dependabot-common 0.240.0 → 0.241.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/file_parsers/base.rb +39 -9
- data/lib/dependabot/git_commit_checker.rb +160 -48
- data/lib/dependabot/metadata_finders/base.rb +94 -40
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +5 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +2 -2
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +59 -31
- data/lib/dependabot/pull_request_creator/branch_namer.rb +47 -6
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5b381e33a32a95b7956fbcff6abec4736f2f190b4c8ab0eece99a2181037f52e
|
4
|
+
data.tar.gz: 5006821762970d60de1f3682cd1931f9e86cd0d44d8b9d5ec6eb7778a3bf329a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d8272f9614610836187d6a34fc20acd78b0326d8759d633afc7879492f9edffc3189d148e643750f0f47c1fec54071545ff7d2981499f82c8273addb527fc36
|
7
|
+
data.tar.gz: 4248ef1d9c5dce4afad397af2b557e8414a673d48351924255be59d211a0538b6f98ac73ce4f75458168379301be42c0b9a03517266ac6de8d2205346e95a8d3
|
@@ -1,12 +1,43 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
module Dependabot
|
5
7
|
module FileParsers
|
6
8
|
class Base
|
7
|
-
|
9
|
+
extend T::Sig
|
10
|
+
extend T::Helpers
|
11
|
+
|
12
|
+
abstract!
|
13
|
+
|
14
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
15
|
+
attr_reader :dependency_files
|
16
|
+
|
17
|
+
sig { returns(T.nilable(String)) }
|
18
|
+
attr_reader :repo_contents_path
|
19
|
+
|
20
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
21
|
+
attr_reader :credentials
|
8
22
|
|
9
|
-
|
23
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
24
|
+
attr_reader :source
|
25
|
+
|
26
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
27
|
+
attr_reader :options
|
28
|
+
|
29
|
+
sig do
|
30
|
+
params(
|
31
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
32
|
+
source: T.nilable(Dependabot::Source),
|
33
|
+
repo_contents_path: T.nilable(String),
|
34
|
+
credentials: T::Array[T::Hash[String, String]],
|
35
|
+
reject_external_code: T::Boolean,
|
36
|
+
options: T::Hash[Symbol, T.untyped]
|
37
|
+
)
|
38
|
+
.void
|
39
|
+
end
|
40
|
+
def initialize(dependency_files:, source:, repo_contents_path: nil,
|
10
41
|
credentials: [], reject_external_code: false, options: {})
|
11
42
|
@dependency_files = dependency_files
|
12
43
|
@repo_contents_path = repo_contents_path
|
@@ -18,16 +49,15 @@ module Dependabot
|
|
18
49
|
check_required_files
|
19
50
|
end
|
20
51
|
|
21
|
-
|
22
|
-
|
23
|
-
end
|
52
|
+
sig { abstract.returns(Dependabot::DependencyFile) }
|
53
|
+
def parse; end
|
24
54
|
|
25
55
|
private
|
26
56
|
|
27
|
-
|
28
|
-
|
29
|
-
end
|
57
|
+
sig { abstract.void }
|
58
|
+
def check_required_files; end
|
30
59
|
|
60
|
+
sig { params(filename: String).returns(T.nilable(Dependabot::DependencyFile)) }
|
31
61
|
def get_original_file(filename)
|
32
62
|
dependency_files.find { |f| f.name == filename }
|
33
63
|
end
|
@@ -1,8 +1,9 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "excon"
|
5
5
|
require "gitlab"
|
6
|
+
require "sorbet-runtime"
|
6
7
|
require "dependabot/clients/github_with_retries"
|
7
8
|
require "dependabot/clients/gitlab_with_retries"
|
8
9
|
require "dependabot/clients/bitbucket_with_retries"
|
@@ -13,7 +14,10 @@ require "dependabot/source"
|
|
13
14
|
require "dependabot/dependency"
|
14
15
|
require "dependabot/git_metadata_fetcher"
|
15
16
|
module Dependabot
|
17
|
+
# rubocop:disable Metrics/ClassLength
|
16
18
|
class GitCommitChecker
|
19
|
+
extend T::Sig
|
20
|
+
|
17
21
|
VERSION_REGEX = /
|
18
22
|
(?<version>
|
19
23
|
(?<=^v)[0-9]+(?:\-[a-z0-9]+)?
|
@@ -22,6 +26,17 @@ module Dependabot
|
|
22
26
|
)$
|
23
27
|
/ix
|
24
28
|
|
29
|
+
sig do
|
30
|
+
params(
|
31
|
+
dependency: Dependabot::Dependency,
|
32
|
+
credentials: T::Array[T::Hash[String, String]],
|
33
|
+
ignored_versions: T::Array[String],
|
34
|
+
raise_on_ignored: T::Boolean,
|
35
|
+
consider_version_branches_pinned: T::Boolean,
|
36
|
+
dependency_source_details: T.nilable(T::Hash[Symbol, String])
|
37
|
+
)
|
38
|
+
.void
|
39
|
+
end
|
25
40
|
def initialize(dependency:, credentials:,
|
26
41
|
ignored_versions: [], raise_on_ignored: false,
|
27
42
|
consider_version_branches_pinned: false, dependency_source_details: nil)
|
@@ -33,58 +48,68 @@ module Dependabot
|
|
33
48
|
@dependency_source_details = dependency_source_details
|
34
49
|
end
|
35
50
|
|
51
|
+
sig { returns(T::Boolean) }
|
36
52
|
def git_dependency?
|
37
53
|
return false if dependency_source_details.nil?
|
38
54
|
|
39
|
-
dependency_source_details
|
55
|
+
dependency_source_details&.fetch(:type) == "git"
|
40
56
|
end
|
41
57
|
|
58
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
59
|
+
sig { returns(T::Boolean) }
|
42
60
|
def pinned?
|
43
61
|
raise "Not a git dependency!" unless git_dependency?
|
44
62
|
|
45
|
-
branch = dependency_source_details
|
63
|
+
branch = dependency_source_details&.fetch(:branch)
|
46
64
|
|
47
65
|
return false if ref.nil?
