RubyGems - dependabot-common - Versions diffs - 0.283.0 → 0.285.0 - Mend

dependabot-common 0.283.0 → 0.285.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/lib/dependabot/config/file.rb +1 -0
data/lib/dependabot/ecosystem.rb +184 -0
data/lib/dependabot/file_parsers/base.rb +3 -3
data/lib/dependabot/notices.rb +3 -3
data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -26
data/lib/dependabot/pull_request_creator/github.rb +20 -0
data/lib/dependabot/pull_request_creator.rb +2 -6
data/lib/dependabot/requirement.rb +55 -1
data/lib/dependabot.rb +1 -1
metadata +6 -6
data/lib/dependabot/package_manager.rb +0 -98

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23990d60058d974f2358748f5a1a9cebeeb9b0aa41bcff87c8d5c0a82f162639
-  data.tar.gz: 2f8c3980648d02dc8bba63d1b8dde5493293245366d651343a8fac785f65b7f2
+  metadata.gz: f715ae3932ff54488335714eca22437b802ffe69591bd5e82804ec1b517bc47e
+  data.tar.gz: 8bc3dbb798980775b4fa8f091d00bd4687ae323d41d766ee887bae09b0d995e2
 SHA512:
-  metadata.gz: 2dd34fccf3d316a0b5b9295a0cdf05be1b7fd577a6cc8701ccb91084bef512a393d1347059ccc0bc2c4affeacaf7e6d2e2b9d4c4432ff111ce32597b50a6ba7e
-  data.tar.gz: 2f8de1d6775ccbd267c25ab3aff79a00247e21ab57a316091cc5419e1fde50fcdd1f5f376aa1954f8aa02e56e105106f4229bc9df98e152df9266013bc7c027a
+  metadata.gz: 91d44bfa9b54c64c11509458bc3414052308ac9ed527c3f15dbc3da25bb314ce9f04712195ebe0cd9116d390f29fa53cfabac0f35a1d5c844362ca1e3f6802bf
+  data.tar.gz: 9309be975505a43f6d2182b1cb992367b1d79d4e4fcc1a9eb1458442d8c6749e65e8f71b24efa09c23faba4300dc818053d35e5724ca8c7e5adb6383eeabffe4

data/lib/dependabot/config/file.rb CHANGED Viewed

@@ -63,6 +63,7 @@ module Dependabot
         "composer" => "composer",
         "devcontainer" => "devcontainers",
         "docker" => "docker",
+        "dotnet-sdk" => "dotnet_sdk",
         "elm" => "elm",
         "github-actions" => "github_actions",
         "gitsubmodule" => "submodules",

