dependabot-common 0.238.0 → 0.239.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +3 -3
- data/lib/dependabot/errors.rb +20 -9
- data/lib/dependabot/experiments.rb +9 -2
- data/lib/dependabot/metadata_finders.rb +9 -2
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +38 -5
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +10 -5
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +15 -15
- data/lib/dependabot/pull_request_creator/branch_namer.rb +6 -3
- data/lib/dependabot/pull_request_creator/github.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -2
- data/lib/dependabot/pull_request_creator/message_builder.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +2 -1
- data/lib/dependabot/requirement.rb +20 -0
- data/lib/dependabot/utils.rb +5 -3
- data/lib/dependabot.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 05ce845694a06ef06ec108aada0ff902b7b08a7a8fc41c23531e00b2252436ae
|
|
4
|
+
data.tar.gz: 72cc39025cf3a411bed2f82d113474dae965e57c06b15d1abe78f93794562c8c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee1859d83b60cf7ddeab1b98c04666198da262a86c5875ed6ff586c9637c877075d9687b3657f38e0bcbf5669584d545a790a2c68e82e9499e5c30b4353d9890
|
|
7
|
+
data.tar.gz: c4f99509fbd5846a9d07caa227cc67152933da70bea50246c1d6fe20ab9fc67cbb6d141753b89a4b7ed08bf9a73e4520a3c738fa33f4169ea5a19225db9698c6
|
|
@@ -13,19 +13,19 @@ module Dependabot
|
|
|
13
13
|
sig { returns(T::Array[T::Hash[Symbol, String]]) }
|
|
14
14
|
attr_reader :updates
|
|
15
15
|
|
|
16
|
-
sig { returns T::
|
|
16
|
+
sig { returns(T::Hash[Symbol, T::Hash[Symbol, String]]) }
|
|
17
17
|
attr_reader :registries
|
|
18
18
|
|
|
19
19
|
sig do
|
|
20
20
|
params(
|
|
21
21
|
updates: T.nilable(T::Array[T::Hash[Symbol, String]]),
|
|
22
|
-
registries: T.nilable(T::
|
|
22
|
+
registries: T.nilable(T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
23
23
|
)
|
|
24
24
|
.void
|
|
25
25
|
end
|
|
26
26
|
def initialize(updates:, registries: nil)
|
|
27
27
|
@updates = T.let(updates || [], T::Array[T::Hash[Symbol, String]])
|
|
28
|
-
@registries = T.let(registries || [
|
|
28
|
+
@registries = T.let(registries || {}, T::Hash[Symbol, T::Hash[Symbol, String]])
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
sig do
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/utils"
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
8
10
|
# rubocop:disable Metrics/MethodLength
|
|
11
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
9
12
|
def self.fetcher_error_details(error)
|
|
10
13
|
case error
|
|
11
14
|
when Dependabot::ToolVersionNotSupported
|
|
@@ -70,12 +73,13 @@ module Dependabot
|
|
|
70
73
|
{
|
|
71
74
|
"error-type": "octokit_rate_limited",
|
|
72
75
|
"error-detail": {
|
|
73
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
76
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
74
77
|
}
|
|
75
78
|
}
|
|
76
79
|
end
|
|
77
80
|
end
|
|
78
81
|
|
|
82
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
79
83
|
def self.parser_error_details(error)
|
|
80
84
|
case error
|
|
81
85
|
when Dependabot::DependencyFileNotEvaluatable
|
|
@@ -136,6 +140,7 @@ module Dependabot
|
|
|
136
140
|
end
|
|
137
141
|
end
|
|
138
142
|
|
|
143
|
+
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
139
144
|
def self.updater_error_details(error)
|
|
140
145
|
case error
|
|
141
146
|
when Dependabot::DependencyFileNotResolvable
|
|
@@ -207,7 +212,7 @@ module Dependabot
|
|
|
207
212
|
{
|
|
208
213
|
"error-type": "octokit_rate_limited",
|
|
209
214
|
"error-detail": {
|
|
210
|
-
"rate-limit-reset": error.response_headers["X-RateLimit-Reset"]
|
|
215
|
+
"rate-limit-reset": T.cast(error, Octokit::Error).response_headers["X-RateLimit-Reset"]
|
|
211
216
|
}
|
|
212
217
|
}
|
|
213
218
|
end
|
|
@@ -376,23 +381,28 @@ module Dependabot
|
|
|
376
381
|
class DependencyFileNotFound < DependabotError
|
|
377
382
|
extend T::Sig
|
|
378
383
|
|
|
379
|
-
sig { returns(String) }
|
|
384
|
+
sig { returns(T.nilable(String)) }
|
|
380
385
|
attr_reader :file_path
|
|
381
386
|
|
|
387
|
+
sig { params(file_path: T.nilable(String), msg: T.nilable(String)).void }
|
|
382
388
|
def initialize(file_path, msg = nil)
|
|
383
389
|
@file_path = file_path
|
|
384
390
|
super(msg || "#{file_path} not found")
|
|
385
391
|
end
|
|
386
392
|
|
|
387
|
-
sig { returns(String) }
|
|
393
|
+
sig { returns(T.nilable(String)) }
|
|
388
394
|
def file_name
|
|
389
|
-
|
|
395
|
+
return unless file_path
|
|
396
|
+
|
|
397
|
+
T.must(file_path).split("/").last
|
|
390
398
|
end
|
|
391
399
|
|
|
392
|
-
sig { returns(String) }
|
|
400
|
+
sig { returns(T.nilable(String)) }
|
|
393
401
|
def directory
|
|
394
402
|
# Directory should always start with a `/`
|
|
395
|
-
|
|
403
|
+
return unless file_path
|
|
404
|
+
|
|
405
|
+
T.must(T.must(file_path).split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
396
406
|
end
|
|
397
407
|
end
|
|
398
408
|
|
|
@@ -434,8 +444,9 @@ module Dependabot
|
|
|
434
444
|
sig { returns(String) }
|
|
435
445
|
attr_reader :source
|
|
436
446
|
|
|
447
|
+
sig { params(source: T.nilable(String)).void }
|
|
437
448
|
def initialize(source)
|
|
438
|
-
@source = T.let(sanitize_source(source), String)
|
|
449
|
+
@source = T.let(sanitize_source(T.must(source)), String)
|
|
439
450
|
msg = "The following source could not be reached as it requires " \
|
|
440
451
|
"authentication (and any provided details were invalid or lacked " \
|
|
441
452
|
"the required permissions): #{@source}"
|
|
@@ -1,18 +1,25 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module Experiments
|
|
6
|
-
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
10
|
+
@experiments = T.let({}, T::Hash[T.any(String, Symbol), T.untyped])
|
|
7
11
|
|
|
12
|
+
sig { returns(T::Hash[T.any(String, Symbol), T.untyped]) }
|
|
8
13
|
def self.reset!
|
|
9
14
|
@experiments = {}
|
|
10
15
|
end
|
|
11
16
|
|
|
17
|
+
sig { params(name: T.any(String, Symbol), value: T.untyped).void }
|
|
12
18
|
def self.register(name, value)
|
|
13
19
|
@experiments[name.to_sym] = value
|
|
14
20
|
end
|
|
15
21
|
|
|
22
|
+
sig { params(name: T.any(String, Symbol)).returns(T::Boolean) }
|
|
16
23
|
def self.enabled?(name)
|
|
17
24
|
!!@experiments[name.to_sym]
|
|
18
25
|
end
|
|
@@ -1,10 +1,16 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/metadata_finders/base"
|
|
6
|
+
|
|
4
7
|
module Dependabot
|
|
5
8
|
module MetadataFinders
|
|
6
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
11
|
+
@metadata_finders = T.let({}, T::Hash[String, T.class_of(Dependabot::MetadataFinders::Base)])
|
|
7
12
|
|
|
13
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::MetadataFinders::Base)) }
|
|
8
14
|
def self.for_package_manager(package_manager)
|
|
9
15
|
metadata_finder = @metadata_finders[package_manager]
|
|
10
16
|
return metadata_finder if metadata_finder
|
|
@@ -12,6 +18,7 @@ module Dependabot
|
|
|
12
18
|
raise "Unsupported package_manager #{package_manager}"
|
|
13
19
|
end
|
|
14
20
|
|
|
21
|
+
sig { params(package_manager: String, metadata_finder: T.class_of(Dependabot::MetadataFinders::Base)).void }
|
|
15
22
|
def self.register(package_manager, metadata_finder)
|
|
16
23
|
@metadata_finders[package_manager] = metadata_finder
|
|
17
24
|
end
|
|
@@ -1,12 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
class PullRequestCreator
|
|
6
8
|
class BranchNamer
|
|
7
9
|
class Base
|
|
8
|
-
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
sig { returns(T::Array[Dependency]) }
|
|
13
|
+
attr_reader :dependencies
|
|
14
|
+
|
|
15
|
+
sig { returns(T::Array[DependencyFile]) }
|
|
16
|
+
attr_reader :files
|
|
17
|
+
|
|
18
|
+
sig { returns(T.nilable(String)) }
|
|
19
|
+
attr_reader :target_branch
|
|
9
20
|
|
|
21
|
+
sig { returns(String) }
|
|
22
|
+
attr_reader :separator
|
|
23
|
+
|
|
24
|
+
sig { returns(String) }
|
|
25
|
+
attr_reader :prefix
|
|
26
|
+
|
|
27
|
+
sig { returns(T.nilable(Integer)) }
|
|
28
|
+
attr_reader :max_length
|
|
29
|
+
|
|
30
|
+
sig do
|
|
31
|
+
params(
|
|
32
|
+
dependencies: T::Array[Dependency],
|
|
33
|
+
files: T::Array[DependencyFile],
|
|
34
|
+
target_branch: T.nilable(String),
|
|
35
|
+
separator: String,
|
|
36
|
+
prefix: String,
|
|
37
|
+
max_length: T.nilable(Integer)
|
|
38
|
+
)
|
|
39
|
+
.void
|
|
40
|
+
end
|
|
10
41
|
def initialize(dependencies:, files:, target_branch:, separator: "/",
|
|
11
42
|
prefix: "dependabot", max_length: nil)
|
|
12
43
|
@dependencies = dependencies
|
|
@@ -19,6 +50,7 @@ module Dependabot
|
|
|
19
50
|
|
|
20
51
|
private
|
|
21
52
|
|
|
53
|
+
sig { params(ref_name: String).returns(String) }
|
|
22
54
|
def sanitize_branch_name(ref_name)
|
|
23
55
|
# General git ref validation
|
|
24
56
|
sanitized_name = sanitize_ref(ref_name)
|
|
@@ -27,14 +59,15 @@ module Dependabot
|
|
|
27
59
|
sanitized_name = sanitized_name.gsub("/", separator)
|
|
28
60
|
|
|
29
61
|
# Shorten the ref in case users refs have length limits
|
|
30
|
-
if max_length && (sanitized_name.length > max_length)
|
|
31
|
-
sha = Digest::SHA1.hexdigest(sanitized_name)[0, max_length]
|
|
32
|
-
sanitized_name[[max_length - sha.size, 0].max..] = sha
|
|
62
|
+
if max_length && (sanitized_name.length > T.must(max_length))
|
|
63
|
+
sha = T.must(Digest::SHA1.hexdigest(sanitized_name)[0, T.must(max_length)])
|
|
64
|
+
sanitized_name[[T.must(max_length) - sha.size, 0].max..] = sha
|
|
33
65
|
end
|
|
34
66
|
|
|
35
67
|
sanitized_name
|
|
36
68
|
end
|
|
37
69
|
|
|
70
|
+
sig { params(ref: String).returns(String) }
|
|
38
71
|
def sanitize_ref(ref)
|
|
39
72
|