|
48
66
|
return false if branch == ref
|
49
67
|
return true if branch
|
50
|
-
return true if dependency.version&.start_with?(ref)
|
68
|
+
return true if dependency.version&.start_with?(T.must(ref))
|
51
69
|
|
52
70
|
# If the specified `ref` is actually a tag, we're pinned
|
53
|
-
return true if local_upload_pack
|
71
|
+
return true if local_upload_pack&.match?(%r{ refs/tags/#{ref}$})
|
54
72
|
|
55
73
|
# Assume we're pinned unless the specified `ref` is actually a branch
|
56
|
-
return true unless local_upload_pack
|
74
|
+
return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})
|
57
75
|
|
58
76
|
# TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
|
59
|
-
@consider_version_branches_pinned && version_tag?(ref)
|
77
|
+
@consider_version_branches_pinned && version_tag?(T.must(ref))
|
60
78
|
end
|
79
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
61
80
|
|
81
|
+
sig { returns(T::Boolean) }
|
62
82
|
def pinned_ref_looks_like_version?
|
63
83
|
return false unless pinned?
|
64
84
|
|
65
|
-
version_tag?(ref)
|
85
|
+
version_tag?(T.must(ref))
|
66
86
|
end
|
67
87
|
|
88
|
+
sig { returns(T::Boolean) }
|
68
89
|
def pinned_ref_looks_like_commit_sha?
|
69
|
-
return false unless ref && ref_looks_like_commit_sha?(ref)
|
90
|
+
return false unless ref && ref_looks_like_commit_sha?(T.must(ref))
|
70
91
|
|
71
92
|
return false unless pinned?
|
72
93
|
|
73
|
-
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
94
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(T.must(ref)).nil?
|
74
95
|
end
|
75
96
|
|
97
|
+
sig { returns(T.nilable(String)) }
|
76
98
|
def head_commit_for_pinned_ref
|
77
|
-
local_repo_git_metadata_fetcher.head_commit_for_ref_sha(ref)
|
99
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
|
78
100
|
end
|
79
101
|
|
102
|
+
sig { params(ref: String).returns(T::Boolean) }
|
80
103
|
def ref_looks_like_commit_sha?(ref)
|
81
104
|
ref.match?(/^[0-9a-f]{6,40}$/)
|
82
105
|
end
|
83
106
|
|
107
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
84
108
|
def branch_or_ref_in_release?(version)
|
85
109
|
pinned_ref_in_release?(version) || branch_behind_release?(version)
|
86
110
|
end
|
87
111
|
|
112
|
+
sig { returns(T.nilable(String)) }
|
88
113
|
def head_commit_for_current_branch
|
89
114
|
ref = ref_or_branch || "HEAD"
|
90
115
|
|
@@ -94,42 +119,51 @@ module Dependabot
|
|
94
119
|
raise Dependabot::GitDependencyReferenceNotFound, dependency.name
|
95
120
|
end
|
96
121
|
|
122
|
+
sig { params(name: String).returns(T.nilable(String)) }
|
97
123
|
def head_commit_for_local_branch(name)
|
98
124
|
local_repo_git_metadata_fetcher.head_commit_for_ref(name)
|
99
125
|
end
|
100
126
|
|
127
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
101
128
|
def local_ref_for_latest_version_matching_existing_precision
|
102
129
|
allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
|
103
130
|
|
104
131
|
max_local_tag_for_current_precision(allowed_refs)
|
105
132
|
end
|
106
133
|
|
134
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
107
135
|
def local_tag_for_latest_version
|
108
136
|
max_local_tag(allowed_version_tags)
|
109
137
|
end
|
110
138
|
|
139
|
+
sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
|
111
140
|
def local_tags_for_allowed_versions_matching_existing_precision
|
112
141
|
select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
|
113
142
|
end
|
114
143
|
|
144
|
+
sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
|
115
145
|
def local_tags_for_allowed_versions
|
116
146
|
allowed_version_tags.map { |t| to_local_tag(t) }
|
117
147
|
end
|
118
148
|
|
149
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
119
150
|
def allowed_version_tags
|
120
151
|
allowed_versions(local_tags)
|
121
152
|
end
|
122
153
|
|
154
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
123
155
|
def allowed_version_refs
|
124
156
|
allowed_versions(local_refs)
|
125
157
|
end
|
126
158
|
|
159
|
+
sig { returns(T.nilable(Gem::Version)) }
|
127
160
|
def current_version
|
128
|
-
return unless dependency.version && version_tag?(dependency.version)
|
161
|
+
return unless dependency.version && version_tag?(T.must(dependency.version))
|
129
162
|
|
130
|
-
version_from_ref(dependency.version)
|
163
|
+
version_from_ref(T.must(dependency.version))
|
131
164
|
end
|
132
165
|
|
166
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[T.any(Dependabot::GitRef, Gem::Version)]) }
|
133
167
|
def filter_lower_versions(tags)
|
134
168
|
return tags unless current_version
|
135
169
|
|
@@ -142,23 +176,30 @@ module Dependabot
|
|
142
176
|
end
|
143
177
|
end
|
144
178
|
|
179
|
+
sig { returns(T.nilable(String)) }
|
145
180
|
def most_specific_tag_equivalent_to_pinned_ref
|
146
|
-
commit_sha = head_commit_for_local_branch(ref)
|
181
|
+
commit_sha = head_commit_for_local_branch(T.must(ref))
|
147
182
|
most_specific_version_tag_for_sha(commit_sha)
|
148
183
|
end
|
149
184
|
|
185
|
+
sig { returns(T.nilable(String)) }
|
150
186
|
def local_tag_for_pinned_sha
|
151
|
-
return
|
187
|
+
return unless pinned_ref_looks_like_commit_sha?
|
152
188
|
|
153
|
-
@local_tag_for_pinned_sha =
|
189
|
+
@local_tag_for_pinned_sha = T.let(
|
190
|
+
most_specific_version_tag_for_sha(ref),
|
191
|
+
T.nilable(String)
|
192
|
+
)
|
154
193
|
end
|
155
194
|
|
195
|
+
sig { returns(T.nilable(Gem::Version)) }
|
156
196
|
def version_for_pinned_sha
|
157
197
|
return unless local_tag_for_pinned_sha && version_class.correct?(local_tag_for_pinned_sha)
|
158
198
|
|
159
199
|
version_class.new(local_tag_for_pinned_sha)
|
160
200
|
end
|
161
201
|
|
202
|
+
sig { returns(T::Boolean) }
|
162
203
|
def git_repo_reachable?
