dependabot-common 0.337.0 → 0.341.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/file_parsers/base.rb +16 -0
- data/lib/dependabot/file_updaters/README.md +0 -2
- data/lib/dependabot/file_updaters/base.rb +0 -5
- data/lib/dependabot.rb +1 -1
- metadata +2 -3
- data/lib/dependabot/sem_version2.rb +0 -131
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 258e743ccabcb1f78791965700ab1891705d53c161b25aa4bb88d7c60be56678
|
|
4
|
+
data.tar.gz: ee2a7d6fd7d626b18aa5dc1ba65b6bc07e37321e70a529a9ec27b8e8d32746e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: df1d185f7b202dc912dd4558a9e39f0d5a3e689b9e3ed8103395948fd38f485f6bc879a06c71344b8f9efecadef428a09356520b8270c571317bfabaa5cd320b
|
|
7
|
+
data.tar.gz: 9aae1f9d5217c7146a74b49bf2da406a69cd550dca4abadf72b8acdecf09307f319ae56e8ccd59da3a94b894bd98e3e1c0e413fcf4f100dd1152ee0afef657f3
|
|
@@ -65,6 +65,22 @@ module Dependabot
|
|
|
65
65
|
nil
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
+
# This is an optional public method that ecosystems can implement to allow collaborating classes, such as
|
|
69
|
+
# the ecosystem's DependencyGrapher to run native commands inside the parser's context.
|
|
70
|
+
#
|
|
71
|
+
# This is typically used to retrieve information about the relationships between dependencies that is not
|
|
72
|
+
# currently used as part of a Dependabot update to avoid adding latency to the parser's normal function.
|
|
73
|
+
#
|
|
74
|
+
# Any use of this method should be considered a candidate to become part of the parser's normal function
|
|
75
|
+
# when some of the following things have been addressed:
|
|
76
|
+
# - We have more broadly rolled out the Dependabot graph capability across ecosystems
|
|
77
|
+
# - We make the relationship information applicable to updates with new transitive update strategies
|
|
78
|
+
# - We work on ingesting pre-computed dependency snapshots
|
|
79
|
+
sig { params(_command: String).returns(String) }
|
|
80
|
+
def run_in_parsed_context(_command)
|
|
81
|
+
raise Dependabot::NotImplemented, "No run_parsed_context utility method is provided for this ecosystem."
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
private
|
|
69
85
|
|
|
70
86
|
sig { abstract.void }
|
|
@@ -12,7 +12,6 @@ Each `Dependabot::FileUpdaters` class implements the following methods:
|
|
|
12
12
|
|
|
13
13
|
| Method | Description |
|
|
14
14
|
|------------------------------|-----------------------------------------------------------------------------------------------|
|
|
15
|
-
| `.updated_files_regex` | An array of regular expressions matching the names of the files this class updates. Intended to be used by integrators when checking whether a commit may cause merge-conflicts with a dependency update pull request. |
|
|
16
15
|
| `#updated_dependency_files` | Returns an array of updated `Dependabot::DependencyFile` instances, with their content updated to include the updated dependency. |
|
|
17
16
|
|
|
18
17
|
An integration might look as follows:
|
|
@@ -49,7 +48,6 @@ implement the following methods:
|
|
|
49
48
|
|
|
50
49
|
| Method | Description |
|
|
51
50
|
|-----------------------------|-------------------------|
|
|
52
|
-
| `.updated_files_regex` | See Public API section. |
|
|
53
51
|
| `#updated_dependency_files` | See Public API section. |
|
|
54
52
|
|
|
55
53
|
To ensure the above are implemented, you should include
|
|
@@ -28,11 +28,6 @@ module Dependabot
|
|
|
28
28
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
29
29
|
attr_reader :options
|
|
30
30
|
|
|
31
|
-
sig { overridable.returns(T::Array[Regexp]) }
|
|
32
|
-
def self.updated_files_regex
|
|
33
|
-
raise NotImplementedError
|
|
34
|
-
end
|
|
35
|
-
|
|
36
31
|
sig do
|
|
37
32
|
params(
|
|
38
33
|
dependencies: T::Array[Dependabot::Dependency],
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.341.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -610,7 +610,6 @@ files:
|
|
|
610
610
|
- lib/dependabot/requirements_update_strategy.rb
|
|
611
611
|
- lib/dependabot/requirements_updater/base.rb
|
|
612
612
|
- lib/dependabot/security_advisory.rb
|
|
613
|
-
- lib/dependabot/sem_version2.rb
|
|
614
613
|
- lib/dependabot/shared_helpers.rb
|
|
615
614
|
- lib/dependabot/simple_instrumentor.rb
|
|
616
615
|
- lib/dependabot/source.rb
|
|
@@ -630,7 +629,7 @@ licenses:
|
|
|
630
629
|
- MIT
|
|
631
630
|
metadata:
|
|
632
631
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
633
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
632
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.341.0
|
|
634
633
|
rdoc_options: []
|
|
635
634
|
require_paths:
|
|
636
635
|
- lib
|
|
@@ -1,131 +0,0 @@
|
|
|
1
|
-
# typed: strong
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require "sorbet-runtime"
|
|
5
|
-
|
|
6
|
-
# See https://semver.org/spec/v2.0.0.html for semver 2 details
|
|
7
|
-
#
|
|
8
|
-
module Dependabot
|
|
9
|
-
class SemVersion2
|
|
10
|
-
extend T::Sig
|
|
11
|
-
extend T::Helpers
|
|
12
|
-
include Comparable
|
|
13
|
-
|
|
14
|
-
SEMVER2_REGEX = /^
|
|
15
|
-
(0|[1-9]\d*)\. # major
|
|
16
|
-
(0|[1-9]\d*)\. # minor
|
|
17
|
-
(0|[1-9]\d*) # patch
|
|
18
|
-
(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))? # pre release
|
|
19
|
-
(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))? # build metadata
|
|
20
|
-
$/x
|
|
21
|
-
|
|
22
|
-
sig { returns(String) }
|
|
23
|
-
attr_accessor :major
|
|
24
|
-
|
|
25
|
-
sig { returns(String) }
|
|
26
|
-
attr_accessor :minor
|
|
27
|
-
|
|
28
|
-
sig { returns(String) }
|
|
29
|
-
attr_accessor :patch
|
|
30
|
-
|
|
31
|
-
sig { returns(T.nilable(String)) }
|
|
32
|
-
attr_accessor :build
|
|
33
|
-
|
|
34
|
-
sig { returns(T.nilable(String)) }
|
|
35
|
-
attr_accessor :prerelease
|
|
36
|
-
|
|
37
|
-
sig { params(version: String).void }
|
|
38
|
-
def initialize(version)
|
|
39
|
-
tokens = parse(version)
|
|
40
|
-
@major = T.let(T.must(tokens[:major]), String)
|
|
41
|
-
@minor = T.let(T.must(tokens[:minor]), String)
|
|
42
|
-
@patch = T.let(T.must(tokens[:patch]), String)
|
|
43
|
-
@build = T.let(tokens[:build], T.nilable(String))
|
|
44
|
-
@prerelease = T.let(tokens[:prerelease], T.nilable(String))
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
sig { returns(T::Boolean) }
|
|
48
|
-
def prerelease?
