dependabot-common 0.291.0 → 0.292.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/update_config.rb +17 -0
- data/lib/dependabot/ecosystem.rb +49 -13
- data/lib/dependabot/errors.rb +5 -0
- data/lib/dependabot/file_fetchers/base.rb +1 -1
- data/lib/dependabot/notices.rb +23 -15
- data/lib/dependabot/workspace/git.rb +1 -1
- data/lib/dependabot.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc0d7a7acc0f4dcb2e25a622e816fd82a11a1553eecf85e6ae1e442ce5750ffb
|
|
4
|
+
data.tar.gz: 29e3f86968cb122e49a26f2866ee3554cb07ddbbda305e17d02ee4cb10099282
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14e6659eaa880f07f1d2562d89ba71a5f581bcf431edcc49983bf7b6819be8567e0bd252606daa744e0c7d3523d2fd1970e22699b1053179f648009517ca332f
|
|
7
|
+
data.tar.gz: 47e39f274165302b4a2da440f242ffb7fd2e635c535666d3c09dc968090fbf7187c614ce1ed642f3ea472093820918675bb7ae465d4cad48a8c644d7ef5d6db8
|
|
@@ -32,6 +32,10 @@ module Dependabot
|
|
|
32
32
|
normalizer = name_normaliser_for(dependency)
|
|
33
33
|
dep_name = T.must(normalizer).call(dependency.name)
|
|
34
34
|
|
|
35
|
+
if dependency.version.nil? && dependency.requirements.any?
|
|
36
|
+
dependency = extract_base_version_from_requirement(dependency)
|
|
37
|
+
end
|
|
38
|
+
|
|
35
39
|
@ignore_conditions
|
|
36
40
|
.select { |ic| self.class.wildcard_match?(T.must(normalizer).call(ic.dependency_name), dep_name) }
|
|
37
41
|
.map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
|
@@ -40,6 +44,19 @@ module Dependabot
|
|
|
40
44
|
.uniq
|
|
41
45
|
end
|
|
42
46
|
|
|
47
|
+
sig { params(dependency: Dependency).returns(Dependency) }
|
|
48
|
+
def extract_base_version_from_requirement(dependency)
|
|
49
|
+
requirements = dependency.requirements
|
|
50
|
+
requirement = T.must(requirements.first)[:requirement]
|
|
51
|
+
version = requirement&.match(/\d+\.\d+\.\d+/)&.to_s
|
|
52
|
+
Dependabot::Dependency.new(
|
|
53
|
+
name: dependency.name,
|
|
54
|
+
version: version,
|
|
55
|
+
requirements: dependency.requirements,
|
|
56
|
+
package_manager: dependency.package_manager
|
|
57
|
+
)
|
|
58
|
+
end
|
|
59
|
+
|
|
43
60
|
sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
|
|
44
61
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
45
62
|
return false unless wildcard_string && candidate_string
|
data/lib/dependabot/ecosystem.rb
CHANGED
|
@@ -17,30 +17,38 @@ module Dependabot
|
|
|
17
17
|
abstract!
