dependabot-common 0.283.0 → 0.285.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/ecosystem.rb +184 -0
- data/lib/dependabot/file_parsers/base.rb +3 -3
- data/lib/dependabot/notices.rb +3 -3
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -26
- data/lib/dependabot/pull_request_creator/github.rb +20 -0
- data/lib/dependabot/pull_request_creator.rb +2 -6
- data/lib/dependabot/requirement.rb +55 -1
- data/lib/dependabot.rb +1 -1
- metadata +6 -6
- data/lib/dependabot/package_manager.rb +0 -98
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f715ae3932ff54488335714eca22437b802ffe69591bd5e82804ec1b517bc47e
|
|
4
|
+
data.tar.gz: 8bc3dbb798980775b4fa8f091d00bd4687ae323d41d766ee887bae09b0d995e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 91d44bfa9b54c64c11509458bc3414052308ac9ed527c3f15dbc3da25bb314ce9f04712195ebe0cd9116d390f29fa53cfabac0f35a1d5c844362ca1e3f6802bf
|
|
7
|
+
data.tar.gz: 9309be975505a43f6d2182b1cb992367b1d79d4e4fcc1a9eb1458442d8c6749e65e8f71b24efa09c23faba4300dc818053d35e5724ca8c7e5adb6383eeabffe4
|
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/requirement"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
class Ecosystem
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
class VersionManager
|
|
12
|
+
extend T::Sig
|
|
13
|
+
extend T::Helpers
|
|
14
|
+
|
|
15
|
+
abstract!
|
|
16
|
+
# Initialize version information for a package manager or language.
|
|
17
|
+
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
|
18
|
+
# @param version [Dependabot::Version] the parsed current version.
|
|
19
|
+
# @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
|
|
20
|
+
# @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
|
|
21
|
+
# @param requirement [Dependabot::Requirement] an array of requirements.
|
|
22
|
+
# @example
|
|
23
|
+
# VersionManager.new("bundler", "2.1.4", nil)
|
|
24
|
+
sig do
|
|
25
|
+
params(
|
|
26
|
+
name: String,
|
|
27
|
+
version: Dependabot::Version,
|
|
28
|
+
deprecated_versions: T::Array[Dependabot::Version],
|
|
29
|
+
supported_versions: T::Array[Dependabot::Version],
|
|
30
|
+
requirement: T.nilable(Dependabot::Requirement)
|
|
31
|
+
).void
|
|
32
|
+
end
|
|
33
|
+
def initialize(
|
|
34
|
+
name,
|
|
35
|
+
version,
|
|
36
|
+
deprecated_versions = [],
|
|
37
|
+
supported_versions = [],
|
|
38
|
+
requirement = nil
|
|
39
|
+
)
|
|
40
|
+
@name = T.let(name, String)
|
|
41
|
+
@version = T.let(version, Dependabot::Version)
|
|
42
|
+
@deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
|
|
43
|
+
@supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
|
|
44
|
+
@requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# The name of the package manager (e.g., "bundler", "npm").
|
|
48
|
+
# @example
|
|
49
|
+
# name #=> "bundler"
|
|
50
|
+
sig { returns(String) }
|
|
51
|
+
attr_reader :name
|
|
52
|
+
|
|
53
|
+
# The current version of the package manager or language.
|
|
54
|
+
# @example
|
|
55
|
+
# version #=> Dependabot::Version.new("2.1.4")
|
|
56
|
+
sig { returns(Dependabot::Version) }
|
|
57
|
+
attr_reader :version
|
|
58
|
+
|
|
59
|
+
# Returns an array of deprecated versions of the package manager.
|
|
60
|
+
# @example
|
|
61
|
+
# deprecated_versions #=> [Version.new("1")]
|
|
62
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
63
|
+
attr_reader :deprecated_versions
|
|
64
|
+
|
|
65
|
+
# Returns an array of supported versions of the package manager.
|
|
66
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
|
67
|
+
attr_reader :supported_versions
|
|
68
|
+
|
|
69
|
+
# The current requirement of the package manager or language.
|
|
70
|
+
# @example
|
|
71
|
+
# requirement #=> nil
|
|
72
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4")
|
|
73
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4, < 3.0")
|
|
74
|
+
sig { returns(T.nilable(Dependabot::Requirement)) }
|
|
75
|
+
attr_reader :requirement
|
|
76
|
+
|
|
77
|
+
# Checks if the current version is deprecated.
|
|
78
|
+
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
79
|
+
# @example
|
|
80
|
+
# deprecated? #=> true
|
|
81
|
+
sig { returns(T::Boolean) }
|
|
82
|
+
def deprecated?
|
|
83
|
+
# If the version is unsupported, the unsupported error is getting raised separately.
|
|
84
|
+
return false if unsupported?
|
|
85
|
+
|
|
86
|
+
deprecated_versions.include?(version)
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
# Checks if the current version is unsupported.
|
|
90
|
+
# @example
|
|
91
|
+
# unsupported? #=> false
|
|
92
|
+
sig { returns(T::Boolean) }
|
|
93
|
+
def unsupported?
|
|
94
|
+
return false if supported_versions.empty?
|
|
95
|
+
|
|
96
|
+
# Check if the version is not supported
|
|
97
|
+
supported_versions.all? { |supported| supported > version }
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
# Raises an error if the current package manager or language version is unsupported.
|
|
101
|
+
# If the version is unsupported, it raises a ToolVersionNotSupported error.
|
|
102
|
+
sig { void }
|
|
103
|
+
def raise_if_unsupported!
|
|
104
|
+
return unless unsupported?
|
|
105
|
+
|
|
106
|
+
# Example: v2.*, v3.*
|
|
107
|
+
supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
|
|
108
|
+
|
|
109
|
+
raise ToolVersionNotSupported.new(
|
|
110
|
+
name,
|
|
111
|
+
version.to_s,
|
|
112
|
+
supported_versions_message
|
|
113
|
+
)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Indicates if the package manager supports later versions beyond those listed in supported_versions.
|
|
117
|
+
# By default, returns false if not overridden in the subclass.
|
|
118
|
+
# @example
|
|
119
|
+
# support_later_versions? #=> true
|
|
120
|
+
sig { returns(T::Boolean) }
|
|
121
|
+
def support_later_versions?
|
|
122
|
+
false
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
# Initialize with mandatory name and optional language information.
|
|
127
|
+
# @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
|
|
128
|
+
# @param package_manager [VersionManager] the package manager (mandatory).
|
|
129
|
+
# @param language [VersionManager] the language (optional).
|
|
130
|
+
sig do
|
|
131
|
+
params(
|
|
132
|
+
name: String,
|
|
133
|
+
package_manager: VersionManager,
|
|
134
|
+
language: T.nilable(VersionManager)
|
|
135
|
+
).void
|
|
136
|
+
end
|
|
137
|
+
def initialize(
|
|
138
|
+
name:,
|
|
139
|
+
package_manager:,
|
|
140
|
+
language: nil
|
|
141
|
+
)
|
|
142
|
+
@name = T.let(name, String)
|
|
143
|
+
@package_manager = T.let(package_manager, VersionManager)
|
|
144
|
+
@language = T.let(language, T.nilable(VersionManager))
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
# The name of the ecosystem (mandatory).
|
|
148
|
+
# @example
|
|
149
|
+
# name #=> "npm_and_yarn"
|
|
150
|
+
sig { returns(String) }
|
|
151
|
+
attr_reader :name
|
|
152
|
+
|
|
153
|
+
# The information related to the package manager (mandatory).
|
|
154
|
+
# @example
|
|
155
|
+
# package_manager #=> VersionManager.new("bundler", "2.1.4", deprecated_versions, supported_versions)
|
|
156
|
+
sig { returns(VersionManager) }
|
|
157
|
+
attr_reader :package_manager
|
|
158
|
+
|
|
159
|
+
# The information related to the language (optional).
|
|
160
|
+
# @example
|
|
161
|
+
# language #=> VersionManager.new("ruby", "3.9", deprecated_versions, supported_versions)
|
|
162
|
+
sig { returns(T.nilable(VersionManager)) }
|
|
163
|
+
attr_reader :language
|
|
164
|
+
|
|
165
|
+
# Checks if the current version is deprecated.
|
|
166
|
+
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
167
|
+
sig { returns(T::Boolean) }
|
|
168
|
+
def deprecated?
|
|
169
|
+
package_manager.deprecated?
