dependabot-common 0.291.0 → 0.292.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/update_config.rb +17 -0
- data/lib/dependabot/ecosystem.rb +49 -13
- data/lib/dependabot/errors.rb +5 -0
- data/lib/dependabot/file_fetchers/base.rb +1 -1
- data/lib/dependabot/notices.rb +23 -15
- data/lib/dependabot/workspace/git.rb +1 -1
- data/lib/dependabot.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc0d7a7acc0f4dcb2e25a622e816fd82a11a1553eecf85e6ae1e442ce5750ffb
|
|
4
|
+
data.tar.gz: 29e3f86968cb122e49a26f2866ee3554cb07ddbbda305e17d02ee4cb10099282
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14e6659eaa880f07f1d2562d89ba71a5f581bcf431edcc49983bf7b6819be8567e0bd252606daa744e0c7d3523d2fd1970e22699b1053179f648009517ca332f
|
|
7
|
+
data.tar.gz: 47e39f274165302b4a2da440f242ffb7fd2e635c535666d3c09dc968090fbf7187c614ce1ed642f3ea472093820918675bb7ae465d4cad48a8c644d7ef5d6db8
|
|
@@ -32,6 +32,10 @@ module Dependabot
|
|
|
32
32
|
normalizer = name_normaliser_for(dependency)
|
|
33
33
|
dep_name = T.must(normalizer).call(dependency.name)
|
|
34
34
|
|
|
35
|
+
if dependency.version.nil? && dependency.requirements.any?
|
|
36
|
+
dependency = extract_base_version_from_requirement(dependency)
|
|
37
|
+
end
|
|
38
|
+
|
|
35
39
|
@ignore_conditions
|
|
36
40
|
.select { |ic| self.class.wildcard_match?(T.must(normalizer).call(ic.dependency_name), dep_name) }
|
|
37
41
|
.map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
|
@@ -40,6 +44,19 @@ module Dependabot
|
|
|
40
44
|
.uniq
|
|
41
45
|
end
|
|
42
46
|
|
|
47
|
+
sig { params(dependency: Dependency).returns(Dependency) }
|
|
48
|
+
def extract_base_version_from_requirement(dependency)
|
|
49
|
+
requirements = dependency.requirements
|
|
50
|
+
requirement = T.must(requirements.first)[:requirement]
|
|
51
|
+
version = requirement&.match(/\d+\.\d+\.\d+/)&.to_s
|
|
52
|
+
Dependabot::Dependency.new(
|
|
53
|
+
name: dependency.name,
|
|
54
|
+
version: version,
|
|
55
|
+
requirements: dependency.requirements,
|
|
56
|
+
package_manager: dependency.package_manager
|
|
57
|
+
)
|
|
58
|
+
end
|
|
59
|
+
|
|
43
60
|
sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
|
|
44
61
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
45
62
|
return false unless wildcard_string && candidate_string
|
data/lib/dependabot/ecosystem.rb
CHANGED
|
@@ -17,30 +17,38 @@ module Dependabot
|
|
|
17
17
|
abstract!
|
|
18
18
|
# Initialize version information for a package manager or language.
|
|
19
19
|
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
|
20
|
-
# @param
|
|
20
|
+
# @param detected_version [Dependabot::Version] the detected version of the package manager or language.
|
|
21
|
+
# @param version [Dependabot::Version] the version dependabots run on.
|
|
21
22
|
# @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
|
|
22
23
|
# @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
|
|
23
24
|
# @param requirement [Dependabot::Requirement] an array of requirements.
|
|
24
25
|
# @example
|
|
25
|
-
# VersionManager.new(
|
|
26
|
+
# VersionManager.new(
|
|
27
|
+
# name: "bundler",
|
|
28
|
+
# version: Version.new("2.1.4"),
|
|
29
|
+
# requirement: nil
|
|
30
|
+
# )
|
|
26
31
|
sig do
|
|
27
32
|
params(
|
|
28
33
|
name: String,
|
|
29
|
-
|
|
34
|
+
detected_version: T.nilable(Dependabot::Version),
|
|
35
|
+
version: T.nilable(Dependabot::Version),
|
|
30
36
|
deprecated_versions: T::Array[Dependabot::Version],
|
|
31
37
|
supported_versions: T::Array[Dependabot::Version],
|
|
32
38
|
requirement: T.nilable(Dependabot::Requirement)
|
|
33
39
|
).void
|
|
34
40
|
end
|
|
35
41
|
def initialize(
|
|
36
|
-
name
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
42
|
+
name:,
|
|
43
|
+
detected_version: nil,
|
|
44
|
+
version: nil,
|
|
45
|
+
deprecated_versions: [],
|
|
46
|
+
supported_versions: [],
|
|
47
|
+
requirement: nil
|
|
41
48
|
)
|
|
42
49
|
@name = T.let(name, String)
|
|
43
|
-
@
|
|
50
|
+
@detected_version = T.let(detected_version || version, T.nilable(Dependabot::Version))
|
|
51
|
+
@version = T.let(version, T.nilable(Dependabot::Version))
|
|
44
52
|
@deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
|
|
45
53
|
@supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
|
|
46
54
|
@requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
|
|
@@ -52,10 +60,16 @@ module Dependabot
|
|
|
52
60
|
sig { returns(String) }
|
|
53
61
|
attr_reader :name
|
|
54
62
|
|
|
63
|
+
# The current version of the package manager or language.
|
|
64
|
+
# @example
|
|
65
|
+
# detected_version #=> Dependabot::Version.new("2")
|
|
66
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
67
|
+
attr_reader :detected_version
|
|
68
|
+
|
|
55
69
|
# The current version of the package manager or language.
|
|
56
70
|
# @example
|
|
57
71
|
# version #=> Dependabot::Version.new("2.1.4")
|
|
58
|
-
sig { returns(Dependabot::Version) }
|
|
72
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
59
73
|
attr_reader :version
|
|
60
74
|
|
|
61
75
|
# Returns an array of deprecated versions of the package manager.
|
|
@@ -76,16 +90,34 @@ module Dependabot
|
|
|
76
90
|
sig { returns(T.nilable(Dependabot::Requirement)) }
|
|
77
91
|
attr_reader :requirement
|
|
78
92
|
|
|
93
|
+
# The version of the package manager or language as a string.
|
|
94
|
+
# @example
|
|
95
|
+
# version_to_s #=> "2.1"
|
|
96
|
+
sig { returns(String) }
|
|
97
|
+
def version_to_s
|
|
98
|
+
version.to_s
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
# The raw version of the package manager or language.
|
|
102
|
+
# @example
|
|
103
|
+
# raw_version #=> "2.1.4"
|
|
104
|
+
sig { returns(String) }
|
|
105
|
+
def version_to_raw_s
|
|
106
|
+
version&.to_semver.to_s
|
|
107
|
+
end
|
|
108
|
+
|
|
79
109
|
# Checks if the current version is deprecated.
|
|
80
110
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
81
111
|
# @example
|
|
82
112
|
# deprecated? #=> true
|
|
83
113
|
sig { returns(T::Boolean) }
|
|
84
114
|
def deprecated?
|
|
115
|
+
return false unless detected_version
|
|
116
|
+
|
|
85
117
|
# If the version is unsupported, the unsupported error is getting raised separately.
|
|
86
118
|
return false if unsupported?
|
|
87
119
|
|
|
88
|
-
deprecated_versions.include?(
|
|
120
|
+
deprecated_versions.include?(detected_version)
|
|
89
121
|
end
|
|
90
122
|
|
|
91
123
|
# Checks if the current version is unsupported.
|
|
@@ -93,16 +125,20 @@ module Dependabot
|
|
|
93
125
|
# unsupported? #=> false
|
|
94
126
|
sig { returns(T::Boolean) }
|
|
95
127
|
def unsupported?
|
|
128
|
+
return false unless detected_version
|
|
129
|
+
|
|
96
130
|
return false if supported_versions.empty?
|
|
97
131
|
|
|
98
132
|
# Check if the version is not supported
|
|
99
|
-
supported_versions.all? { |supported| supported >
|
|
133
|
+
supported_versions.all? { |supported| supported > detected_version }
|
|
100
134
|
end
|
|
101
135
|
|
|
102
136
|
# Raises an error if the current package manager or language version is unsupported.
|
|
103
137
|
# If the version is unsupported, it raises a ToolVersionNotSupported error.
|
|
104
138
|
sig { void }
|
|
105
139
|
def raise_if_unsupported!
|
|
140
|
+
return unless detected_version
|
|
141
|
+
|
|
106
142
|
return unless unsupported?
|
|
107
143
|
|
|
108
144
|
# Example: v2.*, v3.*
|
|
@@ -110,7 +146,7 @@ module Dependabot
|
|
|
110
146
|
|
|
111
147
|
raise ToolVersionNotSupported.new(
|
|
112
148
|
name,
|
|
113
|
-
|
|
149
|
+
detected_version.to_s,
|
|
114
150
|
supported_versions_message
|
|
115
151
|
)
|
|
116
152
|
end
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -83,6 +83,11 @@ module Dependabot
|
|
|
83
83
|
# and responsibility for fixing it is on them, not us. As a result we
|
|
84
84
|
# quietly log these as errors
|
|
85
85
|
{ "error-type": "server_error" }
|
|
86
|
+
when BadRequirementError
|
|
87
|
+
{
|
|
88
|
+
"error-type": "illformed_requirement",
|
|
89
|
+
"error-detail": { message: error.message }
|
|
90
|
+
}
|
|
86
91
|
when *Octokit::RATE_LIMITED_ERRORS
|
|
87
92
|
# If we get a rate-limited error we let dependabot-api handle the
|
|
88
93
|
# retry by re-enqueing the update job after the reset
|
|
@@ -311,7 +311,7 @@ module Dependabot
|
|
|
311
311
|
|
|
312
312
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
313
313
|
Dir.chdir(T.must(repo_contents_path)) do
|
|
314
|
-
return SharedHelpers.run_shell_command("git rev-parse HEAD").strip
|
|
314
|
+
return SharedHelpers.run_shell_command("git rev-parse HEAD", stderr_to_stdout: false).strip
|
|
315
315
|
end
|
|
316
316
|
end
|
|
317
317
|
end
|
data/lib/dependabot/notices.rb
CHANGED
|
@@ -71,15 +71,20 @@ module Dependabot
|
|
|
71
71
|
# Generates a description for supported versions.
|
|
72
72
|
# @param supported_versions [Array<Dependabot::Version>, nil] The supported versions of the package manager.
|
|
73
73
|
# @param support_later_versions [Boolean] Whether later versions are supported.
|
|
74
|
+
# @param version_manager_type [Symbol] The type of entity being deprecated i.e. :language or :package_manager
|
|
74
75
|
# @return [String, nil] The generated description or nil if no supported versions are provided.
|
|
75
76
|
sig do
|
|
76
77
|
params(
|
|
77
78
|
supported_versions: T.nilable(T::Array[Dependabot::Version]),
|
|
78
|
-
support_later_versions: T::Boolean
|
|
79
|
+
support_later_versions: T::Boolean,
|
|
80
|
+
version_manager_type: Symbol
|
|
79
81
|
).returns(String)
|
|
80
82
|
end
|
|
81
|
-
def self.generate_supported_versions_description(
|
|
82
|
-
|
|
83
|
+
def self.generate_supported_versions_description(
|
|
84
|
+
supported_versions, support_later_versions, version_manager_type = :package_manager
|
|
85
|
+
)
|
|
86
|
+
entity_text = version_manager_type == :language ? "language" : "package manager"
|
|
87
|
+
return "Please upgrade your #{entity_text} version" unless supported_versions&.any?
|
|
83
88
|
|
|
84
89
|
versions_string = supported_versions.map { |version| "`v#{version}`" }
|
|
85
90
|
|
|
@@ -94,25 +99,28 @@ module Dependabot
|
|
|
94
99
|
"Please upgrade to one of the following versions: #{versions_string}#{later_description}."
|
|
95
100
|
end
|
|
96
101
|
|
|
97
|
-
# Generates a deprecation notice for the given
|
|
98
|
-
# @param
|
|
99
|
-
# @
|
|
102
|
+
# Generates a deprecation notice for the given version manager.
|
|
103
|
+
# @param version_manager [VersionManager] The version manager object.
|
|
104
|
+
# @param version_manager_type [Symbol] The version manager type e.g. :language or :package_manager
|
|
105
|
+
# @return [Notice, nil] The generated deprecation notice or nil if the version manager is not deprecated.
|
|
100
106
|
sig do
|
|
101
107
|
params(
|
|
102
|
-
|
|
108
|
+
version_manager: Ecosystem::VersionManager,
|
|
109
|
+
version_manager_type: Symbol
|
|
103
110
|
).returns(T.nilable(Notice))
|
|
104
111
|
end
|
|
105
|
-
def self.
|
|
106
|
-
return nil unless
|
|
112
|
+
def self.generate_deprecation_notice(version_manager, version_manager_type = :package_manager)
|
|
113
|
+
return nil unless version_manager.deprecated?
|
|
107
114
|
|
|
108
115
|
mode = NoticeMode::WARN
|
|
109
116
|
supported_versions_description = generate_supported_versions_description(
|
|
110
|
-
|
|
111
|
-
|
|
117
|
+
version_manager.supported_versions,
|
|
118
|
+
version_manager.support_later_versions?,
|
|
119
|
+
version_manager_type
|
|
112
120
|
)
|
|
113
|
-
notice_type = "#{
|
|
114
|
-
title = "Package manager deprecation notice"
|
|
115
|
-
description = "Dependabot will stop supporting `#{
|
|
121
|
+
notice_type = "#{version_manager.name}_deprecated_warn"
|
|
122
|
+
title = version_manager_type == :language ? "Language deprecation notice" : "Package manager deprecation notice"
|
|
123
|
+
description = "Dependabot will stop supporting `#{version_manager.name} v#{version_manager.detected_version}`!"
|
|
116
124
|
|
|
117
125
|
## Add the supported versions to the description
|
|
118
126
|
description += "\n\n#{supported_versions_description}\n" unless supported_versions_description.empty?
|
|
@@ -120,7 +128,7 @@ module Dependabot
|
|
|
120
128
|
Notice.new(
|
|
121
129
|
mode: mode,
|
|
122
130
|
type: notice_type,
|
|
123
|
-
package_manager_name:
|
|
131
|
+
package_manager_name: version_manager.name,
|
|
124
132
|
title: title,
|
|
125
133
|
description: description,
|
|
126
134
|
show_in_pr: true,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.292.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -615,7 +615,7 @@ licenses:
|
|
|
615
615
|
- MIT
|
|
616
616
|
metadata:
|
|
617
617
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
618
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
618
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.292.0
|
|
619
619
|
post_install_message:
|
|
620
620
|
rdoc_options: []
|
|
621
621
|
require_paths:
|
|
@@ -631,7 +631,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
631
631
|
- !ruby/object:Gem::Version
|
|
632
632
|
version: 3.3.7
|
|
633
633
|
requirements: []
|
|
634
|
-
rubygems_version: 3.5.
|
|
634
|
+
rubygems_version: 3.5.22
|
|
635
635
|
signing_key:
|
|
636
636
|
specification_version: 4
|
|
637
637
|
summary: Shared code used across Dependabot Core
|