dependabot-common 0.366.0 → 0.368.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/file.rb +1 -0
  3. data/lib/dependabot/git_commit_checker.rb +37 -5
  4. data/lib/dependabot/package/package_latest_version_finder.rb +26 -1
  5. data/lib/dependabot/registry_client.rb +7 -5
  6. data/lib/dependabot.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 529bf7a45add2fc21513cd3d675f30765d1e825575b3943d6cf1083d7a79c32f
4
- data.tar.gz: 663ccc80e66d27a8dae94870a3aa8193d616ed1813d3a52f9777a368ad2e6896
3
+ metadata.gz: 3c25acad8cb0f120b8d120817720c6ce88f8706d7f01a90d6866aa1040c0d7f6
4
+ data.tar.gz: 16f00b502775dcd9138151c7c897fd4515818606e2786a648e00fdb05514e3ad
5
5
  SHA512:
6
- metadata.gz: dac187f0aeb0c108d62c5e5c6bfdc79c3b1f7b9188dedd12c2d23a2bb96becda721913829277e5955d5d7c0e812a800763157f8a5d3a33f79e3980987fed2d82
7
- data.tar.gz: e4a63902610b5455297d9c1d26df762cfdcdb62bb0eb4dfdd984dbc5d7f77fcc67da109d1954f1dd1756fd7a36528f7c94363e34430a13b686fa64ba5461e4e0
6
+ metadata.gz: 1898c4f3c9a12977bbfd56734074d4924db3b7d5e225784e4e159a9d1005fcd8fee8d285fb879709b2c26c1492d1541958bcbb730da338e6dcb57a5ca26d1542
7
+ data.tar.gz: ec18e45926c7d9a1e3fab40a4834de013d23dc7f43600c8060d44be6c50501d1e4d5b3f2d0cf6c9b0011140f378a569cc76171ec18bbe2536ea5141520751fb8
data/lib/dependabot/config/file.rb CHANGED
@@ -79,6 +79,7 @@ module Dependabot
79
79
  "julia" => "julia",
80
80
  "maven" => "maven",
81
81
  "mix" => "hex",
82
+ "nix" => "nix",
82
83
  "npm" => "npm_and_yarn",
83
84
  "nuget" => "nuget",
84
85
  "opentofu" => "opentofu",
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -277,6 +277,11 @@ module Dependabot
277
277
  to_local_tag(max_version_tag)
278
278
  end
279
279
 
280
+ sig { returns(T::Array[Dependabot::GitRef]) }
281
+ def all_version_tags
282
+ allowed_versions(local_tags, filter_by_prefix: false)
283
+ end
284
+
280
285
  private
281
286
 
282
287
  sig { returns(Dependabot::Dependency) }
@@ -335,11 +340,16 @@ module Dependabot
335
340
  version.split(".").length
336
341
  end
337
342
 
338
- sig { params(local_tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
339
- def allowed_versions(local_tags)
343
+ sig do
344
+ params(
345
+ local_tags: T::Array[Dependabot::GitRef],
346
+ filter_by_prefix: T::Boolean
347
+ ).returns(T::Array[Dependabot::GitRef])
348
+ end
349
+ def allowed_versions(local_tags, filter_by_prefix: true)
340
350
  tags =
341
351
  local_tags
342
- .select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
352
+ .select { |t| version_tag?(t.name) && (filter_by_prefix ? matches_existing_prefix?(t.name) : true) }
343
353
  filtered = tags
344
354
  .reject { |t| tag_included_in_ignore_requirements?(t) }
345
355
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
@@ -515,8 +525,30 @@ module Dependabot
515
525
 
516
526
  sig { params(tag: String, other_tag: String).returns(T::Boolean) }
517
527
  def same_prefix?(tag, other_tag)
518
- tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "") ==
519
- other_tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "")
528
+ tag_prefix = tag.gsub(VERSION_REGEX, "")
529
+ other_tag_prefix = other_tag.gsub(VERSION_REGEX, "")
530
+
531
+ return true if tag_prefix == other_tag_prefix
532
+
533
+ if semver_like?(tag) && semver_like?(other_tag)
534
+ normalize_v_prefix(tag_prefix) == normalize_v_prefix(other_tag_prefix)
535
+ else
536
+ false
537
+ end
538
+ end
539
+
540
+ # Returns true if the tag's version has 3+ segments (standard semver like "1.2.3")
541
+ sig { params(tag: String).returns(T::Boolean) }
542
+ def semver_like?(tag)
543
+ version = scan_version(tag)
544
+ version.split(".").length >= 3
545
+ rescue StandardError
546
+ false
547
+ end
548
+
549
+ sig { params(prefix: String).returns(String) }
550
+ def normalize_v_prefix(prefix)
551
+ prefix.length > 1 ? prefix.gsub(/v$/i, "") : prefix.gsub(/^v$/i, "")
520
552
  end
521
553
 
522
554
  sig { params(tag: T.nilable(Dependabot::GitRef)).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
data/lib/dependabot/package/package_latest_version_finder.rb CHANGED
@@ -77,6 +77,7 @@ module Dependabot
77
77
  @options = options
78
78
 
