dependabot-common 0.271.0 → 0.273.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/errors.rb +12 -0
- data/lib/dependabot/file_parsers/base.rb +6 -0
- data/lib/dependabot/file_updaters/base.rb +2 -2
- data/lib/dependabot/notices.rb +210 -0
- data/lib/dependabot/package_manager.rb +84 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +24 -3
- data/lib/dependabot/sem_version2.rb +131 -0
- data/lib/dependabot.rb +1 -1
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: be0c28765d665424088cb737d933cf376c29d931e1d642f96562d362c406fcf0
|
|
4
|
+
data.tar.gz: de8f912ee099ed27b8d14811f7fb67f9b83119dc7db2483645947b2cd12b380d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e45c119606e121da9f919de9e40ff1ae63e22ad0167308bcb1e74b626296607fa8d05634ccb7ac922943d547c0f99820fab5c89fe105580146b5dc2224fbd97a
|
|
7
|
+
data.tar.gz: 2bc6a5d526316d9d81cbfb0e03d06699a28e03757ff36f07a46d870a1e55a89794ffd834f3c1c8e21c7ccf737ed325bc1af111a2e22234641c54e1bb9d8cd56b
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -226,6 +226,11 @@ module Dependabot
|
|
|
226
226
|
"error-message": error.message
|
|
227
227
|
}
|
|
228
228
|
}
|
|
229
|
+
when Dependabot::OutOfDisk
|
|
230
|
+
{
|
|
231
|
+
"error-type": "out_of_disk",
|
|
232
|
+
"error-detail": {}
|
|
233
|
+
}
|
|
229
234
|
when Dependabot::GoModulePathMismatch
|
|
230
235
|
{
|
|
231
236
|
"error-type": "go_module_path_mismatch",
|
|
@@ -235,6 +240,11 @@ module Dependabot
|
|
|
235
240
|
"go-mod": error.go_mod
|
|
236
241
|
}
|
|
237
242
|
}
|
|
243
|
+
when BadRequirementError
|
|
244
|
+
{
|
|
245
|
+
"error-type": "illformed_requirement",
|
|
246
|
+
"error-detail": { message: error.message }
|
|
247
|
+
}
|
|
238
248
|
when
|
|
239
249
|
IncompatibleCPU,
|
|
240
250
|
NetworkUnsafeHTTP
|
|
@@ -508,6 +518,8 @@ module Dependabot
|
|
|
508
518
|
|
|
509
519
|
class DependencyFileNotResolvable < DependabotError; end
|
|
510
520
|
|
|
521
|
+
class BadRequirementError < Gem::Requirement::BadRequirementError; end
|
|
522
|
+
|
|
511
523
|
#######################
|
|
512
524
|
# Source level errors #
|
|
513
525
|
#######################
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/credential"
|
|
6
|
+
require "dependabot/package_manager"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module FileParsers
|
|
@@ -53,6 +54,11 @@ module Dependabot
|
|
|
53
54
|
sig { abstract.returns(T::Array[Dependabot::Dependency]) }
|
|
54
55
|
def parse; end
|
|
55
56
|
|
|
57
|
+
sig { returns(T.nilable(PackageManagerBase)) }
|
|
58
|
+
def package_manager
|
|
59
|
+
nil
|
|
60
|
+
end
|
|
61
|
+
|
|
56
62
|
private
|
|
57
63
|
|
|
58
64
|
sig { abstract.void }
|
|
@@ -28,8 +28,8 @@ module Dependabot
|
|
|
28
28
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
29
29
|
attr_reader :options
|
|
30
30
|
|
|
31
|
-
sig { overridable.
