dependabot-common 0.282.0 → 0.284.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bab04f92d1012d9c1c6ad35a8a7d1dd1fc6c44871574575fca3a194d77e09d91
-  data.tar.gz: 2e55d5191c95ad599cb84cb2a5da47afce5faca28401cb259e87ccae89e0dcfd
+  metadata.gz: a0e7ee494c1f62aa0a06d640dbfbce56140dc0a9317c7574771e334ba292a723
+  data.tar.gz: 78c644641f5217ed8612c140653334d799333d31477168ca38c48857391f75cd
 SHA512:
-  metadata.gz: bce2900b9b4f729e4cc8696636b13e33aef9b6791d727070d88b33e4909437811a1baea39b09272911a5929c4addd002e8177e6b6ad0061c43c1901805c9da13
-  data.tar.gz: 2dd3ba8fdf0810637da059b6587658fc6cb0800defa344c3bf724286f2cc63146af79fbd27e6dc0509ef85517e433b1479c13607bbf305ff36e0e49d32b5a89c
+  metadata.gz: fabe157df4a763173a2b476cc964ce5fe722e5dc57906e34be3bfda68d149b4622184aa697e55f32583c16092d09d83a5795e0302719040029c6a50331dcd484
+  data.tar.gz: 6a17a4f25bf5c75a3f4c7c737fc486810afc537d50f26c342481c1c2a27b4557e42514c3cef869c641bcb12e0261e11a9c5fde24a3d83a74c44777974d650e13

data/lib/dependabot/config/file.rb

@@ -63,6 +63,7 @@ module Dependabot
         "composer" => "composer",
         "devcontainer" => "devcontainers",
         "docker" => "docker",
+        "dotnet-sdk" => "dotnet_sdk",
         "elm" => "elm",
         "github-actions" => "github_actions",
         "gitsubmodule" => "submodules",

data/lib/dependabot/ecosystem.rb

@@ -0,0 +1,161 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+module Dependabot
+  class Ecosystem
+    extend T::Sig
+
+    class VersionManager
+      extend T::Sig
+      extend T::Helpers
+
+      abstract!
+      # Initialize version information with optional requirement
+      # @param name [String] the name for the package manager (e.g., "bundler", "npm").
+      # @param version [Dependabot::Version] the parsed current version.
+      # @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
+      # @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
+      # @example
+      #   VersionManager.new("bundler", "2.1.4", Dependabot::Version.new("2.1.4"), nil)
+      sig do
+        params(
+          name: String,
+          version: Dependabot::Version,
+          deprecated_versions: T::Array[Dependabot::Version],
+          supported_versions: T::Array[Dependabot::Version]
+        ).void
+      end
+      def initialize(
+        name,
+        version,
+        deprecated_versions = [],
+        supported_versions = []
+      )
+        @name = T.let(name, String)
+        @version = T.let(version, Dependabot::Version)
+
+        @deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
+        @supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
+      end
+
+      # The name of the package manager (e.g., "bundler", "npm").
+      # @example
+      #   name #=> "bundler"
+      sig { returns(String) }
+      attr_reader :name
+
+      # The current version of the package manager.
+      # @example
+      #   version #=> Dependabot::Version.new("2.1.4")
+      sig { returns(Dependabot::Version) }
+      attr_reader :version
+
+      # Returns an array of deprecated versions of the package manager.
+      # @example
+      #  deprecated_versions #=> [Version.new("1")]
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :deprecated_versions
+
+      # Returns an array of supported versions of the package manager.
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :supported_versions
+
+      # Checks if the current version is deprecated.
+      # Returns true if the version is in the deprecated_versions array; false otherwise.
+      # @example
+      #   deprecated? #=> true
+      sig { returns(T::Boolean) }
+      def deprecated?
+        return false if unsupported?
+
+        deprecated_versions.include?(version)
+      end
+
+      # Checks if the current version is unsupported.
+      # @example
+      #   unsupported? #=> false
+      sig { returns(T::Boolean) }
+      def unsupported?
+        return false if supported_versions.empty?
+
+        # Check if the version is not supported
+        supported_versions.all? { |supported| supported > version }
+      end
+
+      # Raises an error if the current package manager or language version is unsupported.
+      # If the version is unsupported, it raises a ToolVersionNotSupported error.
+      sig { void }
+      def raise_if_unsupported!
+        return unless unsupported?
+
+        # Example: v2.*, v3.*
+        supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
+
+        raise ToolVersionNotSupported.new(
+          name,
+          version.to_s,
+          supported_versions_message
+        )
+      end
+
+      # Indicates if the package manager supports later versions beyond those listed in supported_versions.
+      # By default, returns false if not overridden in the subclass.
+      # @example
+      #   support_later_versions? #=> true
+      sig { returns(T::Boolean) }
+      def support_later_versions?
+        false
+      end
+    end
+
+    # Initialize with mandatory name and optional language information.
+    # @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
+    # @param package_manager [VersionManager] the package manager.
+    sig do
+      params(
+        name: String,
+        package_manager: VersionManager
+      ).void
+    end
+    def initialize(
+      name:,
+      package_manager:
+    )
+      @name = T.let(name, String)
+      @package_manager = T.let(package_manager, VersionManager)
+    end
+
+    # The name of the ecosystem (mandatory).
+    # @example
+    # name #=> "npm_and_yarn"
+    sig { returns(String) }
+    attr_reader :name
+
+    # The information related to the package manager (mandatory).
+    # @example
+    #  package_manager #=> VersionManager.new("bundler", "2.1.4", Version.new("2.1.4"), nil)
+    sig { returns(VersionManager) }
+    attr_reader :package_manager
+
+    # Checks if the current version is deprecated.
+    # Returns true if the version is in the deprecated_versions array; false otherwise.
+    sig { returns(T::Boolean) }
+    def deprecated?
+      package_manager.deprecated?
+    end
+
+    # Checks if the current version is unsupported.
+    sig { returns(T::Boolean) }
+    def unsupported?
+      package_manager.unsupported?
+    end
+
+    # Delegate to the package manager to raise ToolVersionNotSupported if the version is unsupported.
+    sig { void }
+    def raise_if_unsupported!
+      package_manager.raise_if_unsupported!
+    end
+  end
+end

