dependabot-common 0.383.0 → 0.384.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1fb1a4d6243812d664a20067d226c2eec111080d39e7337217744a58a9d8f0b6
4
- data.tar.gz: 609737fc8b6040222a744d58ea03f8587fec15136cb835d319c31b798f7ebf32
3
+ metadata.gz: 4011821492cf0ae915acc4d9b0783f699f5522946eac07bbef8973e8692df1f9
4
+ data.tar.gz: 7502e7687e79b39ec94fad1c9318e1b40b7cdf7965c8c1818ebda3a7a914b8ee
5
5
  SHA512:
6
- metadata.gz: 5e3042cb52f78e0396e75a3c6707a6706a1e2f4f1e12fc16310079eae0ae08336f688a75a92795cc6a8ba50ba62b9d0b9168b3ca4d5780439c7bccf574ab4179
7
- data.tar.gz: a15d7f181d2d4afd8b5bf3e72f0450827d435f8e61e98f7863bfa0c254e8e2b983bb831901f1c95d27da8abfe791bf673d6c6e7fcc29b8d5e61c0e3c631ea9e6
6
+ metadata.gz: c5f9708f6197bf0fe6e6dd22b971e41522f7deb6af1963786276dd5246d3177741768e4065d437c4ad3906ff0d0d91afd10b41a0108c0e553a14be2ae1dfde5f
7
+ data.tar.gz: 1e9ebca6d67ec61d619f36e71cfd02cd92c1aca3d6701b47ff4a94c95f2abcdb05277de57902d4dea2b1d5bb6410cabbc027c81bb0e8884bbee84d31cd43e2f4
@@ -102,33 +102,68 @@ module Dependabot
102
102
  T::Hash[String, String]
103
103
  )
104
104
 
105
- sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[IgnoreCondition]) }
105
+ sig { params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(T::Array[IgnoreCondition]) }
106
106
  def ignore_conditions(cfg)
107
- ignores = cfg&.dig(:ignore) || []
108
- ignores.map do |ic|
107
+ array_values(cfg&.dig(:ignore)).map do |raw|
108
+ ic = hash_values(raw)
109
109
  IgnoreCondition.new(
110
- dependency_name: ic[:"dependency-name"],
111
- versions: ic[:versions],
112
- update_types: ic[:"update-types"]
110
+ dependency_name: T.must(string_value(ic[:"dependency-name"])),
111
+ versions: string_array(ic[:versions]),
112
+ update_types: string_array(ic[:"update-types"])
113
113
  )
114
114
  end
115
115
  end
116
116
 
117
117
  sig do
118
- params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(UpdateConfig::CommitMessageOptions)
118
+ params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(UpdateConfig::CommitMessageOptions)
119
119
  end
120
120
  def commit_message_options(cfg)
121
- commit_message = cfg&.dig(:"commit-message") || {}
121
+ commit_message = hash_values(cfg&.dig(:"commit-message"))
122
+ prefix = string_value(commit_message[:prefix])
122
123
  UpdateConfig::CommitMessageOptions.new(
123
- prefix: commit_message[:prefix],
124
- prefix_development: commit_message[:"prefix-development"] || commit_message[:prefix],
125
- include: commit_message[:include]
124
+ prefix: prefix,
125
+ prefix_development: string_value(commit_message[:"prefix-development"]) || prefix,
126
+ include: string_value(commit_message[:include])
126
127
  )
127
128
  end
128
129
 
