dependabot-common 0.332.0 → 0.333.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +0 -2
- data/lib/dependabot/command_helpers.rb +0 -1
- data/lib/dependabot/dependency.rb +5 -10
- data/lib/dependabot/file_fetchers/base.rb +13 -39
- data/lib/dependabot/file_filtering.rb +69 -34
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -7
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -1
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +3 -3
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -2
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +2 -2
- data/lib/dependabot/metadata_finders/base/release_finder.rb +2 -2
- data/lib/dependabot/notices.rb +1 -1
- data/lib/dependabot/package/package_latest_version_finder.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +2 -2
- data/lib/dependabot/pull_request_creator/github.rb +1 -1
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +10 -10
- data/lib/dependabot/requirement.rb +2 -2
- data/lib/dependabot/update_checkers/base.rb +5 -43
- data/lib/dependabot.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97cacde3bd9b1e5403604eb71363db435ab78fec1a794f0e75c264822033fa8d
|
|
4
|
+
data.tar.gz: 84122d41a73c7c439ff2cfccb58200ccabed7a76577814f856fb63fcc7c599d8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 849fb16bfa7ce8d2b90185214d609ac3b505001069fc86ba9ace6d8794e80f9a8dfabe6e15153e1ce2f2a50bc2a4622d4aa593da5dbbda23c1f0fe822690ee4b
|
|
7
|
+
data.tar.gz: 9b0dc17ff63aac4c32f086e18b5deaaf28a9a216c5bf533fe5766b94d10add47a9597d26c97aaa6de625015eeae74d1b5af44c8425e75ba8a9f82d125d800a9a
|
|
@@ -226,7 +226,6 @@ module Dependabot
|
|
|
226
226
|
def create_pull_request(pr_name, source_branch, target_branch,
|
|
227
227
|
pr_description, labels,
|
|
228
228
|
reviewers = nil, assignees = nil, work_item = nil)
|
|
229
|
-
|
|
230
229
|
content = {
|
|
231
230
|
sourceRefName: "refs/heads/" + source_branch,
|
|
232
231
|
targetRefName: "refs/heads/" + target_branch,
|
|
@@ -259,7 +258,6 @@ module Dependabot
|
|
|
259
258
|
def autocomplete_pull_request(pull_request_id, auto_complete_set_by, merge_commit_message,
|
|
260
259
|
delete_source_branch = true, squash_merge = true, merge_strategy = "squash",
|
|
261
260
|
trans_work_items = true, ignore_config_ids = [])
|
|
262
|
-
|
|
263
261
|
content = {
|
|
264
262
|
autoCompleteSetBy: {
|
|
265
263
|
id: auto_complete_set_by
|
|
@@ -101,9 +101,6 @@ module Dependabot
|
|
|
101
101
|
sig { returns(T.nilable(Time)) }
|
|
102
102
|
attr_accessor :attribution_timestamp
|
|
103
103
|
|
|
104
|
-
sig { returns(T::Array[String]) }
|
|
105
|
-
attr_reader :origin_files
|
|
106
|
-
|
|
107
104
|
# rubocop:disable Metrics/AbcSize
|
|
108
105
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
109
106
|
sig do
|
|
@@ -118,13 +115,12 @@ module Dependabot
|
|
|
118
115
|
directory: T.nilable(String),
|
|
119
116
|
subdependency_metadata: T.nilable(T::Array[T::Hash[T.any(Symbol, String), String]]),
|
|
120
117
|
removed: T::Boolean,
|
|
121
|
-
metadata: T.nilable(T::Hash[T.any(Symbol, String), String])
|
|
122
|
-
origin_files: T::Array[String]
|
|
118
|
+
metadata: T.nilable(T::Hash[T.any(Symbol, String), String])
|
|
123
119
|
).void
|
|
124
120
|
end
|
|
125
121
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
126
122
|
previous_version: nil, previous_requirements: nil, directory: nil,
|
|
127
|
-
subdependency_metadata: [], removed: false, metadata: {}
|
|
123
|
+
subdependency_metadata: [], removed: false, metadata: {})
|
|
128
124
|
@name = name
|
|
129
125
|
@version = T.let(
|
|
130
126
|
case version
|
|
@@ -151,7 +147,6 @@ module Dependabot
|
|
|
151
147
|
end
|
|
152
148
|
@removed = removed
|
|
153
149
|
@metadata = T.let(symbolize_keys(metadata || {}), T::Hash[Symbol, T.untyped])
|
|
154
|
-
@origin_files = origin_files
|
|
155
150
|
check_values
|
|
156
151
|
end
|
|
157
152
|
# rubocop:enable Metrics/AbcSize
|
|
@@ -185,7 +180,7 @@ module Dependabot
|
|
|
185
180
|
"directory" => directory,
|
|
186
181
|
"package_manager" => package_manager,
|
|
187
182
|
"subdependency_metadata" => subdependency_metadata,
|
|
188
|
-
"removed" => removed?
