dependabot-common 0.331.0 → 0.332.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file_fetcher.rb +0 -2
- data/lib/dependabot/dependency.rb +1 -10
- data/lib/dependabot/dependency_file.rb +2 -16
- data/lib/dependabot/file_fetchers/base.rb +3 -3
- data/lib/dependabot/package/package_latest_version_finder.rb +66 -64
- data/lib/dependabot/requirements_updater/base.rb +2 -0
- data/lib/dependabot/workspace/base.rb +2 -0
- data/lib/dependabot.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 96e4e83c7cdbf12714aa4542b6dae8a9c71b4c5f89f696f0da5a9b5edb3ef9d4
|
|
4
|
+
data.tar.gz: 9ed849c328be46ed3372c220b4d40d34ac3f66ed1d458ab6e30dd9df870d3fff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2130d48ea935228392ce811fb9e91a4d6322dfee13296df1b66247169fccc7279f4213f01b8a716b91317cf31574647719b28ec4bda35ab86ff26f8a112c930f
|
|
7
|
+
data.tar.gz: 301db4be228ea9ddb8a40b55a1f1649bf1c9af444f3bf7f0d107c005ca01a76640016d61144a389baf1b2404648c0393f1da2efd1f023153bce3a715d5291a23
|
|
@@ -27,8 +27,6 @@ module Dependabot
|
|
|
27
27
|
@config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
private
|
|
31
|
-
|
|
32
30
|
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
33
31
|
def fetch_files
|
|
34
32
|
fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
@@ -119,14 +119,12 @@ module Dependabot
|
|
|
119
119
|
subdependency_metadata: T.nilable(T::Array[T::Hash[T.any(Symbol, String), String]]),
|
|
120
120
|
removed: T::Boolean,
|
|
121
121
|
metadata: T.nilable(T::Hash[T.any(Symbol, String), String]),
|
|
122
|
-
direct_relationship: T::Boolean,
|
|
123
122
|
origin_files: T::Array[String]
|
|
124
123
|
).void
|
|
125
124
|
end
|
|
126
125
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
127
126
|
previous_version: nil, previous_requirements: nil, directory: nil,
|
|
128
|
-
subdependency_metadata: [], removed: false, metadata: {},
|
|
129
|
-
origin_files: [])
|
|
127
|
+
subdependency_metadata: [], removed: false, metadata: {}, origin_files: [])
|
|
130
128
|
@name = name
|
|
131
129
|
@version = T.let(
|
|
132
130
|
case version
|
|
@@ -153,7 +151,6 @@ module Dependabot
|
|
|
153
151
|
end
|
|
154
152
|
@removed = removed
|
|
155
153
|
@metadata = T.let(symbolize_keys(metadata || {}), T::Hash[Symbol, T.untyped])
|
|
156
|
-
@direct_relationship = direct_relationship
|
|
157
154
|
@origin_files = origin_files
|
|
158
155
|
check_values
|
|
159
156
|
end
|
|
@@ -165,12 +162,6 @@ module Dependabot
|
|
|
165
162
|
requirements.any?
|
|
166
163
|
end
|
|
167
164
|
|
|
168
|
-
# used to support lockfile parsing/DependencySubmission
|
|
169
|
-
sig { returns(T::Boolean) }
|
|
170
|
-
def direct?
|
|
171
|
-
top_level? || @direct_relationship
|
|
172
|
-
end
|
|
173
|
-
|
|
174
165
|
sig { returns(T::Boolean) }
|
|
175
166
|
def removed?