|
|
32
|
-
def self.updated_files_regex
|
|
31
|
+
sig { overridable.returns(T::Array[Regexp]) }
|
|
32
|
+
def self.updated_files_regex
|
|
33
33
|
raise NotImplementedError
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/package_manager"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
class Notice
|
|
9
|
+
module NoticeMode
|
|
10
|
+
INFO = "INFO"
|
|
11
|
+
WARN = "WARN"
|
|
12
|
+
ERROR = "ERROR"
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
sig { returns(String) }
|
|
18
|
+
attr_reader :mode, :type, :package_manager_name, :title, :description
|
|
19
|
+
|
|
20
|
+
sig { returns(T::Boolean) }
|
|
21
|
+
attr_reader :show_in_pr, :show_alert
|
|
22
|
+
|
|
23
|
+
# Initializes a new Notice object.
|
|
24
|
+
# @param mode [String] The mode of the notice (e.g., "WARN", "ERROR").
|
|
25
|
+
# @param type [String] The type of the notice (e.g., "bundler_deprecated_warn").
|
|
26
|
+
# @param package_manager_name [String] The name of the package manager (e.g., "bundler").
|
|
27
|
+
# @param title [String] The title of the notice.
|
|
28
|
+
# @param description [String] The main description of the notice.
|
|
29
|
+
# @param show_in_pr [Boolean] Whether the notice should be shown in a pull request.
|
|
30
|
+
# @param show_alert [Boolean] Whether the notice should be shown in alerts.
|
|
31
|
+
sig do
|
|
32
|
+
params(
|
|
33
|
+
mode: String,
|
|
34
|
+
type: String,
|
|
35
|
+
package_manager_name: String,
|
|
36
|
+
title: String,
|
|
37
|
+
description: String,
|
|
38
|
+
show_in_pr: T::Boolean,
|
|
39
|
+
show_alert: T::Boolean
|
|
40
|
+
).void
|
|
41
|
+
end
|
|
42
|
+
def initialize(
|
|
43
|
+
mode:, type:, package_manager_name:,
|
|
44
|
+
title: "", description: "",
|
|
45
|
+
show_in_pr: false, show_alert: false
|
|
46
|
+
)
|
|
47
|
+
@mode = mode
|
|
48
|
+
@type = type
|
|
49
|
+
@package_manager_name = package_manager_name
|
|
50
|
+
@title = title
|
|
51
|
+
@description = description
|
|
52
|
+
@show_in_pr = show_in_pr
|
|
53
|
+
@show_alert = show_alert
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Converts the Notice object to a hash.
|
|
57
|
+
# @return [Hash] The hash representation of the notice.
|
|
58
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
59
|
+
def to_hash
|
|
60
|
+
{
|
|
61
|
+
mode: @mode,
|
|
62
|
+
type: @type,
|
|
63
|
+
package_manager_name: @package_manager_name,
|
|
64
|
+
title: @title,
|
|
65
|
+
description: @description,
|
|
66
|
+
show_in_pr: @show_in_pr,
|
|
67
|
+
show_alert: @show_alert
|
|
68
|
+
}
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# Generates a description for supported versions.
|
|
72
|
+
# @param supported_versions [Array<Dependabot::Version>, nil] The supported versions of the package manager.
|
|
73
|
+
# @param support_later_versions [Boolean] Whether later versions are supported.
|
|
74
|
+
# @return [String, nil] The generated description or nil if no supported versions are provided.
|
|
75
|
+
sig do
|
|
76
|
+
params(
|
|
77
|
+
supported_versions: T.nilable(T::Array[Dependabot::Version]),
|
|
78
|
+
support_later_versions: T::Boolean
|
|
79
|
+
).returns(String)
|
|
80
|
+
end
|
|
81
|
+
def self.generate_supported_versions_description(supported_versions, support_later_versions)
|
|
82
|
+
return "Please upgrade your package manager version" unless supported_versions&.any?
|
|
83
|
+
|
|
84
|
+
versions_string = supported_versions.map { |version| "`v#{version}`" }
|
|
85
|
+
|
|
86
|
+
versions_string[-1] = "or #{versions_string[-1]}" if versions_string.count > 1 && !support_later_versions
|
|
87
|
+
|
|
88
|
+
versions_string = versions_string.join(", ")
|
|
89
|
+
|
|
90
|
+
later_description = support_later_versions ? ", or later" : ""
|
|
91
|
+
|
|
92
|
+
return "Please upgrade to version #{versions_string}#{later_description}." if supported_versions.count == 1
|
|
93
|
+
|
|
94
|
+
"Please upgrade to one of the following versions: #{versions_string}#{later_description}."