|
163
204
|
local_upload_pack
|
164
205
|
true
|
@@ -166,26 +207,37 @@ module Dependabot
|
|
166
207
|
false
|
167
208
|
end
|
168
209
|
|
210
|
+
sig { returns(T.nilable(T::Hash[T.any(Symbol, String), T.untyped])) }
|
169
211
|
def dependency_source_details
|
170
212
|
@dependency_source_details || dependency.source_details(allowed_types: ["git"])
|
171
213
|
end
|
172
214
|
|
215
|
+
sig { params(commit_sha: T.nilable(String)).returns(T.nilable(String)) }
|
173
216
|
def most_specific_version_tag_for_sha(commit_sha)
|
174
217
|
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
175
218
|
.sort_by { |t| version_class.new(t.name) }
|
176
219
|
return if tags.empty?
|
177
220
|
|
178
|
-
tags[-1]
|
221
|
+
tags[-1]&.name
|
179
222
|
end
|
180
223
|
|
181
224
|
private
|
182
225
|
|
183
|
-
|
226
|
+
sig { returns(Dependabot::Dependency) }
|
227
|
+
attr_reader :dependency
|
184
228
|
|
229
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
230
|
+
attr_reader :credentials
|
231
|
+
|
232
|
+
sig { returns(T::Array[String]) }
|
233
|
+
attr_reader :ignored_versions
|
234
|
+
|
235
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
185
236
|
def max_local_tag_for_current_precision(tags)
|
186
237
|
max_local_tag(select_matching_existing_precision(tags))
|
187
238
|
end
|
188
239
|
|
240
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
189
241
|
def max_local_tag(tags)
|
190
242
|
max_version_tag = tags.max_by { |t| version_from_tag(t) }
|
191
243
|
|
@@ -193,16 +245,19 @@ module Dependabot
|
|
193
245
|
end
|
194
246
|
|
195
247
|
# Find the latest version with the same precision as the pinned version.
|
248
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
196
249
|
def select_matching_existing_precision(tags)
|
197
|
-
current_precision = precision(dependency.version)
|
250
|
+
current_precision = precision(T.must(dependency.version))
|
198
251
|
|
199
252
|
tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
|
200
253
|
end
|
201
254
|
|
255
|
+
sig { params(version: String).returns(Integer) }
|
202
256
|
def precision(version)
|
203
257
|
version.split(".").length
|
204
258
|
end
|
205
259
|
|
260
|
+
sig { params(local_tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
206
261
|
def allowed_versions(local_tags)
|
207
262
|
tags =
|
208
263
|
local_tags
|
@@ -217,6 +272,7 @@ module Dependabot
|
|
217
272
|
.reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
218
273
|
end
|
219
274
|
|
275
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
220
276
|
def pinned_ref_in_release?(version)
|
221
277
|
raise "Not a git dependency!" unless git_dependency?
|
222
278
|
|
@@ -227,12 +283,13 @@ module Dependabot
|
|
227
283
|
return false unless tag
|
228
284
|
|
229
285
|
commit_included_in_tag?(
|
230
|
-
commit: ref,
|
286
|
+
commit: T.must(ref),
|
231
287
|
tag: tag,
|
232
288
|
allow_identical: true
|
233
289
|
)
|
234
290
|
end
|
235
291
|
|
292
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
236
293
|
def branch_behind_release?(version)
|
237
294
|
raise "Not a git dependency!" unless git_dependency?
|
238
295
|
|
@@ -245,24 +302,28 @@ module Dependabot
|
|
245
302
|
# Check if behind, excluding the case where it's identical, because
|
246
303
|
# we normally wouldn't switch you from tracking master to a release.
|
247
304
|
commit_included_in_tag?(
|
248
|
-
commit: ref_or_branch,
|
305
|
+
commit: T.must(ref_or_branch),
|
249
306
|
tag: tag,
|
250
307
|
allow_identical: false
|
251
308
|
)
|
252
309
|
end
|
253
310
|
|
311
|
+
sig { returns(T.nilable(String)) }
|
254
312
|
def local_upload_pack
|
255
313
|
local_repo_git_metadata_fetcher.upload_pack
|
256
314
|
end
|
257
315
|
|
316
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
258
317
|
def local_refs
|
259
318
|
handle_tag_prefix(local_repo_git_metadata_fetcher.refs_for_upload_pack)
|
260
319
|
end
|
261
320
|
|
321
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
262
322
|
def local_tags
|
263
323
|
handle_tag_prefix(local_repo_git_metadata_fetcher.tags_for_upload_pack)
|
264
324
|
end
|
265
325
|
|
326
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
266
327
|
def handle_tag_prefix(tags)
|
267
328
|
if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
|
268
329
|
tags = tags.map do |tag|
|
@@ -273,6 +334,14 @@ module Dependabot
|
|
273
334
|
tags
|
274
335
|
end
|
275
336
|
|
337
|
+
sig do
|
338
|
+
params(
|
339
|
+
tag: String,
|
340
|
+
commit: String,
|
341
|
+
allow_identical: T::Boolean
|
342
|
+
)
|
343
|
+
.returns(T::Boolean)
|
344
|
+
end
|
276
345
|
def commit_included_in_tag?(tag:, commit:, allow_identical: false)
|
277
346
|
status =
|
278
347
|
case Source.from_url(listing_source_url)&.provider
|
@@ -292,6 +361,7 @@ module Dependabot
|
|
292
361
|
false
|
293
362
|
end
|
294
363
|
|
364
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
295
365
|
def github_commit_comparison_status(ref1, ref2)
|
296
366
|
client = Clients::GithubWithRetries
|
297
367
|
.for_github_dot_com(credentials: credentials)
|
@@ -299,6 +369,7 @@ module Dependabot
|
|
299
369
|
client.compare(listing_source_repo, ref1, ref2).status
|
300
370
|
end
|
301
371
|
|
372
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
302
373
|
def gitlab_commit_comparison_status(ref1, ref2)