data/lib/dependabot/ecosystem.rb ADDED Viewed

@@ -0,0 +1,184 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/requirement"
+module Dependabot
+  class Ecosystem
+    extend T::Sig
+    class VersionManager
+      extend T::Sig
+      extend T::Helpers
+      abstract!
+      # Initialize version information for a package manager or language.
+      # @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
+      # @param version [Dependabot::Version] the parsed current version.
+      # @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
+      # @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
+      # @param requirement [Dependabot::Requirement] an array of requirements.
+      # @example
+      #   VersionManager.new("bundler", "2.1.4", nil)
+      sig do
+        params(
+          name: String,
+          version: Dependabot::Version,
+          deprecated_versions: T::Array[Dependabot::Version],
+          supported_versions: T::Array[Dependabot::Version],
+          requirement: T.nilable(Dependabot::Requirement)
+        ).void
+      end
+      def initialize(
+        name,
+        version,
+        deprecated_versions = [],
+        supported_versions = [],
+        requirement = nil
+      )
+        @name = T.let(name, String)
+        @version = T.let(version, Dependabot::Version)
+        @deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
+        @supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
+        @requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
+      end
+      # The name of the package manager (e.g., "bundler", "npm").
+      # @example
+      #   name #=> "bundler"
+      sig { returns(String) }
+      attr_reader :name
+      # The current version of the package manager or language.
+      # @example
+      #   version #=> Dependabot::Version.new("2.1.4")
+      sig { returns(Dependabot::Version) }
+      attr_reader :version
+      # Returns an array of deprecated versions of the package manager.
+      # @example
+      #  deprecated_versions #=> [Version.new("1")]
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :deprecated_versions
+      # Returns an array of supported versions of the package manager.
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :supported_versions
+      # The current requirement of the package manager or language.
+      # @example
+      #  requirement #=> nil
+      #  requirement #=> Dependabot::Requirement.new(">= 2.1.4")
+      #  requirement #=> Dependabot::Requirement.new(">= 2.1.4, < 3.0")
+      sig { returns(T.nilable(Dependabot::Requirement)) }
+      attr_reader :requirement
+      # Checks if the current version is deprecated.
+      # Returns true if the version is in the deprecated_versions array; false otherwise.
+      # @example
+      #   deprecated? #=> true
+      sig { returns(T::Boolean) }
+      def deprecated?
+        # If the version is unsupported, the unsupported error is getting raised separately.
+        return false if unsupported?
+        deprecated_versions.include?(version)
+      end
+      # Checks if the current version is unsupported.
+      # @example
+      #   unsupported? #=> false
+      sig { returns(T::Boolean) }
+      def unsupported?
+        return false if supported_versions.empty?
+        # Check if the version is not supported
+        supported_versions.all? { |supported| supported > version }
+      end
+      # Raises an error if the current package manager or language version is unsupported.
+      # If the version is unsupported, it raises a ToolVersionNotSupported error.
+      sig { void }
+      def raise_if_unsupported!
+        return unless unsupported?
+        # Example: v2.*, v3.*
+        supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
+        raise ToolVersionNotSupported.new(
+          name,
+          version.to_s,
+          supported_versions_message
+        )
+      end
+      # Indicates if the package manager supports later versions beyond those listed in supported_versions.
+      # By default, returns false if not overridden in the subclass.
+      # @example
+      #   support_later_versions? #=> true
+      sig { returns(T::Boolean) }
+      def support_later_versions?
+        false
+      end
+    end
+    # Initialize with mandatory name and optional language information.
+    # @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
+    # @param package_manager [VersionManager] the package manager (mandatory).
+    # @param language [VersionManager] the language (optional).
+    sig do
+      params(
+        name: String,
+        package_manager: VersionManager,
+        language: T.nilable(VersionManager)
+      ).void
+    end
+    def initialize(
+      name:,
+      package_manager:,
+      language: nil
+    )
+      @name = T.let(name, String)
+      @package_manager = T.let(package_manager, VersionManager)
+      @language = T.let(language, T.nilable(VersionManager))
+    end
+    # The name of the ecosystem (mandatory).
+    # @example
+    # name #=> "npm_and_yarn"
+    sig { returns(String) }
+    attr_reader :name
+    # The information related to the package manager (mandatory).
+    # @example
+    #  package_manager #=> VersionManager.new("bundler", "2.1.4", deprecated_versions, supported_versions)
+    sig { returns(VersionManager) }
+    attr_reader :package_manager
+    # The information related to the language (optional).
+    # @example
+    #  language #=> VersionManager.new("ruby", "3.9", deprecated_versions, supported_versions)
+    sig { returns(T.nilable(VersionManager)) }
+    attr_reader :language
+    # Checks if the current version is deprecated.
+    # Returns true if the version is in the deprecated_versions array; false otherwise.
+    sig { returns(T::Boolean) }
+    def deprecated?
+      package_manager.deprecated?
+    end
+    # Checks if the current version is unsupported.
+    sig { returns(T::Boolean) }
+    def unsupported?
+      package_manager.unsupported?
+    end
+    # Delegate to the package manager to raise ToolVersionNotSupported if the version is unsupported.
+    sig { void }
+    def raise_if_unsupported!
+      package_manager.raise_if_unsupported!
+    end
+  end
+end

data/lib/dependabot/file_parsers/base.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 require "sorbet-runtime"
 require "dependabot/credential"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 module Dependabot
   module FileParsers
@@ -54,8 +54,8 @@ module Dependabot
       sig { abstract.returns(T::Array[Dependabot::Dependency]) }
       def parse; end
-      sig { returns(T.nilable(PackageManagerBase)) }
-      def package_manager
+      sig { returns(T.nilable(Ecosystem)) }
+      def ecosystem
         nil
       end

data/lib/dependabot/notices.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 require "sorbet-runtime"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 module Dependabot
   class Notice
@@ -95,11 +95,11 @@ module Dependabot
     end
     # Generates a deprecation notice for the given package manager.
-    # @param package_manager [PackageManagerBase] The package manager object.
+    # @param package_manager [VersionManager] The package manager object.
     # @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
     sig do
       params(
-        package_manager: PackageManagerBase
+        package_manager: Ecosystem::VersionManager
       ).returns(T.nilable(Notice))
     end
     def self.generate_pm_deprecation_notice(package_manager)