129
- sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[String]) }
130
+ sig { params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(T::Array[String]) }
130
131
  def exclude_paths(cfg)
131
- Array(cfg&.dig(:"exclude-paths") || [])
132
+ string_array(cfg&.dig(:"exclude-paths")) || []
133
+ end
134
+
135
+ # The methods below narrow the loosely typed, parsed-YAML config values
136
+ # (Symbol-keyed hashes whose values are arbitrary) into the specific
137
+ # types the config objects expect.
138
+
139
+ sig { params(value: T.anything).returns(T.nilable(String)) }
140
+ def string_value(value)
141
+ case value
142
+ when String then value
143
+ end
144
+ end
145
+
146
+ sig { params(value: T.anything).returns(T::Hash[Symbol, T.anything]) }
147
+ def hash_values(value)
148
+ case value
149
+ when Hash then value
150
+ else {}
151
+ end
152
+ end
153
+
154
+ sig { params(value: T.anything).returns(T::Array[T.anything]) }
155
+ def array_values(value)
156
+ case value
157
+ when Array then value
158
+ else []
159
+ end
160
+ end
161
+
162
+ sig { params(value: T.anything).returns(T.nilable(T::Array[String])) }
163
+ def string_array(value)
164
+ case value
165
+ when Array then value.map(&:to_s)
166
+ end
132
167
  end
133
168
  end
134
169
  end
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -1,7 +1,6 @@
1
1
  # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
- require "cgi"
5
4
  require "excon"
6
5
  require "nokogiri"
7
6
  require "sorbet-runtime"
@@ -0,0 +1,70 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+
6
+ module Dependabot
7
+ class PullRequestCreator
8
+ # Typed view over the `commit_message_options` hash threaded into the PR
9
+ # creator's title and prefix builders. The raw options arrive as a loosely
10
+ # typed hash sourced from user config, so this parses the known keys once at
11
+ # the boundary and lets downstream builders use typed readers instead of
12
+ # digging an untyped hash.
13
+ class CommitMessageOptions
14
+ extend T::Sig
15
+
16
+ sig { returns(T.nilable(String)) }
17
+ attr_reader :prefix
18
+
19
+ sig { returns(T.nilable(String)) }
20
+ attr_reader :prefix_development
21
+
22
+ sig { returns(T::Boolean) }
23
+ attr_reader :include_scope
24
+
25
+ sig do
26
+ params(
27
+ prefix: T.nilable(String),
28
+ prefix_development: T.nilable(String),
29
+ include_scope: T::Boolean
30
+ ).void
31
+ end
32
+ def initialize(prefix: nil, prefix_development: nil, include_scope: false)
33
+ @prefix = prefix
34
+ @prefix_development = prefix_development
35
+ @include_scope = include_scope
36
+ end
37
+
38
+ # Parses a raw options hash. Unknown keys are ignored, and absent or
39
+ # non-string prefixes become nil.
40
+ sig { params(options: T::Hash[Symbol, T.anything]).returns(CommitMessageOptions) }
41
+ def self.from_hash(options)
42
+ new(
43
+ prefix: coerce_string(options[:prefix]),
44
+ prefix_development: coerce_string(options[:prefix_development]),
45
+ include_scope: options[:include_scope] ? true : false
46
+ )
47
+ end
48
+
49
+ sig { params(value: T.anything).returns(T.nilable(String)) }
50
+ def self.coerce_string(value)
51
+ case value
52
+ when String then value
53
+ end
54
+ end
55
+ private_class_method :coerce_string
56
+
57
+ # True when an explicit (non-nil) prefix was provided.
58
+ sig { returns(T::Boolean) }
59
+ def prefix?
60
+ !prefix.nil?
61
+ end
62
+
63
+ # True when an explicit (non-nil) development prefix was provided.
64
+ sig { returns(T::Boolean) }
65
+ def prefix_development?
66
+ !prefix_development.nil?
67
+ end
68
+ end
69
+ end
70
+ end
@@ -247,7 +247,7 @@ module Dependabot
247
247
  end
248
248
  end
249
249
 
250
- sig { params(details: T::Hash[String, T.untyped]).returns(String) }
250
+ sig { params(details: T::Hash[String, T.anything]).returns(String) }
251
251
  def vulnerability_version_range_lines(details)
252
252
  msg = ""
253
253
  %w(
@@ -256,9 +256,12 @@ module Dependabot
256
256
  affected_versions
257
257
  ).each do |tp|
258
258
  type = T.must(tp.split("_").first).capitalize
259
- next unless details[tp]
259
+ versions = case (value = details[tp])
260
+ when Array then value
261
+ end
262
+ next unless versions
260
263
 
261
- versions_string = details[tp].any? ? details[tp].join("; ") : "none"
264
+ versions_string = versions.any? ? versions.join("; ") : "none"
262
265
  versions_string = versions_string.gsub(/(?<!\\)~/, '\~')
263
266
  msg += "> #{type} versions: #{versions_string}\n"
264
267
  end
@@ -1,9 +1,10 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
5
  require "dependabot/dependency"
6
6
  require "dependabot/logger"
7
+ require "dependabot/pull_request_creator/commit_message_options"
7
8
  require "dependabot/pull_request_creator/pr_name_prefixer"
8
9
 
