dependabot-common 0.288.0 → 0.289.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/ecosystem.rb +2 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +2 -7
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -3
- data/lib/dependabot/pull_request_creator/branch_namer.rb +2 -15
- data/lib/dependabot/pull_request_creator/github.rb +1 -6
- data/lib/dependabot/pull_request_creator.rb +1 -8
- data/lib/dependabot/registry_client.rb +2 -1
- data/lib/dependabot/requirement.rb +87 -24
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df0add56e9f09e63d8481893c92cb68ff4fa3724271c4378287b22853f237d15
|
|
4
|
+
data.tar.gz: bd4edfe5bb0ce0823d6a61fa3ec525ea98b77e1bfd4f665ba043f1f18db06834
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 193dcab40ec19933c8fb9ca6eea0a41514ba006e4b554083d2ffbaee802e29d572fe0cf1897df3433981f85632aa7d03e700fce06d2b90661afc76630d4e39e9
|
|
7
|
+
data.tar.gz: 3c85ae8e5c55f03fca4ee85aa303a79385c188b34c402c5d8675ce65b51487ca43eab21abaa1570eea257964c0f7fbe2d16b0669754d31b441b8a4898f307d50
|
data/lib/dependabot/ecosystem.rb
CHANGED
|
@@ -12,6 +12,8 @@ module Dependabot
|
|
|
12
12
|
extend T::Sig
|
|
13
13
|
extend T::Helpers
|
|
14
14
|
|
|
15
|
+
DEFAULT_VERSION_PATTERN = /(\d+\.\d+(.\d+)*)/
|
|
16
|
+
|
|
15
17
|
abstract!
|
|
16
18
|
# Initialize version information for a package manager or language.
|
|
17
19
|
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
|
@@ -18,9 +18,6 @@ module Dependabot
|
|
|
18
18
|
sig { returns(T.nilable(String)) }
|
|
19
19
|
attr_reader :target_branch
|
|
20
20
|
|
|
21
|
-
sig { returns(T::Array[String]) }
|
|
22
|
-
attr_reader :existing_branches
|
|
23
|
-
|
|
24
21
|
sig { returns(String) }
|
|
25
22
|
attr_reader :separator
|
|
26
23
|
|
|
@@ -35,19 +32,17 @@ module Dependabot
|
|
|
35
32
|
dependencies: T::Array[Dependency],
|
|
36
33
|
files: T::Array[DependencyFile],
|
|
37
34
|
target_branch: T.nilable(String),
|
|
38
|
-
existing_branches: T::Array[String],
|
|
39
35
|
separator: String,
|
|
40
36
|
prefix: String,
|
|
41
37
|
max_length: T.nilable(Integer)
|
|
42
38
|
)
|
|
43
39
|
.void
|
|
44
40
|
end
|
|
45
|
-
def initialize(dependencies:, files:, target_branch:,
|
|
46
|
-
|
|
41
|
+
def initialize(dependencies:, files:, target_branch:, separator: "/",
|
|
42
|
+
prefix: "dependabot", max_length: nil)
|
|
47
43
|
@dependencies = dependencies
|
|
48
44
|
@files = files
|
|
49
45
|
@target_branch = target_branch
|
|
50
|
-
@existing_branches = existing_branches
|
|
51
46
|
@separator = separator
|
|
52
47
|
@prefix = prefix
|
|
53
48
|
@max_length = max_length
|
|
@@ -17,7 +17,6 @@ module Dependabot
|
|
|
17
17
|
target_branch: T.nilable(String),
|
|
18
18
|
dependency_group: Dependabot::DependencyGroup,
|
|
19
19
|
includes_security_fixes: T::Boolean,
|
|
20
|
-
existing_branches: T::Array[String],
|
|
21
20
|
separator: String,
|
|
22
21
|
prefix: String,
|
|
23
22
|
max_length: T.nilable(Integer)
|
|
@@ -25,12 +24,11 @@ module Dependabot
|
|
|
25
24
|
.void
|
|
26
25
|
end
|
|
27
26
|
def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