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
# Checks if the current version is unsupported.
|
|
173
|
+
sig { returns(T::Boolean) }
|
|
174
|
+
def unsupported?
|
|
175
|
+
package_manager.unsupported?
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
# Delegate to the package manager to raise ToolVersionNotSupported if the version is unsupported.
|
|
179
|
+
sig { void }
|
|
180
|
+
def raise_if_unsupported!
|
|
181
|
+
package_manager.raise_if_unsupported!
|
|
182
|
+
end
|
|
183
|
+
end
|
|
184
|
+
end
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/credential"
|
|
6
|
-
require "dependabot/
|
|
6
|
+
require "dependabot/ecosystem"
|
|
7
7
|
|
|
8
8
|
module Dependabot
|
|
9
9
|
module FileParsers
|
|
@@ -54,8 +54,8 @@ module Dependabot
|
|
|
54
54
|
sig { abstract.returns(T::Array[Dependabot::Dependency]) }
|
|
55
55
|
def parse; end
|
|
56
56
|
|
|
57
|
-
sig { returns(T.nilable(
|
|
58
|
-
def
|
|
57
|
+
sig { returns(T.nilable(Ecosystem)) }
|
|
58
|
+
def ecosystem
|
|
59
59
|
nil
|
|
60
60
|
end
|
|
61
61
|
|
data/lib/dependabot/notices.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
|
-
require "dependabot/
|
|
5
|
+
require "dependabot/ecosystem"
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
8
|
class Notice
|
|
@@ -95,11 +95,11 @@ module Dependabot
|
|
|
95
95
|
end
|
|
96
96
|
|
|
97
97
|
# Generates a deprecation notice for the given package manager.
|
|
98
|
-
# @param package_manager [
|
|
98
|
+
# @param package_manager [VersionManager] The package manager object.
|
|
99
99
|
# @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
|
|
100
100
|
sig do
|
|
101
101
|
params(
|
|
102
|
-
package_manager:
|
|
102
|
+
package_manager: Ecosystem::VersionManager
|
|
103
103
|
).returns(T.nilable(Notice))
|
|
104
104
|
end
|
|
105
105
|
def self.generate_pm_deprecation_notice(package_manager)
|
|
@@ -74,32 +74,7 @@ module Dependabot
|
|
|
74
74
|
sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
|
|
75
75
|
end
|
|
76
76
|
|
|
77
|
-
|
|
78
|
-
dedup_existing_branches(sanitized_name)
|
|
79
|
-
else
|
|
80
|
-
sanitized_name
|
|
81
|
-
end
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
sig { params(ref: String).returns(String) }
|
|
85
|
-
def dedup_existing_branches(ref)
|
|
86
|
-
Dependabot.logger.debug(
|
|
87
|
-
"Dependabot::PullRequestCreator::dedup_existing_branches::ref : #{ref}"
|
|
88
|
-
)
|
|
89
|
-
return ref unless existing_branches.include?(ref)
|
|
90
|
-
|
|
91
|
-
i = 1
|
|
92
|
-
new_ref = "#{ref}-#{i}"
|
|
93
|
-
while existing_branches.include?(new_ref)
|
|
94
|
-
i += 1
|
|
95
|
-
new_ref = "#{ref}-#{i}"
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
Dependabot.logger.debug(
|
|
99
|
-
"Dependabot::PullRequestCreator::dedup_existing_branches::new_ref : #{new_ref}"
|
|
100
|
-
)
|
|
101
|
-
|
|
102
|
-
new_ref
|
|
77
|
+
sanitized_name
|
|
103
78
|
end
|
|
104
79
|
|
|
105
80
|
sig { params(ref: String).returns(String) }
|
|
@@ -110,6 +110,17 @@ module Dependabot
|
|
|
110
110
|
|
|
111
111
|
sig { returns(T.untyped) }
|
|
112
112
|
def create
|
|
113
|
+
Dependabot.logger.info(
|
|
114
|
+
"Initiating Github pull request."
|
|
115
|
+
)
|
|
116
|
+
|
|
117
|
+
if experiment_duplicate_branch? && branch_exists?(branch_name)
|
|
118
|
+
Dependabot.logger.info(
|
|
119
|
+
"Existing branch \"#{branch_name}\" found. Pull request not created."
|
|
120
|
+
)
|
|
121
|
+
raise BranchAlreadyExists, "Duplicate branch #{branch_name} already exists"
|
|
122
|
+
end
|
|
123
|
+
|
|
113
124
|
if branch_exists?(branch_name) && unmerged_pull_request_exists?
|
|
114
125
|
raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
|
|
115
126
|
end
|
|
@@ -132,6 +143,10 @@ module Dependabot
|
|
|
132
143
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
133
144
|
sig { params(name: String).returns(T::Boolean) }
|
|
134
145
|
def branch_exists?(name)
|
|
146
|
+
Dependabot.logger.info(
|
|
147
|
+
"Checking if branch #{name} already exists."
|
|
148
|
+
)
|
|
149
|
+
|
|
135
150
|
git_metadata_fetcher.ref_names.include?(name)
|
|
136
151
|
rescue Dependabot::GitDependenciesNotReachable => e
|
|
137
152
|
raise T.must(e.cause) if e.cause&.message&.include?("is disabled")
|
|
@@ -580,6 +595,11 @@ module Dependabot
|
|
|
580
595
|
raise type, message
|
|
581
596
|
end
|
|
582
597
|
end
|
|
598
|
+
|
|
599
|
+
sig { returns(T::Boolean) }
|
|
600
|
+
def experiment_duplicate_branch?
|
|
601
|
+
Dependabot::Experiments.enabled?(:dedup_branch_names)
|
|
602
|
+
end
|
|
583
603
|
end
|
|
584
604
|
# rubocop:enable Metrics/ClassLength
|
|
585
605
|
end
|
|
@@ -40,6 +40,8 @@ module Dependabot
|
|
|
40
40
|
|
|
41
41
|
class UnmergedPRExists < StandardError; end
|
|
42
42
|
|
|
43
|
+
class BranchAlreadyExists < StandardError; end
|
|
44
|
+
|
|
43
45
|
class BaseCommitNotUpToDate < StandardError; end
|
|
44
46
|
|
|
45
47
|
class UnexpectedError < StandardError; end
|
|
@@ -396,12 +398,6 @@ module Dependabot
|
|
|
396
398
|
|
|
397
399
|
sig { returns(Dependabot::PullRequestCreator::BranchNamer) }
|
|
398
400
|
def branch_namer
|
|
399
|
-
if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
|
|
400
|
-
Dependabot.logger.debug(
|
|
401
|
-
"Dependabot::PullRequestCreator::branch_namer : #{existing_branches}"
|
|
402
|
-
)
|
|
403
|
-
end
|
|
404
|
-
|
|
405
401
|
@branch_namer ||= T.let(
|
|
406
402
|
BranchNamer.new(
|
|
407
403
|
dependencies: dependencies,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -8,13 +8,67 @@ module Dependabot
|
|
|
8
8
|
extend T::Sig
|
|
9
9
|
extend T::Helpers
|
|
10
10
|
|
|
11
|
+
# Constants for operator groups
|
|
12
|
+
MINIMUM_OPERATORS = %w(>= > ~>).freeze
|
|
13
|
+
MAXIMUM_OPERATORS = %w(<= < ~>).freeze
|
|
14
|
+
|
|
11
15
|
abstract!
|
|
12
16
|
|
|
17
|
+
# Parses requirement strings and returns an array of requirement objects.
|
|
13
18
|
sig do
|
|
14
19
|
abstract
|
|
15
20
|
.params(requirement_string: T.nilable(String))
|
|
16
21
|
.returns(T::Array[Requirement])
|
|
17
22
|
end
|
|
18
23
|
def self.requirements_array(requirement_string); end
|
|
24
|
+
|
|
25
|
+
# Returns all requirement constraints as an array of strings
|
|
26
|
+
sig { returns(T::Array[String]) }
|
|
27
|
+
def constraints
|
|
28
|
+
requirements.map { |op, version| "#{op} #{version}" }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Returns the highest lower limit among all minimum constraints.