|
|
176
167
|
@removed
|
|
@@ -28,14 +28,6 @@ module Dependabot
|
|
|
28
28
|
sig { returns(T::Boolean) }
|
|
29
29
|
attr_accessor :vendored_file
|
|
30
30
|
|
|
31
|
-
# Dependency file priority is used to determine which files are relevant when generating a dependency graph for the
|
|
32
|
-
# project - only the highest priority files will be graphed for each directory.
|
|
33
|
-
#
|
|
34
|
-
# This allows us to default to treating all dependency files as relevant unless the ecosystem's file parser tells
|
|
35
|
-
# us otherwise, for example indicating that a Gemfile.lock fully supersedes its peered Gemfile.
|
|
36
|
-
sig { returns(Integer) }
|
|
37
|
-
attr_accessor :priority
|
|
38
|
-
|
|
39
31
|
sig { returns(T.nilable(String)) }
|
|
40
32
|
attr_accessor :symlink_target
|
|
41
33
|
|
|
@@ -48,9 +40,6 @@ module Dependabot
|
|
|
48
40
|
sig { returns(T.nilable(String)) }
|
|
49
41
|
attr_accessor :mode
|
|
50
42
|
|
|
51
|
-
sig { returns(T::Set[T.untyped]) }
|
|
52
|
-
attr_accessor :dependencies
|
|
53
|
-
|
|
54
43
|
class ContentEncoding
|
|
55
44
|
UTF_8 = "utf-8"
|
|
56
45
|
BASE64 = "base64"
|
|
@@ -86,15 +75,14 @@ module Dependabot
|
|
|
86
75
|
content_encoding: String,
|
|
87
76
|
deleted: T::Boolean,
|
|
88
77
|
operation: String,
|
|
89
|
-
mode: T.nilable(String)
|
|
90
|
-
priority: Integer
|
|
78
|
+
mode: T.nilable(String)
|
|
91
79
|
)
|
|
92
80
|
.void
|
|
93
81
|
end
|
|
94
82
|
def initialize(name:, content:, directory: "/", type: "file",
|
|
95
83
|
support_file: false, vendored_file: false, symlink_target: nil,
|
|
96
84
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
|
97
|
-
operation: Operation::UPDATE, mode: nil
|
|
85
|
+
operation: Operation::UPDATE, mode: nil)
|
|
98
86
|
@name = name
|
|
99
87
|
@content = content
|
|
100
88
|
@directory = T.let(clean_directory(directory), String)
|
|
@@ -104,8 +92,6 @@ module Dependabot
|
|
|
104
92
|
@content_encoding = content_encoding
|
|
105
93
|
@operation = operation
|
|
106
94
|
@mode = mode
|
|
107
|
-
@dependencies = T.let(Set.new, T::Set[T.untyped])
|
|
108
|
-
@priority = priority
|
|
109
95
|
raise ArgumentError, "Invalid Git mode: #{mode}" if mode && !VALID_MODES.include?(mode)
|
|
110
96
|
|
|
111
97
|
# Make deleted override the operation. Deleted is kept when operation
|
|
@@ -158,9 +158,6 @@ module Dependabot
|
|
|
158
158
|
@files = files
|
|
159
159
|
end
|
|
160
160
|
|
|
161
|
-
sig { abstract.returns(T::Array[DependencyFile]) }
|
|
162
|
-
def fetch_files; end
|
|
163
|
-
|
|
164
161
|
sig { returns(T.nilable(String)) }
|
|
165
162
|
def commit
|
|
166
163
|
return T.must(cloned_commit) if cloned_commit
|
|
@@ -195,6 +192,9 @@ module Dependabot
|
|
|
195
192
|
sig { overridable.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
196
193
|
def ecosystem_versions; end
|
|
197
194
|
|
|
195
|
+
sig { abstract.returns(T::Array[DependencyFile]) }
|
|
196
|
+
def fetch_files; end
|
|
197
|
+
|
|
198
198
|
private
|
|
199
199
|
|
|
200
200
|
sig { params(name: String).returns(T.nilable(Dependabot::DependencyFile)) }
|
|
@@ -106,9 +106,6 @@ module Dependabot
|
|
|
106
106
|
@lowest_security_fix_version ||= fetch_lowest_security_fix_version(language_version: language_version)
|
|
107
107
|
end
|
|
108
108
|
|
|
109
|
-
sig { abstract.returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
110
|
-
def package_details; end
|
|
111
|
-
|
|
112
109
|
sig do
|
|
113
110
|
returns(T.nilable(T::Array[Dependabot::Package::PackageRelease]))
|
|
114
111
|
end
|
|
@@ -118,23 +115,6 @@ module Dependabot
|
|
|
118
115
|
|
|
119
116
|
protected
|
|
120
117
|
|
|
121
|
-
sig do
|
|
122
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
123
|
-
.returns(T.nilable(Dependabot::Version))
|
|
124
|
-
end
|
|
125
|
-
def fetch_latest_version(language_version: nil)
|
|
126
|
-
releases = available_versions
|
|
127
|
-
return unless releases
|
|
128
|
-
|
|
129
|
-
releases = filter_yanked_versions(releases)
|
|
130
|
-
releases = filter_by_cooldown(releases)
|
|
131
|
-
releases = filter_unsupported_versions(releases, language_version)
|
|
132
|
-
releases = filter_prerelease_versions(releases)
|
|
133
|
-
releases = filter_ignored_versions(releases)
|
|
134
|
-
releases = apply_post_fetch_latest_versions_filter(releases)
|
|
135
|
-
releases.max_by(&:version)&.version
|
|
136
|
-
end
|
|
137
|
-
|
|
138
118
|
sig do
|
|
139
119
|
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
140
120
|
.returns(T.nilable(Dependabot::Version))
|
|
@@ -153,45 +133,6 @@ module Dependabot
|
|
|
153
133
|
releases.max_by(&:version)&.version
|
|
154
134
|
end
|
|
155
135
|
|
|
156
|
-
sig do
|
|
157
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
158
|
-
.returns(T.nilable(Dependabot::Version))
|
|
159
|
-
end
|
|
160
|
-
def fetch_lowest_security_fix_version(language_version: nil)
|
|
161
|
-
releases = available_versions
|
|
162
|
-
return unless releases
|
|
163
|
-
|
|
164
|
-
releases = filter_yanked_versions(releases)
|
|
165
|
-
releases = filter_unsupported_versions(releases, language_version)
|
|
166
|
-
# versions = filter_prerelease_versions(versions)
|
|
167
|
-
releases = Dependabot::UpdateCheckers::VersionFilters
|
|
168
|
-
.filter_vulnerable_versions(
|
|
169
|
-
releases,
|
|
170
|
-
security_advisories
|
|
171
|
-
)
|
|
172
|
-
releases = filter_ignored_versions(releases)
|
|
173
|
-
releases = filter_lower_versions(releases)
|
|
174
|
-
releases = apply_post_fetch_lowest_security_fix_versions_filter(releases)
|
|
175
|
-
|
|
176
|
-
releases.min_by(&:version)&.version
|
|
177
|
-
end
|
|
178
|
-
|
|
179
|
-
sig do
|
|
180
|
-
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
181
|
-
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
182
|
-
end
|
|
183
|
-
def apply_post_fetch_latest_versions_filter(releases)
|
|
184
|
-
releases
|
|
185
|
-
end
|
|
186
|
-
|
|
187
|
-
sig do
|
|
188
|
-
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
189
|
-
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
190
|
-
end
|
|
191
|
-
def apply_post_fetch_lowest_security_fix_versions_filter(releases)
|
|
192
|
-
releases
|
|
193
|
-
end
|
|
194
|
-
|
|
195
136
|
sig do
|
|
196
137
|
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
197
138
|
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
@@ -322,11 +263,6 @@ module Dependabot
|
|
|
322
263
|
end
|
|
323
264
|
end
|
|
324
265
|
|
|
325
|
-
sig { returns(T::Boolean) }
|
|
326
|
-
def cooldown_enabled?