79
79
  @latest_version = T.let(nil, T.nilable(Dependabot::Version))
80
+ @latest_release = T.let(nil, T.nilable(Dependabot::Package::PackageRelease))
80
81
  @latest_version_with_no_unlock = T.let(nil, T.nilable(Dependabot::Version))
81
82
  @lowest_security_fix_version = T.let(nil, T.nilable(Dependabot::Version))
82
83
  @package_details = T.let(nil, T.nilable(Dependabot::Package::PackageDetails))
@@ -90,6 +91,22 @@ module Dependabot
90
91
  @latest_version ||= fetch_latest_version(language_version: language_version)
91
92
  end
92
93
 
94
+ sig do
95
+ params(language_version: T.nilable(T.any(String, Dependabot::Version)))
96
+ .returns(T.nilable(String))
97
+ end
98
+ def latest_tag(language_version: nil)
99
+ latest_release(language_version: language_version)&.tag
100
+ end
101
+
102
+ sig do
103
+ params(language_version: T.nilable(T.any(String, Dependabot::Version)))
104
+ .returns(T.nilable(Dependabot::Package::PackageRelease))
105
+ end
106
+ def latest_release(language_version: nil)
107
+ @latest_release ||= fetch_latest_release(language_version: language_version)
108
+ end
109
+
93
110
  sig do
94
111
  params(language_version: T.nilable(T.any(String, Dependabot::Version)))
95
112
  .returns(T.nilable(Dependabot::Version))
@@ -354,6 +371,14 @@ module Dependabot
354
371
  .returns(T.nilable(Dependabot::Version))
355
372
  end
356
373
  def fetch_latest_version(language_version: nil)
374
+ latest_release(language_version: language_version)&.version
375
+ end
376
+
377
+ sig do
378
+ params(language_version: T.nilable(T.any(String, Dependabot::Version)))
379
+ .returns(T.nilable(Dependabot::Package::PackageRelease))
380
+ end
381
+ def fetch_latest_release(language_version: nil)
357
382
  releases = available_versions
358
383
  return unless releases
359
384
 
@@ -363,7 +388,7 @@ module Dependabot
363
388
  releases = filter_prerelease_versions(releases)
364
389
  releases = filter_ignored_versions(releases)
365
390
  releases = apply_post_fetch_latest_versions_filter(releases)
366
- releases.max_by(&:version)&.version
391
+ releases.max_by(&:version)
367
392
  end
368
393
 
369
394
  sig do
data/lib/dependabot/registry_client.rb CHANGED
@@ -14,7 +14,9 @@ module Dependabot
14
14
  class RegistryClient
15
15
  extend T::Sig
16
16
 
17
- @cached_errors = T.let({}, T::Hash[T.nilable(String), Excon::Error::Timeout])
17
+ CachedErrorType = T.type_alias { T.any(Excon::Error::Timeout, Excon::Error::Socket) }
18
+
19
+ @cached_errors = T.let({}, T::Hash[T.nilable(String), CachedErrorType])
18
20
 
19
21
  sig do
20
22
  params(
@@ -33,7 +35,7 @@ module Dependabot
33
35
  **SharedHelpers.excon_defaults({ headers: headers }.merge(options)),
34
36
  retry_interval: 5
35
37
  )
36
- rescue Excon::Error::Timeout => e
38
+ rescue Excon::Error::Timeout, Excon::Error::Socket => e
37
39
  cache_error(url, e)
38
40
  raise e
39
41
  end
@@ -54,7 +56,7 @@ module Dependabot
54
56
  idempotent: true,
55
57
  **SharedHelpers.excon_defaults({ headers: headers }.merge(options))
56
58
  )
57
- rescue Excon::Error::Timeout => e
59
+ rescue Excon::Error::Timeout, Excon::Error::Socket => e
58
60
  cache_error(url, e)
59
61
  raise e
60
62
  end
@@ -64,13 +66,13 @@ module Dependabot
64
66
  @cached_errors = {}
65
67
  end
66
68
 
67
- sig { params(url: String, error: Excon::Error::Timeout).void }
69
+ sig { params(url: String, error: CachedErrorType).void }
68
70
  private_class_method def self.cache_error(url, error)
69
71
  host = URI(url).host
70
72
  @cached_errors[host] = error
71
73
  end
72
74
 
73
- sig { params(url: String).returns(T.nilable(Excon::Error::Timeout)) }
75
+ sig { params(url: String).returns(T.nilable(CachedErrorType)) }
74
76
  private_class_method def self.cached_error_for(url)
75
77
  host = URI(url).host
76
78
  @cached_errors.fetch(host, nil)
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.366.0"
5
+ VERSION = "0.368.0"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.366.0
4
+ version: 0.368.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -616,7 +616,7 @@ licenses:
616
616
  - MIT
617
617
  metadata:
618
618
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
619
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.366.0
619
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.368.0
620
620
  rdoc_options: []
621
621
  require_paths:
622
622
  - lib