dependabot-common 0.283.0 → 0.284.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/file.rb +1 -0
  3. data/lib/dependabot/ecosystem.rb +161 -0
  4. data/lib/dependabot/file_parsers/base.rb +3 -3
  5. data/lib/dependabot/notices.rb +3 -3
  6. data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -26
  7. data/lib/dependabot/pull_request_creator/github.rb +17 -0
  8. data/lib/dependabot/pull_request_creator.rb +2 -6
  9. data/lib/dependabot.rb +1 -1
  10. metadata +6 -6
  11. data/lib/dependabot/package_manager.rb +0 -98
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23990d60058d974f2358748f5a1a9cebeeb9b0aa41bcff87c8d5c0a82f162639
4
- data.tar.gz: 2f8c3980648d02dc8bba63d1b8dde5493293245366d651343a8fac785f65b7f2
3
+ metadata.gz: a0e7ee494c1f62aa0a06d640dbfbce56140dc0a9317c7574771e334ba292a723
4
+ data.tar.gz: 78c644641f5217ed8612c140653334d799333d31477168ca38c48857391f75cd
5
5
  SHA512:
6
- metadata.gz: 2dd34fccf3d316a0b5b9295a0cdf05be1b7fd577a6cc8701ccb91084bef512a393d1347059ccc0bc2c4affeacaf7e6d2e2b9d4c4432ff111ce32597b50a6ba7e
7
- data.tar.gz: 2f8de1d6775ccbd267c25ab3aff79a00247e21ab57a316091cc5419e1fde50fcdd1f5f376aa1954f8aa02e56e105106f4229bc9df98e152df9266013bc7c027a
6
+ metadata.gz: fabe157df4a763173a2b476cc964ce5fe722e5dc57906e34be3bfda68d149b4622184aa697e55f32583c16092d09d83a5795e0302719040029c6a50331dcd484
7
+ data.tar.gz: 6a17a4f25bf5c75a3f4c7c737fc486810afc537d50f26c342481c1c2a27b4557e42514c3cef869c641bcb12e0261e11a9c5fde24a3d83a74c44777974d650e13
data/lib/dependabot/config/file.rb CHANGED
@@ -63,6 +63,7 @@ module Dependabot
63
63
  "composer" => "composer",
64
64
  "devcontainer" => "devcontainers",
65
65
  "docker" => "docker",
66
+ "dotnet-sdk" => "dotnet_sdk",
66
67
  "elm" => "elm",
67
68
  "github-actions" => "github_actions",
68
69
  "gitsubmodule" => "submodules",
data/lib/dependabot/ecosystem.rb ADDED
@@ -0,0 +1,161 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+
6
+ module Dependabot
7
+ class Ecosystem
8
+ extend T::Sig
9
+
10
+ class VersionManager
11
+ extend T::Sig
12
+ extend T::Helpers
13
+
14
+ abstract!
15
+ # Initialize version information with optional requirement
16
+ # @param name [String] the name for the package manager (e.g., "bundler", "npm").
17
+ # @param version [Dependabot::Version] the parsed current version.
18
+ # @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
19
+ # @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
20
+ # @example
21
+ # VersionManager.new("bundler", "2.1.4", Dependabot::Version.new("2.1.4"), nil)
22
+ sig do
23
+ params(
24
+ name: String,
25
+ version: Dependabot::Version,
26
+ deprecated_versions: T::Array[Dependabot::Version],
27
+ supported_versions: T::Array[Dependabot::Version]
28
+ ).void
29
+ end
30
+ def initialize(
31
+ name,
32
+ version,
33
+ deprecated_versions = [],
34
+ supported_versions = []
35
+ )
36
+ @name = T.let(name, String)
37
+ @version = T.let(version, Dependabot::Version)
38
+
39
+ @deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
40
+ @supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
41
+ end
42
+
43
+ # The name of the package manager (e.g., "bundler", "npm").
44
+ # @example
45
+ # name #=> "bundler"
46
+ sig { returns(String) }
47
+ attr_reader :name
48
+
49
+ # The current version of the package manager.
50
+ # @example
51
+ # version #=> Dependabot::Version.new("2.1.4")
52
+ sig { returns(Dependabot::Version) }
53
+ attr_reader :version
54
+
55