|
|
18
18
|
# Initialize version information for a package manager or language.
|
|
19
19
|
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
|
20
|
-
# @param
|
|
20
|
+
# @param detected_version [Dependabot::Version] the detected version of the package manager or language.
|
|
21
|
+
# @param version [Dependabot::Version] the version dependabots run on.
|
|
21
22
|
# @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
|
|
22
23
|
# @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
|
|
23
24
|
# @param requirement [Dependabot::Requirement] an array of requirements.
|
|
24
25
|
# @example
|
|
25
|
-
# VersionManager.new(
|
|
26
|
+
# VersionManager.new(
|
|
27
|
+
# name: "bundler",
|
|
28
|
+
# version: Version.new("2.1.4"),
|
|
29
|
+
# requirement: nil
|
|
30
|
+
# )
|
|
26
31
|
sig do
|
|
27
32
|
params(
|
|
28
33
|
name: String,
|
|
29
|
-
|
|
34
|
+
detected_version: T.nilable(Dependabot::Version),
|
|
35
|
+
version: T.nilable(Dependabot::Version),
|
|
30
36
|
deprecated_versions: T::Array[Dependabot::Version],
|
|
31
37
|
supported_versions: T::Array[Dependabot::Version],
|
|
32
38
|
requirement: T.nilable(Dependabot::Requirement)
|
|
33
39
|
).void
|
|
34
40
|
end
|
|
35
41
|
def initialize(
|
|
36
|
-
name
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
42
|
+
name:,
|
|
43
|
+
detected_version: nil,
|
|
44
|
+
version: nil,
|
|
45
|
+
deprecated_versions: [],
|
|
46
|
+
supported_versions: [],
|
|
47
|
+
requirement: nil
|
|
41
48
|
)
|
|
42
49
|
@name = T.let(name, String)
|
|
43
|
-
@
|
|
50
|
+
@detected_version = T.let(detected_version || version, T.nilable(Dependabot::Version))
|
|
51
|
+
@version = T.let(version, T.nilable(Dependabot::Version))
|
|
44
52
|
@deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
|
|
45
53
|
@supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
|
|
46
54
|
@requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
|
|
@@ -52,10 +60,16 @@ module Dependabot
|
|
|
52
60
|
sig { returns(String) }
|
|
53
61
|
attr_reader :name
|
|
54
62
|
|
|
63
|
+
# The current version of the package manager or language.
|
|
64
|
+
# @example
|
|
65
|
+
# detected_version #=> Dependabot::Version.new("2")
|
|
66
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
67
|
+
attr_reader :detected_version
|
|
68
|
+
|
|
55
69
|
# The current version of the package manager or language.
|
|
56
70
|
# @example
|
|
57
71
|
# version #=> Dependabot::Version.new("2.1.4")
|
|
58
|
-
sig { returns(Dependabot::Version) }
|
|
72
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
59
73
|
attr_reader :version
|
|
60
74
|
|
|
61
75
|
# Returns an array of deprecated versions of the package manager.
|
|
@@ -76,16 +90,34 @@ module Dependabot
|
|
|
76
90
|
sig { returns(T.nilable(Dependabot::Requirement)) }
|
|
77
91
|
attr_reader :requirement
|
|
78
92
|
|
|
93
|
+
# The version of the package manager or language as a string.
|
|
94
|
+
# @example
|
|
95
|
+
# version_to_s #=> "2.1"
|
|
96
|
+
sig { returns(String) }
|
|
97
|
+
def version_to_s
|
|
98
|
+
version.to_s
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
# The raw version of the package manager or language.
|
|
102
|
+
# @example
|
|
103
|
+
# raw_version #=> "2.1.4"
|
|
104
|
+
sig { returns(String) }
|
|
105
|
+
def version_to_raw_s
|
|
106
|
+
version&.to_semver.to_s
|
|
107
|
+
end
|
|
108
|
+
|
|
79
109
|
# Checks if the current version is deprecated.
|
|
80
110
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
81
111
|
# @example
|
|
82
112
|
# deprecated? #=> true
|
|
83
113
|
sig { returns(T::Boolean) }
|
|
84
114
|
def deprecated?
|
|
115
|
+
return false unless detected_version
|
|
116
|
+
|
|
85
117
|
# If the version is unsupported, the unsupported error is getting raised separately.
|
|
86
118
|
return false if unsupported?
|
|
87
119
|
|
|
88
|
-
deprecated_versions.include?(
|
|
120
|
+
deprecated_versions.include?(detected_version)
|
|
89
121
|
end
|
|
90
122
|
|
|
91
123
|
# Checks if the current version is unsupported.
|
|
@@ -93,16 +125,20 @@ module Dependabot
|
|
|
93
125
|
# unsupported? #=> false
|
|
94
126
|
sig { returns(T::Boolean) }
|
|
95
127
|
def unsupported?