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Generates a support notice for the given package manager.
|
|
98
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
99
|
+
# @return [Notice, nil] The generated notice or nil if no notice is applicable.
|
|
100
|
+
sig do
|
|
101
|
+
params(
|
|
102
|
+
package_manager: PackageManagerBase
|
|
103
|
+
).returns(T.nilable(Notice))
|
|
104
|
+
end
|
|
105
|
+
def self.generate_support_notice(package_manager)
|
|
106
|
+
deprecation_notice = generate_pm_deprecation_notice(package_manager)
|
|
107
|
+
|
|
108
|
+
return deprecation_notice if deprecation_notice
|
|
109
|
+
|
|
110
|
+
generate_pm_unsupported_notice(package_manager)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
# Generates a deprecation notice for the given package manager.
|
|
114
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
115
|
+
# @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
|
|
116
|
+
sig do
|
|
117
|
+
params(
|
|
118
|
+
package_manager: PackageManagerBase
|
|
119
|
+
).returns(T.nilable(Notice))
|
|
120
|
+
end
|
|
121
|
+
def self.generate_pm_deprecation_notice(package_manager)
|
|
122
|
+
return nil unless package_manager.deprecated?
|
|
123
|
+
|
|
124
|
+
mode = NoticeMode::WARN
|
|
125
|
+
supported_versions_description = generate_supported_versions_description(
|
|
126
|
+
package_manager.supported_versions,
|
|
127
|
+
package_manager.support_later_versions?
|
|
128
|
+
)
|
|
129
|
+
notice_type = "#{package_manager.name}_deprecated_warn"
|
|
130
|
+
title = "Package manager deprecation notice"
|
|
131
|
+
description = "Dependabot will stop supporting `#{package_manager.name} v#{package_manager.version}`!"
|
|
132
|
+
|
|
133
|
+
## Add the supported versions to the description
|
|
134
|
+
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
135
|
+
|
|
136
|
+
Notice.new(
|
|
137
|
+
mode: mode,
|
|
138
|
+
type: notice_type,
|
|
139
|
+
package_manager_name: package_manager.name,
|
|
140
|
+
title: title,
|
|
141
|
+
description: description,
|
|
142
|
+
show_in_pr: true,
|
|
143
|
+
show_alert: true
|
|
144
|
+
)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
# Generates an unsupported notice for the given package manager.
|
|
148
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
|
149
|
+
# @return [Notice, nil] The generated unsupported notice or nil if the package manager is not unsupported.
|
|
150
|
+
sig do
|
|
151
|
+
params(
|
|
152
|
+
package_manager: PackageManagerBase
|
|
153
|
+
).returns(T.nilable(Notice))
|
|
154
|
+
end
|
|
155
|
+
def self.generate_pm_unsupported_notice(package_manager)
|
|
156
|
+
return nil unless package_manager.unsupported?
|
|
157
|
+
|
|
158
|
+
mode = NoticeMode::ERROR
|
|
159
|
+
supported_versions_description = generate_supported_versions_description(
|
|
160
|
+
package_manager.supported_versions,
|
|
161
|
+
package_manager.support_later_versions?
|
|
162
|
+
)
|
|
163
|
+
notice_type = "#{package_manager.name}_unsupported_error"
|
|
164
|
+
title = "Package manager unsupported notice"
|
|
165
|
+
description = "Dependabot no longer supports `#{package_manager.name} v#{package_manager.version}`!"
|
|
166
|
+
|
|
167
|
+
## Add the supported versions to the description
|
|
168
|
+
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
169
|
+
|
|
170
|
+
Notice.new(
|
|
171
|
+
mode: mode,
|
|
172
|
+
type: notice_type,
|
|
173
|
+
package_manager_name: package_manager.name,
|
|
174
|
+
title: title,
|
|
175
|
+
description: description,
|
|
176
|
+
show_in_pr: true,
|
|
177
|
+
show_alert: true
|
|
178
|
+
)
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
sig { params(notice: Notice).returns(T.nilable(String)) }
|
|
182
|
+
def self.markdown_from_description(notice)
|
|
183
|
+
description = notice.description
|
|
184
|
+
|
|
185
|
+
return if description.empty?
|
|
186
|
+
|
|
187
|
+
markdown = "> [!#{markdown_mode(notice.mode)}]\n"
|
|
188
|
+
# Log each non-empty line of the deprecation notice description
|
|
189
|
+
description.each_line do |line|
|
|
190
|
+
line = line.strip
|
|
191
|
+
markdown += "> #{line}\n"
|
|
192
|
+
end
|
|
193
|
+
markdown
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
sig { params(mode: String).returns(String) }
|
|
197
|
+
def self.markdown_mode(mode)
|
|
198
|
+
case mode
|
|
199
|
+
when NoticeMode::INFO
|
|
200
|
+
"INFO"
|
|
201
|
+
when NoticeMode::WARN
|
|
202
|
+
"WARNING"
|
|
203
|
+
when NoticeMode::ERROR
|
|
204
|
+
"IMPORTANT"
|
|
205
|
+
else
|
|
206
|
+
"INFO"
|
|
207
|
+
end
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class PackageManagerBase
|
|
8
|
+
extend T::Sig
|
|
9
|
+
extend T::Helpers
|
|
10
|
+
|
|
11
|
+
abstract!
|
|
12
|
+
|
|
13
|
+
# The name of the package manager (e.g., "bundler").
|
|
14
|
+
# @example
|
|
15
|
+
# package_manager.name #=> "bundler"
|
|
16
|
+
sig { abstract.returns(String) }
|
|
17
|
+
def name; end
|
|
18
|
+
|
|
19
|
+
# The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
|
|
20
|
+
# @example
|
|
21
|
+
# package_manager.version #=> Dependabot::Version.new("2.1.4")
|
|
22
|
+
sig { abstract.returns(Dependabot::Version) }
|
|
23
|
+
def version; end
|
|
24
|
+
|
|
25
|
+
# Returns an array of deprecated versions of the package manager.
|
|
26
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
27
|
+
# @example
|
|
28
|
+
# package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
|
|
29
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
30
|
+
def deprecated_versions
|
|
31
|
+
[]
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
# Returns an array of unsupported versions of the package manager.
|
|
35
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
36
|
+
# @example
|
|
37
|
+
# package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
|
|
38
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
39
|
+
def unsupported_versions
|
|
40
|
+
[]
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Returns an array of supported versions of the package manager.
|
|
44
|
+
# By default, returns an empty array if not overridden in the subclass.
|
|
45
|
+
# @example
|
|
46
|
+
# package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
|
|
47
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
48
|
+
def supported_versions
|
|
49
|
+
[]
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Checks if the current version is deprecated.
|
|
53
|
+
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
54
|
+
# @example
|
|
55
|
+
# package_manager.deprecated? #=> true
|
|
56
|
+
sig { returns(T::Boolean) }
|
|
57
|
+
def deprecated?
|
|
58
|
+
deprecated_versions.include?(version)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# Checks if the current version is unsupported.
|
|
62
|
+
# Returns true if the version is in the unsupported_versions array; false otherwise.
|
|
63
|
+
# @example
|
|
64
|
+
# package_manager.unsupported? #=> false
|
|
65
|
+
sig { returns(T::Boolean) }
|
|
66
|
+
def unsupported?
|
|
67
|
+
return true if unsupported_versions.include?(version)
|
|
68
|
+
|
|
69
|
+
supported_versions = self.supported_versions
|
|
70
|
+
return version < supported_versions.first if supported_versions.any?