data/lib/dependabot/pull_request_creator/branch_namer/base.rb CHANGED Viewed

@@ -74,32 +74,7 @@ module Dependabot
             sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
           end
-          if Dependabot::Experiments.enabled?(:dedup_branch_names)
-            dedup_existing_branches(sanitized_name)
-          else
-            sanitized_name
-          end
-        end
-        sig { params(ref: String).returns(String) }
-        def dedup_existing_branches(ref)
-          Dependabot.logger.debug(
-            "Dependabot::PullRequestCreator::dedup_existing_branches::ref : #{ref}"
-          )
-          return ref unless existing_branches.include?(ref)
-          i = 1
-          new_ref = "#{ref}-#{i}"
-          while existing_branches.include?(new_ref)
-            i += 1
-            new_ref = "#{ref}-#{i}"
-          end
-          Dependabot.logger.debug(
-            "Dependabot::PullRequestCreator::dedup_existing_branches::new_ref : #{new_ref}"
-          )
-          new_ref
+          sanitized_name
         end
         sig { params(ref: String).returns(String) }

data/lib/dependabot/pull_request_creator/github.rb CHANGED Viewed

@@ -110,6 +110,17 @@ module Dependabot
       sig { returns(T.untyped) }
       def create
+        Dependabot.logger.info(
+          "Initiating Github pull request."
+        )
+        if experiment_duplicate_branch? && branch_exists?(branch_name)
+          Dependabot.logger.info(
+            "Existing branch \"#{branch_name}\" found. Pull request not created."
+          )
+          raise BranchAlreadyExists, "Duplicate branch #{branch_name} already exists"
+        end
         if branch_exists?(branch_name) && unmerged_pull_request_exists?
           raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
         end
@@ -132,6 +143,10 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       sig { params(name: String).returns(T::Boolean) }
       def branch_exists?(name)
+        Dependabot.logger.info(
+          "Checking if branch #{name} already exists."
+        )
         git_metadata_fetcher.ref_names.include?(name)
       rescue Dependabot::GitDependenciesNotReachable => e
         raise T.must(e.cause) if e.cause&.message&.include?("is disabled")
@@ -580,6 +595,11 @@ module Dependabot
           raise type, message
         end
       end
+      sig { returns(T::Boolean) }
+      def experiment_duplicate_branch?
+        Dependabot::Experiments.enabled?(:dedup_branch_names)
+      end
     end
     # rubocop:enable Metrics/ClassLength
   end

data/lib/dependabot/pull_request_creator.rb CHANGED Viewed

@@ -40,6 +40,8 @@ module Dependabot
     class UnmergedPRExists < StandardError; end
+    class BranchAlreadyExists < StandardError; end
     class BaseCommitNotUpToDate < StandardError; end
     class UnexpectedError < StandardError; end
@@ -396,12 +398,6 @@ module Dependabot
     sig { returns(Dependabot::PullRequestCreator::BranchNamer) }
     def branch_namer
-      if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
-        Dependabot.logger.debug(
-          "Dependabot::PullRequestCreator::branch_namer : #{existing_branches}"
-        )
-      end
       @branch_namer ||= T.let(
         BranchNamer.new(
           dependencies: dependencies,

