dependabot-common 0.288.0 → 0.290.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/ecosystem.rb +2 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +2 -7
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -3
- data/lib/dependabot/pull_request_creator/branch_namer.rb +2 -15
- data/lib/dependabot/pull_request_creator/github.rb +1 -6
- data/lib/dependabot/pull_request_creator.rb +1 -8
- data/lib/dependabot/registry_client.rb +2 -1
- data/lib/dependabot/requirement.rb +87 -24
- data/lib/dependabot.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4d33a6634dcde9e6c86689c31358cf2ee6c0cfc12ba8e7668940b3fd33710348
|
4
|
+
data.tar.gz: c472e1fe6402e2300d12be7664c2d89433cf6b7e3f103d25a1cd82e52c03965b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fb9557f02c4bbe7fa7b447862205f49fd04a8c029b7d643163f9707ea3a3c166b1f62fcc190c94a63d03012d271b0010bf7fc8f28b4429c9ed496d79d24c4e64
|
7
|
+
data.tar.gz: 16c278fbada2c58f30ae4068c05d5b0ba441cac4f655ddee16cc12b862176f714b6b7eceab0e4cd9679b150843fec0725a76b4cd31d613ec8647547fccd0e116
|
data/lib/dependabot/ecosystem.rb
CHANGED
@@ -12,6 +12,8 @@ module Dependabot
|
|
12
12
|
extend T::Sig
|
13
13
|
extend T::Helpers
|
14
14
|
|
15
|
+
DEFAULT_VERSION_PATTERN = /(\d+\.\d+(.\d+)*)/
|
16
|
+
|
15
17
|
abstract!
|
16
18
|
# Initialize version information for a package manager or language.
|
17
19
|
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
@@ -18,9 +18,6 @@ module Dependabot
|
|
18
18
|
sig { returns(T.nilable(String)) }
|
19
19
|
attr_reader :target_branch
|
20
20
|
|
21
|
-
sig { returns(T::Array[String]) }
|
22
|
-
attr_reader :existing_branches
|
23
|
-
|
24
21
|
sig { returns(String) }
|
25
22
|
attr_reader :separator
|
26
23
|
|
@@ -35,19 +32,17 @@ module Dependabot
|
|
35
32
|
dependencies: T::Array[Dependency],
|
36
33
|
files: T::Array[DependencyFile],
|
37
34
|
target_branch: T.nilable(String),
|
38
|
-
existing_branches: T::Array[String],
|
39
35
|
separator: String,
|
40
36
|
prefix: String,
|
41
37
|
max_length: T.nilable(Integer)
|
42
38
|
)
|
43
39
|
.void
|
44
40
|
end
|
45
|
-
def initialize(dependencies:, files:, target_branch:,
|
46
|
-
|
41
|
+
def initialize(dependencies:, files:, target_branch:, separator: "/",
|
42
|
+
prefix: "dependabot", max_length: nil)
|
47
43
|
@dependencies = dependencies
|
48
44
|
@files = files
|
49
45
|
@target_branch = target_branch
|
50
|
-
@existing_branches = existing_branches
|
51
46
|
@separator = separator
|
52
47
|
@prefix = prefix
|
53
48
|
@max_length = max_length
|
@@ -17,7 +17,6 @@ module Dependabot
|
|
17
17
|
target_branch: T.nilable(String),
|
18
18
|
dependency_group: Dependabot::DependencyGroup,
|
19
19
|
includes_security_fixes: T::Boolean,
|
20
|
-
existing_branches: T::Array[String],
|
21
20
|
separator: String,
|
22
21
|
prefix: String,
|
23
22
|
max_length: T.nilable(Integer)
|
@@ -25,12 +24,11 @@ module Dependabot
|
|
25
24
|
.void
|
26
25
|
end
|
27
26
|
def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
|
28
|
-
|
27
|
+
separator: "/", prefix: "dependabot", max_length: nil)
|