|
|
71
|
+
|
|
72
|
+
false
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
# Indicates if the package manager supports later versions beyond those listed in supported_versions.
|
|
76
|
+
# By default, returns false if not overridden in the subclass.
|
|
77
|
+
# @example
|
|
78
|
+
# package_manager.support_later_versions? #=> true
|
|
79
|
+
sig { returns(T::Boolean) }
|
|
80
|
+
def support_later_versions?
|
|
81
|
+
false
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
@@ -12,6 +12,7 @@ require "dependabot/logger"
|
|
|
12
12
|
require "dependabot/metadata_finders"
|
|
13
13
|
require "dependabot/pull_request_creator"
|
|
14
14
|
require "dependabot/pull_request_creator/message"
|
|
15
|
+
require "dependabot/notices"
|
|
15
16
|
|
|
16
17
|
# rubocop:disable Metrics/ClassLength
|
|
17
18
|
module Dependabot
|
|
@@ -64,6 +65,9 @@ module Dependabot
|
|
|
64
65
|
sig { returns(T::Array[T::Hash[String, String]]) }
|
|
65
66
|
attr_reader :ignore_conditions
|
|
66
67
|
|
|
68
|
+
sig { returns(T.nilable(T::Array[Dependabot::Notice])) }
|
|
69
|
+
attr_reader :notices
|
|
70
|
+
|
|
67
71
|
TRUNCATED_MSG = "...\n\n_Description has been truncated_"
|
|
68
72
|
|
|
69
73
|
sig do
|
|
@@ -80,7 +84,8 @@ module Dependabot
|
|
|
80
84
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
81
85
|
pr_message_max_length: T.nilable(Integer),
|
|
82
86
|
pr_message_encoding: T.nilable(Encoding),
|
|
83
|
-
ignore_conditions: T::Array[T::Hash[String, String]]
|
|
87
|
+
ignore_conditions: T::Array[T::Hash[String, String]],
|
|
88
|
+
notices: T.nilable(T::Array[Dependabot::Notice])
|
|
84
89
|
)
|
|
85
90
|
.void
|
|
86
91
|
end
|
|
@@ -88,7 +93,8 @@ module Dependabot
|
|
|
88
93
|
pr_message_header: nil, pr_message_footer: nil,
|
|
89
94
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
|
90
95
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
|
91
|
-
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
|
96
|
+
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
|
97
|
+
ignore_conditions: [], notices: nil)
|
|
92
98
|
@dependencies = dependencies
|
|
93
99
|
@files = files
|
|
94
100
|
@source = source
|
|
@@ -102,6 +108,7 @@ module Dependabot
|
|
|
102
108
|
@pr_message_max_length = pr_message_max_length
|
|
103
109
|
@pr_message_encoding = pr_message_encoding
|
|
104
110
|
@ignore_conditions = ignore_conditions
|
|
111
|
+
@notices = notices
|
|
105
112
|
end
|
|
106
113
|
|
|
107
114
|
sig { params(pr_message_max_length: Integer).returns(Integer) }
|
|
@@ -119,7 +126,8 @@ module Dependabot
|
|
|
119
126
|
|
|
120
127
|
sig { returns(String) }
|
|
121
128
|
def pr_message
|
|
122
|
-
msg = "#{
|
|
129
|
+
msg = "#{pr_notices}" \
|
|
130
|
+
"#{suffixed_pr_message_header}" \
|
|
123
131
|
"#{commit_message_intro}" \
|
|
124
132
|
"#{metadata_cascades}" \
|
|
125
133
|
"#{ignore_conditions_table}" \
|
|
@@ -131,6 +139,17 @@ module Dependabot
|
|
|
131
139
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
|
132
140
|
end
|
|
133
141
|
|
|
142
|
+
sig { returns(T.nilable(String)) }
|
|
143
|
+
def pr_notices
|
|
144
|
+
notices = @notices || []
|
|
145
|
+
unique_messages = notices.filter_map do |notice|
|
|
146
|
+
Dependabot::Notice.markdown_from_description(notice) if notice.show_in_pr
|
|
147
|
+
end.uniq
|
|
148
|
+
|
|
149
|
+
message = unique_messages.join("\n\n")