|
|
28
|
-
|
|
27
|
+
separator: "/", prefix: "dependabot", max_length: nil)
|
|
29
28
|
super(
|
|
30
29
|
dependencies: dependencies,
|
|
31
30
|
files: files,
|
|
32
31
|
target_branch: target_branch,
|
|
33
|
-
existing_branches: existing_branches,
|
|
34
32
|
separator: separator,
|
|
35
33
|
prefix: prefix,
|
|
36
34
|
max_length: max_length,
|
|
@@ -23,9 +23,6 @@ module Dependabot
|
|
|
23
23
|
sig { returns(T.nilable(String)) }
|
|
24
24
|
attr_reader :target_branch
|
|
25
25
|
|
|
26
|
-
sig { returns(T::Array[String]) }
|
|
27
|
-
attr_reader :existing_branches
|
|
28
|
-
|
|
29
26
|
sig { returns(String) }
|
|
30
27
|
attr_reader :separator
|
|
31
28
|
|
|
@@ -47,7 +44,6 @@ module Dependabot
|
|
|
47
44
|
files: T::Array[Dependabot::DependencyFile],
|
|
48
45
|
target_branch: T.nilable(String),
|
|
49
46
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
50
|
-
existing_branches: T::Array[String],
|
|
51
47
|
separator: String,
|
|
52
48
|
prefix: String,
|
|
53
49
|
max_length: T.nilable(Integer),
|
|
@@ -55,13 +51,12 @@ module Dependabot
|
|
|
55
51
|
)
|
|
56
52
|
.void
|
|
57
53
|
end
|
|
58
|
-
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
|
59
|
-
|
|
54
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group: nil, separator: "/",
|
|
55
|
+
prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
|
60
56
|
@dependencies = dependencies
|
|
61
57
|
@files = files
|
|
62
58
|
@target_branch = target_branch
|
|
63
59
|
@dependency_group = dependency_group
|
|
64
|
-
@existing_branches = existing_branches
|
|
65
60
|
@separator = separator
|
|
66
61
|
@prefix = prefix
|
|
67
62
|
@max_length = max_length
|
|
@@ -77,19 +72,12 @@ module Dependabot
|
|
|
77
72
|
|
|
78
73
|
sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
|
|
79
74
|
def strategy
|
|
80
|
-
if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
|
|
81
|
-
Dependabot.logger.debug(
|
|
82
|
-
"Dependabot::PullRequestCreator::strategy : #{existing_branches}"
|
|
83
|
-
)
|
|
84
|
-
end
|
|
85
|
-
|
|
86
75
|
@strategy ||= T.let(
|
|
87
76
|
if dependency_group.nil?
|
|
88
77
|
SoloStrategy.new(
|
|
89
78
|
dependencies: dependencies,
|
|
90
79
|
files: files,
|
|
91
80
|
target_branch: target_branch,
|
|
92
|
-
existing_branches: existing_branches,
|
|
93
81
|
separator: separator,
|
|
94
82
|
prefix: prefix,
|
|
95
83
|
max_length: max_length
|
|
@@ -101,7 +89,6 @@ module Dependabot
|
|
|
101
89
|
target_branch: target_branch,
|
|
102
90
|
dependency_group: T.must(dependency_group),
|
|
103
91
|
includes_security_fixes: includes_security_fixes,
|
|
104
|
-
existing_branches: existing_branches,
|
|
105
92
|
separator: separator,
|
|
106
93
|
prefix: prefix,
|
|
107
94
|
max_length: max_length
|
|
@@ -114,7 +114,7 @@ module Dependabot
|
|
|
114
114
|
"Initiating Github pull request."
|
|
115
115
|
)
|
|
116
116
|
|
|
117
|
-
if
|
|
117
|
+
if branch_exists?(branch_name) && no_pull_request_exists?
|
|
118
118
|
Dependabot.logger.info(
|
|
119
119
|
"Existing branch \"#{branch_name}\" found. Pull request not created."
|
|
120
120
|
)
|
|
@@ -600,11 +600,6 @@ module Dependabot
|
|
|
600
600
|
raise type, message
|
|
601
601
|
end
|
|
602
602
|
end
|
|
603
|
-
|
|
604
|
-
sig { returns(T::Boolean) }
|
|
605
|
-
def experiment_duplicate_branch?
|
|
606
|
-
Dependabot::Experiments.enabled?(:dedup_branch_names)
|
|
607
|
-
end
|
|
608
603
|
end
|
|
609
604
|
# rubocop:enable Metrics/ClassLength
|
|
610
605
|
end
|
|
@@ -117,9 +117,6 @@ module Dependabot
|
|
|
117
117
|
sig { returns(T.nilable(T.any(T::Array[String], Integer))) }
|
|
118
118
|
attr_reader :milestone
|
|
119
119
|
|
|
120
|
-
sig { returns(T::Array[String]) }
|
|
121
|
-
attr_reader :existing_branches
|
|
122
|
-
|
|
123
120
|
sig { returns(String) }
|
|
124
121
|
attr_reader :branch_name_separator
|
|
125
122
|
|
|
@@ -164,7 +161,6 @@ module Dependabot
|
|
|
164
161
|
reviewers: Reviewers,
|
|
165
162
|
assignees: T.nilable(T.any(T::Array[String], T::Array[Integer])),
|
|
166
163
|
milestone: T.nilable(T.any(T::Array[String], Integer)),
|
|
167
|
-
existing_branches: T::Array[String],
|
|
168
164
|
branch_name_separator: String,
|
|
169
165
|
branch_name_prefix: String,
|
|
170
166
|
branch_name_max_length: T.nilable(Integer),
|
|
@@ -187,8 +183,7 @@ module Dependabot
|
|
|
187
183
|
pr_message_header: nil, pr_message_footer: nil,
|
|
188
184
|
custom_labels: nil, author_details: nil, signature_key: nil,
|
|
189
185
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
|
190
|
-
reviewers: nil, assignees: nil, milestone: nil,
|
|
191
|
-
existing_branches: [], branch_name_separator: "/",
|
|
186
|
+
reviewers: nil, assignees: nil, milestone: nil, branch_name_separator: "/",
|
|
192
187
|
branch_name_prefix: "dependabot", branch_name_max_length: nil,
|
|
193
188
|
label_language: false, automerge_candidate: false,
|
|
194
189
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
|
@@ -210,7 +205,6 @@ module Dependabot
|
|
|
210
205
|
@assignees = assignees
|
|
211
206
|
@milestone = milestone
|
|
212
207
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
|
213
|
-
@existing_branches = existing_branches
|
|
214
208
|
@branch_name_separator = branch_name_separator
|
|
215
209
|
@branch_name_prefix = branch_name_prefix
|
|
216
210
|
@branch_name_max_length = branch_name_max_length
|
|
@@ -404,7 +398,6 @@ module Dependabot
|
|
|
404
398
|
files: files,
|
|
405
399
|
target_branch: source.branch,
|
|
406
400
|
dependency_group: dependency_group,
|
|
407
|
-
existing_branches: existing_branches,
|
|
408
401
|
separator: branch_name_separator,
|
|
409
402
|
prefix: branch_name_prefix,
|
|
410
403
|
max_length: branch_name_max_length,
|
|
@@ -30,7 +30,8 @@ module Dependabot
|
|
|
30
30
|
Excon.get(
|
|
31
31
|
url,
|
|
32
32
|
idempotent: true,
|
|
33
|
-
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
|
33
|
+
**SharedHelpers.excon_defaults({ headers: headers }.merge(options)),
|
|
34
|
+
retry_interval: 5
|
|
34
35
|
)
|
|
35
36
|
rescue Excon::Error::Timeout => e
|
|
36
37
|
cache_error(url, e)
|
|
@@ -34,11 +34,13 @@ module Dependabot
|
|
|
34
34
|
# Select constraints with minimum operators
|
|
35
35
|
min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
|
|
36
36
|
|
|
37
|
-
#
|
|
38
|
-
|
|
37
|
+
# Process each minimum constraint using the respective handler
|
|
38
|
+
effective_min_versions = min_constraints.filter_map do |op, version|
|
|
39
|
+
handle_min_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
|
|
40
|
+
end
|
|
39
41
|
|
|
40
|
-
# Return the
|
|
41
|
-
Dependabot::Version.new(
|
|
42
|
+
# Return the maximum among the effective minimum constraints
|
|
43
|
+
Dependabot::Version.new(effective_min_versions.max) if effective_min_versions.any?
