dependabot-common 0.284.0 → 0.286.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a0e7ee494c1f62aa0a06d640dbfbce56140dc0a9317c7574771e334ba292a723
4
- data.tar.gz: 78c644641f5217ed8612c140653334d799333d31477168ca38c48857391f75cd
3
+ metadata.gz: 35ae86084e0800ff647158f46789d798d64973a3523ced6062db146dbfa583ff
4
+ data.tar.gz: 12624cd5e076311f8cdf0c410d53a2a2f8c90db1d1dac48e831b28da6527cdf1
5
5
  SHA512:
6
- metadata.gz: fabe157df4a763173a2b476cc964ce5fe722e5dc57906e34be3bfda68d149b4622184aa697e55f32583c16092d09d83a5795e0302719040029c6a50331dcd484
7
- data.tar.gz: 6a17a4f25bf5c75a3f4c7c737fc486810afc537d50f26c342481c1c2a27b4557e42514c3cef869c641bcb12e0261e11a9c5fde24a3d83a74c44777974d650e13
6
+ metadata.gz: d6ac4514c8a353355c5bc9635723c3f071339fbef2b19bad75beea548037dd4a689609e52117732a7e9e6c9653867a4745ba1085b8b147c1e05cd210cf94396f
7
+ data.tar.gz: 9c987ce3a13fe912bb13832f3f56d345952587847eb77d9bdfec0f6dbe09a0a01b3c3273e141a6e616c526d83c787d846a26a6e8f9d593311dbd3376af37c3f4
@@ -2,6 +2,7 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
+ require "dependabot/requirement"
5
6
 
6
7
  module Dependabot
7
8
  class Ecosystem
@@ -12,32 +13,35 @@ module Dependabot
12
13
  extend T::Helpers
13
14
 
14
15
  abstract!
15
- # Initialize version information with optional requirement
16
- # @param name [String] the name for the package manager (e.g., "bundler", "npm").
16
+ # Initialize version information for a package manager or language.
17
+ # @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
17
18
  # @param version [Dependabot::Version] the parsed current version.
18
19
  # @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
19
20
  # @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
21
+ # @param requirement [Dependabot::Requirement] an array of requirements.
20
22
  # @example
21
- # VersionManager.new("bundler", "2.1.4", Dependabot::Version.new("2.1.4"), nil)
23
+ # VersionManager.new("bundler", "2.1.4", nil)
22
24
  sig do
23
25
  params(
24
26
  name: String,
25
27
  version: Dependabot::Version,
26
28
  deprecated_versions: T::Array[Dependabot::Version],
27
- supported_versions: T::Array[Dependabot::Version]
29
+ supported_versions: T::Array[Dependabot::Version],
30
+ requirement: T.nilable(Dependabot::Requirement)
28
31
  ).void
29
32
  end
30
33
  def initialize(
31
34
  name,
32
35
  version,
33
36
  deprecated_versions = [],
34
- supported_versions = []
37
+ supported_versions = [],
38
+ requirement = nil
35
39
  )
36
40
  @name = T.let(name, String)
37
41
  @version = T.let(version, Dependabot::Version)
38
-
39
42
  @deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
40
43
  @supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
44
+ @requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
41
45
  end
42
46
 
43
47
  # The name of the package manager (e.g., "bundler", "npm").
@@ -46,7 +50,7 @@ module Dependabot
46
50
  sig { returns(String) }
47
51
  attr_reader :name
48
52
 
49
- # The current version of the package manager.
53
+ # The current version of the package manager or language.
50
54
  # @example
51
55
  # version #=> Dependabot::Version.new("2.1.4")
52
56
  sig { returns(Dependabot::Version) }
@@ -62,12 +66,21 @@ module Dependabot
62
66
  sig { returns(T::Array[Dependabot::Version]) }
63
67
  attr_reader :supported_versions
64
68
 
69
+ # The current requirement of the package manager or language.
70
+ # @example
71
+ # requirement #=> nil
72
+ # requirement #=> Dependabot::Requirement.new(">= 2.1.4")
73
+ # requirement #=> Dependabot::Requirement.new(">= 2.1.4, < 3.0")
74
+ sig { returns(T.nilable(Dependabot::Requirement)) }
75
+ attr_reader :requirement
76
+
65
77
  # Checks if the current version is deprecated.
66
78
  # Returns true if the version is in the deprecated_versions array; false otherwise.
67
79
  # @example
68
80
  # deprecated? #=> true
69
81
  sig { returns(T::Boolean) }
70
82
  def deprecated?
83
+ # If the version is unsupported, the unsupported error is getting raised separately.
71
84
  return false if unsupported?
72
85
 
73
86
  deprecated_versions.include?(version)
@@ -112,19 +125,23 @@ module Dependabot
112
125
 
113
126
  # Initialize with mandatory name and optional language information.
114
127
  # @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
115
- # @param package_manager [VersionManager] the package manager.
128
+ # @param package_manager [VersionManager] the package manager (mandatory).
129
+ # @param language [VersionManager] the language (optional).
116
130
  sig do
117
131
  params(
118
132
  name: String,
119
- package_manager: VersionManager
133
+ package_manager: VersionManager,
134
+ language: T.nilable(VersionManager)
120
135
  ).void
121
136
  end
122
137
  def initialize(
123
138
  name:,
124
- package_manager:
139
+ package_manager:,
140
+ language: nil
125
141
  )
126
142
  @name = T.let(name, String)
127
143
  @package_manager = T.let(package_manager, VersionManager)
144
+ @language = T.let(language, T.nilable(VersionManager))
128
145
  end
129
146
 
130
147
  # The name of the ecosystem (mandatory).
@@ -135,10 +152,16 @@ module Dependabot
135
152
 
136
153
  # The information related to the package manager (mandatory).
137
154
  # @example
138
- # package_manager #=> VersionManager.new("bundler", "2.1.4", Version.new("2.1.4"), nil)
155
+ # package_manager #=> VersionManager.new("bundler", "2.1.4", deprecated_versions, supported_versions)
139
156
  sig { returns(VersionManager) }
140
157
  attr_reader :package_manager
141
158
 
159
+ # The information related to the language (optional).
160
+ # @example
161
+ # language #=> VersionManager.new("ruby", "3.9", deprecated_versions, supported_versions)
162
+ sig { returns(T.nilable(VersionManager)) }
163
+ attr_reader :language
164
+
142
165
  # Checks if the current version is deprecated.
143
166
  # Returns true if the version is in the deprecated_versions array; false otherwise.
144
167
  sig { returns(T::Boolean) }
@@ -110,6 +110,10 @@ module Dependabot
110
110
 
111
111
  sig { returns(T.untyped) }
112
112
  def create
113
+ Dependabot.logger.info(
114
+ "Initiating Github pull request."
115
+ )
116
+
113
117
  if experiment_duplicate_branch? && branch_exists?(branch_name)
114
118
  Dependabot.logger.info(
115
119
  "Existing branch \"#{branch_name}\" found. Pull request not created."
@@ -139,9 +143,8 @@ module Dependabot
139
143
  # rubocop:disable Metrics/PerceivedComplexity
140
144
  sig { params(name: String).returns(T::Boolean) }
141
145
  def branch_exists?(name)
142
- Dependabot.logger.debug(
143
- "Dependabot::PullRequestCreator::Github:branch_exists?. " \
144
- "Name : #{name}. IsDuplicate: #{git_metadata_fetcher.ref_names.include?(name)}"
146
+ Dependabot.logger.info(
147
+ "Checking if branch #{name} already exists."
145
148
  )
146
149
 
147
150
  git_metadata_fetcher.ref_names.include?(name)
@@ -1,4 +1,4 @@
1
- # typed: strong
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -8,13 +8,67 @@ module Dependabot
8
8
  extend T::Sig
9
9
  extend T::Helpers
10
10
 
11
+ # Constants for operator groups
12
+ MINIMUM_OPERATORS = %w(>= > ~>).freeze
13
+ MAXIMUM_OPERATORS = %w(<= < ~>).freeze
14
+
11
15
  abstract!
12
16
 
17
+ # Parses requirement strings and returns an array of requirement objects.
13
18
  sig do
14
19
  abstract
15
20
  .params(requirement_string: T.nilable(String))
16
21
  .returns(T::Array[Requirement])
17
22
  end
18
23
  def self.requirements_array(requirement_string); end
24
+
25
+ # Returns all requirement constraints as an array of strings
26
+ sig { returns(T::Array[String]) }
27
+ def constraints
28
+ requirements.map { |op, version| "#{op} #{version}" }
29
+ end
30
+
31
+ # Returns the highest lower limit among all minimum constraints.
32
+ sig { returns(T.nilable(Dependabot::Version)) }
33
+ def min_version
34
+ # Select constraints with minimum operators
35
+ min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
36
+
37
+ # Choose the maximum version among the minimum constraints
38
+ max_min_constraint = min_constraints.max_by { |_, version| version }
39
+
40
+ # Return the version part of the max constraint, if it exists
41
+ Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
42
+ end
43
+
44
+ # Returns the lowest upper limit among all maximum constraints.
45
+ sig { returns(T.nilable(Dependabot::Version)) }
46
+ def max_version
47
+ # Select constraints with maximum operators
48
+ max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
49
+
50
+ # Process each maximum constraint, handling "~>" constraints based on length
51
+ effective_max_versions = max_constraints.map do |op, version|
52
+ if op == "~>"
53
+ # If "~>" constraint, bump based on the specificity of the version
54
+ case version.segments.length
55
+ when 1
56
+ # Bump major version (e.g., 2 -> 3.0.0)
57
+ Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
58
+ when 2
59
+ # Bump minor version (e.g., 2.5 -> 2.6.0)
60
+ Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
61
+ else
62
+ # For three or more segments, use version.bump
63
+ version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
64
+ end
65
+ else
66
+ version
67
+ end
68
+ end
69
+
70
+ # Return the smallest among the effective maximum constraints
71
+ Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
72
+ end
19
73
  end
20
74
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.284.0"
5
+ VERSION = "0.286.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.284.0
4
+ version: 0.286.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-05 00:00:00.000000000 Z
11
+ date: 2024-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -614,7 +614,7 @@ licenses:
614
614
  - MIT
615
615
  metadata:
616
616
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
617
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
617
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.286.0
618
618
  post_install_message:
619
619
  rdoc_options: []
620
620
  require_paths: