dependabot-common 0.143.1 → 0.143.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +22 -12
- data/lib/dependabot/config/ignore_condition.rb +96 -0
- data/lib/dependabot/config/update_config.rb +25 -12
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 82f605b43ae5d4332b84cd8bca628b5621e518f26dfab590b680401b17fb2282
|
|
4
|
+
data.tar.gz: 6913eb7ddb27d985b3aa28ad9e40f239f0efbfeb4f22400a45d9755a9b566287
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1114b083a13b2416c8be267f37bc0c2f3ac21cabf97613c879419d21cd506271972efb3d7519b1af54b092ca7b46542e53f2b6edaae3ebd342ed51c885d065cc
|
|
7
|
+
data.tar.gz: 26f6b95978c3d8492486687cf275285eee383a9b12328e06d8477ddb2707affeacd498abfa7436bfe1f5226e7d485ac84e391a1797408386c2d75ab28ec2184d
|
|
@@ -26,6 +26,17 @@ module Dependabot
|
|
|
26
26
|
)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
# Parse the YAML config file
|
|
30
|
+
def self.parse(config)
|
|
31
|
+
parsed = YAML.safe_load(config, symbolize_names: true)
|
|
32
|
+
version = parsed[:version]
|
|
33
|
+
raise InvalidConfigError, "invalid version #{version}" if version && version != 2
|
|
34
|
+
|
|
35
|
+
File.new(updates: parsed[:updates], registries: parsed[:registries])
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
29
40
|
PACKAGE_MANAGER_LOOKUP = {
|
|
30
41
|
"bundler" => "bundler",
|
|
31
42
|
"cargo" => "cargo",
|
|
@@ -44,23 +55,22 @@ module Dependabot
|
|
|
44
55
|
"terraform" => "terraform"
|
|
45
56
|
}.freeze
|
|
46
57
|
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
version
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
File.new(updates: parsed[:updates], registries: parsed[:registries])
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
private
|
|
58
|
+
UPDATE_TYPE_LOOKUP = {
|
|
59
|
+
"version-update:semver-patch" => :ignore_patch_versions,
|
|
60
|
+
"version-update:semver-minor" => :ignore_minor_versions,
|
|
61
|
+
"version-update:semver-major" => :ignore_major_versions
|
|
62
|
+
}.freeze
|
|
57
63
|
|
|
58
64
|
def ignore_conditions(cfg)
|
|
59
65
|
ignores = cfg&.dig(:ignore) || []
|
|
60
66
|
ignores.map do |ic|
|
|
61
|
-
|
|
67
|
+
update_types = ic[:"update-types"]&.
|
|
68
|
+
map { |t| UPDATE_TYPE_LOOKUP[t.downcase.strip] }&.
|
|
69
|
+
compact
|
|
70
|
+
Dependabot::Config::IgnoreCondition.new(
|
|
62
71
|
dependency_name: ic[:"dependency-name"],
|
|
63
|
-
versions: ic[:versions]
|
|
72
|
+
versions: ic[:versions],
|
|
73
|
+
update_types: update_types
|
|
64
74
|
)
|
|
65
75
|
end
|
|
66
76
|
end
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Dependabot
|
|
4
|
+
module Config
|
|
5
|
+
# Filters versions that should not be considered for dependency updates
|
|
6
|
+
class IgnoreCondition
|
|
7
|
+
UPDATE_TYPES = %i(
|
|
8
|
+
ignore_major_versions
|
|
9
|
+
ignore_minor_versions
|
|
10
|
+
ignore_patch_versions
|
|
11
|
+
).freeze
|
|
12
|
+
|
|
13
|
+
ALL_VERSIONS = ">= 0"
|
|
14
|
+
|
|
15
|
+
attr_reader :dependency_name, :versions, :update_types
|
|
16
|
+
def initialize(dependency_name:, versions: nil, update_types: nil)
|
|
17
|
+
@dependency_name = dependency_name
|
|
18
|
+
@versions = versions || []
|
|
19
|
+
@update_types = update_types || []
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def ignored_versions(dependency)
|
|
23
|
+
return [ALL_VERSIONS] if @versions.empty? && @update_types.empty?
|
|
24
|
+
|
|
25
|
+
versions_by_type(dependency) + @versions
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def versions_by_type(dependency)
|
|
31
|
+
@update_types.flat_map do |t|
|
|
32
|
+
case t
|
|
33
|
+
when :ignore_patch_versions
|
|
34
|
+
ignore_patch(dependency.version)
|
|
35
|
+
when :ignore_minor_versions
|
|
36
|
+
ignore_minor(dependency.version)
|
|
37
|
+
when :ignore_major_versions
|
|
38
|
+
ignore_major(dependency.version)
|
|
39
|
+
else
|
|
40
|
+
[]
|
|
41
|
+
end
|
|
42
|
+
end.compact
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def ignore_patch(version)
|
|
46
|
+
parts = version.split(".")