|
|
327
|
-
false
|
|
328
|
-
end
|
|
329
|
-
|
|
330
266
|
sig do
|
|
331
267
|
params(
|
|
332
268
|
current_version: T.nilable(Dependabot::Version),
|
|
@@ -382,6 +318,72 @@ module Dependabot
|
|
|
382
318
|
def requirement_class
|
|
383
319
|
dependency.requirement_class
|
|
384
320
|
end
|
|
321
|
+
|
|
322
|
+
private
|
|
323
|
+
|
|
324
|
+
sig { abstract.returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
325
|
+
def package_details; end
|
|
326
|
+
|
|
327
|
+
sig { returns(T::Boolean) }
|
|
328
|
+
def cooldown_enabled?
|
|
329
|
+
false
|
|
330
|
+
end
|
|
331
|
+
|
|
332
|
+
sig do
|
|
333
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
334
|
+
.returns(T.nilable(Dependabot::Version))
|
|
335
|
+
end
|
|
336
|
+
def fetch_latest_version(language_version: nil)
|
|
337
|
+
releases = available_versions
|
|
338
|
+
return unless releases
|
|
339
|
+
|
|
340
|
+
releases = filter_yanked_versions(releases)
|
|
341
|
+
releases = filter_by_cooldown(releases)
|
|
342
|
+
releases = filter_unsupported_versions(releases, language_version)
|
|
343
|
+
releases = filter_prerelease_versions(releases)
|
|
344
|
+
releases = filter_ignored_versions(releases)
|
|
345
|
+
releases = apply_post_fetch_latest_versions_filter(releases)
|
|
346
|
+
releases.max_by(&:version)&.version
|
|
347
|
+
end
|
|
348
|
+
|
|
349
|
+
sig do
|
|
350
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
351
|
+
.returns(T.nilable(Dependabot::Version))
|
|
352
|
+
end
|
|
353
|
+
def fetch_lowest_security_fix_version(language_version: nil)
|
|
354
|
+
releases = available_versions
|
|
355
|
+
return unless releases
|
|
356
|
+
|
|
357
|
+
releases = filter_yanked_versions(releases)
|
|
358
|
+
releases = filter_unsupported_versions(releases, language_version)
|
|
359
|
+
# versions = filter_prerelease_versions(versions)
|
|
360
|
+
releases = Dependabot::UpdateCheckers::VersionFilters
|
|
361
|
+
.filter_vulnerable_versions(
|
|
362
|
+
releases,
|
|
363
|
+
security_advisories
|
|
364
|
+
)
|
|
365
|
+
releases = filter_ignored_versions(releases)
|
|
366
|
+
releases = filter_lower_versions(releases)
|
|
367
|
+
releases = apply_post_fetch_lowest_security_fix_versions_filter(releases)
|
|
368
|
+
|
|
369
|
+
releases.min_by(&:version)&.version
|
|
370
|
+
end
|
|
371
|
+
|
|
372
|
+
sig do
|
|
373
|
+
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
374
|
+
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
375
|
+
end
|
|
376
|
+
def apply_post_fetch_latest_versions_filter(releases)
|
|
377
|
+
releases
|
|
378
|
+
end
|
|
379
|
+
|
|
380
|
+
sig do
|
|
381
|
+
params(releases: T::Array[Dependabot::Package::PackageRelease])
|
|
382
|
+
.returns(T::Array[Dependabot::Package::PackageRelease])
|
|
383
|
+
end
|
|
384
|
+
def apply_post_fetch_lowest_security_fix_versions_filter(releases)
|
|
385
|
+
releases
|
|
386
|
+
end
|
|
385
387
|
end
|
|
386
388
|
end
|
|
387
389
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.332.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -626,7 +626,7 @@ licenses:
|
|
|
626
626
|
- MIT
|
|
627
627
|
metadata:
|
|
628
628
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
629
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
629
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.332.0
|
|
630
630
|
rdoc_options: []
|
|
631
631
|
require_paths:
|
|
632
632
|
- lib
|