|
|
128
|
+
return false unless detected_version
|
|
129
|
+
|
|
96
130
|
return false if supported_versions.empty?
|
|
97
131
|
|
|
98
132
|
# Check if the version is not supported
|
|
99
|
-
supported_versions.all? { |supported| supported >
|
|
133
|
+
supported_versions.all? { |supported| supported > detected_version }
|
|
100
134
|
end
|
|
101
135
|
|
|
102
136
|
# Raises an error if the current package manager or language version is unsupported.
|
|
103
137
|
# If the version is unsupported, it raises a ToolVersionNotSupported error.
|
|
104
138
|
sig { void }
|
|
105
139
|
def raise_if_unsupported!
|
|
140
|
+
return unless detected_version
|
|
141
|
+
|
|
106
142
|
return unless unsupported?
|
|
107
143
|
|
|
108
144
|
# Example: v2.*, v3.*
|
|
@@ -110,7 +146,7 @@ module Dependabot
|
|
|
110
146
|
|
|
111
147
|
raise ToolVersionNotSupported.new(
|
|
112
148
|
name,
|
|
113
|
-
|
|
149
|
+
detected_version.to_s,
|
|
114
150
|
supported_versions_message
|
|
115
151
|
)
|
|
116
152
|
end
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -83,6 +83,11 @@ module Dependabot
|
|
|
83
83
|
# and responsibility for fixing it is on them, not us. As a result we
|
|
84
84
|
# quietly log these as errors
|
|
85
85
|
{ "error-type": "server_error" }
|
|
86
|
+
when BadRequirementError
|
|
87
|
+
{
|
|
88
|
+
"error-type": "illformed_requirement",
|
|
89
|
+
"error-detail": { message: error.message }
|
|
90
|
+
}
|
|
86
91
|
when *Octokit::RATE_LIMITED_ERRORS
|
|
87
92
|
# If we get a rate-limited error we let dependabot-api handle the
|
|
88
93
|
# retry by re-enqueing the update job after the reset
|
|
@@ -311,7 +311,7 @@ module Dependabot
|
|
|
311
311
|
|
|
312
312
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
313
313
|
Dir.chdir(T.must(repo_contents_path)) do
|
|
314
|
-
return SharedHelpers.run_shell_command("git rev-parse HEAD").strip
|
|
314
|
+
return SharedHelpers.run_shell_command("git rev-parse HEAD", stderr_to_stdout: false).strip
|
|
315
315
|
end
|
|
316
316
|
end
|
|
317
317
|
end
|
data/lib/dependabot/notices.rb
CHANGED
|
@@ -71,15 +71,20 @@ module Dependabot
|
|
|
71
71
|
# Generates a description for supported versions.
|
|
72
72
|
# @param supported_versions [Array<Dependabot::Version>, nil] The supported versions of the package manager.
|
|
73
73
|
# @param support_later_versions [Boolean] Whether later versions are supported.
|
|
74
|
+
# @param version_manager_type [Symbol] The type of entity being deprecated i.e. :language or :package_manager
|
|
74
75
|
# @return [String, nil] The generated description or nil if no supported versions are provided.
|
|
75
76
|
sig do
|
|
76
77
|
params(
|
|
77
78
|
supported_versions: T.nilable(T::Array[Dependabot::Version]),
|
|
78
|
-
support_later_versions: T::Boolean
|
|
79
|
+
support_later_versions: T::Boolean,
|
|
80
|
+
version_manager_type: Symbol
|
|
79
81
|
).returns(String)
|
|
80
82
|
end
|
|
81
|
-
def self.generate_supported_versions_description(
|
|
82
|
-
|
|
83
|
+
def self.generate_supported_versions_description(
|
|
84
|
+
supported_versions, support_later_versions, version_manager_type = :package_manager
|
|
85
|
+
)
|
|
86
|
+
entity_text = version_manager_type == :language ? "language" : "package manager"
|
|
87
|
+
return "Please upgrade your #{entity_text} version" unless supported_versions&.any?
|
|
83
88
|
|
|
84
89
|
versions_string = supported_versions.map { |version| "`v#{version}`" }
|
|
85
90
|
|
|
@@ -94,25 +99,28 @@ module Dependabot
|
|
|
94
99
|
"Please upgrade to one of the following versions: #{versions_string}#{later_description}."
|
|
95
100
|
end
|
|
96
101
|
|
|
97
|
-
# Generates a deprecation notice for the given
|
|
98
|
-
# @param
|
|
99
|
-
# @
|
|
102
|
+
# Generates a deprecation notice for the given version manager.
|
|
103
|
+
# @param version_manager [VersionManager] The version manager object.
|
|
104
|
+
# @param version_manager_type [Symbol] The version manager type e.g. :language or :package_manager
|
|
105
|
+
# @return [Notice, nil] The generated deprecation notice or nil if the version manager is not deprecated.
|
|
100
106
|
sig do
|
|
101
107
|
params(
|
|
102
|
-
|
|
108
|
+
version_manager: Ecosystem::VersionManager,
|
|
109
|
+
version_manager_type: Symbol
|
|
103
110
|
).returns(T.nilable(Notice))
|
|
104
111
|
end
|
|
105
|
-
def self.
|
|
106
|
-
return nil unless
|
|
112
|
+
def self.generate_deprecation_notice(version_manager, version_manager_type = :package_manager)
|
|
113
|
+
return nil unless version_manager.deprecated?
|
|
107
114
|
|
|
108
115
|
mode = NoticeMode::WARN
|
|
109
116
|
supported_versions_description = generate_supported_versions_description(
|
|
110
|
-
|
|
111
|
-
|
|
117
|
+
version_manager.supported_versions,
|
|
118
|
+
version_manager.support_later_versions?,
|
|
119
|
+
version_manager_type
|
|
112
120
|
)
|
|
113
|
-
notice_type = "#{
|
|
114
|
-
title = "Package manager deprecation notice"
|
|
115
|
-
description = "Dependabot will stop supporting `#{
|
|
121
|
+
notice_type = "#{version_manager.name}_deprecated_warn"
|
|
122
|
+
title = version_manager_type == :language ? "Language deprecation notice" : "Package manager deprecation notice"
|
|
123
|
+
description = "Dependabot will stop supporting `#{version_manager.name} v#{version_manager.detected_version}`!"
|
|
116
124
|
|
|
117
125
|
## Add the supported versions to the description
|
|
118
126
|
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
@@ -120,7 +128,7 @@ module Dependabot
|
|
|
120
128
|
Notice.new(
|
|
121
129
|
mode: mode,
|
|
122
130
|
type: notice_type,
|
|
123
|
-
package_manager_name:
|
|
131
|
+
package_manager_name: version_manager.name,
|
|
124
132
|
title: title,
|
|
125
133
|
description: description,
|
|
126
134
|
show_in_pr: true,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.292.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -615,7 +615,7 @@ licenses:
|
|
|
615
615
|
- MIT
|
|
616
616
|
metadata:
|
|
617
617
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
618
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
618
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
|
619
619
|
post_install_message:
|
|
620
620
|
rdoc_options: []
|
|
621
621
|
require_paths:
|
|
@@ -631,7 +631,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
631
631
|
- !ruby/object:Gem::Version
|
|
632
632
|
version: 3.3.7
|
|
633
633
|
requirements: []
|
|
634
|
-
rubygems_version: 3.5.
|
|
634
|
+
rubygems_version: 3.5.22
|
|
635
635
|
signing_key:
|
|
636
636
|
specification_version: 4
|
|
637
637
|
summary: Shared code used across Dependabot Core
|