|
303
374
|
client = Clients::GitlabWithRetries
|
304
375
|
.for_gitlab_dot_com(credentials: credentials)
|
@@ -312,6 +383,7 @@ module Dependabot
|
|
312
383
|
end
|
313
384
|
end
|
314
385
|
|
386
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
315
387
|
def bitbucket_commit_comparison_status(ref1, ref2)
|
316
388
|
url = "https://api.bitbucket.org/2.0/repositories/" \
|
317
389
|
"#{listing_source_repo}/commits/?" \
|
@@ -330,33 +402,39 @@ module Dependabot
|
|
330
402
|
end
|
331
403
|
end
|
332
404
|
|
405
|
+
sig { returns(T.nilable(String)) }
|
333
406
|
def ref_or_branch
|
334
|
-
ref || dependency_source_details
|
407
|
+
ref || dependency_source_details&.fetch(:branch)
|
335
408
|
end
|
336
409
|
|
410
|
+
sig { returns(T.nilable(String)) }
|
337
411
|
def ref
|
338
|
-
dependency_source_details
|
412
|
+
dependency_source_details&.fetch(:ref)
|
339
413
|
end
|
340
414
|
|
415
|
+
sig { params(tag: String).returns(T::Boolean) }
|
341
416
|
def version_tag?(tag)
|
342
417
|
tag.match?(VERSION_REGEX)
|
343
418
|
end
|
344
419
|
|
420
|
+
sig { params(tag: String).returns(T::Boolean) }
|
345
421
|
def matches_existing_prefix?(tag)
|
346
422
|
return true unless ref_or_branch
|
347
423
|
|
348
|
-
if version_tag?(ref_or_branch)
|
349
|
-
same_prefix?(ref_or_branch, tag)
|
424
|
+
if version_tag?(T.must(ref_or_branch))
|
425
|
+
same_prefix?(T.must(ref_or_branch), tag)
|
350
426
|
else
|
351
|
-
local_tag_for_pinned_sha.nil? || same_prefix?(local_tag_for_pinned_sha, tag)
|
427
|
+
local_tag_for_pinned_sha.nil? || same_prefix?(T.must(local_tag_for_pinned_sha), tag)
|
352
428
|
end
|
353
429
|
end
|
354
430
|
|
431
|
+
sig { params(tag: String, other_tag: String).returns(T::Boolean) }
|
355
432
|
def same_prefix?(tag, other_tag)
|
356
433
|
tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "") ==
|
357
434
|
other_tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "")
|
358
435
|
end
|
359
436
|
|
437
|
+
sig { params(tag: T.nilable(Dependabot::GitRef)).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
360
438
|
def to_local_tag(tag)
|
361
439
|
return unless tag
|
362
440
|
|
@@ -369,8 +447,9 @@ module Dependabot
|
|
369
447
|
}
|
370
448
|
end
|
371
449
|
|
450
|
+
sig { returns(T.nilable(String)) }
|
372
451
|
def listing_source_url
|
373
|
-
@listing_source_url ||=
|
452
|
+
@listing_source_url ||= T.let(
|
374
453
|
begin
|
375
454
|
# Remove the git source, so the metadata finder looks on the
|
376
455
|
# registry
|
@@ -385,100 +464,133 @@ module Dependabot
|
|
385
464
|
.for_package_manager(dependency.package_manager)
|
386
465
|
.new(dependency: candidate_dep, credentials: credentials)
|
387
466
|
.source_url
|
388
|
-
end
|
467
|
+
end,
|
468
|
+
T.nilable(String)
|
469
|
+
)
|
389
470
|
end
|
390
471
|
|
472
|
+
sig { returns(T.nilable(String)) }
|
391
473
|
def listing_source_repo
|
392
474
|
return unless listing_source_url
|
393
475
|
|
394
476
|
Source.from_url(listing_source_url)&.repo
|
395
477
|
end
|
396
478
|
|
479
|
+
sig { params(version: String).returns(T.nilable(String)) }
|
397
480
|
def listing_tag_for_version(version)
|
398
481
|
listing_tags
|
399
482
|
.find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
400
483
|
&.name
|
401
484
|
end
|
402
485
|
|
486
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
403
487
|
def listing_tags
|
404
488
|
return [] unless listing_source_url
|
405
489
|
|
406
|
-
@listing_tags ||=
|
407
|
-
|
490
|
+
@listing_tags ||= T.let(
|
491
|
+
begin
|
492
|
+
tags = listing_repo_git_metadata_fetcher.tags
|
408
493
|
|
409
|
-
|
410
|
-
|
411
|
-
|
494
|
+
if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
|
495
|
+
tags = tags.map do |tag|
|
496
|
+
tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
|
497
|
+
end
|
412
498
|
end
|
413
|
-
end
|
414
499
|
|
415
|
-
|
416
|
-
|
417
|
-
|
418
|
-
|
500
|
+
tags
|
501
|
+
rescue GitDependenciesNotReachable
|
502
|
+
[]
|
503
|
+
end,
|
504
|
+
T.nilable(T::Array[Dependabot::GitRef])
|
505
|
+
)
|
419
506
|
end
|
420
507
|
|
508
|
+
sig { returns(T.nilable(String)) }
|
421
509
|
def listing_upload_pack
|
422
510
|
return unless listing_source_url
|
423
511
|
|
424
512
|
listing_repo_git_metadata_fetcher.upload_pack
|
425
513
|
end
|
426
514
|
|
515
|
+
sig { returns(T::Array[Dependabot::Requirement]) }
|
427
516
|
def ignore_requirements
|
428
517
|
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
429
518
|
end
|
430
519
|
|
520
|
+
sig { returns(T::Boolean) }
|
431
521
|
def wants_prerelease?
|
432
522
|
return false unless dependency_source_details&.fetch(:ref, nil)
|
433
523
|
return false unless pinned_ref_looks_like_version?
|
434
524
|
|
435
|
-
version = version_from_ref(ref)
|
525
|
+
version = version_from_ref(T.must(ref))
|
436
526
|
version.prerelease?
|
437
527
|
end
|
438
528
|
|
529
|
+
sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
|
439
530
|
def tag_included_in_ignore_requirements?(tag)
|
440
531
|
version = version_from_tag(tag)
|
441
532
|
ignore_requirements.any? { |r| r.satisfied_by?(version) }
|
442
533
|
end
|
443
534
|
|
535
|
+
sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
|
444
536
|
def tag_is_prerelease?(tag)
|
445
537
|
version_from_tag(tag).prerelease?