# This isn't a complete implementation of git's ref validation, but it
|
|
40
73
|
# covers most cases that crop up. Its list of allowed characters is a
|
|
@@ -8,17 +8,18 @@ module Dependabot
|
|
|
8
8
|
class BranchNamer
|
|
9
9
|
class DependencyGroupStrategy < Base
|
|
10
10
|
def initialize(dependencies:, files:, target_branch:, dependency_group:,
|
|
11
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
|
11
|
+
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes:)
|
|
12
12
|
super(
|
|
13
13
|
dependencies: dependencies,
|
|
14
14
|
files: files,
|
|
15
15
|
target_branch: target_branch,
|
|
16
16
|
separator: separator,
|
|
17
17
|
prefix: prefix,
|
|
18
|
-
max_length: max_length
|
|
18
|
+
max_length: max_length,
|
|
19
19
|
)
|
|
20
20
|
|
|
21
21
|
@dependency_group = dependency_group
|
|
22
|
+
@includes_security_fixes = includes_security_fixes
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def new_branch_name
|
|
@@ -45,7 +46,11 @@ module Dependabot
|
|
|
45
46
|
# Let's append a short hash digest of the dependency changes so that we can
|
|
46
47
|
# meet this guarantee.
|
|
47
48
|
def group_name_with_dependency_digest
|
|
48
|
-
|
|
49
|
+
if @includes_security_fixes
|
|
50
|
+
"group-security-#{package_manager}-#{dependency_digest}"
|
|
51
|
+
else
|
|
52
|
+
"#{dependency_group.name}-#{dependency_digest}"
|
|
53
|
+
end
|
|
49
54
|
end
|
|
50
55
|
|
|
51
56
|
def dependency_digest
|
|
@@ -55,11 +60,11 @@ module Dependabot
|
|
|
55
60
|
end
|
|
56
61
|
|
|
57
62
|
def package_manager
|
|
58
|
-
dependencies.first.package_manager
|
|
63
|
+
T.must(dependencies.first).package_manager
|
|
59
64
|
end
|
|
60
65
|
|
|
61
66
|
def directory
|
|
62
|
-
files.first.directory.tr(" ", "-")
|
|
67
|
+
T.must(files.first).directory.tr(" ", "-")
|
|
63
68
|
end
|
|
64
69
|
end
|
|
65
70
|
end
|
|
@@ -38,31 +38,31 @@ module Dependabot
|
|
|
38
38
|
[
|
|
39
39
|
prefix,
|
|
40
40
|
package_manager,
|
|
41
|
-
files.first.directory.tr(" ", "-"),
|
|
41
|
+
T.must(files.first).directory.tr(" ", "-"),
|
|
42
42
|
target_branch
|
|
43
43
|
].compact
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def package_manager
|
|
47
|
-
dependencies.first.package_manager
|
|
47
|
+
T.must(dependencies.first).package_manager
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
def updating_a_property?
|
|
51
|
-
dependencies.first
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
T.must(dependencies.first)
|
|
52
|
+
.requirements
|
|
53
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def updating_a_dependency_set?
|
|
57
|
-
dependencies.first
|
|
58
|
-
|
|
59
|
-
|
|
57
|
+
T.must(dependencies.first)
|
|
58
|
+
.requirements
|
|
59
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
def property_name
|
|
63
|
-
@property_name ||= dependencies.first.requirements
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
@property_name ||= T.must(dependencies.first).requirements
|
|
64
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
65
|
+
&.dig(:metadata, :property_name)
|
|
66
66
|
|
|
67
67
|
raise "No property name!" unless @property_name
|
|
68
68
|
|
|
@@ -70,9 +70,9 @@ module Dependabot
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
def dependency_set
|
|
73
|
-
@dependency_set ||= dependencies.first.requirements
|
|
74
|
-
|
|
75
|
-
|
|
73
|
+
@dependency_set ||= T.must(dependencies.first).requirements
|
|
74
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
75
|
+
&.dig(:metadata, :dependency_set)
|
|
76
76
|
|
|
77
77
|
raise "No dependency set!" unless @dependency_set
|
|
78
78
|
|
|
@@ -82,7 +82,7 @@ module Dependabot
|
|
|
82
82
|
def branch_version_suffix
|
|
83
83
|
dep = dependencies.first
|
|
84
84
|
|
|
85
|
-
if dep.removed?