data/lib/dependabot/requirement.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -8,13 +8,67 @@ module Dependabot
     extend T::Sig
     extend T::Helpers
+    # Constants for operator groups
+    MINIMUM_OPERATORS = %w(>= > ~>).freeze
+    MAXIMUM_OPERATORS = %w(<= < ~>).freeze
     abstract!
+    # Parses requirement strings and returns an array of requirement objects.
     sig do
       abstract
         .params(requirement_string: T.nilable(String))
         .returns(T::Array[Requirement])
     end
     def self.requirements_array(requirement_string); end
+    # Returns all requirement constraints as an array of strings
+    sig { returns(T::Array[String]) }
+    def constraints
+      requirements.map { |op, version| "#{op} #{version}" }
+    end
+    # Returns the highest lower limit among all minimum constraints.
+    sig { returns(T.nilable(Gem::Version)) }
+    def min_version
+      # Select constraints with minimum operators
+      min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
+      # Choose the maximum version among the minimum constraints
+      max_min_constraint = min_constraints.max_by { |_, version| version }
+      # Return the version part of the max constraint, if it exists
+      Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
+    end
+    # Returns the lowest upper limit among all maximum constraints.
+    sig { returns(T.nilable(Dependabot::Version)) }
+    def max_version
+      # Select constraints with maximum operators
+      max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
+      # Process each maximum constraint, handling "~>" constraints based on length
+      effective_max_versions = max_constraints.map do |op, version|
+        if op == "~>"
+          # If "~>" constraint, bump based on the specificity of the version
+          case version.segments.length
+          when 1
+            # Bump major version (e.g., 2 -> 3.0.0)
+            Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
+          when 2
+            # Bump minor version (e.g., 2.5 -> 2.6.0)
+            Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
+          else
+            # For three or more segments, use version.bump
+            version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
+          end
+        else
+          version
+        end
+      end
+      # Return the smallest among the effective maximum constraints
+      Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
+    end
   end
 end

data/lib/dependabot.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.283.0"
+  VERSION = "0.285.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.283.0
+  version: 0.285.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-31 00:00:00.000000000 Z
+date: 2024-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -84,14 +84,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.18.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.18.2
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -540,6 +540,7 @@ files:
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb
 - lib/dependabot/dependency_group.rb
+- lib/dependabot/ecosystem.rb
 - lib/dependabot/errors.rb
 - lib/dependabot/experiments.rb
 - lib/dependabot/file_fetchers.rb
@@ -566,7 +567,6 @@ files:
 - lib/dependabot/metadata_finders/base/commits_finder.rb
 - lib/dependabot/metadata_finders/base/release_finder.rb
 - lib/dependabot/notices.rb
-- lib/dependabot/package_manager.rb
 - lib/dependabot/pull_request_creator.rb
 - lib/dependabot/pull_request_creator/azure.rb
 - lib/dependabot/pull_request_creator/bitbucket.rb
@@ -614,7 +614,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.283.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.285.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/dependabot/package_manager.rb DELETED Viewed

@@ -1,98 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-require "sorbet-runtime"
-module Dependabot
-  class PackageManagerBase
-    extend T::Sig
-    extend T::Helpers
-    abstract!
-    # The name of the package manager (e.g., "bundler").
-    # @example
-    #   package_manager.name #=> "bundler"
-    sig { abstract.returns(String) }
-    def name; end
-    # The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
-    # @example
-    #   package_manager.version #=> Dependabot::Version.new("2.1.4")
-    sig { abstract.returns(Dependabot::Version) }
-    def version; end
-    # Returns an array of deprecated versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def deprecated_versions
-      []
-    end
-    # Returns an array of unsupported versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def unsupported_versions
-      []
-    end
-    # Returns an array of supported versions of the package manager.
-    # By default, returns an empty array if not overridden in the subclass.
-    # @example
-    #   package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
-    sig { returns(T::Array[Dependabot::Version]) }
-    def supported_versions
-      []
-    end
-    # Checks if the current version is deprecated.
-    # Returns true if the version is in the deprecated_versions array; false otherwise.
-    # @example
-    #   package_manager.deprecated? #=> true
-    sig { returns(T::Boolean) }
-    def deprecated?
-      # If the version is unsupported, the unsupported error is getting raised separately.
-      return false if unsupported?
-      deprecated_versions.include?(version)
-    end
-    # Checks if the current version is unsupported.
-    # Returns true if the version is in the unsupported_versions array; false otherwise.
-    # @example
-    #   package_manager.unsupported? #=> false
-    sig { returns(T::Boolean) }
-    def unsupported?
-      false
-    end
-    # Raises an error if the current package manager version is unsupported.
-    # If the version is unsupported, it raises a ToolVersionNotSupported error.
-    sig { void }
-    def raise_if_unsupported!
-      return unless unsupported?
-      # Example: v2.*, v3.*
-      supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
-      raise ToolVersionNotSupported.new(
-        name,
-        version.to_s,
-        supported_versions_message
-      )
-    end
-    # Indicates if the package manager supports later versions beyond those listed in supported_versions.
-    # By default, returns false if not overridden in the subclass.
-    # @example
-    #   package_manager.support_later_versions? #=> true
-    sig { returns(T::Boolean) }
-    def support_later_versions?
-      false
-    end
-  end
-end