|
|
183
|
+
"removed" => removed? || nil
|
|
189
184
|
}.compact
|
|
190
185
|
end
|
|
191
186
|
|
|
@@ -272,7 +267,7 @@ module Dependabot
|
|
|
272
267
|
previous_refs = T.must(previous_requirements).filter_map do |r|
|
|
273
268
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
274
269
|
end.uniq
|
|
275
|
-
previous_refs.first if previous_refs.
|
|
270
|
+
previous_refs.first if previous_refs.one?
|
|
276
271
|
end
|
|
277
272
|
|
|
278
273
|
sig { returns(T.nilable(String)) }
|
|
@@ -280,7 +275,7 @@ module Dependabot
|
|
|
280
275
|
new_refs = requirements.filter_map do |r|
|
|
281
276
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
282
277
|
end.uniq
|
|
283
|
-
new_refs.first if new_refs.
|
|
278
|
+
new_refs.first if new_refs.one?
|
|
284
279
|
end
|
|
285
280
|
|
|
286
281
|
sig { returns(T::Boolean) }
|
|
@@ -462,14 +462,18 @@ module Dependabot
|
|
|
462
462
|
params(path: String, fetch_submodules: T::Boolean, raise_errors: T::Boolean)
|
|
463
463
|
.returns(T::Array[OpenStruct])
|
|
464
464
|
end
|
|
465
|
-
def _fetch_repo_contents(path, fetch_submodules: false, raise_errors: true)
|
|
465
|
+
def _fetch_repo_contents(path, fetch_submodules: false, raise_errors: true) # rubocop:disable Metrics/PerceivedComplexity
|
|
466
466
|
path = path.gsub(" ", "%20")
|
|
467
467
|
provider, repo, tmp_path, commit =
|
|
468
468
|
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
|
469
469
|
.values_at(:provider, :repo, :path, :commit)
|
|
470
470
|
|
|
471
471
|
entries = _fetch_repo_contents_fully_specified(provider, repo, tmp_path, commit)
|
|
472
|
-
|
|
472
|
+
if Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files)
|
|
473
|
+
filter_excluded(entries)
|
|
474
|
+
else
|
|
475
|
+
entries
|
|
476
|
+
end
|
|
473
477
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
|
474
478
|
raise Dependabot::DirectoryNotFound, directory if path == directory.gsub(%r{^/*}, "")
|
|
475
479
|
|
|
@@ -550,12 +554,16 @@ module Dependabot
|
|
|
550
554
|
size: 0 # NOTE: added for parity with github contents API
|
|
551
555
|
)
|
|
552
556
|
end
|
|
553
|
-
|
|
557
|
+
if Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files)
|
|
558
|
+
filter_excluded(entries)
|
|
559
|
+
else
|
|
560
|
+
entries
|
|
561
|
+
end
|
|
554
562
|
end
|
|
555
563
|
|
|
556
564
|
# Filters out any entries whose paths match one of the exclude_paths globs.
|
|
557
565
|
sig { params(entries: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
|
558
|
-
def filter_excluded(entries)
|
|
566
|
+
def filter_excluded(entries)
|
|
559
567
|
Dependabot.logger.info("DEBUG filter_excluded: entries=#{entries.length}, exclude_paths=#{@exclude_paths.inspect}") # rubocop:disable Layout/LineLength
|
|
560
568
|
|
|
561
569
|
return entries if @exclude_paths.empty?