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
# Returns the lowest upper limit among all maximum constraints.
|
|
@@ -47,28 +49,89 @@ module Dependabot
|
|
|
47
49
|
# Select constraints with maximum operators
|
|
48
50
|
max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
|
|
49
51
|
|
|
50
|
-
# Process each maximum constraint
|
|
51
|
-
effective_max_versions = max_constraints.
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
52
|
+
# Process each maximum constraint using the respective handler
|
|
53
|
+
effective_max_versions = max_constraints.filter_map do |op, version|
|
|
54
|
+
handle_max_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# Return the minimum among the effective maximum constraints
|
|
58
|
+
Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.any?
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# Dynamically handles minimum operators
|
|
62
|
+
sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
|
|
63
|
+
def handle_min_operator(operator, version)
|
|
64
|
+
case operator
|
|
65
|
+
when ">=" then handle_greater_than_or_equal_for_min(version)
|
|
66
|
+
when ">" then handle_greater_than_for_min(version)
|
|
67
|
+
when "~>" then handle_tilde_pessimistic_for_min(version)
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# Dynamically handles maximum operators
|
|
72
|
+
sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
|
|
73
|
+
def handle_max_operator(operator, version)
|
|
74
|
+
case operator
|
|
75
|
+
when "<=" then handle_less_than_or_equal_for_max(version)
|
|
76
|
+
when "<" then handle_less_than_max(version)
|
|
77
|
+
when "~>" then handle_tilde_pessimistic_max(version)
|
|
68
78
|
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
# Methods for handling minimum constraints
|
|
82
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
83
|
+
def handle_greater_than_or_equal_for_min(version)
|
|
84
|
+
version
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
88
|
+
def handle_greater_than_for_min(version)
|
|
89
|
+
version
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
93
|
+
def handle_tilde_pessimistic_for_min(version)
|
|
94
|
+
version
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Methods for handling maximum constraints
|
|
98
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
99
|
+
def handle_less_than_or_equal_for_max(version)
|
|
100
|
+
version
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
104
|
+
def handle_less_than_max(version)
|
|
105
|
+
version
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
109
|
+
def handle_tilde_pessimistic_max(version)
|
|
110
|
+
case version.segments.length
|
|
111
|
+
when 1
|
|
112
|
+
bump_major_segment(version)
|
|
113
|
+
when 2
|
|
114
|
+
bump_minor_segment(version)
|
|
115
|
+
else
|
|
116
|
+
bump_version(version)
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
private
|
|
121
|
+
|
|
122
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
123
|
+
def bump_major_segment(version)
|
|
124
|
+
Dependabot::Version.new("#{version.segments[0].to_i + 1}.0.0")
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
128
|
+
def bump_minor_segment(version)
|
|
129
|
+
Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1].to_i + 1}.0")
|
|
130
|
+
end
|
|
69
131
|
|
|
70
|
-
|
|
71
|
-
|
|
132
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
|
133
|
+
def bump_version(version)
|
|
134
|
+
Dependabot::Version.new(version.bump)
|
|
72
135
|
end
|
|
73
136
|
end
|
|
74
137
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.289.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -614,7 +614,7 @@ licenses:
|
|
|
614
614
|
- MIT
|
|
615
615
|
metadata:
|
|
616
616
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
617
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
617
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.289.0
|
|
618
618
|
post_install_message:
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|