dependabot-common 0.284.0 → 0.286.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/ecosystem.rb +34 -11
- data/lib/dependabot/pull_request_creator/github.rb +6 -3
- data/lib/dependabot/requirement.rb +55 -1
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 35ae86084e0800ff647158f46789d798d64973a3523ced6062db146dbfa583ff
|
4
|
+
data.tar.gz: 12624cd5e076311f8cdf0c410d53a2a2f8c90db1d1dac48e831b28da6527cdf1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d6ac4514c8a353355c5bc9635723c3f071339fbef2b19bad75beea548037dd4a689609e52117732a7e9e6c9653867a4745ba1085b8b147c1e05cd210cf94396f
|
7
|
+
data.tar.gz: 9c987ce3a13fe912bb13832f3f56d345952587847eb77d9bdfec0f6dbe09a0a01b3c3273e141a6e616c526d83c787d846a26a6e8f9d593311dbd3376af37c3f4
|
data/lib/dependabot/ecosystem.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
5
|
+
require "dependabot/requirement"
|
5
6
|
|
6
7
|
module Dependabot
|
7
8
|
class Ecosystem
|
@@ -12,32 +13,35 @@ module Dependabot
|
|
12
13
|
extend T::Helpers
|
13
14
|
|
14
15
|
abstract!
|
15
|
-
# Initialize version information
|
16
|
-
# @param name [String] the name
|
16
|
+
# Initialize version information for a package manager or language.
|
17
|
+
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
17
18
|
# @param version [Dependabot::Version] the parsed current version.
|
18
19
|
# @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
|
19
20
|
# @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
|
21
|
+
# @param requirement [Dependabot::Requirement] an array of requirements.
|
20
22
|
# @example
|
21
|
-
# VersionManager.new("bundler", "2.1.4",
|
23
|
+
# VersionManager.new("bundler", "2.1.4", nil)
|
22
24
|
sig do
|
23
25
|
params(
|
24
26
|
name: String,
|
25
27
|
version: Dependabot::Version,
|
26
28
|
deprecated_versions: T::Array[Dependabot::Version],
|
27
|
-
supported_versions: T::Array[Dependabot::Version]
|
29
|
+
supported_versions: T::Array[Dependabot::Version],
|
30
|
+
requirement: T.nilable(Dependabot::Requirement)
|
28
31
|
).void
|
29
32
|
end
|
30
33
|
def initialize(
|
31
34
|
name,
|
32
35
|
version,
|
33
36
|
deprecated_versions = [],
|
34
|
-
supported_versions = []
|
37
|
+
supported_versions = [],
|
38
|
+
requirement = nil
|
35
39
|
)
|
36
40
|
@name = T.let(name, String)
|
37
41
|
@version = T.let(version, Dependabot::Version)
|
38
|
-
|
39
42
|
@deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
|
40
43
|
@supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
|
44
|
+
@requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
|
41
45
|
end
|
42
46
|
|
43
47
|
# The name of the package manager (e.g., "bundler", "npm").
|
@@ -46,7 +50,7 @@ module Dependabot
|
|
46
50
|
sig { returns(String) }
|
47
51
|
attr_reader :name
|
48
52
|
|
49
|
-
# The current version of the package manager.
|
53
|
+
# The current version of the package manager or language.
|
50
54
|
# @example
|
51
55
|
# version #=> Dependabot::Version.new("2.1.4")
|
52
56
|
sig { returns(Dependabot::Version) }
|
@@ -62,12 +66,21 @@ module Dependabot
|
|
62
66
|
sig { returns(T::Array[Dependabot::Version]) }
|
63
67
|
attr_reader :supported_versions
|
64
68
|
|
69
|
+
# The current requirement of the package manager or language.
|
70
|
+
# @example
|
71
|
+
# requirement #=> nil
|
72
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4")
|
73
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4, < 3.0")
|
74
|
+
sig { returns(T.nilable(Dependabot::Requirement)) }
|
75
|
+
attr_reader :requirement
|
76
|
+
|
65
77
|
# Checks if the current version is deprecated.
|
66
78
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
67
79
|
# @example
|
68
80
|
# deprecated? #=> true
|
69
81
|
sig { returns(T::Boolean) }
|
70
82
|
def deprecated?
|
83
|
+
# If the version is unsupported, the unsupported error is getting raised separately.
|
71
84
|
return false if unsupported?
|
72
85
|
|
73
86
|
deprecated_versions.include?(version)
|
@@ -112,19 +125,23 @@ module Dependabot
|
|
112
125
|
|
113
126
|
# Initialize with mandatory name and optional language information.
|
114
127
|
# @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
|
115
|
-
# @param package_manager [VersionManager] the package manager.
|
128
|
+
# @param package_manager [VersionManager] the package manager (mandatory).
|
129
|
+
# @param language [VersionManager] the language (optional).
|
116
130
|
sig do
|
117
131
|
params(
|
118
132
|
name: String,
|
119
|
-
package_manager: VersionManager
|
133
|
+
package_manager: VersionManager,
|
134
|
+
language: T.nilable(VersionManager)
|
120
135
|
).void
|
121
136
|
end
|
122
137
|
def initialize(
|
123
138
|
name:,
|
124
|
-
package_manager
|
139
|
+
package_manager:,
|
140
|
+
language: nil
|
125
141
|
)
|
126
142
|
@name = T.let(name, String)
|
127
143
|
@package_manager = T.let(package_manager, VersionManager)
|
144
|
+
@language = T.let(language, T.nilable(VersionManager))