|
|
@@ -564,41 +572,7 @@ module Dependabot
|
|
|
564
572
|
full_entry_path = entry.path
|
|
565
573
|
Dependabot.logger.info("DEBUG: Checking entry path: #{full_entry_path}")
|
|
566
574
|
|
|
567
|
-
|
|
568
|
-
Dependabot.logger.info("DEBUG: Testing pattern: #{exclude_pattern} against path: #{full_entry_path}")
|
|
569
|
-
|
|
570
|
-
# case 1: exact match
|
|
571
|
-
exclude_exact = full_entry_path == exclude_pattern
|
|
572
|
-
|
|
573
|
-
# case 2: Directory prefix matching: check if path is inside an excluded directory
|
|
574
|
-
exclude_deeper = full_entry_path.start_with?("#{exclude_pattern}#{File::SEPARATOR}",
|
|
575
|
-
"#{exclude_pattern}/")
|
|
576
|
-
|
|
577
|
-
# case 3: Explicit recursive (patterns that end with /**)
|
|
578
|
-
exclude_recursive = false
|
|
579
|
-
if exclude_pattern.end_with?("/**")
|
|
580
|
-
base_pattern = exclude_pattern[0...-3]
|
|
581
|
-
exclude_recursive = full_entry_path == base_pattern ||
|
|
582
|
-
full_entry_path.start_with?("#{base_pattern}/") ||
|
|
583
|
-
full_entry_path.start_with?("#{base_pattern}#{File::SEPARATOR}")
|
|
584
|
-
end
|
|
585
|
-
|
|
586
|
-
# case 4: Glob pattern matching with enhanced flags
|
|
587
|
-
# Use multiple fnmatch attempts with different flag combinations
|
|
588
|
-
fnmatch_flags = [
|
|
589
|
-
File::FNM_EXTGLOB,
|
|
590
|
-
File::FNM_EXTGLOB | File::FNM_PATHNAME,
|
|
591
|
-
File::FNM_EXTGLOB | File::FNM_PATHNAME | File::FNM_DOTMATCH,
|
|
592
|
-
File::FNM_PATHNAME
|
|
593
|
-
]
|
|
594
|
-
exclude_fnmatch_paths = fnmatch_flags.any? do |flag|
|
|
595
|
-
File.fnmatch?(exclude_pattern, full_entry_path, flag)
|
|
596
|
-
end
|
|
597
|
-
|
|
598
|
-
result = exclude_exact || exclude_deeper || exclude_recursive || exclude_fnmatch_paths
|
|
599
|
-
Dependabot.logger.info("DEBUG: Pattern #{exclude_pattern} vs #{full_entry_path} -> #{result ? 'EXCLUDED' : 'INCLUDED'}") # rubocop:disable Layout/LineLength
|
|
600
|
-
result
|
|
601
|
-
end
|
|
575
|
+
Dependabot::FileFiltering.exclude_path?(full_entry_path, @exclude_paths)
|
|
602
576
|
end
|
|
603
577
|
|
|
604
578
|
Dependabot.logger.info("DEBUG filter_excluded: Filtered from #{entries.length} to #{filtered_entries.length} entries") # rubocop:disable Layout/LineLength
|
|
@@ -7,7 +7,7 @@ module Dependabot
|
|
|
7
7
|
|
|
8
8
|
# Returns true if the given path matches any of the exclude patterns
|
|
9
9
|
sig { params(path: String, exclude_patterns: T.nilable(T::Array[String])).returns(T::Boolean) }
|
|
10
|
-
def self.exclude_path?(path, exclude_patterns)
|
|
10
|
+
def self.exclude_path?(path, exclude_patterns)
|
|
11
11
|
return false if exclude_patterns.nil? || exclude_patterns.empty?
|
|
12
12
|
|
|
13
13
|
# Normalize the path by removing leading slashes and resolving relative paths
|
|
@@ -16,39 +16,51 @@ module Dependabot
|
|
|
16
16
|
exclude_patterns.any? do |pattern|
|
|
17
17
|
normalized_pattern = normalize_path(pattern.chomp("/"))
|
|
18
18
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
19
|
+
exact_or_directory_match?(normalized_path, pattern, normalized_pattern) ||
|
|
20
|
+
recursive_match?(normalized_path, pattern) ||
|
|
21
|
+
glob_match?(normalized_path, pattern, normalized_pattern)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Check for exact path matches or directory prefix matches
|
|
26
|
+
sig { params(normalized_path: String, pattern: String, normalized_pattern: String).returns(T::Boolean) }
|
|
27
|
+
def self.exact_or_directory_match?(normalized_path, pattern, normalized_pattern)
|
|
28
|
+
# Exact match
|
|
29
|
+
return true if normalized_path == pattern || normalized_path == normalized_pattern
|
|
30
|
+
|
|
31
|
+
# Directory prefix match: check if path is inside an excluded directory
|
|
32
|
+
normalized_path.start_with?("#{pattern}#{File::SEPARATOR}",
|
|
33
|
+
"#{normalized_pattern}#{File::SEPARATOR}")
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# Check for recursive pattern matches (patterns ending with /**)
|
|
37
|
+
sig { params(normalized_path: String, pattern: String).returns(T::Boolean) }
|
|
38
|
+
def self.recursive_match?(normalized_path, pattern)
|
|
39
|
+
return false unless pattern.end_with?("/**")
|
|
40
|
+
|
|
41
|
+
base_pattern_str = pattern[0...-3]
|
|
42
|
+
return false if base_pattern_str.nil? || base_pattern_str.empty?
|
|
43
|
+
|
|
44
|
+
base_pattern = normalize_path(base_pattern_str)
|
|
45
|
+
return false if base_pattern.empty?