data/lib/dependabot/file_parsers/base.rb

@@ -3,7 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/credential"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 
 module Dependabot
   module FileParsers
@@ -54,8 +54,8 @@ module Dependabot
       sig { abstract.returns(T::Array[Dependabot::Dependency]) }
       def parse; end
 
-      sig { returns(T.nilable(PackageManagerBase)) }
-      def package_manager
+      sig { returns(T.nilable(Ecosystem)) }
+      def ecosystem
         nil
       end
 

data/lib/dependabot/notices.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 
 module Dependabot
   class Notice
@@ -95,11 +95,11 @@ module Dependabot
     end
 
     # Generates a deprecation notice for the given package manager.
-    # @param package_manager [PackageManagerBase] The package manager object.
+    # @param package_manager [VersionManager] The package manager object.
     # @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
     sig do
       params(
-        package_manager: PackageManagerBase
+        package_manager: Ecosystem::VersionManager
       ).returns(T.nilable(Notice))
     end
     def self.generate_pm_deprecation_notice(package_manager)

data/lib/dependabot/pull_request_creator/branch_namer/base.rb

@@ -74,32 +74,7 @@ module Dependabot
             sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
           end
 
-          if Dependabot::Experiments.enabled?(:dedup_branch_names)
-            dedup_existing_branches(sanitized_name)
-          else
-            sanitized_name
-          end
-        end
-
-        sig { params(ref: String).returns(String) }
-        def dedup_existing_branches(ref)
-          Dependabot.logger.debug(
-            "Dependabot::PullRequestCreator::dedup_existing_branches::ref : #{ref}"
-          )
-          return ref unless existing_branches.include?(ref)
-
-          i = 1
-          new_ref = "#{ref}-#{i}"
-          while existing_branches.include?(new_ref)
-            i += 1
-            new_ref = "#{ref}-#{i}"
-          end
-
-          Dependabot.logger.debug(
-            "Dependabot::PullRequestCreator::dedup_existing_branches::new_ref : #{new_ref}"
-          )
-
-          new_ref
+          sanitized_name
         end
 
         sig { params(ref: String).returns(String) }

data/lib/dependabot/pull_request_creator/github.rb

@@ -110,6 +110,13 @@ module Dependabot
 
       sig { returns(T.untyped) }
       def create
+        if experiment_duplicate_branch? && branch_exists?(branch_name)
+          Dependabot.logger.info(
+            "Existing branch \"#{branch_name}\" found. Pull request not created."
+          )
+          raise BranchAlreadyExists, "Duplicate branch #{branch_name} already exists"
+        end
+
         if branch_exists?(branch_name) && unmerged_pull_request_exists?
           raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
         end
@@ -132,6 +139,11 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       sig { params(name: String).returns(T::Boolean) }
       def branch_exists?(name)
+        Dependabot.logger.debug(
+          "Dependabot::PullRequestCreator::Github:branch_exists?. " \
+          "Name : #{name}. IsDuplicate: #{git_metadata_fetcher.ref_names.include?(name)}"
+        )
+
         git_metadata_fetcher.ref_names.include?(name)
       rescue Dependabot::GitDependenciesNotReachable => e
         raise T.must(e.cause) if e.cause&.message&.include?("is disabled")
@@ -580,6 +592,11 @@ module Dependabot
           raise type, message
         end
       end
+
+      sig { returns(T::Boolean) }
+      def experiment_duplicate_branch?
+        Dependabot::Experiments.enabled?(:dedup_branch_names)
+      end
     end
     # rubocop:enable Metrics/ClassLength
   end