|
|
85
|
+
if T.must(dep).removed?
|
|
86
86
|
"-removed"
|
|
87
87
|
elsif library? && ref_changed?(dep) && new_ref(dep)
|
|
88
88
|
new_ref(dep)
|
|
@@ -11,10 +11,11 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
class PullRequestCreator
|
|
13
13
|
class BranchNamer
|
|
14
|
-
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group
|
|
14
|
+
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group,
|
|
15
|
+
:includes_security_fixes
|
|
15
16
|
|
|
16
17
|
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
|
17
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
|
18
|
+
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
|
18
19
|
@dependencies = dependencies
|
|
19
20
|
@files = files
|
|
20
21
|
@target_branch = target_branch
|
|
@@ -22,6 +23,7 @@ module Dependabot
|
|
|
22
23
|
@separator = separator
|
|
23
24
|
@prefix = prefix
|
|
24
25
|
@max_length = max_length
|
|
26
|
+
@includes_security_fixes = includes_security_fixes
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def new_branch_name
|
|
@@ -49,7 +51,8 @@ module Dependabot
|
|
|
49
51
|
dependency_group: dependency_group,
|
|
50
52
|
separator: separator,
|
|
51
53
|
prefix: prefix,
|
|
52
|
-
max_length: max_length
|
|
54
|
+
max_length: max_length,
|
|
55
|
+
includes_security_fixes: includes_security_fixes
|
|
53
56
|
)
|
|
54
57
|
end
|
|
55
58
|
end
|
|
@@ -148,7 +148,6 @@ module Dependabot
|
|
|
148
148
|
end
|
|
149
149
|
|
|
150
150
|
def build_details_tag(summary:, body:)
|
|
151
|
-
# Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
|
|
152
151
|
# Bitbucket does not support <details> tag (https://jira.atlassian.com/browse/BCLOUD-20231)
|
|
153
152
|
# CodeCommit does not support the <details> tag (no url available)
|
|
154
153
|
if source_provider_supports_html?
|
|
@@ -244,7 +243,7 @@ module Dependabot
|
|
|
244
243
|
end
|
|
245
244
|
|
|
246
245
|
def source_provider_supports_html?
|
|
247
|
-
!%w(
|
|
246
|
+
!%w(bitbucket codecommit).include?(source.provider)
|
|
248
247
|
end
|
|
249
248
|
|
|
250
249
|
def sanitize_links_and_mentions(text, unsafe: false)
|
|
@@ -492,7 +492,7 @@ module Dependabot
|
|
|
492
492
|
end
|
|
493
493
|
|
|
494
494
|
def metadata_links
|
|
495
|
-
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
|
|
495
|
+
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1 && dependency_group.nil?
|
|
496
496
|
|
|
497
497
|
dependencies.map do |dep|
|
|
498
498
|
if dep.removed?
|
|
@@ -266,7 +266,8 @@ module Dependabot
|
|
|
266
266
|
dependency_group: dependency_group,
|
|
267
267
|
separator: branch_name_separator,
|
|
268
268
|
prefix: branch_name_prefix,
|
|
269
|
-
max_length: branch_name_max_length
|
|
269
|
+
max_length: branch_name_max_length,
|
|
270
|
+
includes_security_fixes: includes_security_fixes?
|
|
270
271
|
)
|
|
271
272
|
end
|
|
272
273
|
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class Requirement < Gem::Requirement
|
|
8
|
+
extend T::Sig
|
|
9
|
+
extend T::Helpers
|
|
10
|
+
|
|
11
|
+
abstract!