|
|
32
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
33
|
+
def min_version
|
|
34
|
+
# Select constraints with minimum operators
|
|
35
|
+
min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
|
|
36
|
+
|
|
37
|
+
# Choose the maximum version among the minimum constraints
|
|
38
|
+
max_min_constraint = min_constraints.max_by { |_, version| version }
|
|
39
|
+
|
|
40
|
+
# Return the version part of the max constraint, if it exists
|
|
41
|
+
Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Returns the lowest upper limit among all maximum constraints.
|
|
45
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
46
|
+
def max_version
|
|
47
|
+
# Select constraints with maximum operators
|
|
48
|
+
max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
|
|
49
|
+
|
|
50
|
+
# Process each maximum constraint, handling "~>" constraints based on length
|
|
51
|
+
effective_max_versions = max_constraints.map do |op, version|
|
|
52
|
+
if op == "~>"
|
|
53
|
+
# If "~>" constraint, bump based on the specificity of the version
|
|
54
|
+
case version.segments.length
|
|
55
|
+
when 1
|
|
56
|
+
# Bump major version (e.g., 2 -> 3.0.0)
|
|
57
|
+
Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
|
|
58
|
+
when 2
|
|
59
|
+
# Bump minor version (e.g., 2.5 -> 2.6.0)
|
|
60
|
+
Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
|
|
61
|
+
else
|
|
62
|
+
# For three or more segments, use version.bump
|
|
63
|
+
version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
|
|
64
|
+
end
|
|
65
|
+
else
|
|
66
|
+
version
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Return the smallest among the effective maximum constraints
|
|
71
|
+
Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
|
|
72
|
+
end
|
|
19
73
|
end
|
|
20
74
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.285.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -84,14 +84,14 @@ dependencies:
|
|
|
84
84
|
requirements:
|
|
85
85
|
- - "~>"
|
|
86
86
|
- !ruby/object:Gem::Version
|
|
87
|
-
version: 1.18.
|
|
87
|
+
version: 1.18.2
|
|
88
88
|
type: :runtime
|
|
89
89
|
prerelease: false
|
|
90
90
|
version_requirements: !ruby/object:Gem::Requirement
|
|
91
91
|
requirements:
|
|
92
92
|
- - "~>"
|
|
93
93
|
- !ruby/object:Gem::Version
|
|
94
|
-
version: 1.18.
|
|
94
|
+
version: 1.18.2
|
|
95
95
|
- !ruby/object:Gem::Dependency
|
|
96
96
|
name: excon
|
|
97
97
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -540,6 +540,7 @@ files:
|
|
|
540
540
|
- lib/dependabot/dependency.rb
|
|
541
541
|
- lib/dependabot/dependency_file.rb
|
|
542
542
|
- lib/dependabot/dependency_group.rb
|
|
543
|
+
- lib/dependabot/ecosystem.rb
|
|
543
544
|
- lib/dependabot/errors.rb
|
|
544
545
|
- lib/dependabot/experiments.rb
|
|
545
546
|
- lib/dependabot/file_fetchers.rb
|
|
@@ -566,7 +567,6 @@ files:
|
|
|
566
567
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
|
567
568
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
|
568
569
|
- lib/dependabot/notices.rb
|
|
569
|
-
- lib/dependabot/package_manager.rb
|
|
570
570
|
- lib/dependabot/pull_request_creator.rb
|
|
571
571
|
- lib/dependabot/pull_request_creator/azure.rb
|
|
572
572
|
- lib/dependabot/pull_request_creator/bitbucket.rb
|
|
@@ -614,7 +614,7 @@ licenses:
|
|
|
614
614
|
- MIT
|
|
615
615
|
metadata:
|
|
616
616
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
617
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
617
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.285.0
|
|
618
618
|
post_install_message:
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|
|
@@ -1,98 +0,0 @@
|
|
|
1
|
-
# typed: strong
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require "sorbet-runtime"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
class PackageManagerBase
|
|
8
|
-
extend T::Sig
|
|
9
|
-
extend T::Helpers
|
|
10
|
-
|
|
11
|
-
abstract!