|
|
46
|
+
|
|
47
|
+
normalized_path == base_pattern ||
|
|
48
|
+
normalized_path.start_with?("#{base_pattern}/") ||
|
|
49
|
+
normalized_path.start_with?("#{base_pattern}#{File::SEPARATOR}")
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Check for glob pattern matches with various fnmatch flags
|
|
53
|
+
sig { params(normalized_path: String, pattern: String, normalized_pattern: String).returns(T::Boolean) }
|
|
54
|
+
def self.glob_match?(normalized_path, pattern, normalized_pattern)
|
|
55
|
+
fnmatch_flags = [
|
|
56
|
+
File::FNM_EXTGLOB,
|
|
57
|
+
File::FNM_EXTGLOB | File::FNM_PATHNAME,
|
|
58
|
+
File::FNM_EXTGLOB | File::FNM_PATHNAME | File::FNM_DOTMATCH,
|
|
59
|
+
File::FNM_PATHNAME
|
|
60
|
+
]
|
|
61
|
+
|
|
62
|
+
fnmatch_flags.any? do |flag|
|
|
63
|
+
File.fnmatch?(pattern, normalized_path, flag) || File.fnmatch?(normalized_pattern, normalized_path, flag)
|
|
52
64
|
end
|
|
53
65
|
end
|
|
54
66
|
|
|
@@ -66,5 +78,28 @@ module Dependabot
|
|
|
66
78
|
normalized = normalized.sub(%r{^/+}, "")
|
|
67
79
|
normalized
|
|
68
80
|
end
|
|
81
|
+
|
|
82
|
+
# Helper method to check if a file path should be excluded
|
|
83
|
+
sig do
|
|
84
|
+
params(path: String,
|
|
85
|
+
context: String,
|
|
86
|
+
exclude_paths: T.nilable(T::Array[String])).returns(T::Boolean)
|
|
87
|
+
end
|
|
88
|
+
def self.should_exclude_path?(path, context, exclude_paths)
|
|
89
|
+
return false unless Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files)
|
|
90
|
+
|
|
91
|
+
return false if exclude_paths.nil? || exclude_paths.empty?
|
|
92
|
+
|
|
93
|
+
should_exclude = exclude_path?(path, exclude_paths)
|
|
94
|
+
|
|
95
|
+
if should_exclude
|
|
96
|
+
Dependabot.logger.warn(
|
|
97
|
+
"Skipping excluded #{context} '#{path}'. " \
|
|
98
|
+
"This file is excluded by exclude_paths configuration: #{exclude_paths}"
|
|
99
|
+
)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
should_exclude
|
|
103
|
+
end
|
|
69
104
|
end
|
|
70
105
|
end
|
|
@@ -150,19 +150,13 @@ module Dependabot
|
|
|
150
150
|
(old_dep.subdependency_metadata || []) +
|
|
151
151
|
(new_dep.subdependency_metadata || [])
|
|
152
152
|
).uniq
|
|
153
|
-
origin_files = (
|
|
154
|
-
old_dep.origin_files +
|
|
155
|
-
new_dep.origin_files
|
|
156
|
-
).uniq
|
|
157
|
-
|
|
158
153
|
Dependency.new(
|
|
159
154
|
name: old_dep.name,
|
|
160
155
|
version: version,
|
|
161
156
|
requirements: requirements,
|
|
162
157
|
package_manager: old_dep.package_manager,
|
|
163
158
|
metadata: old_dep.metadata,
|
|
164
|
-
subdependency_metadata: subdependency_metadata
|
|
165
|
-
origin_files: origin_files
|
|
159
|
+
subdependency_metadata: subdependency_metadata
|
|
166
160
|
)
|
|
167
161
|
end
|
|
168
162
|
|
|
@@ -37,7 +37,7 @@ module Dependabot
|
|
|
37
37
|
.returns(Dependabot::DependencyFile)
|
|
38
38
|
end
|
|
39
39
|
def create_dependency_file(parameters)
|
|
40
|
-
Dependabot::DependencyFile.new(**T.unsafe({ **parameters
|
|
40
|
+
Dependabot::DependencyFile.new(**T.unsafe({ **parameters, vendored_file: true }))
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
end
|
|
@@ -290,7 +290,7 @@ module Dependabot
|
|
|
290
290
|
@dependency_file_list[ref] ||= fetch_dependency_file_list(ref)
|
|
291
291
|
end
|
|
292
292
|
|
|
293
|
-
sig { params(ref: T.nilable(String)).returns(T::Array[T.untyped
|
|
293
|
+
sig { params(ref: T.nilable(String)).returns(T::Array[T.untyped]) }
|
|
294
294
|
def fetch_dependency_file_list(ref)
|
|
295
295
|
case T.must(source).provider
|
|
296
296
|
when "github" then fetch_github_file_list(ref)
|
|
@@ -411,7 +411,7 @@ module Dependabot
|
|
|
411
411
|
previous_refs = dependency.previous_requirements&.filter_map do |r|
|
|
412
412
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
413
413
|
end&.uniq
|
|
414
|
-
previous_refs
|
|
414
|
+
previous_refs.first if previous_refs&.one?