29
28
|
super(
|
30
29
|
dependencies: dependencies,
|
31
30
|
files: files,
|
32
31
|
target_branch: target_branch,
|
33
|
-
existing_branches: existing_branches,
|
34
32
|
separator: separator,
|
35
33
|
prefix: prefix,
|
36
34
|
max_length: max_length,
|
@@ -23,9 +23,6 @@ module Dependabot
|
|
23
23
|
sig { returns(T.nilable(String)) }
|
24
24
|
attr_reader :target_branch
|
25
25
|
|
26
|
-
sig { returns(T::Array[String]) }
|
27
|
-
attr_reader :existing_branches
|
28
|
-
|
29
26
|
sig { returns(String) }
|
30
27
|
attr_reader :separator
|
31
28
|
|
@@ -47,7 +44,6 @@ module Dependabot
|
|
47
44
|
files: T::Array[Dependabot::DependencyFile],
|
48
45
|
target_branch: T.nilable(String),
|
49
46
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
50
|
-
existing_branches: T::Array[String],
|
51
47
|
separator: String,
|
52
48
|
prefix: String,
|
53
49
|
max_length: T.nilable(Integer),
|
@@ -55,13 +51,12 @@ module Dependabot
|
|
55
51
|
)
|
56
52
|
.void
|
57
53
|
end
|
58
|
-
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
59
|
-
|
54
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group: nil, separator: "/",
|
55
|
+
prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
60
56
|
@dependencies = dependencies
|
61
57
|
@files = files
|
62
58
|
@target_branch = target_branch
|
63
59
|
@dependency_group = dependency_group
|
64
|
-
@existing_branches = existing_branches
|
65
60
|
@separator = separator
|
66
61
|
@prefix = prefix
|
67
62
|
@max_length = max_length
|
@@ -77,19 +72,12 @@ module Dependabot
|
|
77
72
|
|
78
73
|
sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
|
79
74
|
def strategy
|
80
|
-
if Dependabot::Experiments.enabled?(:dedup_branch_names) && existing_branches
|
81
|
-
Dependabot.logger.debug(
|
82
|
-
"Dependabot::PullRequestCreator::strategy : #{existing_branches}"
|
83
|
-
)
|
84
|
-
end
|
85
|
-
|
86
75
|
@strategy ||= T.let(
|
87
76
|
if dependency_group.nil?
|
88
77
|
SoloStrategy.new(
|
89
78
|
dependencies: dependencies,
|
90
79
|
files: files,
|
91
80
|
target_branch: target_branch,
|
92
|
-
existing_branches: existing_branches,
|
93
81
|
separator: separator,
|
94
82
|
prefix: prefix,
|
95
83
|
max_length: max_length
|
@@ -101,7 +89,6 @@ module Dependabot
|
|
101
89
|
target_branch: target_branch,
|
102
90
|
dependency_group: T.must(dependency_group),
|
103
91
|
includes_security_fixes: includes_security_fixes,
|
104
|
-
existing_branches: existing_branches,
|
105
92
|
separator: separator,
|
106
93
|
prefix: prefix,
|
107
94
|
max_length: max_length
|
@@ -114,7 +114,7 @@ module Dependabot
|
|
114
114
|
"Initiating Github pull request."
|
115
115
|
)
|
116
116
|
|
117
|
-
if
|
117
|
+
if branch_exists?(branch_name) && no_pull_request_exists?
|
118
118
|
Dependabot.logger.info(
|
119
119
|
"Existing branch \"#{branch_name}\" found. Pull request not created."
|
120
120
|
)
|
@@ -600,11 +600,6 @@ module Dependabot
|
|
600
600
|
raise type, message
|
601
601
|
end
|
602
602
|
end
|
603
|
-
|
604
|
-
sig { returns(T::Boolean) }
|
605
|
-
def experiment_duplicate_branch?
|
606
|
-
Dependabot::Experiments.enabled?(:dedup_branch_names)
|
607
|
-
end
|
608
603
|
end
|
609
604
|
# rubocop:enable Metrics/ClassLength
|
610
605
|
end
|
@@ -117,9 +117,6 @@ module Dependabot
|
|
117
117
|
sig { returns(T.nilable(T.any(T::Array[String], Integer))) }
|
118
118
|
attr_reader :milestone
|
119
119
|
|
120
|
-
sig { returns(T::Array[String]) }
|
121
|
-
attr_reader :existing_branches
|
122
|
-
|
123
120
|
sig { returns(String) }
|
124
121
|
attr_reader :branch_name_separator
|
125
122
|
|
@@ -164,7 +161,6 @@ module Dependabot
|
|
164
161
|
reviewers: Reviewers,
|
165
162
|
assignees: T.nilable(T.any(T::Array[String], T::Array[Integer])),
|
166
163
|
milestone: T.nilable(T.any(T::Array[String], Integer)),
|
167
|
-
existing_branches: T::Array[String],
|
168
164
|
branch_name_separator: String,
|
169
165
|
branch_name_prefix: String,
|
170
166
|
branch_name_max_length: T.nilable(Integer),
|
@@ -187,8 +183,7 @@ module Dependabot
|
|
187
183
|
pr_message_header: nil, pr_message_footer: nil,
|
188
184
|
custom_labels: nil, author_details: nil, signature_key: nil,
|
189
185
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
190
|
-
reviewers: nil, assignees: nil, milestone: nil,
|
191
|
-
existing_branches: [], branch_name_separator: "/",
|
186
|
+
reviewers: nil, assignees: nil, milestone: nil, branch_name_separator: "/",
|
192
187
|
branch_name_prefix: "dependabot", branch_name_max_length: nil,
|
193
188
|
label_language: false, automerge_candidate: false,
|
194
189
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
@@ -210,7 +205,6 @@ module Dependabot
|
|
210
205
|
@assignees = assignees
|
211
206
|
@milestone = milestone
|
212
207
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
213
|
-
@existing_branches = existing_branches
|
214
208
|
@branch_name_separator = branch_name_separator
|
215
209
|
@branch_name_prefix = branch_name_prefix
|
216
210
|
@branch_name_max_length = branch_name_max_length
|
@@ -404,7 +398,6 @@ module Dependabot
|
|
404
398
|
files: files,
|
405
399
|
target_branch: source.branch,
|
406
400
|
dependency_group: dependency_group,
|
407
|
-
existing_branches: existing_branches,
|
408
401
|
separator: branch_name_separator,
|
409
402
|
prefix: branch_name_prefix,
|
410
403
|
max_length: branch_name_max_length,
|
@@ -30,7 +30,8 @@ module Dependabot
|
|
30
30
|
Excon.get(
|
31
31
|
url,
|
32
32
|
idempotent: true,
|
33
|
-
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
33
|
+
**SharedHelpers.excon_defaults({ headers: headers }.merge(options)),
|
34
|
+
retry_interval: 5
|
34
35
|
)
|
35
36
|
rescue Excon::Error::Timeout => e
|
36
37
|
cache_error(url, e)
|
@@ -34,11 +34,13 @@ module Dependabot
|
|
34
34
|
# Select constraints with minimum operators
|
35
35
|
min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
|
36
36
|
|
37
|
-
#
|
38
|
-
|
37
|
+
# Process each minimum constraint using the respective handler
|
38
|
+
effective_min_versions = min_constraints.filter_map do |op, version|
|
39
|
+
handle_min_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
|
40
|
+
end
|
39
41
|
|
40
|
-
# Return the
|
41
|
-
Dependabot::Version.new(
|
42
|
+
# Return the maximum among the effective minimum constraints
|
43
|
+
Dependabot::Version.new(effective_min_versions.max) if effective_min_versions.any?
|
42
44
|
end
|
43
45
|
|
44
46
|
# Returns the lowest upper limit among all maximum constraints.
|
@@ -47,28 +49,89 @@ module Dependabot
|
|
47
49
|
# Select constraints with maximum operators
|
48
50
|
max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
|
49
51
|
|
50
|
-
# Process each maximum constraint
|
51
|
-
effective_max_versions = max_constraints.
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
52
|
+
# Process each maximum constraint using the respective handler
|
53
|
+
effective_max_versions = max_constraints.filter_map do |op, version|
|
54
|
+
handle_max_operator(op, version.is_a?(Dependabot::Version) ? version : Dependabot::Version.new(version))
|
55
|
+
end
|
56
|
+
|
57
|
+
# Return the minimum among the effective maximum constraints
|
58
|
+
Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.any?
|
59
|
+
end
|
60
|
+
|
61
|
+
# Dynamically handles minimum operators
|
62
|
+
sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
|
63
|
+
def handle_min_operator(operator, version)
|
64
|
+
case operator
|
65
|
+
when ">=" then handle_greater_than_or_equal_for_min(version)
|
66
|
+
when ">" then handle_greater_than_for_min(version)
|
67
|
+
when "~>" then handle_tilde_pessimistic_for_min(version)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# Dynamically handles maximum operators
|
72
|
+
sig { params(operator: String, version: Dependabot::Version).returns(T.nilable(Dependabot::Version)) }
|
73
|
+
def handle_max_operator(operator, version)
|
74
|
+
case operator
|
75
|
+
when "<=" then handle_less_than_or_equal_for_max(version)
|
76
|
+
when "<" then handle_less_than_max(version)
|
77
|
+
when "~>" then handle_tilde_pessimistic_max(version)
|
68
78
|
end
|
79
|
+
end
|
80
|
+
|
81
|
+
# Methods for handling minimum constraints
|
82
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
83
|
+
def handle_greater_than_or_equal_for_min(version)
|
84
|
+
version
|
85
|
+
end
|
86
|
+
|
87
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
88
|
+
def handle_greater_than_for_min(version)
|
89
|
+
version
|
90
|
+
end
|
91
|
+
|
92
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
93
|
+
def handle_tilde_pessimistic_for_min(version)
|
94
|
+
version
|
95
|
+
end
|
96
|
+
|
97
|
+
# Methods for handling maximum constraints
|
98
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
99
|
+
def handle_less_than_or_equal_for_max(version)
|
100
|
+
version
|
101
|
+
end
|
102
|
+
|
103
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
104
|
+
def handle_less_than_max(version)
|
105
|
+
version
|
106
|
+
end
|
107
|
+
|
108
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
109
|
+
def handle_tilde_pessimistic_max(version)
|
110
|
+
case version.segments.length
|
111
|
+
when 1
|
112
|
+
bump_major_segment(version)
|
113
|
+
when 2
|
114
|
+
bump_minor_segment(version)
|
115
|
+
else
|
116
|
+
bump_version(version)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
private
|
121
|
+
|
122
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
123
|
+
def bump_major_segment(version)
|
124
|
+
Dependabot::Version.new("#{version.segments[0].to_i + 1}.0.0")
|
125
|
+
end
|
126
|
+
|
127
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
128
|
+
def bump_minor_segment(version)
|
129
|
+
Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1].to_i + 1}.0")
|
130
|
+
end
|
69
131
|
|
70
|
-
|
71
|
-
|
132
|
+
sig { params(version: Dependabot::Version).returns(Dependabot::Version) }
|
133
|
+
def bump_version(version)
|
134
|
+
Dependabot::Version.new(version.bump)
|
72
135
|
end
|
73
136
|
end
|
74
137
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.290.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-12-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -614,8 +614,8 @@ licenses:
|
|
614
614
|
- MIT
|
615
615
|
metadata:
|
616
616
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
617
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
618
|
-
post_install_message:
|
617
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.290.0
|
618
|
+
post_install_message:
|
619
619
|
rdoc_options: []
|
620
620
|
require_paths:
|
621
621
|
- lib
|
@@ -631,7 +631,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
631
631
|
version: 3.3.7
|
632
632
|
requirements: []
|
633
633
|
rubygems_version: 3.5.9
|
634
|
-
signing_key:
|
634
|
+
signing_key:
|
635
635
|
specification_version: 4
|
636
636
|
summary: Shared code used across Dependabot Core
|
637
637
|
test_files: []
|