
77
|
+
|
|
78
|
+
result = patch.to_i <=> other.patch.to_i
|
|
79
|
+
return result unless result.zero?
|
|
80
|
+
|
|
81
|
+
compare_prereleases(prerelease, other.prerelease)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
sig { params(version: T.nilable(String)).returns(T::Boolean) }
|
|
85
|
+
def self.correct?(version)
|
|
86
|
+
return false if version.nil?
|
|
87
|
+
|
|
88
|
+
version.match?(SEMVER2_REGEX)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
private
|
|
92
|
+
|
|
93
|
+
sig { params(version: String).returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
94
|
+
def parse(version)
|
|
95
|
+
match = version.match(SEMVER2_REGEX)
|
|
96
|
+
raise ArgumentError, "Malformed version number string #{version}" unless match
|
|
97
|
+
|
|
98
|
+
major, minor, patch, prerelease, build = match.captures
|
|
99
|
+
|
|
100
|
+
{ major: major, minor: minor, patch: patch, prerelease: prerelease, build: build }
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
sig { params(prerelease1: T.nilable(String), prerelease2: T.nilable(String)).returns(Integer) }
|
|
104
|
+
def compare_prereleases(prerelease1, prerelease2) # rubocop:disable Metrics/PerceivedComplexity
|
|
105
|
+
return 0 if prerelease1.nil? && prerelease2.nil?
|
|
106
|
+
return -1 if prerelease2.nil?
|
|
107
|
+
return 1 if prerelease1.nil?
|
|
108
|
+
|
|
109
|
+
prerelease1_tokens = prerelease1.split(".")
|
|
110
|
+
prerelease2_tokens = prerelease2.split(".")
|
|
111
|
+
|
|
112
|
+
prerelease1_tokens.zip(prerelease2_tokens) do |t1, t2|
|
|
113
|
+
return 1 if t2.nil? # t1 is more specific e.g. 1.0.0-rc1.1 vs 1.0.0-rc1
|
|
114
|
+
|
|
115
|
+
if t1 =~ /^\d+$/ && t2 =~ /^\d+$/
|
|
116
|
+
# t1 and t2 are both ints so compare them as such
|
|
117
|
+
a = t1.to_i
|
|
118
|
+
b = t2.to_i
|
|
119
|
+
compare = a <=> b
|
|
120
|
+
return compare unless compare.zero?
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
comp = t1 <=> t2
|
|
124
|
+
return T.must(comp) unless T.must(comp).zero?
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# prereleases are equal or prerelease2 is more specific e.g. 1.0.0-rc1 vs 1.0.0-rc1.1
|
|
128
|
+
prerelease1_tokens.length == prerelease2_tokens.length ? 0 : -1
|
|
129
|
+
end
|
|
130
|
+
end
|
|
131
|
+
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.273.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-08-
|
|
11
|
+
date: 2024-08-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -551,6 +551,8 @@ files:
|
|
|
551
551
|
- lib/dependabot/metadata_finders/base/changelog_pruner.rb
|
|
552
552
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
|
553
553
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
|
554
|
+
- lib/dependabot/notices.rb
|
|
555
|
+
- lib/dependabot/package_manager.rb
|
|
554
556
|
- lib/dependabot/pull_request_creator.rb
|
|
555
557
|
- lib/dependabot/pull_request_creator/azure.rb
|
|
556
558
|
- lib/dependabot/pull_request_creator/bitbucket.rb
|
|
@@ -578,6 +580,7 @@ files:
|
|
|
578
580
|
- lib/dependabot/requirements_update_strategy.rb
|
|
579
581
|
- lib/dependabot/requirements_updater/base.rb
|
|
580
582
|
- lib/dependabot/security_advisory.rb
|
|
583
|
+
- lib/dependabot/sem_version2.rb
|
|
581
584
|
- lib/dependabot/shared_helpers.rb
|
|
582
585
|
- lib/dependabot/simple_instrumentor.rb
|
|
583
586
|
- lib/dependabot/source.rb
|
|
@@ -597,7 +600,7 @@ licenses:
|
|
|
597
600
|
- MIT
|
|
598
601
|
metadata:
|
|
599
602
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
600
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
603
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
|
|
601
604
|
post_install_message:
|
|
602
605
|
rdoc_options: []
|
|
603
606
|
require_paths:
|