|
|
150
|
+
message.empty? ? nil : message
|
|
151
|
+
end
|
|
152
|
+
|
|
134
153
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
|
135
154
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
|
136
155
|
sig { params(msg: String).returns(String) }
|
|
@@ -316,6 +335,8 @@ module Dependabot
|
|
|
316
335
|
def suffixed_pr_message_header
|
|
317
336
|
return "" unless pr_message_header
|
|
318
337
|
|
|
338
|
+
return "#{pr_message_header}\n\n" if notices
|
|
339
|
+
|
|
319
340
|
"#{pr_message_header}\n\n"
|
|
320
341
|
end
|
|
321
342
|
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
# See https://semver.org/spec/v2.0.0.html for semver 2 details
|
|
7
|
+
#
|
|
8
|
+
module Dependabot
|
|
9
|
+
class SemVersion2
|
|
10
|
+
extend T::Sig
|
|
11
|
+
extend T::Helpers
|
|
12
|
+
include Comparable
|
|
13
|
+
|
|
14
|
+
SEMVER2_REGEX = /^
|
|
15
|
+
(0|[1-9]\d*)\. # major
|
|
16
|
+
(0|[1-9]\d*)\. # minor
|
|
17
|
+
(0|[1-9]\d*) # patch
|
|
18
|
+
(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))? # pre release
|
|
19
|
+
(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))? # build metadata
|
|
20
|
+
$/x
|
|
21
|
+
|
|
22
|
+
sig { returns(String) }
|
|
23
|
+
attr_accessor :major
|
|
24
|
+
|
|
25
|
+
sig { returns(String) }
|
|
26
|
+
attr_accessor :minor
|
|
27
|
+
|
|
28
|
+
sig { returns(String) }
|
|
29
|
+
attr_accessor :patch
|
|
30
|
+
|
|
31
|
+
sig { returns(T.nilable(String)) }
|
|
32
|
+
attr_accessor :build
|
|
33
|
+
|
|
34
|
+
sig { returns(T.nilable(String)) }
|
|
35
|
+
attr_accessor :prerelease
|
|
36
|
+
|
|
37
|
+
sig { params(version: String).void }
|
|
38
|
+
def initialize(version)
|
|
39
|
+
tokens = parse(version)
|
|
40
|
+
@major = T.let(T.must(tokens[:major]), String)
|
|
41
|
+
@minor = T.let(T.must(tokens[:minor]), String)
|
|
42
|
+
@patch = T.let(T.must(tokens[:patch]), String)
|
|
43
|
+
@build = T.let(tokens[:build], T.nilable(String))
|
|
44
|
+
@prerelease = T.let(tokens[:prerelease], T.nilable(String))
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
sig { returns(T::Boolean) }
|
|
48
|
+
def prerelease?
|
|
49
|
+
!!prerelease
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
sig { returns(String) }
|
|
53
|
+
def to_s
|
|
54
|
+
value = [major, minor, patch].join(".")
|
|
55
|
+
value += "-#{prerelease}" if prerelease
|
|
56
|
+
value += "+#{build}" if build
|
|
57
|
+
value
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
sig { returns(String) }
|
|
61
|
+
def inspect
|
|
62
|
+
"#<#{self.class} #{self}>"
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(T::Boolean) }
|
|
66
|
+
def eql?(other)
|
|
67
|
+
other.is_a?(self.class) && to_s == other.to_s
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(Integer) }
|
|
71
|
+
def <=>(other)
|
|
72
|
+
result = major.to_i <=> other.major.to_i
|
|
73
|
+
return result unless result.zero?
|
|
74
|
+
|
|
75
|
+
result = minor.to_i <=> other.minor.to_i
|
|
76
|
+
return result unless result.zero?
|
|
77
|
+
|
|
78
|
+
result = patch.to_i <=> other.patch.to_i
|
|
79
|
+
return result unless result.zero?
|
|
80
|
+
|
|
81
|
+
compare_prereleases(prerelease, other.prerelease)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
sig { params(version: T.nilable(String)).returns(T::Boolean) }
|
|
85
|
+
def self.correct?(version)
|
|
86
|
+
return false if version.nil?