|
128
145
|
end
|
129
146
|
|
130
147
|
# The name of the ecosystem (mandatory).
|
@@ -135,10 +152,16 @@ module Dependabot
|
|
135
152
|
|
136
153
|
# The information related to the package manager (mandatory).
|
137
154
|
# @example
|
138
|
-
# package_manager #=> VersionManager.new("bundler", "2.1.4",
|
155
|
+
# package_manager #=> VersionManager.new("bundler", "2.1.4", deprecated_versions, supported_versions)
|
139
156
|
sig { returns(VersionManager) }
|
140
157
|
attr_reader :package_manager
|
141
158
|
|
159
|
+
# The information related to the language (optional).
|
160
|
+
# @example
|
161
|
+
# language #=> VersionManager.new("ruby", "3.9", deprecated_versions, supported_versions)
|
162
|
+
sig { returns(T.nilable(VersionManager)) }
|
163
|
+
attr_reader :language
|
164
|
+
|
142
165
|
# Checks if the current version is deprecated.
|
143
166
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
144
167
|
sig { returns(T::Boolean) }
|
@@ -110,6 +110,10 @@ module Dependabot
|
|
110
110
|
|
111
111
|
sig { returns(T.untyped) }
|
112
112
|
def create
|
113
|
+
Dependabot.logger.info(
|
114
|
+
"Initiating Github pull request."
|
115
|
+
)
|
116
|
+
|
113
117
|
if experiment_duplicate_branch? && branch_exists?(branch_name)
|
114
118
|
Dependabot.logger.info(
|
115
119
|
"Existing branch \"#{branch_name}\" found. Pull request not created."
|
@@ -139,9 +143,8 @@ module Dependabot
|
|
139
143
|
# rubocop:disable Metrics/PerceivedComplexity
|
140
144
|
sig { params(name: String).returns(T::Boolean) }
|
141
145
|
def branch_exists?(name)
|
142
|
-
Dependabot.logger.
|
143
|
-
"
|
144
|
-
"Name : #{name}. IsDuplicate: #{git_metadata_fetcher.ref_names.include?(name)}"
|
146
|
+
Dependabot.logger.info(
|
147
|
+
"Checking if branch #{name} already exists."
|
145
148
|
)
|
146
149
|
|
147
150
|
git_metadata_fetcher.ref_names.include?(name)
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
@@ -8,13 +8,67 @@ module Dependabot
|
|
8
8
|
extend T::Sig
|
9
9
|
extend T::Helpers
|
10
10
|
|
11
|
+
# Constants for operator groups
|
12
|
+
MINIMUM_OPERATORS = %w(>= > ~>).freeze
|
13
|
+
MAXIMUM_OPERATORS = %w(<= < ~>).freeze
|
14
|
+
|
11
15
|
abstract!
|
12
16
|
|
17
|
+
# Parses requirement strings and returns an array of requirement objects.
|
13
18
|
sig do
|
14
19
|
abstract
|
15
20
|
.params(requirement_string: T.nilable(String))
|
16
21
|
.returns(T::Array[Requirement])
|
17
22
|
end
|
18
23
|
def self.requirements_array(requirement_string); end
|
24
|
+
|
25
|
+
# Returns all requirement constraints as an array of strings
|
26
|
+
sig { returns(T::Array[String]) }
|
27
|
+
def constraints
|
28
|
+
requirements.map { |op, version| "#{op} #{version}" }
|
29
|
+
end
|
30
|
+
|
31
|
+
# Returns the highest lower limit among all minimum constraints.
|
32
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
33
|
+
def min_version
|
34
|
+
# Select constraints with minimum operators
|
35
|
+
min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
|
36
|
+
|
37
|
+
# Choose the maximum version among the minimum constraints
|
38
|
+
max_min_constraint = min_constraints.max_by { |_, version| version }
|
39
|
+
|
40
|
+
# Return the version part of the max constraint, if it exists
|
41
|
+
Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
|
42
|
+
end
|
43
|
+
|
44
|
+
# Returns the lowest upper limit among all maximum constraints.
|
45
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
46
|
+
def max_version
|
47
|
+
# Select constraints with maximum operators
|
48
|
+
max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
|
49
|
+
|
50
|
+
# Process each maximum constraint, handling "~>" constraints based on length
|
51
|
+
effective_max_versions = max_constraints.map do |op, version|
|
52
|
+
if op == "~>"
|
53
|
+
# If "~>" constraint, bump based on the specificity of the version
|
54
|
+
case version.segments.length
|
55
|
+
when 1
|
56
|
+
# Bump major version (e.g., 2 -> 3.0.0)
|
57
|
+
Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
|
58
|
+
when 2
|
59
|
+
# Bump minor version (e.g., 2.5 -> 2.6.0)
|
60
|
+
Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
|
61
|
+
else
|
62
|
+
# For three or more segments, use version.bump
|
63
|
+
version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
|
64
|
+
end
|
65
|
+
else
|
66
|
+
version
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
# Return the smallest among the effective maximum constraints
|
71
|
+
Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
|
72
|
+
end
|
19
73
|
end
|
20
74
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.286.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-11-
|
11
|
+
date: 2024-11-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -614,7 +614,7 @@ licenses:
|
|
614
614
|
- MIT
|
615
615
|
metadata:
|
616
616
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
617
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
617
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.286.0
|
618
618
|
post_install_message:
|
619
619
|
rdoc_options: []
|
620
620
|
require_paths:
|