|
|
415
415
|
end
|
|
416
416
|
|
|
417
417
|
sig { returns(T.nilable(String)) }
|
|
@@ -419,7 +419,7 @@ module Dependabot
|
|
|
419
419
|
new_refs = dependency.requirements.filter_map do |r|
|
|
420
420
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
421
421
|
end.uniq
|
|
422
|
-
new_refs.first if new_refs.
|
|
422
|
+
new_refs.first if new_refs.one?
|
|
423
423
|
end
|
|
424
424
|
|
|
425
425
|
sig { returns(T::Boolean) }
|
|
@@ -169,7 +169,7 @@ module Dependabot
|
|
|
169
169
|
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
|
170
170
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
171
171
|
end.uniq
|
|
172
|
-
previous_refs.first if previous_refs.
|
|
172
|
+
previous_refs.first if previous_refs.one?
|
|
173
173
|
end
|
|
174
174
|
|
|
175
175
|
sig { returns(T.nilable(String)) }
|
|
@@ -177,7 +177,7 @@ module Dependabot
|
|
|
177
177
|
new_refs = dependency.requirements.filter_map do |r|
|
|
178
178
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
179
179
|
end.uniq
|
|
180
|
-
new_refs.first if new_refs.
|
|
180
|
+
new_refs.first if new_refs.one?
|
|
181
181
|
end
|
|
182
182
|
|
|
183
183
|
# TODO: Refactor me so that Composer doesn't need to be special cased
|
|
@@ -170,7 +170,7 @@ module Dependabot
|
|
|
170
170
|
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
|
171
171
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
172
172
|
end.uniq
|
|
173
|
-
previous_refs.first if previous_refs.
|
|
173
|
+
previous_refs.first if previous_refs.one?
|
|
174
174
|
end
|
|
175
175
|
|
|
176
176
|
sig { returns(T.nilable(String)) }
|
|
@@ -180,7 +180,7 @@ module Dependabot
|
|
|
180
180
|
new_refs = dependency.requirements.filter_map do |r|
|
|
181
181
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
182
182
|
end.uniq
|
|
183
|
-
new_refs.first if new_refs.
|
|
183
|
+
new_refs.first if new_refs.one?
|
|
184
184
|
end
|
|
185
185
|
|
|
186
186
|
sig { params(tag: String, version: T.nilable(String)).returns(T::Boolean) }
|
|
@@ -330,7 +330,7 @@ module Dependabot
|
|
|
330
330
|
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
|
331
331
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
332
332
|
end.uniq
|
|
333
|
-
previous_refs.first if previous_refs.
|
|
333
|
+
previous_refs.first if previous_refs.one?
|
|
334
334
|
end
|
|
335
335
|
|
|
336
336
|
sig { returns(T.nilable(String)) }
|
|
@@ -338,7 +338,7 @@ module Dependabot
|
|
|
338
338
|
new_refs = dependency.requirements.filter_map do |r|
|
|
339
339
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
340
340
|
end.uniq
|
|
341
|
-
new_refs.first if new_refs.
|
|
341
|
+
new_refs.first if new_refs.one?
|
|
342
342
|
end
|
|
343
343
|
|
|
344
344
|
sig { returns(T::Boolean) }
|
data/lib/dependabot/notices.rb
CHANGED
|
@@ -94,7 +94,7 @@ module Dependabot
|
|
|
94
94
|
|
|
95
95
|
later_description = support_later_versions ? ", or later" : ""
|
|
96
96
|
|
|
97
|
-
return "Please upgrade to version #{versions_string}#{later_description}." if supported_versions.
|
|
97
|
+
return "Please upgrade to version #{versions_string}#{later_description}." if supported_versions.one?
|
|
98
98
|
|
|
99
99
|
"Please upgrade to one of the following versions: #{versions_string}#{later_description}."
|
|
100
100
|
end
|
|
@@ -157,7 +157,7 @@ module Dependabot
|
|
|
157
157
|
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
|
158
158
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
159
159
|
end.uniq
|
|
160
|
-
previous_refs.first if previous_refs.
|
|
160
|
+
previous_refs.first if previous_refs.one?