|
|
49
|
-
!!prerelease
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
sig { returns(String) }
|
|
53
|
-
def to_s
|
|
54
|
-
value = [major, minor, patch].join(".")
|
|
55
|
-
value += "-#{prerelease}" if prerelease
|
|
56
|
-
value += "+#{build}" if build
|
|
57
|
-
value
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
sig { returns(String) }
|
|
61
|
-
def inspect
|
|
62
|
-
"#<#{self.class} #{self}>"
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
sig { params(other: ::Dependabot::SemVersion2).returns(T::Boolean) }
|
|
66
|
-
def eql?(other)
|
|
67
|
-
other.is_a?(self.class) && to_s == other.to_s
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
sig { params(other: ::Dependabot::SemVersion2).returns(Integer) }
|
|
71
|
-
def <=>(other)
|
|
72
|
-
result = major.to_i <=> other.major.to_i
|
|
73
|
-
return result unless result.zero?
|
|
74
|
-
|
|
75
|
-
result = minor.to_i <=> other.minor.to_i
|
|
76
|
-
return result unless result.zero?
|
|
77
|
-
|
|
78
|
-
result = patch.to_i <=> other.patch.to_i
|
|
79
|
-
return result unless result.zero?
|
|
80
|
-
|
|
81
|
-
compare_prereleases(prerelease, other.prerelease)
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
sig { params(version: T.nilable(String)).returns(T::Boolean) }
|
|
85
|
-
def self.correct?(version)
|
|
86
|
-
return false if version.nil?
|
|
87
|
-
|
|
88
|
-
version.match?(SEMVER2_REGEX)
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
private
|
|
92
|
-
|
|
93
|
-
sig { params(version: String).returns(T::Hash[Symbol, T.nilable(String)]) }
|
|
94
|
-
def parse(version)
|
|
95
|
-
match = version.match(SEMVER2_REGEX)
|
|
96
|
-
raise ArgumentError, "Malformed version number string #{version}" unless match
|
|
97
|
-
|
|
98
|
-
major, minor, patch, prerelease, build = match.captures
|
|
99
|
-
|
|
100
|
-
{ major: major, minor: minor, patch: patch, prerelease: prerelease, build: build }
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
sig { params(prerelease1: T.nilable(String), prerelease2: T.nilable(String)).returns(Integer) }
|
|
104
|
-
def compare_prereleases(prerelease1, prerelease2) # rubocop:disable Metrics/PerceivedComplexity
|
|
105
|
-
return 0 if prerelease1.nil? && prerelease2.nil?
|
|
106
|
-
return -1 if prerelease2.nil?
|
|
107
|
-
return 1 if prerelease1.nil?
|
|
108
|
-
|
|
109
|
-
prerelease1_tokens = prerelease1.split(".")
|
|
110
|
-
prerelease2_tokens = prerelease2.split(".")
|
|
111
|
-
|
|
112
|
-
prerelease1_tokens.zip(prerelease2_tokens) do |t1, t2|
|
|
113
|
-
return 1 if t2.nil? # t1 is more specific e.g. 1.0.0-rc1.1 vs 1.0.0-rc1
|
|
114
|
-
|
|
115
|
-
if t1 =~ /^\d+$/ && t2 =~ /^\d+$/
|
|
116
|
-
# t1 and t2 are both ints so compare them as such
|
|
117
|
-
a = t1.to_i
|
|
118
|
-
b = t2.to_i
|
|
119
|
-
compare = a <=> b
|
|
120
|
-
return compare unless compare.zero?
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
comp = t1 <=> t2
|
|
124
|
-
return T.must(comp) unless T.must(comp).zero?
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
# prereleases are equal or prerelease2 is more specific e.g. 1.0.0-rc1 vs 1.0.0-rc1.1
|
|
128
|
-
prerelease1_tokens.length == prerelease2_tokens.length ? 0 : -1
|
|
129
|
-
end
|
|
130
|
-
end
|
|
131
|
-
end
|