|
446
538
|
end
|
447
539
|
|
540
|
+
sig { params(tag: Dependabot::GitRef).returns(Gem::Version) }
|
448
541
|
def version_from_tag(tag)
|
449
542
|
version_from_ref(tag.name)
|
450
543
|
end
|
451
544
|
|
545
|
+
sig { params(name: String).returns(Gem::Version) }
|
452
546
|
def version_from_ref(name)
|
453
547
|
version_class.new(scan_version(name))
|
454
548
|
end
|
455
549
|
|
550
|
+
sig { params(name: String).returns(String) }
|
456
551
|
def scan_version(name)
|
457
|
-
name.match(VERSION_REGEX).named_captures.fetch("version")
|
552
|
+
T.must(T.must(name.match(VERSION_REGEX)).named_captures.fetch("version"))
|
458
553
|
end
|
459
554
|
|
555
|
+
sig { returns(T.class_of(Gem::Version)) }
|
460
556
|
def version_class
|
461
|
-
@version_class ||=
|
557
|
+
@version_class ||= T.let(
|
558
|
+
dependency.version_class,
|
559
|
+
T.nilable(T.class_of(Gem::Version))
|
560
|
+
)
|
462
561
|
end
|
463
562
|
|
563
|
+
sig { returns(T.class_of(Dependabot::Requirement)) }
|
464
564
|
def requirement_class
|
465
|
-
@requirement_class ||=
|
565
|
+
@requirement_class ||= T.let(
|
566
|
+
dependency.requirement_class,
|
567
|
+
T.nilable(T.class_of(Dependabot::Requirement))
|
568
|
+
)
|
466
569
|
end
|
467
570
|
|
571
|
+
sig { returns(Dependabot::GitMetadataFetcher) }
|
468
572
|
def local_repo_git_metadata_fetcher
|
469
573
|
@local_repo_git_metadata_fetcher ||=
|
470
|
-
|
471
|
-
|
472
|
-
|
574
|
+
T.let(
|
575
|
+
GitMetadataFetcher.new(
|
576
|
+
url: dependency_source_details&.fetch(:url),
|
577
|
+
credentials: credentials
|
578
|
+
),
|
579
|
+
T.nilable(Dependabot::GitMetadataFetcher)
|
473
580
|
)
|
474
581
|
end
|
475
582
|
|
583
|
+
sig { returns(Dependabot::GitMetadataFetcher) }
|
476
584
|
def listing_repo_git_metadata_fetcher
|
477
585
|
@listing_repo_git_metadata_fetcher ||=
|
478
|
-
|
479
|
-
|
480
|
-
|
586
|
+
T.let(
|
587
|
+
GitMetadataFetcher.new(
|
588
|
+
url: T.must(listing_source_url),
|
589
|
+
credentials: credentials
|
590
|
+
),
|
591
|
+
T.nilable(Dependabot::GitMetadataFetcher)
|
481
592
|
)
|
482
593
|
end
|
483
594
|
end
|
595
|
+
# rubocop:enable Metrics/ClassLength
|
484
596
|
end
|
@@ -1,24 +1,40 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "dependabot/source"
|
5
6
|
|
6
7
|
module Dependabot
|
7
8
|
module MetadataFinders
|
8
9
|
class Base
|
10
|
+
extend T::Sig
|
11
|
+
extend T::Helpers
|
12
|
+
|
9
13
|
require "dependabot/metadata_finders/base/changelog_finder"
|
10
14
|
require "dependabot/metadata_finders/base/release_finder"
|
11
15
|
require "dependabot/metadata_finders/base/commits_finder"
|
12
16
|
|
13
|
-
PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = %w(npm_and_yarn pub).freeze
|
17
|
+
PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = T.let(%w(npm_and_yarn pub).freeze, T::Array[String])
|
18
|
+
|
19
|
+
sig { returns(Dependabot::Dependency) }
|
20
|
+
attr_reader :dependency
|
14
21
|
|
15
|
-
|
22
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
23
|
+
attr_reader :credentials
|
16
24
|
|
25
|
+
sig do
|
26
|
+
params(
|
27
|
+
dependency: Dependabot::Dependency,
|
28
|
+
credentials: T::Array[T::Hash[String, String]]
|
29
|
+
)
|
30
|
+
.void
|
31
|
+
end
|
17
32
|
def initialize(dependency:, credentials:)
|
18
33
|
@dependency = dependency
|
19
34
|
@credentials = credentials
|
20
35
|
end
|
21
36
|
|
37
|
+
sig { returns(T.nilable(String)) }
|
22
38
|
def source_url
|
23
39
|
if reliable_source_directory?
