dependabot-common 0.288.0 → 0.289.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/ecosystem.rb +2 -0
  3. data/lib/dependabot/pull_request_creator/branch_namer/base.rb +2 -7
  4. data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -3
  5. data/lib/dependabot/pull_request_creator/branch_namer.rb +2 -15
  6. data/lib/dependabot/pull_request_creator/github.rb +1 -6
  7. data/lib/dependabot/pull_request_creator.rb +1 -8
  8. data/lib/dependabot/registry_client.rb +2 -1
  9. data/lib/dependabot/requirement.rb +87 -24
  10. data/lib/dependabot.rb +1 -1
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 550020f64e127c0aeb071589d9d77b6a9b00bc3c516ce3baecf6f8b072fa2621
4
- data.tar.gz: 0f0162b707b4954b8a3f09addb4f5eb1d16f4d3863bb875dd95faee5efb0c2a7
3
+ metadata.gz: df0add56e9f09e63d8481893c92cb68ff4fa3724271c4378287b22853f237d15
4
+ data.tar.gz: bd4edfe5bb0ce0823d6a61fa3ec525ea98b77e1bfd4f665ba043f1f18db06834
5
5
  SHA512:
6
- metadata.gz: 836eb356d0714bff9005c5d83f01f918c722094166df7a0d1c1629c6af484ab600680bd02ebe1b713f6f638d1c3e73ddd02b1ccdb7d16be3b03f25af8a7c04bf
7
- data.tar.gz: 95190537ceea2262ced17707f5276931dd1554a92c1478054773a5395317154e6c99243cb048d45aee1377beeb33f556c145e8cd94838075633dc5116cf9800d
6
+ metadata.gz: 193dcab40ec19933c8fb9ca6eea0a41514ba006e4b554083d2ffbaee802e29d572fe0cf1897df3433981f85632aa7d03e700fce06d2b90661afc76630d4e39e9
7
+ data.tar.gz: 3c85ae8e5c55f03fca4ee85aa303a79385c188b34c402c5d8675ce65b51487ca43eab21abaa1570eea257964c0f7fbe2d16b0669754d31b441b8a4898f307d50
data/lib/dependabot/ecosystem.rb CHANGED
@@ -12,6 +12,8 @@ module Dependabot
12
12
  extend T::Sig
13
13
  extend T::Helpers
14
14
 
15
+ DEFAULT_VERSION_PATTERN = /(\d+\.\d+(.\d+)*)/
16
+
15
17
  abstract!
16
18
  # Initialize version information for a package manager or language.
17
19
  # @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
data/lib/dependabot/pull_request_creator/branch_namer/base.rb CHANGED
@@ -18,9 +18,6 @@ module Dependabot
18
18
  sig { returns(T.nilable(String)) }
19
19
  attr_reader :target_branch
20
20
 
21
- sig { returns(T::Array[String]) }
22
- attr_reader :existing_branches
23
-
24
21
  sig { returns(String) }
25
22
  attr_reader :separator
26
23
 
@@ -35,19 +32,17 @@ module Dependabot
35
32
  dependencies: T::Array[Dependency],
36
33
  files: T::Array[DependencyFile],
37
34
  target_branch: T.nilable(String),
38
- existing_branches: T::Array[String],
39
35
  separator: String,
40
36
  prefix: String,
41
37
  max_length: T.nilable(Integer)
42
38
  )
43
39
  .void
44
40
  end
45
- def initialize(dependencies:, files:, target_branch:, existing_branches: [],
46
- separator: "/", prefix: "dependabot", max_length: nil)
41
+ def initialize(dependencies:, files:, target_branch:, separator: "/",
42
+ prefix: "dependabot", max_length: nil)
47
43
  @dependencies = dependencies
48
44
  @files = files
49
45
  @target_branch = target_branch
50
- @existing_branches = existing_branches
51
46
  @separator = separator
52
47
  @prefix = prefix
53
48
  @max_length = max_length
data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb CHANGED
@@ -17,7 +17,6 @@ module Dependabot
17
17
  target_branch: T.nilable(String),
18
18
  dependency_group: Dependabot::DependencyGroup,
19
19
  includes_security_fixes: T::Boolean,
20
- existing_branches: T::Array[String],
21
20
  separator: String,
22
21
  prefix: String,
23
22
  max_length: T.nilable(Integer)
@@ -25,12 +24,11 @@ module Dependabot
25
24
  .void
26
25
  end
27
26
  def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
28
- existing_branches: [], separator: "/", prefix: "dependabot", max_length: nil)
27
+ separator: "/", prefix: "dependabot", max_length: nil)
29
28
  super(
30
29
  dependencies: dependencies,
31
30
  files: files,
32
31
  target_branch: target_branch,
33
- existing_branches: existing_branches,
34
32
  separator: separator,
35
33
  prefix: prefix,
36
34
  max_length: max_length,
data/lib/dependabot/pull_request_creator/branch_namer.rb CHANGED
@@ -23,9 +23,6 @@ module Dependabot
23
23
  sig { returns(T.nilable(String)) }
24
24
  attr_reader :target_branch
25
25
 
26
- sig { returns(T::Array[String]) }
27
- attr_reader :existing_branches
28
-
29
26
  sig { returns(String) }
30
27
  attr_reader :separator
31
28
 
@@ -47,7 +44,6 @@ module Dependabot
47
44
  files: T::Array[Dependabot::DependencyFile],
48
45
  target_branch: T.nilable(String),
49
46
  dependency_group: T.nilable(Dependabot::DependencyGroup),
50
- existing_branches: T::Array[String],
51
47
  separator: String,
52
48
  prefix: String,
53
49
  max_length: T.nilable(Integer),
@@ -55,13 +51,12 @@ module Dependabot
55
51
  )
56
52
  .void
57
53
  end
58
- def initialize(dependencies:, files:, target_branch:, dependency_group: nil, existing_branches: [],
59
- separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
54
+ def initialize(dependencies:, files:, target_branch:, dependency_group: nil, separator: "/",
55
+ prefix: "dependabot", max_length: nil, includes_security_fixes: false)
60
56
  @dependencies = dependencies
61
57
  @files = files
62
58
  @target_branch = target_branch
63
59
  @dependency_group = dependency_group
64
- @existing_branches = existing_branches
65
60
  @separator = separator
66
61
  @prefix = prefix
67
62
  @max_length = max_length
@@ -77,19 +72,12 @@ module Dependabot
77
72
 
78
73
  sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
79
74
  def strategy
80
- if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
81
- Dependabot.logger.debug(
82
- "Dependabot::PullRequestCreator::strategy : #{existing_branches}"
83
- )
84
- end
85
-
86
75
  @strategy ||= T.let(
87
76
  if dependency_group.nil?
88
77
  SoloStrategy.new(
89
78
  dependencies: dependencies,
90
79
  files: files,
91
80
  target_branch: target_branch,
92
- existing_branches: existing_branches,
93
81
  separator: separator,
94
82
  prefix: prefix,
95
83
  max_length: max_length
@@ -101,7 +89,6 @@ module Dependabot
101
89
  target_branch: target_branch,
102
90
  dependency_group: T.must(dependency_group),
103
91
  includes_security_fixes: includes_security_fixes,
104
- existing_branches: existing_branches,
105
92
  separator: separator,
106
93
  prefix: prefix,
107
94
  max_length: max_length
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -114,7 +114,7 @@ module Dependabot
114
114
  "Initiating Github pull request."
115
115
  )
116
116
 
117
- if experiment_duplicate_branch? && branch_exists?(branch_name) && no_pull_request_exists?
117
+ if branch_exists?(branch_name) && no_pull_request_exists?
118
118
  Dependabot.logger.info(
119
119
  "Existing branch \"#{branch_name}\" found. Pull request not created."
120
120
  )
@@ -600,11 +600,6 @@ module Dependabot
600
600
  raise type, message
601
601
  end
602
602
  end
603
-
604
- sig { returns(T::Boolean) }
605
- def experiment_duplicate_branch?
606
- Dependabot::Experiments.enabled?(:dedup_branch_names)
607
- end
608
603
  end
609
604
  # rubocop:enable Metrics/ClassLength
610
605
  end
data/lib/dependabot/pull_request_creator.rb CHANGED
@@ -117,9 +117,6 @@ module Dependabot
117
117
  sig { returns(T.nilable(T.any(T::Array[String], Integer))) }
118
118
  attr_reader :milestone
119
119
 
120
- sig { returns(T::Array[String]) }
121
- attr_reader :existing_branches
122
-
123
120
  sig { returns(String) }
124
121
  attr_reader :branch_name_separator
125
122
 
@@ -164,7 +161,6 @@ module Dependabot
164
161
  reviewers: Reviewers,
165
162
  assignees: T.nilable(T.any(T::Array[String], T::Array[Integer])),
166
163
  milestone: T.nilable(T.any(T::Array[String], Integer)),
167
- existing_branches: T::Array[String],
168
164
  branch_name_separator: String,
169
165
  branch_name_prefix: String,
170
166
  branch_name_max_length: T.nilable(Integer),
@@ -187,8 +183,7 @@ module Dependabot
187
183
  pr_message_header: nil, pr_message_footer: nil,
188
184
  custom_labels: nil, author_details: nil, signature_key: nil,
189
185
  commit_message_options: {}, vulnerabilities_fixed: {},
190
- reviewers: nil, assignees: nil, milestone: nil,
191
- existing_branches: [], branch_name_separator: "/",
186
+ reviewers: nil, assignees: nil, milestone: nil, branch_name_separator: "/",
192
187
  branch_name_prefix: "dependabot", branch_name_max_length: nil,
193
188
  label_language: false, automerge_candidate: false,
194
189
  github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
@@ -210,7 +205,6 @@ module Dependabot
210
205
  @assignees = assignees
211
206
  @milestone = milestone
212
207
  @vulnerabilities_fixed = vulnerabilities_fixed
213
- @existing_branches = existing_branches
214
208
  @branch_name_separator = branch_name_separator
215
209
  @branch_name_prefix = branch_name_prefix
216
210
  @branch_name_max_length = branch_name_max_length
@@ -404,7 +398,6 @@ module Dependabot
404
398
  files: files,
405
399
  target_branch: source.branch,
406
400
  dependency_group: dependency_group,
407
- existing_branches: existing_branches,
408
401
  separator: branch_name_separator,
409
402
  prefix: branch_name_prefix,
410
403
  max_length: branch_name_max_length,
data/lib/dependabot/registry_client.rb CHANGED
@@ -30,7 +30,8 @@ module Dependabot
30
30
  Excon.get(
31
31
  url,
32
32
  idempotent: true,
33
- **SharedHelpers.excon_defaults({ headers: headers }.merge(options))
33
+ **SharedHelpers.excon_defaults({ headers: headers }.merge(options)),
34
+ retry_interval: 5
34
35
  )
35
36
  rescue Excon::Error::Timeout => e
36
37
  cache_error(url, e)
data/lib/dependabot/requirement.rb CHANGED
@@ -34,11 +34,13 @@ module Dependabot
34
34
  # Select constraints with minimum operators
35
35
  min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
36
36
 
37
- # Choose the maximum version among the minimum constraints
38
- max_min_constraint = min_constraints.max_by { |_, version| version }
37
+ # Process each minimum constraint using the respective handler
38
+ effective_min_versions = min_constraints.filter_map do |op, version|
39
+ handle_min_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
40
+ end
39
41
 
40
- # Return the version part of the max constraint, if it exists
41
- Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
42
+ # Return the maximum among the effective minimum constraints
43
+ Dependabot::Version.new(effective_min_versions.max) if effective_min_versions.any?
42
44
  end
43
45
 
44
46
  # Returns the lowest upper limit among all maximum constraints.
@@ -47,28 +49,89 @@ module Dependabot
47
49
  # Select constraints with maximum operators
48
50
  max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
49
51
 
50
- # Process each maximum constraint, handling "~>" constraints based on length
51
- effective_max_versions = max_constraints.map do |op, version|
52
- if op == "~>"
53
- # If "~>" constraint, bump based on the specificity of the version
54
- case version.segments.length
55
- when 1
56
- # Bump major version (e.g., 2 -> 3.0.0)
57
- Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
58
- when 2
59
- # Bump minor version (e.g., 2.5 -> 2.6.0)
60
- Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
61
- else
62
- # For three or more segments, use version.bump
63
- version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
64
- end
65
- else
66
- version
67
- end
52
+ # Process each maximum constraint using the respective handler
53
+ effective_max_versions = max_constraints.filter_map do |op, version|
54
+ handle_max_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
55
+ end
56
+
57
+ # Return the minimum among the effective maximum constraints
58
+ Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.any?
59
+ end
60
+
61
+ # Dynamically handles minimum operators
62
+ sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
63
+ def handle_min_operator(operator, version)
64
+ case operator
65
+ when ">=" then handle_greater_than_or_equal_for_min(version)
66
+ when ">" then handle_greater_than_for_min(version)
67
+ when "~>" then handle_tilde_pessimistic_for_min(version)
68
+ end
69
+ end
70
+
71
+ # Dynamically handles maximum operators
72
+ sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
73
+ def handle_max_operator(operator, version)
74
+ case operator
75
+ when "<=" then handle_less_than_or_equal_for_max(version)
76
+ when "<" then handle_less_than_max(version)
77
+ when "~>" then handle_tilde_pessimistic_max(version)
68
78
  end
79
+ end
80
+
81
+ # Methods for handling minimum constraints
82
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
83
+ def handle_greater_than_or_equal_for_min(version)
84
+ version
85
+ end
86
+
87
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
88
+ def handle_greater_than_for_min(version)
89
+ version
90
+ end
91
+
92
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
93
+ def handle_tilde_pessimistic_for_min(version)
94
+ version
95
+ end
96
+
97
+ # Methods for handling maximum constraints
98
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
99
+ def handle_less_than_or_equal_for_max(version)
100
+ version
101
+ end
102
+
103
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
104
+ def handle_less_than_max(version)
105
+ version
106
+ end
107
+
108
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
109
+ def handle_tilde_pessimistic_max(version)
110
+ case version.segments.length
111
+ when 1
112
+ bump_major_segment(version)
113
+ when 2
114
+ bump_minor_segment(version)
115
+ else
116
+ bump_version(version)
117
+ end
118
+ end
119
+
120
+ private
121
+
122
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
123
+ def bump_major_segment(version)
124
+ Dependabot::Version.new("#{version.segments[0].to_i + 1}.0.0")
125
+ end
126
+
127
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
128
+ def bump_minor_segment(version)
129
+ Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1].to_i + 1}.0")
130
+ end
69
131
 
70
- # Return the smallest among the effective maximum constraints
71
- Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
132
+ sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
133
+ def bump_version(version)
134
+ Dependabot::Version.new(version.bump)
72
135
  end
73
136
  end
74
137
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.288.0"
5
+ VERSION = "0.289.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.288.0
4
+ version: 0.289.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-21 00:00:00.000000000 Z
11
+ date: 2024-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -614,7 +614,7 @@ licenses:
614
614
  - MIT
615
615
  metadata:
616
616
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
617
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.288.0
617
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.289.0
618
618
  post_install_message:
619
619
  rdoc_options: []
620
620
  require_paths: