dependabot-common 0.309.0 → 0.311.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/package/package_latest_version_finder.rb +16 -9
- data/lib/dependabot/shared_helpers.rb +3 -3
- data/lib/dependabot.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 896e658ef71b4518142ff132b8ab2f0f964cee4b69760ad3accc4f2c018d6f8a
|
|
4
|
+
data.tar.gz: d9273804a99bc6835fd9cd57bf3df0721204876281dc50b3ed1b3d47ae2fea2b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dff45877a4977abe2d27c2e1546a1b6eccd6f028bd49f33cfd608a6f3bae7370268bffc7dbb8ad52827070bdccecb6860c71dda204353838a006cbf1bdc21b5b
|
|
7
|
+
data.tar.gz: 97fae1b7cad856afe9b19686f7965d4c501b396b9172538e68908a8fb3dd28785847196e4dc65d67a44b8847c12be282cc43285e2d3a691ca6bb938823aac3b7
|
|
@@ -19,6 +19,8 @@ module Dependabot
|
|
|
19
19
|
extend T::Sig
|
|
20
20
|
extend T::Helpers
|
|
21
21
|
|
|
22
|
+
DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
|
|
23
|
+
|
|
22
24
|
abstract!
|
|
23
25
|
|
|
24
26
|
sig { returns(Dependabot::Dependency) }
|
|
@@ -160,7 +162,6 @@ module Dependabot
|
|
|
160
162
|
return unless releases
|
|
161
163
|
|
|
162
164
|
releases = filter_yanked_versions(releases)
|
|
163
|
-
releases = filter_by_cooldown(releases)
|
|
164
165
|
releases = filter_unsupported_versions(releases, language_version)
|
|
165
166
|
# versions = filter_prerelease_versions(versions)
|
|
166
167
|
releases = Dependabot::UpdateCheckers::VersionFilters
|
|
@@ -211,14 +212,7 @@ module Dependabot
|
|
|
211
212
|
return releases unless cooldown_enabled?
|
|
212
213
|
return releases unless cooldown_options
|
|
213
214
|
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
filtered = releases.reject do |release|
|
|
217
|
-
next false unless release.released_at
|
|
218
|
-
|
|
219
|
-
days = cooldown_days_for(current_version, release.version)
|
|
220
|
-
(Time.now.to_i - release.released_at.to_i) < (days * 24 * 60 * 60)
|
|
221
|
-
end
|
|
215
|
+
filtered = releases.reject { |release| in_cooldown_period?(release) }
|
|
222
216
|
|
|
223
217
|
if releases.count > filtered.count
|
|
224
218
|
Dependabot.logger.info("Filtered out #{releases.count - filtered.count} versions due to cooldown")
|
|
@@ -226,6 +220,19 @@ module Dependabot
|
|
|
226
220
|
filtered
|
|
227
221
|
end
|
|
228
222
|
|
|
223
|
+
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
224
|
+
def in_cooldown_period?(release)
|
|
225
|
+
return false unless release.released_at
|
|
226
|
+
|
|
227
|
+
current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
|
|
228
|
+
days = cooldown_days_for(current_version, release.version)
|
|
229
|
+
|
|
230
|
+
# Calculate the number of seconds passed since the release
|
|
231
|
+
passed_seconds = Time.now.to_i - release.released_at.to_i
|
|
232
|
+
# Check if the release is within the cooldown period
|
|
233
|
+
passed_seconds < days * DAY_IN_SECONDS
|
|
234
|
+
end
|
|
235
|
+
|
|
229
236
|
sig do
|
|
230
237
|
params(
|
|
231
238
|
releases: T::Array[Dependabot::Package::PackageRelease],
|
|
@@ -90,7 +90,7 @@ module Dependabot
|
|
|
90
90
|
sig { returns(String) }
|
|
91
91
|
attr_reader :error_class
|
|
92
92
|
|
|
93
|
-
sig { returns(T::Hash[Symbol,
|
|
93
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
94
94
|
attr_reader :error_context
|
|
95
95
|
|
|
96
96
|
sig { returns(T.nilable(T::Array[String])) }
|
|
@@ -130,14 +130,14 @@ module Dependabot
|
|
|
130
130
|
params(
|
|
131
131
|
command: String,
|
|
132
132
|
function: String,
|
|
133
|
-
args: T.
|
|
133
|
+
args: T.untyped,
|
|
134
134
|
env: T.nilable(T::Hash[String, String]),
|
|
135
135
|
stderr_to_stdout: T::Boolean,
|
|
136
136
|
allow_unsafe_shell_command: T::Boolean,
|
|
137
137
|
error_class: T.class_of(HelperSubprocessFailed),
|
|
138
138
|
timeout: Integer
|
|
139
139
|
)
|
|
140
|
-
.returns(T.
|
|
140
|
+
.returns(T.untyped)
|
|
141
141
|
end
|
|
142
142
|
def self.run_helper_subprocess(command:, function:, args:, env: nil,
|
|
143
143
|
stderr_to_stdout: false,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.311.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-05-01 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: aws-sdk-codecommit
|
|
@@ -303,16 +303,16 @@ dependencies:
|
|
|
303
303
|
name: toml-rb
|
|
304
304
|
requirement: !ruby/object:Gem::Requirement
|
|
305
305
|
requirements:
|
|
306
|
-
- - "
|
|
306
|
+
- - "~>"
|
|
307
307
|
- !ruby/object:Gem::Version
|
|
308
|
-
version:
|
|
308
|
+
version: '4.0'
|
|
309
309
|
type: :runtime
|
|
310
310
|
prerelease: false
|
|
311
311
|
version_requirements: !ruby/object:Gem::Requirement
|
|
312
312
|
requirements:
|
|
313
|
-
- - "
|
|
313
|
+
- - "~>"
|
|
314
314
|
- !ruby/object:Gem::Version
|
|
315
|
-
version:
|
|
315
|
+
version: '4.0'
|
|
316
316
|
- !ruby/object:Gem::Dependency
|
|
317
317
|
name: debug
|
|
318
318
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -513,16 +513,16 @@ dependencies:
|
|
|
513
513
|
name: webrick
|
|
514
514
|
requirement: !ruby/object:Gem::Requirement
|
|
515
515
|
requirements:
|
|
516
|
-
- - "
|
|
516
|
+
- - "~>"
|
|
517
517
|
- !ruby/object:Gem::Version
|
|
518
|
-
version: '1.
|
|
518
|
+
version: '1.9'
|
|
519
519
|
type: :development
|
|
520
520
|
prerelease: false
|
|
521
521
|
version_requirements: !ruby/object:Gem::Requirement
|
|
522
522
|
requirements:
|
|
523
|
-
- - "
|
|
523
|
+
- - "~>"
|
|
524
524
|
- !ruby/object:Gem::Version
|
|
525
|
-
version: '1.
|
|
525
|
+
version: '1.9'
|
|
526
526
|
description: Dependabot-Common provides the shared code used across Dependabot. If
|
|
527
527
|
you want support for multiple package managers, you probably want the meta-gem dependabot-omnibus.
|
|
528
528
|
email: opensource@github.com
|
|
@@ -627,7 +627,7 @@ licenses:
|
|
|
627
627
|
- MIT
|
|
628
628
|
metadata:
|
|
629
629
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
630
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
630
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.311.0
|
|
631
631
|
rdoc_options: []
|
|
632
632
|
require_paths:
|
|
633
633
|
- lib
|