|
24
40
|
source&.url_with_directory
|
@@ -27,106 +43,144 @@ module Dependabot
|
|
27
43
|
end
|
28
44
|
end
|
29
45
|
|
46
|
+
sig { returns(T.nilable(String)) }
|
30
47
|
def homepage_url
|
31
48
|
source_url
|
32
49
|
end
|
33
50
|
|
51
|
+
sig { returns(T.nilable(String)) }
|
34
52
|
def changelog_url
|
35
|
-
@changelog_finder ||=
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
53
|
+
@changelog_finder ||= T.let(
|
54
|
+
ChangelogFinder.new(
|
55
|
+
dependency: dependency,
|
56
|
+
source: source,
|
57
|
+
credentials: credentials,
|
58
|
+
suggested_changelog_url: suggested_changelog_url
|
59
|
+
),
|
60
|
+
T.nilable(ChangelogFinder)
|
40
61
|
)
|
41
62
|
@changelog_finder.changelog_url
|
42
63
|
end
|
43
64
|
|
65
|
+
sig { returns(T.nilable(String)) }
|
44
66
|
def changelog_text
|
45
|
-
@changelog_finder ||=
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
67
|
+
@changelog_finder ||= T.let(
|
68
|
+
ChangelogFinder.new(
|
69
|
+
dependency: dependency,
|
70
|
+
source: source,
|
71
|
+
credentials: credentials,
|
72
|
+
suggested_changelog_url: suggested_changelog_url
|
73
|
+
),
|
74
|
+
T.nilable(ChangelogFinder)
|
50
75
|
)
|
51
76
|
@changelog_finder.changelog_text
|
52
77
|
end
|
53
78
|
|
79
|
+
sig { returns(T.nilable(String)) }
|
54
80
|
def upgrade_guide_url
|
55
|
-
@changelog_finder ||=
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
81
|
+
@changelog_finder ||= T.let(
|
82
|
+
ChangelogFinder.new(
|
83
|
+
dependency: dependency,
|
84
|
+
source: source,
|
85
|
+
credentials: credentials,
|
86
|
+
suggested_changelog_url: suggested_changelog_url
|
87
|
+
),
|
88
|
+
T.nilable(ChangelogFinder)
|
60
89
|
)
|
61
90
|
@changelog_finder.upgrade_guide_url
|
62
91
|
end
|
63
92
|
|
93
|
+
sig { returns(T.nilable(String)) }
|
64
94
|
def upgrade_guide_text
|
65
|
-
@changelog_finder ||=
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
95
|
+
@changelog_finder ||= T.let(
|
96
|
+
ChangelogFinder.new(
|
97
|
+
dependency: dependency,
|
98
|
+
source: source,
|
99
|
+
credentials: credentials,
|
100
|
+
suggested_changelog_url: suggested_changelog_url
|
101
|
+
),
|
102
|
+
T.nilable(ChangelogFinder)
|
70
103
|
)
|
71
104
|
@changelog_finder.upgrade_guide_text
|
72
105
|
end
|
73
106
|
|
107
|
+
sig { returns(T.nilable(String)) }
|
74
108
|
def releases_url
|
75
|
-
@release_finder ||=
|
76
|
-
|
77
|
-
|
78
|
-
|
109
|
+
@release_finder ||= T.let(
|
110
|
+
ReleaseFinder.new(
|
111
|
+
dependency: dependency,
|
112
|
+
source: source,
|
113
|
+
credentials: credentials
|
114
|
+
),
|
115
|
+
T.nilable(ReleaseFinder)
|
79
116
|
)
|
80
117
|
@release_finder.releases_url
|
81
118
|
end
|
82
119
|
|
120
|
+
sig { returns(T.nilable(String)) }
|
83
121
|
def releases_text
|
84
|
-
@release_finder ||=
|
85
|
-
|
86
|
-
|
87
|
-
|
122
|
+
@release_finder ||= T.let(
|
123
|
+
ReleaseFinder.new(
|
124
|
+
dependency: dependency,
|
125
|
+
source: source,
|
126
|
+
credentials: credentials
|
127
|
+
),
|
128
|
+
T.nilable(ReleaseFinder)
|
88
129
|
)
|
89
130
|
@release_finder.releases_text
|
90
131
|
end
|
91
132
|
|
133
|
+
sig { returns(T.nilable(String)) }
|
92
134
|
def commits_url
|
93
|
-
@commits_finder ||=
|
94
|
-
|
95
|
-
|
96
|
-
|
135
|
+
@commits_finder ||= T.let(
|
136
|
+
CommitsFinder.new(
|
137
|
+
dependency: dependency,
|
138
|
+
source: source,
|
139
|
+
credentials: credentials
|
140
|
+
),
|
141
|
+
T.nilable(CommitsFinder)
|
97
142
|
)
|
98
143
|
@commits_finder.commits_url
|
99
144
|
end
|
100
145
|
|
146
|
+
sig { returns(T::Array[T::Hash[Symbol, String]]) }
|
101
147
|
def commits
|
102
|
-
@commits_finder ||=
|
103
|
-
|
104
|
-
|
105
|
-
|
148
|
+
@commits_finder ||= T.let(
|
149
|
+
CommitsFinder.new(
|
150
|
+
dependency: dependency,
|
151
|
+
source: source,
|
152
|
+
credentials: credentials
|
153
|
+
),
|
154
|
+
T.nilable(CommitsFinder)
|
106
155
|
)
|
107
156
|
@commits_finder.commits
|
108
157
|
end
|
109
158
|
|
159
|
+
sig { overridable.returns(T.nilable(String)) }
|
110
160
|
def maintainer_changes
|
111
161
|
nil
|
112
162
|
end
|
113
163
|
|
114
164
|
private
|
115
165
|
|
166
|
+
sig { overridable.returns(T.nilable(String)) }
|
116
167
|
def suggested_changelog_url
|
117
168
|
nil
|
118
169
|
end
|
119
170
|
|
171
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
120
172
|
def source
|
121
173
|
return @source if defined?(@source)
|
122
174
|
|
123
|
-
@source = look_up_source
|
175
|
+
@source = T.let(look_up_source, T.nilable(Dependabot::Source))
|
124
176
|
end
|
125
177
|
|
178
|
+
sig { overridable.returns(Dependabot::Source) }
|
126
179
|
def look_up_source
|
127
180
|
raise NotImplementedError
|
128
181
|
end
|
129
182
|
|
183
|
+
sig { returns(T::Boolean) }
|
130
184
|
def reliable_source_directory?
|
131
185
|
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
132
186
|
.include?(dependency.package_manager)
|
@@ -14,7 +14,7 @@ module Dependabot
|
|
14
14
|
params(
|
15
15
|
dependencies: T::Array[Dependabot::Dependency],
|
16
16
|
files: T::Array[Dependabot::DependencyFile],
|
17
|
-
target_branch: String,
|
17
|
+
target_branch: T.nilable(String),
|
18
18
|
dependency_group: Dependabot::DependencyGroup,
|
19
19
|
includes_security_fixes: T::Boolean,
|
20
20
|
separator: String,
|
@@ -38,7 +38,7 @@ module Dependabot
|
|
38
38
|
@includes_security_fixes = includes_security_fixes
|
39
39
|
end
|
40
40
|
|
41
|
-
sig { returns(String) }
|
41
|
+
sig { override.returns(String) }
|
42
42
|
def new_branch_name
|
43
43
|
sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
|
44
44
|
end
|
@@ -1,7 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "digest"
|
5
|
+
require "sorbet-runtime"
|
5
6
|
|
6
7
|
require "dependabot/metadata_finders"
|
7
8
|
require "dependabot/pull_request_creator/branch_namer/base"
|
@@ -10,30 +11,37 @@ module Dependabot
|
|
10
11
|
class PullRequestCreator
|
11
12
|
class BranchNamer
|
12
13
|
class SoloStrategy < Base
|
14
|
+
extend T::Sig
|
15
|
+
|
16
|
+
sig { override.returns(String) }
|
13
17
|
def new_branch_name
|
14
18
|
@name ||=
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
19
|
+
T.let(
|
20
|
+
begin
|
21
|
+
dependency_name_part =
|
22
|
+
if dependencies.count > 1 && updating_a_property?