+ # Returns an array of deprecated versions of the package manager.
56
+ # @example
57
+ # deprecated_versions #=> [Version.new("1")]
58
+ sig { returns(T::Array[Dependabot::Version]) }
59
+ attr_reader :deprecated_versions
60
+
61
+ # Returns an array of supported versions of the package manager.
62
+ sig { returns(T::Array[Dependabot::Version]) }
63
+ attr_reader :supported_versions
64
+
65
+ # Checks if the current version is deprecated.
66
+ # Returns true if the version is in the deprecated_versions array; false otherwise.
67
+ # @example
68
+ # deprecated? #=> true
69
+ sig { returns(T::Boolean) }
70
+ def deprecated?
71
+ return false if unsupported?
72
+
73
+ deprecated_versions.include?(version)
74
+ end
75
+
76
+ # Checks if the current version is unsupported.
77
+ # @example
78
+ # unsupported? #=> false
79
+ sig { returns(T::Boolean) }
80
+ def unsupported?
81
+ return false if supported_versions.empty?
82
+
83
+ # Check if the version is not supported
84
+ supported_versions.all? { |supported| supported > version }
85
+ end
86
+
87
+ # Raises an error if the current package manager or language version is unsupported.
88
+ # If the version is unsupported, it raises a ToolVersionNotSupported error.
89
+ sig { void }
90
+ def raise_if_unsupported!
91
+ return unless unsupported?
92
+
93
+ # Example: v2.*, v3.*
94
+ supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
95
+
96
+ raise ToolVersionNotSupported.new(
97
+ name,
98
+ version.to_s,
99
+ supported_versions_message
100
+ )
101
+ end
102
+
103
+ # Indicates if the package manager supports later versions beyond those listed in supported_versions.
104
+ # By default, returns false if not overridden in the subclass.
105
+ # @example
106
+ # support_later_versions? #=> true
107
+ sig { returns(T::Boolean) }
108
+ def support_later_versions?
109
+ false
110
+ end
111
+ end
112
+
113
+ # Initialize with mandatory name and optional language information.
114
+ # @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
115
+ # @param package_manager [VersionManager] the package manager.
116
+ sig do
117
+ params(
118
+ name: String,
119
+ package_manager: VersionManager
120
+ ).void
121
+ end
122
+ def initialize(
123
+ name:,
124
+ package_manager:
125
+ )
126
+ @name = T.let(name, String)
127
+ @package_manager = T.let(package_manager, VersionManager)
128
+ end
129
+
130
+ # The name of the ecosystem (mandatory).
131
+ # @example
132
+ # name #=> "npm_and_yarn"
133
+ sig { returns(String) }
134
+ attr_reader :name
135
+
136
+ # The information related to the package manager (mandatory).
137
+ # @example
138
+ # package_manager #=> VersionManager.new("bundler", "2.1.4", Version.new("2.1.4"), nil)
139
+ sig { returns(VersionManager) }
140
+ attr_reader :package_manager
141
+
142
+ # Checks if the current version is deprecated.
143
+ # Returns true if the version is in the deprecated_versions array; false otherwise.
144
+ sig { returns(T::Boolean) }
145
+ def deprecated?
146
+ package_manager.deprecated?
147
+ end
148
+
149
+ # Checks if the current version is unsupported.
150
+ sig { returns(T::Boolean) }
151
+ def unsupported?
152
+ package_manager.unsupported?
153
+ end
154
+
155
+ # Delegate to the package manager to raise ToolVersionNotSupported if the version is unsupported.
156
+ sig { void }
157
+ def raise_if_unsupported!
158
+ package_manager.raise_if_unsupported!
159
+ end
160
+ end
161
+ end
data/lib/dependabot/file_parsers/base.rb CHANGED
@@ -3,7 +3,7 @@
3
3
 
4
4
  require "sorbet-runtime"
5
5
  require "dependabot/credential"
6
- require "dependabot/package_manager"
6
+ require "dependabot/ecosystem"
7
7
 
8
8
  module Dependabot
9
9
  module FileParsers
@@ -54,8 +54,8 @@ module Dependabot
54
54
  sig { abstract.returns(T::Array[Dependabot::Dependency]) }
55
55
  def parse; end
56
56
 
57
- sig { returns(T.nilable(PackageManagerBase)) }
58
- def package_manager
57
+ sig { returns(T.nilable(Ecosystem)) }
58
+ def ecosystem
59
59
  nil
60
60
  end
61
61
 
data/lib/dependabot/notices.rb CHANGED
@@ -2,7 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
- require "dependabot/package_manager"
5
+ require "dependabot/ecosystem"
6
6
 
7
7
  module Dependabot
8
8
  class Notice
@@ -95,11 +95,11 @@ module Dependabot
95
95
  end
96
96
 
97
97
  # Generates a deprecation notice for the given package manager.
98
- # @param package_manager [PackageManagerBase] The package manager object.
98
+ # @param package_manager [VersionManager] The package manager object.
99
99
  # @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
100
100
  sig do
101
101
  params(
102
- package_manager: PackageManagerBase
102
+ package_manager: Ecosystem::VersionManager
103
103
  ).returns(T.nilable(Notice))
104
104
  end
105
105
  def self.generate_pm_deprecation_notice(package_manager)
data/lib/dependabot/pull_request_creator/branch_namer/base.rb CHANGED
@@ -74,32 +74,7 @@ module Dependabot
74
74
  sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
75
75
  end
76
76
 
77
- if Dependabot::Experiments.enabled?(:dedup_branch_names)
78
- dedup_existing_branches(sanitized_name)
79
- else
80
- sanitized_name
81
- end
82
- end
83
-
84
- sig { params(ref: String).returns(String) }
85
- def dedup_existing_branches(ref)
86
- Dependabot.logger.debug(
87
- "Dependabot::PullRequestCreator::dedup_existing_branches::ref : #{ref}"
88
- )
89
- return ref unless existing_branches.include?(ref)
90
-
91
- i = 1
92
- new_ref = "#{ref}-#{i}"
93
- while existing_branches.include?(new_ref)
94
- i += 1
95
- new_ref = "#{ref}-#{i}"
96
- end
97
-
98
- Dependabot.logger.debug(
99
- "Dependabot::PullRequestCreator::dedup_existing_branches::new_ref : #{new_ref}"
100
- )
101
-
102
- new_ref
77
+ sanitized_name
103
78
  end
104
79
 
105
80
  sig { params(ref: String).returns(String) }
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -110,6 +110,13 @@ module Dependabot
110
110
 
111
111
  sig { returns(T.untyped) }
112
112
  def create
113
+ if experiment_duplicate_branch? && branch_exists?(branch_name)
114
+ Dependabot.logger.info(
115
+ "Existing branch \"#{branch_name}\" found. Pull request not created."
116
+ )
117
+ raise BranchAlreadyExists, "Duplicate branch #{branch_name} already exists"
118
+ end
119
+
113
120
  if branch_exists?(branch_name) && unmerged_pull_request_exists?
114
121
  raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
115
122
  end
@@ -132,6 +139,11 @@ module Dependabot
132
139
  # rubocop:disable Metrics/PerceivedComplexity
133
140
  sig { params(name: String).returns(T::Boolean) }
134
141
  def branch_exists?(name)
142
+ Dependabot.logger.debug(
143
+ "Dependabot::PullRequestCreator::Github:branch_exists?. " \
144
+ "Name : #{name}. IsDuplicate: #{git_metadata_fetcher.ref_names.include?(name)}"
145
+ )
146
+
135
147
  git_metadata_fetcher.ref_names.include?(name)
136
148
  rescue Dependabot::GitDependenciesNotReachable => e
137
149
  raise T.must(e.cause) if e.cause&.message&.include?("is disabled")
@@ -580,6 +592,11 @@ module Dependabot
580
592
  raise type, message
581
593
  end
582
594
  end
595
+
596
+ sig { returns(T::Boolean) }
597
+ def experiment_duplicate_branch?
598
+ Dependabot::Experiments.enabled?(:dedup_branch_names)
599
+ end
583
600
  end
584
601
  # rubocop:enable Metrics/ClassLength
585
602
  end
data/lib/dependabot/pull_request_creator.rb CHANGED
@@ -40,6 +40,8 @@ module Dependabot
40
40
 
41
41
  class UnmergedPRExists < StandardError; end
42
42
 
43
+ class BranchAlreadyExists < StandardError; end
44
+
43
45
  class BaseCommitNotUpToDate < StandardError; end
44
46
 
45
47
  class UnexpectedError < StandardError; end
@@ -396,12 +398,6 @@ module Dependabot
396
398
 