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
|
@@ -165,7 +165,7 @@ module Dependabot
|
|
|
165
165
|
new_refs = dependency.requirements.filter_map do |r|
|
|
166
166
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
167
167
|
end.uniq
|
|
168
|
-
new_refs.first if new_refs.
|
|
168
|
+
new_refs.first if new_refs.one?
|
|
169
169
|
end
|
|
170
170
|
|
|
171
171
|
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
@@ -170,7 +170,7 @@ module Dependabot
|
|
|
170
170
|
|
|
171
171
|
sig { returns(::Gitlab::ObjectifiedHash) }
|
|
172
172
|
def create_commit
|
|
173
|
-
return create_submodule_update_commit if files.
|
|
173
|
+
return create_submodule_update_commit if files.one? && T.must(files.first).type == "submodule"
|
|
174
174
|
|
|
175
175
|
options = {}
|
|
176
176
|
options[:author_email] = author_details&.fetch(:email) if author_details&.key?(:email)
|
|
@@ -207,13 +207,13 @@ module Dependabot
|
|
|
207
207
|
sig { returns(String) }
|
|
208
208
|
def library_pr_name
|
|
209
209
|
"update " +
|
|
210
|
-
if dependencies.
|
|
210
|
+
if dependencies.one?
|
|
211
211
|
"#{T.must(dependencies.first).display_name} requirement " \
|
|
212
212
|
"#{from_version_msg(old_library_requirement(T.must(dependencies.first)))}" \
|
|
213
213
|
"to #{new_library_requirement(T.must(dependencies.first))}"
|
|
214
214
|
else
|
|
215
215
|
names = dependencies.map(&:name).uniq
|
|
216
|
-
if names.
|
|
216
|
+
if names.one?
|
|
217
217
|
"requirements for #{names.first}"
|
|
218
218
|
else
|
|
219
219
|
"requirements for #{T.must(names[0..-2]).join(', ')} and #{names[-1]}"
|
|
@@ -225,7 +225,7 @@ module Dependabot
|
|
|
225
225
|
sig { returns(String) }
|
|
226
226
|
def application_pr_name
|
|
227
227
|
"bump " +
|
|
228
|
-
if dependencies.
|
|
228
|
+
if dependencies.one?
|
|
229
229
|
dependency = dependencies.first
|
|
230
230
|
"#{T.must(dependency).display_name} " \
|
|
231
231
|
"#{from_version_msg(T.must(dependency).humanized_previous_version)}" \
|
|
@@ -242,7 +242,7 @@ module Dependabot
|
|
|
242
242
|
"to #{T.must(dependency).humanized_version}"
|
|
243
243
|
else
|
|
244
244
|
names = dependencies.map(&:name).uniq
|
|
245
|
-
if names.
|
|
245
|
+
if names.one?
|
|
246
246
|
T.must(names.first)
|
|
247
247
|
else
|
|
248
248
|
"#{T.must(names[0..-2]).join(', ')} and #{names[-1]}"
|
|
@@ -263,7 +263,7 @@ module Dependabot
|
|
|
263
263
|
sig { returns(String) }
|
|
264
264
|
def grouped_name
|
|
265
265
|
updates = dependencies.map(&:name).uniq.count
|
|
266
|
-
if dependencies.
|
|
266
|
+
if dependencies.one?
|
|
267
267
|
"#{solo_pr_name} in the #{T.must(dependency_group).name} group"
|
|
268
268
|
else
|
|
269
269
|
"bump the #{T.must(dependency_group).name} group#{pr_name_directory} " \
|
|
@@ -281,7 +281,7 @@ module Dependabot
|
|
|
281
281
|
directories_from_dependencies.include?(directory)
|
|
282
282
|
end
|
|
283
283
|
|
|
284
|
-
if dependencies.
|
|
284
|
+
if dependencies.one?
|
|
285
285
|
"#{solo_pr_name} in the #{T.must(dependency_group).name} group across " \
|
|
286
286
|
"#{T.must(directories_with_updates).count} directory"
|
|
287
287
|
else
|
|
@@ -387,7 +387,7 @@ module Dependabot
|
|
|
387
387
|
msg = "Updates the requirements on "
|
|
388
388
|
|
|
389
389
|
msg +=
|
|
390
|
-
if dependencies.
|
|
390
|
+
if dependencies.one?