|
23
|
+
property_name
|
24
|
+
elsif dependencies.count > 1 && updating_a_dependency_set?
|
25
|
+
dependency_set.fetch(:group)
|
26
|
+
else
|
27
|
+
dependencies
|
28
|
+
.map(&:name)
|
29
|
+
.join("-and-")
|
30
|
+
.tr(":[]", "-")
|
31
|
+
.tr("@", "")
|
32
|
+
end
|
33
|
+
|
34
|
+
"#{dependency_name_part}-#{branch_version_suffix}"
|
35
|
+
end,
|
36
|
+
T.nilable(String)
|
37
|
+
)
|
31
38
|
|
32
39
|
sanitize_branch_name(File.join(prefixes, @name))
|
33
40
|
end
|
34
41
|
|
35
42
|
private
|
36
43
|
|
44
|
+
sig { returns(T::Array[String]) }
|
37
45
|
def prefixes
|
38
46
|
[
|
39
47
|
prefix,
|
@@ -43,46 +51,58 @@ module Dependabot
|
|
43
51
|
].compact
|
44
52
|
end
|
45
53
|
|
54
|
+
sig { returns(String) }
|
46
55
|
def package_manager
|
47
56
|
T.must(dependencies.first).package_manager
|
48
57
|
end
|
49
58
|
|
59
|
+
sig { returns(T::Boolean) }
|
50
60
|
def updating_a_property?
|
51
61
|
T.must(dependencies.first)
|
52
62
|
.requirements
|
53
63
|
.any? { |r| r.dig(:metadata, :property_name) }
|
54
64
|
end
|
55
65
|
|
66
|
+
sig { returns(T::Boolean) }
|
56
67
|
def updating_a_dependency_set?
|
57
68
|
T.must(dependencies.first)
|
58
69
|
.requirements
|
59
70
|
.any? { |r| r.dig(:metadata, :dependency_set) }
|
60
71
|
end
|
61
72
|
|
73
|
+
sig { returns(String) }
|
62
74
|
def property_name
|
63
|
-
@property_name ||=
|
64
|
-
|
65
|
-
|
75
|
+
@property_name ||=
|
76
|
+
T.let(T.must(dependencies.first).requirements
|
77
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
78
|
+
&.dig(:metadata, :property_name),
|
79
|
+
T.nilable(String))
|
66
80
|
|
67
81
|
raise "No property name!" unless @property_name
|
68
82
|
|
69
83
|
@property_name
|
70
84
|
end
|
71
85
|
|
86
|
+
sig { returns(T::Hash[Symbol, String]) }
|
72
87
|
def dependency_set
|
73
|
-
@dependency_set ||=
|
74
|
-
|
75
|
-
|
88
|
+
@dependency_set ||=
|
89
|
+
T.let(
|
90
|
+
T.must(dependencies.first).requirements
|
91
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
92
|
+
&.dig(:metadata, :dependency_set),
|
93
|
+
T.nilable(T::Hash[String, String])
|
94
|
+
)
|
76
95
|
|
77
96
|
raise "No dependency set!" unless @dependency_set
|
78
97
|
|
79
98
|
@dependency_set
|
80
99
|
end
|
81
100
|
|
101
|
+
sig { returns(T.nilable(String)) }
|
82
102
|
def branch_version_suffix
|
83
|
-
dep = dependencies.first
|
103
|
+
dep = T.must(dependencies.first)
|
84
104
|
|
85
|
-
if
|
105
|
+
if dep.removed?
|
86
106
|
"-removed"
|
87
107
|
elsif library? && ref_changed?(dep) && new_ref(dep)
|
88
108
|
new_ref(dep)
|
@@ -93,6 +113,7 @@ module Dependabot
|
|
93
113
|
end
|
94
114
|
end
|
95
115
|
|
116
|
+
sig { params(dependency: Dependabot::Dependency).returns(String) }
|
96
117
|
def sanitized_requirement(dependency)
|
97
118
|
new_library_requirement(dependency)
|
98
119
|
.delete(" ")
|
@@ -111,13 +132,14 @@ module Dependabot
|
|
111
132
|
.gsub(",", "-and-")
|
112
133
|
end
|
113
134
|
|
135
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
114
136
|
def new_version(dependency)
|
115
137
|
# Version looks like a git SHA and we could be updating to a specific
|
116
138
|
# ref in which case we return that otherwise we return a shorthand sha
|
117
|
-
if dependency.version
|
139
|
+
if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
118
140
|
return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
|
119
141
|
|
120
|
-
dependency.version[0..6]
|
142
|
+
T.must(dependency.version)[0..6]
|
121
143
|
elsif dependency.version == dependency.previous_version &&
|
122
144
|
package_manager == "docker"
|
123
145
|
dependency.requirements
|
@@ -128,13 +150,15 @@ module Dependabot
|
|
128
150
|
end
|
129
151
|
end
|
130
152
|
|
153
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
131
154
|
def previous_ref(dependency)
|
132
|
-
previous_refs = dependency.previous_requirements.filter_map do |r|
|
155
|
+
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
133
156
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
134
157
|
end.uniq
|
135
158
|
previous_refs.first if previous_refs.count == 1
|
136
159
|
end
|
137
160
|
|
161
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
138
162
|
def new_ref(dependency)
|
139
163
|
new_refs = dependency.requirements.filter_map do |r|
|
140
164
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
@@ -142,20 +166,22 @@ module Dependabot
|
|
142
166
|
new_refs.first if new_refs.count == 1
|
143
167
|
end
|
144
168
|
|
169
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
145
170
|
def ref_changed?(dependency)
|
146
171
|
# We could go from multiple previous refs (nil) to a single new ref
|
147
172
|
previous_ref(dependency) != new_ref(dependency)
|
148
173
|
end
|
149
174
|
|
175
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.untyped) }
|
150
176
|
def new_library_requirement(dependency)
|
151
177
|
updated_reqs =
|
152
|
-
dependency.requirements - dependency.previous_requirements
|
178
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
153
179
|
|
154
180
|
gemspec =
|
155
181
|
updated_reqs.find { |r| r[:file].match?(%r{^[^/]*\.gemspec$}) }
|
156
182
|
return gemspec[:requirement] if gemspec
|
157
183
|
|
158
|
-
updated_reqs.first
|
184
|
+
updated_reqs.first&.fetch(:requirement)