9
10
  module Dependabot
@@ -25,7 +26,7 @@ module Dependabot
25
26
  sig { returns(T.nilable(Dependabot::PullRequestCreator::PrNamePrefixer)) }
26
27
  attr_reader :prefixer
27
28
 
28
- sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
29
+ sig { returns(T.nilable(CommitMessageOptions)) }
29
30
  attr_reader :commit_message_options
30
31
 
31
32
  sig { returns(T.nilable(T::Array[Dependabot::Dependency])) }
@@ -35,14 +36,17 @@ module Dependabot
35
36
  params(
36
37
  base_title: String,
37
38
  prefixer: T.nilable(Dependabot::PullRequestCreator::PrNamePrefixer),
38
- commit_message_options: T.nilable(T::Hash[Symbol, T.untyped]),
39
+ commit_message_options: T.nilable(T::Hash[Symbol, T.anything]),
39
40
  dependencies: T.nilable(T::Array[Dependabot::Dependency])
40
41
  ).void
41
42
  end
42
43
  def initialize(base_title:, prefixer: nil, commit_message_options: nil, dependencies: nil)
43
44
  @base_title = base_title
44
45
  @prefixer = prefixer
45
- @commit_message_options = commit_message_options
46
+ @commit_message_options = T.let(
47
+ commit_message_options && CommitMessageOptions.from_hash(commit_message_options),
48
+ T.nilable(CommitMessageOptions)
49
+ )
46
50
  @dependencies = dependencies
47
51
  end
48
52
 
@@ -85,12 +89,12 @@ module Dependabot
85
89
  # but without requiring source/credentials.
86
90
  sig { returns(String) }
87
91
  def build_explicit_prefix
88
- return "" unless commit_message_options&.key?(:prefix)
92
+ return "" unless commit_message_options&.prefix?
89
93
 
90
94
  prefix = explicit_prefix_string
91
95
  return "" if prefix.empty?
92
96
 
93
- prefix += "(#{scope})" if commit_message_options&.dig(:include_scope)
97
+ prefix += "(#{scope})" if commit_message_options&.include_scope
94
98
  # Append colon after alphanumeric or closing bracket to follow
95
99
  # conventional commit format (e.g., "chore: ..." or "fix(deps): ...")
96
100
  prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
@@ -101,11 +105,11 @@ module Dependabot
101
105
  sig { returns(String) }
102
106
  def explicit_prefix_string
103
107
  if production_dependencies?
104
- commit_message_options&.dig(:prefix).to_s
105
- elsif commit_message_options&.key?(:prefix_development)
106
- commit_message_options&.dig(:prefix_development).to_s
108
+ commit_message_options&.prefix.to_s
109
+ elsif commit_message_options&.prefix_development?
110
+ commit_message_options&.prefix_development.to_s
107
111
  else
108
- commit_message_options&.dig(:prefix).to_s
112
+ commit_message_options&.prefix.to_s
109
113
  end
110
114
  end
111
115
 
@@ -9,6 +9,7 @@ require "dependabot/clients/codecommit"
9
9
  require "dependabot/clients/github_with_retries"
10
10
  require "dependabot/clients/gitlab_with_retries"
11
11
  require "dependabot/pull_request_creator"
12
+ require "dependabot/pull_request_creator/commit_message_options"
12
13
 
13
14
  module Dependabot
14
15
  class PullRequestCreator
@@ -39,7 +40,7 @@ module Dependabot
39
40
  dependencies: T::Array[Dependency],
40
41
  credentials: T::Array[Dependabot::Credential],
41
42
  security_fix: T::Boolean,
42
- commit_message_options: T.nilable(T::Hash[Symbol, T.untyped])
43
+ commit_message_options: T.nilable(T::Hash[Symbol, T.anything])
43
44
  )
44
45
  .void
45
46
  end
@@ -54,7 +55,10 @@ module Dependabot
54
55
  @source = source
55
56
  @credentials = credentials
56
57
  @security_fix = security_fix
57
- @commit_message_options = commit_message_options
58
+ @commit_message_options = T.let(
59
+ commit_message_options && CommitMessageOptions.from_hash(commit_message_options),
60
+ T.nilable(CommitMessageOptions)
61
+ )
58
62
  end
59
63
 
60
64
  sig { returns(String) }
@@ -85,7 +89,7 @@ module Dependabot
85
89
  sig { returns(T::Array[Dependabot::Credential]) }
86
90
  attr_reader :credentials
87
91
 