|
|
47
|
+
return [] unless parts.size > 2
|
|
48
|
+
|
|
49
|
+
lower_parts = parts.first(2) + ["a"]
|
|
50
|
+
upper_parts = parts.first(2)
|
|
51
|
+
upper_parts[1] = upper_parts[1].to_i + 1
|
|
52
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
53
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
54
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def ignore_minor(version)
|
|
58
|
+
parts = version.split(".")
|
|
59
|
+
return [] if parts.size < 2
|
|
60
|
+
|
|
61
|
+
if Gem::Version.correct?(version)
|
|
62
|
+
lower_parts = parts.first(2) + ["a"]
|
|
63
|
+
upper_parts = parts.first(1)
|
|
64
|
+
lower_parts[1] = lower_parts[1].to_i + 1
|
|
65
|
+
upper_parts[0] = upper_parts[0].to_i + 1
|
|
66
|
+
else
|
|
67
|
+
lower_parts = parts.first(1) + ["a"]
|
|
68
|
+
upper_parts = parts.first(1)
|
|
69
|
+
begin
|
|
70
|
+
upper_parts[0] = Integer(upper_parts[0]) + 1
|
|
71
|
+
rescue ArgumentError
|
|
72
|
+
upper_parts.push(999_999)
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
77
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
78
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def ignore_major(version)
|
|
82
|
+
parts = version.split(".")
|
|
83
|
+
return [] unless parts.size > 1
|
|
84
|
+
|
|
85
|
+
lower_parts = parts.first(1) + ["a"]
|
|
86
|
+
upper_parts = parts.first(1)
|
|
87
|
+
lower_parts[0] = lower_parts[0].to_i + 1
|
|
88
|
+
upper_parts[0] = upper_parts[0].to_i + 2
|
|
89
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
90
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
91
|
+
|
|
92
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
end
|
|
@@ -1,30 +1,43 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/config/ignore_condition"
|
|
4
|
+
|
|
3
5
|
module Dependabot
|
|
4
6
|
module Config
|
|
5
7
|
# Configuration for a single ecosystem
|
|
6
8
|
class UpdateConfig
|
|
7
|
-
attr_reader :commit_message_options
|
|
8
|
-
|
|
9
|
+
attr_reader :commit_message_options, :ignore_conditions
|
|
9
10
|
def initialize(ignore_conditions: nil, commit_message_options: nil)
|
|
10
11
|
@ignore_conditions = ignore_conditions || []
|
|
11
12
|
@commit_message_options = commit_message_options
|
|
12
13
|
end
|
|
13
14
|
|
|
14
|
-
def ignored_versions_for(
|
|
15
|
+
def ignored_versions_for(dependency)
|
|
16
|
+
normalizer = name_normaliser_for(dependency)
|
|
17
|
+
dep_name = name_normaliser_for(dependency).call(dependency.name)
|
|
15
18
|
@ignore_conditions.
|
|
16
|
-
select { |ic| ic.dependency_name
|
|
17
|
-
map(
|
|
19
|
+
select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
|
|
20
|
+
map { |ic| ic.ignored_versions(dependency) }.
|
|
18
21
|
flatten.
|
|
19
|
-
compact
|
|
22
|
+
compact.
|
|
23
|
+
uniq
|
|
20
24
|
end
|
|
21
25
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
27
|
+
return false unless wildcard_string && candidate_string
|
|
28
|
+
|
|
29
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*").
|
|
30
|
+
map { |p| Regexp.quote(p) }.
|
|
31
|
+
join(".*").gsub(/^a|a$/, "")
|
|
32
|
+
regex = /^#{regex_string}$/
|
|
33
|
+
regex.match?(candidate_string.downcase)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
private
|
|
37
|
+
|
|
38
|
+
def name_normaliser_for(dep)
|
|
39
|
+
name_normaliser ||= {}
|
|
40
|
+
name_normaliser[dep] ||= Dependency.name_normaliser_for_package_manager(dep.package_manager)
|
|
28
41
|
end
|
|
29
42
|
|
|
30
43
|
class CommitMessageOptions
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.143.
|
|
4
|
+
version: 0.143.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -394,6 +394,7 @@ files:
|
|
|
394
394
|
- lib/dependabot/config.rb
|
|
395
395
|
- lib/dependabot/config/file.rb
|
|
396
396
|
- lib/dependabot/config/file_fetcher.rb
|
|
397
|
+
- lib/dependabot/config/ignore_condition.rb
|
|
397
398
|
- lib/dependabot/config/update_config.rb
|
|
398
399
|
- lib/dependabot/dependency.rb
|
|
399
400
|
- lib/dependabot/dependency_file.rb
|