|
|
12
|
-
|
|
13
|
-
# The name of the package manager (e.g., "bundler").
|
|
14
|
-
# @example
|
|
15
|
-
# package_manager.name #=> "bundler"
|
|
16
|
-
sig { abstract.returns(String) }
|
|
17
|
-
def name; end
|
|
18
|
-
|
|
19
|
-
# The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
|
|
20
|
-
# @example
|
|
21
|
-
# package_manager.version #=> Dependabot::Version.new("2.1.4")
|
|
22
|
-
sig { abstract.returns(Dependabot::Version) }
|
|
23
|
-
def version; end
|
|
24
|
-
|
|
25
|
-
# Returns an array of deprecated versions of the package manager.
|
|
26
|
-
# By default, returns an empty array if not overridden in the subclass.
|
|
27
|
-
# @example
|
|
28
|
-
# package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
|
|
29
|
-
sig { returns(T::Array[Dependabot::Version]) }
|
|
30
|
-
def deprecated_versions
|
|
31
|
-
[]
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
# Returns an array of unsupported versions of the package manager.
|
|
35
|
-
# By default, returns an empty array if not overridden in the subclass.
|
|
36
|
-
# @example
|
|
37
|
-
# package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
|
|
38
|
-
sig { returns(T::Array[Dependabot::Version]) }
|
|
39
|
-
def unsupported_versions
|
|
40
|
-
[]
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
# Returns an array of supported versions of the package manager.
|
|
44
|
-
# By default, returns an empty array if not overridden in the subclass.
|
|
45
|
-
# @example
|
|
46
|
-
# package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
|
|
47
|
-
sig { returns(T::Array[Dependabot::Version]) }
|
|
48
|
-
def supported_versions
|
|
49
|
-
[]
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
# Checks if the current version is deprecated.
|
|
53
|
-
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
54
|
-
# @example
|
|
55
|
-
# package_manager.deprecated? #=> true
|
|
56
|
-
sig { returns(T::Boolean) }
|
|
57
|
-
def deprecated?
|
|
58
|
-
# If the version is unsupported, the unsupported error is getting raised separately.
|
|
59
|
-
return false if unsupported?
|
|
60
|
-
|
|
61
|
-
deprecated_versions.include?(version)
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
# Checks if the current version is unsupported.
|
|
65
|
-
# Returns true if the version is in the unsupported_versions array; false otherwise.
|
|
66
|
-
# @example
|
|
67
|
-
# package_manager.unsupported? #=> false
|
|
68
|
-
sig { returns(T::Boolean) }
|
|
69
|
-
def unsupported?
|
|
70
|
-
false
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
# Raises an error if the current package manager version is unsupported.
|
|
74
|
-
# If the version is unsupported, it raises a ToolVersionNotSupported error.
|
|
75
|
-
sig { void }
|
|
76
|
-
def raise_if_unsupported!
|
|
77
|
-
return unless unsupported?
|
|
78
|
-
|
|
79
|
-
# Example: v2.*, v3.*
|
|
80
|
-
supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
|
|
81
|
-
|
|
82
|
-
raise ToolVersionNotSupported.new(
|
|
83
|
-
name,
|
|
84
|
-
version.to_s,
|
|
85
|
-
supported_versions_message
|
|
86
|
-
)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
# Indicates if the package manager supports later versions beyond those listed in supported_versions.
|
|
90
|
-
# By default, returns false if not overridden in the subclass.
|
|
91
|
-
# @example
|
|
92
|
-
# package_manager.support_later_versions? #=> true
|
|
93
|
-
sig { returns(T::Boolean) }
|
|
94
|
-
def support_later_versions?
|
|
95
|
-
false
|
|
96
|
-
end
|
|
97
|
-
end
|
|
98
|
-
end
|