88
- sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
92
+ sig { returns(T.nilable(CommitMessageOptions)) }
89
93
  attr_reader :commit_message_options
90
94
 
91
95
  sig { returns(T::Boolean) }
@@ -96,7 +100,7 @@ module Dependabot
96
100
  sig { returns(T.nilable(String)) }
97
101
  def commit_prefix
98
102
  # If a preferred prefix has been explicitly provided, use it
99
- return prefix_from_explicitly_provided_details if commit_message_options&.key?(:prefix)
103
+ return prefix_from_explicitly_provided_details if commit_message_options&.prefix?
100
104
 
101
105
  # Otherwise, if there is a previous Dependabot commit and it used a
102
106
  # known style, use that as our model for subsequent commits
@@ -112,7 +116,7 @@ module Dependabot
112
116
  prefix = explicitly_provided_prefix_string
113
117
  return if prefix.empty?
114
118
 
115
- prefix += "(#{scope})" if commit_message_options&.dig(:include_scope)
119
+ prefix += "(#{scope})" if commit_message_options&.include_scope
116
120
  prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
117
121
  prefix += " " unless prefix.end_with?(" ")
118
122
  prefix
@@ -121,14 +125,14 @@ module Dependabot
121
125
  # rubocop:disable Metrics/PerceivedComplexity
122
126
  sig { returns(String) }
123
127
  def explicitly_provided_prefix_string
124
- raise "No explicitly provided prefix!" unless commit_message_options&.key?(:prefix)
128
+ raise "No explicitly provided prefix!" unless commit_message_options&.prefix?
125
129
 
126
130
  if dependencies.any?(&:production?)
127
- commit_message_options&.dig(:prefix).to_s
128
- elsif commit_message_options&.key?(:prefix_development)
129
- commit_message_options&.dig(:prefix_development).to_s
131
+ commit_message_options&.prefix.to_s
132
+ elsif commit_message_options&.prefix_development?
133
+ commit_message_options&.prefix_development.to_s
130
134
  else
131
- commit_message_options&.dig(:prefix).to_s
135
+ commit_message_options&.prefix.to_s
132
136
  end
133
137
  end
134
138
  # rubocop:enable Metrics/PerceivedComplexity
@@ -32,6 +32,19 @@ module Dependabot
32
32
  version.to_s.match?(ANCHORED_VERSION_PATTERN)
33
33
  end
34
34
 
35
+ # RubyGems 4 eagerly computes a numeric sort key in Gem::Version#initialize and
36
+ # skips it for prereleases. Dependabot's subclasses override #prerelease? with
37
+ # ecosystem-specific semantics, so a version with alphabetic segments (e.g.
38
+ # "1.0.0.RELEASE" or "2.0.0.post1") can report prerelease? == false and reach
39
+ # RubyGems' radix comparison, which raises when a segment is a String. Returning
40
+ # nil for those versions falls back to the segment-by-segment comparison.
41
+ sig { override.overridable.returns(T.nilable(Integer)) }
42
+ def compute_sort_key
43
+ return if canonical_segments.any?(String)
44
+
45
+ super
46
+ end
47
+
35
48
  sig { overridable.returns(String) }
36
49
  def to_semver
37
50
  @original_version
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.383.0"
5
+ VERSION = "0.384.0"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.383.0
4
+ version: 0.384.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -580,6 +580,7 @@ files:
580
580
  - lib/dependabot/pull_request_creator/branch_namer/multi_ecosystem_strategy.rb
581
581
  - lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb
582
582
  - lib/dependabot/pull_request_creator/codecommit.rb
583
+ - lib/dependabot/pull_request_creator/commit_message_options.rb
583
584
  - lib/dependabot/pull_request_creator/commit_signer.rb
584
585
  - lib/dependabot/pull_request_creator/github.rb
585
586
  - lib/dependabot/pull_request_creator/gitlab.rb
@@ -620,7 +621,7 @@ licenses:
620
621
  - MIT
621
622
  metadata:
622
623
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
623
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.383.0
624
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
624
625
  rdoc_options: []
625
626
  require_paths:
626
627
  - lib
@@ -635,7 +636,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
635
636
  - !ruby/object:Gem::Version
636
637
  version: 3.3.7
637
638
  requirements: []
638
- rubygems_version: 3.7.2
639
+ rubygems_version: 4.0.14
639
640
  specification_version: 4
640
641
  summary: Shared code used across Dependabot Core
641
642
  test_files: []