|
|
87
|
+
|
|
88
|
+
version.match?(SEMVER2_REGEX)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
private
|
|
92
|
+
|
|
93
|
+
sig { params(version: String).returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
94
|
+
def parse(version)
|
|
95
|
+
match = version.match(SEMVER2_REGEX)
|
|
96
|
+
raise ArgumentError, "Malformed version number string #{version}" unless match
|
|
97
|
+
|
|
98
|
+
major, minor, patch, prerelease, build = match.captures
|
|
99
|
+
|
|
100
|
+
{ major: major, minor: minor, patch: patch, prerelease: prerelease, build: build }
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
sig { params(prerelease1: T.nilable(String), prerelease2: T.nilable(String)).returns(Integer) }
|
|
104
|
+
def compare_prereleases(prerelease1, prerelease2) # rubocop:disable Metrics/PerceivedComplexity
|
|
105
|
+
return 0 if prerelease1.nil? && prerelease2.nil?
|
|
106
|
+
return -1 if prerelease2.nil?
|
|
107
|
+
return 1 if prerelease1.nil?
|
|
108
|
+
|
|
109
|
+
prerelease1_tokens = prerelease1.split(".")
|
|
110
|
+
prerelease2_tokens = prerelease2.split(".")
|
|
111
|
+
|
|
112
|
+
prerelease1_tokens.zip(prerelease2_tokens) do |t1, t2|
|
|
113
|
+
return 1 if t2.nil? # t1 is more specific e.g. 1.0.0-rc1.1 vs 1.0.0-rc1
|
|
114
|
+
|
|
115
|
+
if t1 =~ /^\d+$/ && t2 =~ /^\d+$/
|
|
116
|
+
# t1 and t2 are both ints so compare them as such
|
|
117
|
+
a = t1.to_i
|
|
118
|
+
b = t2.to_i
|
|
119
|
+
compare = a <=> b
|
|
120
|
+
return compare unless compare.zero?
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
comp = t1 <=> t2
|
|
124
|
+
return T.must(comp) unless T.must(comp).zero?
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# prereleases are equal or prerelease2 is more specific e.g. 1.0.0-rc1 vs 1.0.0-rc1.1
|
|
128
|
+
prerelease1_tokens.length == prerelease2_tokens.length ? 0 : -1
|
|
129
|
+
end
|
|
130
|
+
end
|
|
131
|
+
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.273.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-08-
|
|
11
|
+
date: 2024-08-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -551,6 +551,8 @@ files:
|
|
|
551
551
|
- lib/dependabot/metadata_finders/base/changelog_pruner.rb
|
|
552
552
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
|
553
553
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
|
554
|
+
- lib/dependabot/notices.rb
|
|
555
|
+
- lib/dependabot/package_manager.rb
|
|
554
556
|
- lib/dependabot/pull_request_creator.rb
|
|
555
557
|
- lib/dependabot/pull_request_creator/azure.rb
|
|
556
558
|
- lib/dependabot/pull_request_creator/bitbucket.rb
|
|
@@ -578,6 +580,7 @@ files:
|
|
|
578
580
|
- lib/dependabot/requirements_update_strategy.rb
|
|
579
581
|
- lib/dependabot/requirements_updater/base.rb
|
|
580
582
|
- lib/dependabot/security_advisory.rb
|
|
583
|
+
- lib/dependabot/sem_version2.rb
|
|
581
584
|
- lib/dependabot/shared_helpers.rb
|
|
582
585
|
- lib/dependabot/simple_instrumentor.rb
|
|
583
586
|
- lib/dependabot/source.rb
|
|
@@ -597,7 +600,7 @@ licenses:
|
|
|
597
600
|
- MIT
|
|
598
601
|
metadata:
|
|
599
602
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
600
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
603
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
|
|
601
604
|
post_install_message:
|
|
602
605
|
rdoc_options: []
|
|
603
606
|
require_paths:
|