|
|
391
391
|
"#{dependency_links.first} "
|
|
392
392
|
else
|
|
393
393
|
"#{T.must(dependency_links[0..-2]).join(', ')} and #{dependency_links[-1]} "
|
|
@@ -508,7 +508,7 @@ module Dependabot
|
|
|
508
508
|
update_count = dependencies_in_directory.map(&:name).uniq.count
|
|
509
509
|
|
|
510
510
|
msg += "Bumps the #{T.must(dependency_group).name} group " \
|
|
511
|
-
"with #{update_count} update#{update_count > 1
|
|
511
|
+
"with #{update_count} update#{'s' if update_count > 1} in the #{directory} directory:"
|
|
512
512
|
|
|
513
513
|
msg += if update_count >= 5
|
|
514
514
|
header = %w(Package From To)
|
|
@@ -543,7 +543,7 @@ module Dependabot
|
|
|
543
543
|
update_count = unique_dependencies.count
|
|
544
544
|
|
|
545
545
|
msg = "Bumps the #{T.must(dependency_group).name} group#{pr_name_directory} " \
|
|
546
|
-
"with #{update_count} update#{update_count > 1
|
|
546
|
+
"with #{update_count} update#{'s' if update_count > 1}:"
|
|
547
547
|
|
|
548
548
|
msg += if update_count >= 5
|
|
549
549
|
header = %w(Package From To)
|
|
@@ -663,7 +663,7 @@ module Dependabot
|
|
|
663
663
|
|
|
664
664
|
sig { returns(String) }
|
|
665
665
|
def metadata_links
|
|
666
|
-
return metadata_links_for_dep(T.must(dependencies.first)) if dependencies.
|
|
666
|
+
return metadata_links_for_dep(T.must(dependencies.first)) if dependencies.one? && dependency_group.nil?
|
|
667
667
|
|
|
668
668
|
dependencies.map do |dep|
|
|
669
669
|
if dep.removed?
|
|
@@ -32,7 +32,7 @@ module Dependabot
|
|
|
32
32
|
sig { returns(T.nilable(Dependabot::Version)) }
|
|
33
33
|
def min_version
|
|
34
34
|
# Select constraints with minimum operators
|
|
35
|
-
min_constraints = requirements.select { |op,
|
|
35
|
+
min_constraints = requirements.select { |op, _version| MINIMUM_OPERATORS.include?(op) }
|
|
36
36
|
|
|
37
37
|
# Process each minimum constraint using the respective handler
|
|
38
38
|
effective_min_versions = min_constraints.filter_map do |op, version|
|
|
@@ -47,7 +47,7 @@ module Dependabot
|
|
|
47
47
|
sig { returns(T.nilable(Dependabot::Version)) }
|
|
48
48
|
def max_version
|
|
49
49
|
# Select constraints with maximum operators
|
|
50
|
-
max_constraints = requirements.select { |op,
|
|
50
|
+
max_constraints = requirements.select { |op, _version| MAXIMUM_OPERATORS.include?(op) }
|
|
51
51
|
|
|
52
52
|
# Process each maximum constraint using the respective handler
|
|
53
53
|
effective_max_versions = max_constraints.filter_map do |op, version|
|
|
@@ -46,9 +46,6 @@ module Dependabot
|
|
|
46
46
|
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
47
47
|
attr_reader :update_cooldown
|
|
48
48
|
|
|
49
|
-
sig { returns(T.nilable(T::Array[String])) }
|
|
50
|
-
attr_reader :exclude_paths
|
|
51
|
-
|
|
52
49
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
53
50
|
attr_reader :options
|
|
54
51
|
|
|
@@ -64,7 +61,6 @@ module Dependabot
|
|
|
64
61
|
requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
|
|
65
62
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
66
63
|
update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
|
|
67
|
-
exclude_paths: T.nilable(T::Array[String]),
|
|
68
64
|
options: T::Hash[Symbol, T.untyped]
|
|
69
65
|
)
|
|
70
66
|
.void
|
|
@@ -73,7 +69,7 @@ module Dependabot
|
|
|
73
69
|
repo_contents_path: nil, ignored_versions: [],
|
|
74
70
|
raise_on_ignored: false, security_advisories: [],
|
|
75
71
|
requirements_update_strategy: nil, dependency_group: nil,
|
|
76
|
-
update_cooldown: nil,
|
|
72
|
+
update_cooldown: nil, options: {})
|
|
77
73
|
@dependency = dependency
|
|
78
74
|
@dependency_files = dependency_files
|
|
79
75
|
@repo_contents_path = repo_contents_path
|
|
@@ -84,7 +80,6 @@ module Dependabot
|
|
|
84
80
|
@security_advisories = security_advisories
|
|
85
81
|
@dependency_group = dependency_group
|
|
86
82
|
@update_cooldown = update_cooldown
|
|
87
|
-
@exclude_paths = exclude_paths
|
|
88
83
|
@options = options
|
|
89
84
|
end
|
|
90
85
|
|
|
@@ -112,37 +107,6 @@ module Dependabot
|
|
|
112
107
|
end
|
|
113
108
|
end
|
|
114
109
|
|
|
115
|
-
sig { returns(T::Boolean) }
|
|
116
|
-
def excluded? # rubocop:disable Metrics/PerceivedComplexity
|
|
117
|
-
return false unless Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files)
|
|
118
|
-
|
|
119
|
-
return false if exclude_paths.nil? || exclude_paths&.empty?