|
159
185
|
end
|
160
186
|
|
161
187
|
# TODO: Bring this in line with existing library checks that we do in the
|
@@ -163,12 +189,14 @@ module Dependabot
|
|
163
189
|
# `requirements_update_strategy`.
|
164
190
|
#
|
165
191
|
# TODO re-use in MessageBuilder
|
192
|
+
sig { returns(T::Boolean) }
|
166
193
|
def library?
|
167
194
|
dependencies.any? { |d| !d.appears_in_lockfile? }
|
168
195
|
end
|
169
196
|
|
197
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
170
198
|
def requirements_changed?(dependency)
|
171
|
-
(dependency.requirements - dependency.previous_requirements).any?
|
199
|
+
(dependency.requirements - T.must(dependency.previous_requirements)).any?
|
172
200
|
end
|
173
201
|
end
|
174
202
|
end
|
@@ -1,7 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "digest"
|
5
|
+
require "sorbet-runtime"
|
5
6
|
|
6
7
|
require "dependabot/metadata_finders"
|
7
8
|
require "dependabot/pull_request_creator"
|
@@ -11,9 +12,45 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
|
11
12
|
module Dependabot
|
12
13
|
class PullRequestCreator
|
13
14
|
class BranchNamer
|
14
|
-
|
15
|
-
:includes_security_fixes
|
15
|
+
extend T::Sig
|
16
16
|
|
17
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
18
|
+
attr_reader :dependencies
|
19
|
+
|
20
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
21
|
+
attr_reader :files
|
22
|
+
|
23
|
+
sig { returns(T.nilable(String)) }
|
24
|
+
attr_reader :target_branch
|
25
|
+
|
26
|
+
sig { returns(String) }
|
27
|
+
attr_reader :separator
|
28
|
+
|
29
|
+
sig { returns(String) }
|
30
|
+
attr_reader :prefix
|
31
|
+
|
32
|
+
sig { returns(T.nilable(Integer)) }
|
33
|
+
attr_reader :max_length
|
34
|
+
|
35
|
+
sig { returns(T.nilable(Dependabot::DependencyGroup)) }
|
36
|
+
attr_reader :dependency_group
|
37
|
+
|
38
|
+
sig { returns(T::Boolean) }
|
39
|
+
attr_reader :includes_security_fixes
|
40
|
+
|
41
|
+
sig do
|
42
|
+
params(
|
43
|
+
dependencies: T::Array[Dependabot::Dependency],
|
44
|
+
files: T::Array[Dependabot::DependencyFile],
|
45
|
+
target_branch: T.nilable(String),
|
46
|
+
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
47
|
+
separator: String,
|
48
|
+
prefix: String,
|
49
|
+
max_length: T.nilable(Integer),
|
50
|
+
includes_security_fixes: T::Boolean
|
51
|
+
)
|
52
|
+
.void
|
53
|
+
end
|
17
54
|
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
18
55
|
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
19
56
|
@dependencies = dependencies
|
@@ -26,14 +63,16 @@ module Dependabot
|
|
26
63
|
@includes_security_fixes = includes_security_fixes
|
27
64
|
end
|
28
65
|
|
66
|
+
sig { returns(String) }
|
29
67
|
def new_branch_name
|
30
68
|
strategy.new_branch_name
|
31
69
|
end
|
32
70
|
|
33
71
|
private
|
34
72
|
|
73
|
+
sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
|
35
74
|
def strategy
|
36
|
-
@strategy ||=
|
75
|
+
@strategy ||= T.let(
|
37
76
|
if dependency_group.nil?
|
38
77
|
SoloStrategy.new(
|
39
78
|
dependencies: dependencies,
|
@@ -48,13 +87,15 @@ module Dependabot
|
|
48
87
|
dependencies: dependencies,
|
49
88
|
files: files,
|
50
89
|
target_branch: target_branch,
|
51
|
-
dependency_group: dependency_group,
|
90
|
+
dependency_group: T.must(dependency_group),
|
52
91
|
includes_security_fixes: includes_security_fixes,
|
53
92
|
separator: separator,
|
54
93
|
prefix: prefix,
|
55
94
|
max_length: max_length
|
56
95
|
)
|
57
|
-
end
|
96
|
+
end,
|
97
|
+
T.nilable(Dependabot::PullRequestCreator::BranchNamer::Base)
|
98
|
+
)
|
58
99
|
end
|
59
100
|
end
|
60
101
|
end
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
100
100
|
sig { returns(T::Hash[String, String]) }
|
101
101
|
attr_reader :vulnerabilities_fixed
|
102
102
|
|
103
|
-
sig { returns(T.nilable(T::Array[String])) }
|
103
|
+
sig { returns(T.nilable(T.any(T::Array[String], T::Hash[Symbol, T::Array[Integer]]))) }
|
104
104
|
attr_reader :reviewers
|
105
105
|
|
106
106
|
sig { returns(T.nilable(T::Array[String])) }
|
@@ -389,7 +389,7 @@ module Dependabot
|
|
389
389
|
BranchNamer.new(
|
390
390
|
dependencies: dependencies,
|
391
391
|
files: files,
|
392
|
-
target_branch: source.branch,
|
392
|
+
target_branch: T.must(source.branch),
|
393
393
|
dependency_group: dependency_group,
|
394
394
|
separator: branch_name_separator,
|
395
395
|
prefix: branch_name_prefix,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.241.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-01-
|
11
|
+
date: 2024-01-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -572,7 +572,7 @@ licenses:
|
|
572
572
|
- Nonstandard
|
573
573
|
metadata:
|
574
574
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
575
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
575
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.241.0
|
576
576
|
post_install_message:
|
577
577
|
rdoc_options: []
|
578
578
|
require_paths:
|