397
399
  sig { returns(Dependabot::PullRequestCreator::BranchNamer) }
398
400
  def branch_namer
399
- if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
400
- Dependabot.logger.debug(
401
- "Dependabot::PullRequestCreator::branch_namer : #{existing_branches}"
402
- )
403
- end
404
-
405
401
  @branch_namer ||= T.let(
406
402
  BranchNamer.new(
407
403
  dependencies: dependencies,
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.283.0"
5
+ VERSION = "0.284.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.283.0
4
+ version: 0.284.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-31 00:00:00.000000000 Z
11
+ date: 2024-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -84,14 +84,14 @@ dependencies:
84
84
  requirements:
85
85
  - - "~>"
86
86
  - !ruby/object:Gem::Version
87
- version: 1.18.0
87
+ version: 1.18.2
88
88
  type: :runtime
89
89
  prerelease: false
90
90
  version_requirements: !ruby/object:Gem::Requirement
91
91
  requirements:
92
92
  - - "~>"
93
93
  - !ruby/object:Gem::Version
94
- version: 1.18.0
94
+ version: 1.18.2
95
95
  - !ruby/object:Gem::Dependency
96
96
  name: excon
97
97
  requirement: !ruby/object:Gem::Requirement
@@ -540,6 +540,7 @@ files:
540
540
  - lib/dependabot/dependency.rb
541
541
  - lib/dependabot/dependency_file.rb
542
542
  - lib/dependabot/dependency_group.rb
543
+ - lib/dependabot/ecosystem.rb
543
544
  - lib/dependabot/errors.rb
544
545
  - lib/dependabot/experiments.rb
545
546
  - lib/dependabot/file_fetchers.rb
@@ -566,7 +567,6 @@ files:
566
567
  - lib/dependabot/metadata_finders/base/commits_finder.rb
567
568
  - lib/dependabot/metadata_finders/base/release_finder.rb
568
569
  - lib/dependabot/notices.rb
569
- - lib/dependabot/package_manager.rb
570
570
  - lib/dependabot/pull_request_creator.rb
571
571
  - lib/dependabot/pull_request_creator/azure.rb
572
572
  - lib/dependabot/pull_request_creator/bitbucket.rb
@@ -614,7 +614,7 @@ licenses:
614
614
  - MIT
615
615
  metadata:
616
616
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
617
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.283.0
617
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
618
618
  post_install_message:
619
619
  rdoc_options: []
620
620
  require_paths:
data/lib/dependabot/package_manager.rb DELETED
@@ -1,98 +0,0 @@
1
- # typed: strong
2
- # frozen_string_literal: true
3
-
4
- require "sorbet-runtime"
5
-
6
- module Dependabot
7
- class PackageManagerBase
8
- extend T::Sig
9
- extend T::Helpers
10
-
11
- abstract!
12
-
13
- # The name of the package manager (e.g., "bundler").
14
- # @example
15
- # package_manager.name #=> "bundler"
16
- sig { abstract.returns(String) }
17
- def name; end
18
-
19
- # The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
20
- # @example
21
- # package_manager.version #=> Dependabot::Version.new("2.1.4")
22
- sig { abstract.returns(Dependabot::Version) }
23
- def version; end
24
-
25
- # Returns an array of deprecated versions of the package manager.
26
- # By default, returns an empty array if not overridden in the subclass.
27
- # @example
28
- # package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
29
- sig { returns(T::Array[Dependabot::Version]) }
30
- def deprecated_versions
31
- []
32
- end
33
-
34
- # Returns an array of unsupported versions of the package manager.
35
- # By default, returns an empty array if not overridden in the subclass.
36
- # @example
37
- # package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
38
- sig { returns(T::Array[Dependabot::Version]) }
39
- def unsupported_versions
40
- []
41
- end
42
-
43
- # Returns an array of supported versions of the package manager.
44
- # By default, returns an empty array if not overridden in the subclass.
45
- # @example
46
- # package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
47
- sig { returns(T::Array[Dependabot::Version]) }
48
- def supported_versions
49
- []
50
- end
51
-
52
- # Checks if the current version is deprecated.
53
- # Returns true if the version is in the deprecated_versions array; false otherwise.
54
- # @example
55
- # package_manager.deprecated? #=> true
56
- sig { returns(T::Boolean) }
57
- def deprecated?
58
- # If the version is unsupported, the unsupported error is getting raised separately.
59
- return false if unsupported?
60
-
61
- deprecated_versions.include?(version)
62
- end
63
-
64
- # Checks if the current version is unsupported.
65
- # Returns true if the version is in the unsupported_versions array; false otherwise.
66
- # @example
67
- # package_manager.unsupported? #=> false
68
- sig { returns(T::Boolean) }
69
- def unsupported?
70
- false
71
- end
72
-
73
- # Raises an error if the current package manager version is unsupported.
74
- # If the version is unsupported, it raises a ToolVersionNotSupported error.
75
- sig { void }
76
- def raise_if_unsupported!
77
- return unless unsupported?
78
-
79
- # Example: v2.*, v3.*
80
- supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
81
-
82
- raise ToolVersionNotSupported.new(
83
- name,
84
- version.to_s,
85
- supported_versions_message
86
- )
87
- end
88
-
89
- # Indicates if the package manager supports later versions beyond those listed in supported_versions.
90
- # By default, returns false if not overridden in the subclass.
91
- # @example
92
- # package_manager.support_later_versions? #=> true
93
- sig { returns(T::Boolean) }
94
- def support_later_versions?
95
- false
96
- end
97
- end
98
- end