|
|
12
|
+
|
|
13
|
+
sig do
|
|
14
|
+
abstract
|
|
15
|
+
.params(requirement_string: T.nilable(String))
|
|
16
|
+
.returns(T::Array[Requirement])
|
|
17
|
+
end
|
|
18
|
+
def self.requirements_array(requirement_string); end
|
|
19
|
+
end
|
|
20
|
+
end
|
data/lib/dependabot/utils.rb
CHANGED
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
require "tmpdir"
|
|
5
5
|
require "set"
|
|
6
6
|
require "sorbet-runtime"
|
|
7
|
+
|
|
8
|
+
require "dependabot/requirement"
|
|
7
9
|
require "dependabot/version"
|
|
8
10
|
require "dependabot/config/file"
|
|
9
11
|
|
|
@@ -33,9 +35,9 @@ module Dependabot
|
|
|
33
35
|
@version_classes[package_manager] = version_class
|
|
34
36
|
end
|
|
35
37
|
|
|
36
|
-
@requirement_classes = T.let({}, T::Hash[String, T.class_of(
|
|
38
|
+
@requirement_classes = T.let({}, T::Hash[String, T.class_of(Dependabot::Requirement)])
|
|
37
39
|
|
|
38
|
-
sig { params(package_manager: String).returns(T.class_of(
|
|
40
|
+
sig { params(package_manager: String).returns(T.class_of(Dependabot::Requirement)) }
|
|
39
41
|
def self.requirement_class_for_package_manager(package_manager)
|
|
40
42
|
requirement_class = @requirement_classes[package_manager]
|
|
41
43
|
return requirement_class if requirement_class
|
|
@@ -43,7 +45,7 @@ module Dependabot
|
|
|
43
45
|
raise "Unregistered package_manager #{package_manager}"
|
|
44
46
|
end
|
|
45
47
|
|
|
46
|
-
sig { params(package_manager: String, requirement_class: T.class_of(
|
|
48
|
+
sig { params(package_manager: String, requirement_class: T.class_of(Dependabot::Requirement)).void }
|
|
47
49
|
def self.register_requirement_class(package_manager, requirement_class)
|
|
48
50
|
validate_package_manager!(package_manager)
|
|
49
51
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.239.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-12-
|
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -374,14 +374,14 @@ dependencies:
|
|
|
374
374
|
requirements:
|
|
375
375
|
- - "~>"
|
|
376
376
|
- !ruby/object:Gem::Version
|
|
377
|
-
version: 1.
|
|
377
|
+
version: 1.58.0
|
|
378
378
|
type: :development
|
|
379
379
|
prerelease: false
|
|
380
380
|
version_requirements: !ruby/object:Gem::Requirement
|
|
381
381
|
requirements:
|
|
382
382
|
- - "~>"
|
|
383
383
|
- !ruby/object:Gem::Version
|
|
384
|
-
version: 1.
|
|
384
|
+
version: 1.58.0
|
|
385
385
|
- !ruby/object:Gem::Dependency
|
|
386
386
|
name: rubocop-performance
|
|
387
387
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -537,6 +537,7 @@ files:
|
|
|
537
537
|
- lib/dependabot/pull_request_updater/github.rb
|
|
538
538
|
- lib/dependabot/pull_request_updater/gitlab.rb
|
|
539
539
|
- lib/dependabot/registry_client.rb
|
|
540
|
+
- lib/dependabot/requirement.rb
|
|
540
541
|
- lib/dependabot/security_advisory.rb
|
|
541
542
|
- lib/dependabot/shared_helpers.rb
|
|
542
543
|
- lib/dependabot/simple_instrumentor.rb
|
|
@@ -557,7 +558,7 @@ licenses:
|
|
|
557
558
|
- Nonstandard
|
|
558
559
|
metadata:
|
|
559
560
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
560
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
561
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
|
561
562
|
post_install_message:
|
|
562
563
|
rdoc_options: []
|
|
563
564
|
require_paths:
|