|
|
120
|
-
|
|
121
|
-
origin_files = @dependency.origin_files
|
|
122
|
-
if origin_files.length.positive?
|
|
123
|
-
excluded_files = []
|
|
124
|
-
non_excluded_files = []
|
|
125
|
-
|
|
126
|
-
origin_files.each do |origin_file|
|
|
127
|
-
if Dependabot::FileFiltering.exclude_path?(origin_file, exclude_paths)
|
|
128
|
-
excluded_files << origin_file
|
|
129
|
-
else
|
|
130
|
-
non_excluded_files << origin_file
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
# Only exclude if the dependency appears ONLY in excluded paths
|
|
135
|
-
# If it appears in any non-excluded path, we should process it
|
|
136
|
-
if non_excluded_files.empty? && excluded_files.any?
|
|
137
|
-
Dependabot.logger.info("Excluding dependency #{dependency.name} - only found in excluded paths " \
|
|
138
|
-
"#{excluded_files.join(', ')}")
|
|
139
|
-
return true
|
|
140
|
-
end
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
false
|
|
144
|
-
end
|
|
145
|
-
|
|
146
110
|
sig { params(requirements_to_unlock: T.nilable(Symbol)).returns(T::Array[Dependabot::Dependency]) }
|
|
147
111
|
def updated_dependencies(requirements_to_unlock:)
|
|
148
112
|
return [] unless can_update?(requirements_to_unlock: requirements_to_unlock)
|
|
@@ -179,17 +143,17 @@ module Dependabot
|
|
|
179
143
|
|
|
180
144
|
# Lowest available security fix version not checking resolvability
|
|
181
145
|
# @return [Dependabot::<package manager>::Version, #to_s] version class
|
|
182
|
-
sig { overridable.returns(T.nilable(
|
|
146
|
+
sig { overridable.returns(T.nilable(Gem::Version)) }
|
|
183
147
|
def lowest_security_fix_version
|
|
184
148
|
raise NotImplementedError, "#{self.class} must implement #lowest_security_fix_version"
|
|
185
149
|
end
|
|
186
150
|
|
|
187
|
-
sig { overridable.returns(T.nilable(
|
|
151
|
+
sig { overridable.returns(T.nilable(Gem::Version)) }
|
|
188
152
|
def lowest_resolvable_security_fix_version
|
|
189
153
|
raise NotImplementedError, "#{self.class} must implement #lowest_resolvable_security_fix_version"
|
|
190
154
|
end
|
|
191
155
|
|
|
192
|
-
sig { overridable.returns(T.nilable(T.any(String,
|
|
156
|
+
sig { overridable.returns(T.nilable(T.any(String, Gem::Version))) }
|
|
193
157
|
def latest_resolvable_version_with_no_unlock
|
|
194
158
|
raise NotImplementedError, "#{self.class} must implement #latest_resolvable_version_with_no_unlock"
|
|
195
159
|
end
|
|
@@ -398,9 +362,7 @@ module Dependabot
|
|
|
398
362
|
|
|
399
363
|
sig { returns(T::Boolean) }
|
|
400
364
|
def requirements_up_to_date?
|
|
401
|
-
if can_compare_requirements?
|
|
402
|
-
return (T.must(version_from_requirements) >= version_class.new(latest_version.to_s))
|
|
403
|
-
end
|
|
365
|
+
return T.must(version_from_requirements) >= version_class.new(latest_version.to_s) if can_compare_requirements?
|
|
404
366
|
|
|
405
367
|
changed_requirements.none?
|
|
406
368
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.333.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -497,14 +497,14 @@ dependencies:
|
|
|
497
497
|
requirements:
|
|
498
498
|
- - "~>"
|
|
499
499
|
- !ruby/object:Gem::Version
|
|
500
|
-
version: '3.
|
|
500
|
+
version: '3.25'
|
|
501
501
|
type: :development
|
|
502
502
|
prerelease: false
|
|
503
503
|
version_requirements: !ruby/object:Gem::Requirement
|
|
504
504
|
requirements:
|
|
505
505
|
- - "~>"
|
|
506
506
|
- !ruby/object:Gem::Version
|
|
507
|
-
version: '3.
|
|
507
|
+
version: '3.25'
|
|
508
508
|
- !ruby/object:Gem::Dependency
|
|
509
509
|
name: webrick
|
|
510
510
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -626,7 +626,7 @@ licenses:
|
|
|
626
626
|
- MIT
|
|
627
627
|
metadata:
|
|
628
628
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
629
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
629
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
|
|
630
630
|
rdoc_options: []
|
|
631
631
|
require_paths:
|
|
632
632
|
- lib
|