data/lib/dependabot/pull_request_creator.rb

@@ -40,6 +40,8 @@ module Dependabot
 
     class UnmergedPRExists < StandardError; end
 
+    class BranchAlreadyExists < StandardError; end
+
     class BaseCommitNotUpToDate < StandardError; end
 
     class UnexpectedError < StandardError; end
@@ -396,12 +398,6 @@ module Dependabot
 
     sig { returns(Dependabot::PullRequestCreator::BranchNamer) }
     def branch_namer
-      if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
-        Dependabot.logger.debug(
-          "Dependabot::PullRequestCreator::branch_namer : #{existing_branches}"
-        )
-      end
-
       @branch_namer ||= T.let(
         BranchNamer.new(
           dependencies: dependencies,

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.282.0"
+  VERSION = "0.284.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.282.0
+  version: 0.284.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-10-24 00:00:00.000000000 Z
+date: 2024-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -84,14 +84,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.18.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.18.2
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -540,6 +540,7 @@ files:
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb
 - lib/dependabot/dependency_group.rb
+- lib/dependabot/ecosystem.rb
 - lib/dependabot/errors.rb
 - lib/dependabot/experiments.rb
 - lib/dependabot/file_fetchers.rb
@@ -566,7 +567,6 @@ files:
 - lib/dependabot/metadata_finders/base/commits_finder.rb
 - lib/dependabot/metadata_finders/base/release_finder.rb
 - lib/dependabot/notices.rb
-- lib/dependabot/package_manager.rb
 - lib/dependabot/pull_request_creator.rb
 - lib/dependabot/pull_request_creator/azure.rb
 - lib/dependabot/pull_request_creator/bitbucket.rb
@@ -614,7 +614,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
 post_install_message: 
 rdoc_options: []
 require_paths:

data/lib/dependabot/package_manager.rb

@@ -1,98 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-
-module Dependabot
-  class PackageManagerBase
-    extend T::Sig
-    extend T::Helpers
-
-    abstract!
-
-    # The name of the package manager (e.g., "bundler").
-    # @example
-    #   package_manager.name #=> "bundler"
-    sig { abstract.returns(String) }
-    def name; end
-
-    # The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
-    # @example
-    #   package_manager.version #=> Dependabot::Version.new("2.1.4")
-    sig { abstract.returns(Dependabot::Version) }
-    def version; end
-
-    # Returns an array of deprecated versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def deprecated_versions
-      []
-    end
-
-    # Returns an array of unsupported versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def unsupported_versions
-      []
-    end
-
-    # Returns an array of supported versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def supported_versions
-      []
-    end
-
-    # Checks if the current version is deprecated.
-    # Returns true if the version is in the deprecated_versions array; false otherwise.
-    # @example
-    #   package_manager.deprecated? #=> true
-    sig { returns(T::Boolean) }
-    def deprecated?
-      # If the version is unsupported, the unsupported error is getting raised separately.
-      return false if unsupported?
-
-      deprecated_versions.include?(version)
-    end
-
-    # Checks if the current version is unsupported.
-    # Returns true if the version is in the unsupported_versions array; false otherwise.
-    # @example
-    #   package_manager.unsupported? #=> false
-    sig { returns(T::Boolean) }
-    def unsupported?
-      false
-    end
-
-    # Raises an error if the current package manager version is unsupported.
-    # If the version is unsupported, it raises a ToolVersionNotSupported error.
-    sig { void }
-    def raise_if_unsupported!
-      return unless unsupported?
-
-      # Example: v2.*, v3.*
-      supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
-
-      raise ToolVersionNotSupported.new(
-        name,
-        version.to_s,
-        supported_versions_message
-      )
-    end
-
-    # Indicates if the package manager supports later versions beyond those listed in supported_versions.
-    # By default, returns false if not overridden in the subclass.
-    # @example
-    #   package_manager.support_later_versions? #=> true
-    sig { returns(T::Boolean) }
-    def support_later_versions?
-      false
-    end
-  end
-end