dependabot-common 0.240.0 → 0.241.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/file_parsers/base.rb +39 -9
  3. data/lib/dependabot/git_commit_checker.rb +160 -48
  4. data/lib/dependabot/metadata_finders/base.rb +94 -40
  5. data/lib/dependabot/pull_request_creator/branch_namer/base.rb +5 -0
  6. data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +2 -2
  7. data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +59 -31
  8. data/lib/dependabot/pull_request_creator/branch_namer.rb +47 -6
  9. data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
  10. data/lib/dependabot/pull_request_creator.rb +2 -2
  11. data/lib/dependabot.rb +1 -1
  12. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c5411b63b39f43e2f41b430d63a0c105d3c8db50e355d3e0fb7b95c37350acc0
4
- data.tar.gz: 1dc6db6e42d21fd8626dd06b46b355230db571d061940b358be515804987dec9
3
+ metadata.gz: 5b381e33a32a95b7956fbcff6abec4736f2f190b4c8ab0eece99a2181037f52e
4
+ data.tar.gz: 5006821762970d60de1f3682cd1931f9e86cd0d44d8b9d5ec6eb7778a3bf329a
5
5
  SHA512:
6
- metadata.gz: 52447502758cd700e913e169bfadb0ad92587e988b5a2086ae77fe01e4ae7a09a985ad2c07b91c6a8ac09f5b2016d15c256f67d698f32bbc45a9b9d271dee489
7
- data.tar.gz: 325168ff256723e4d503dcba9818bdf11a969e778edccbbf28882cc560ea67f7eeeb68b5e54e843409abaa19d5f9010f027e929c4f1c827619ca8efd50257093
6
+ metadata.gz: 4d8272f9614610836187d6a34fc20acd78b0326d8759d633afc7879492f9edffc3189d148e643750f0f47c1fec54071545ff7d2981499f82c8273addb527fc36
7
+ data.tar.gz: 4248ef1d9c5dce4afad397af2b557e8414a673d48351924255be59d211a0538b6f98ac73ce4f75458168379301be42c0b9a03517266ac6de8d2205346e95a8d3
data/lib/dependabot/file_parsers/base.rb CHANGED
@@ -1,12 +1,43 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module FileParsers
6
8
  class Base
7
- attr_reader :dependency_files, :repo_contents_path, :credentials, :source, :options
9
+ extend T::Sig
10
+ extend T::Helpers
11
+
12
+ abstract!
13
+
14
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
15
+ attr_reader :dependency_files
16
+
17
+ sig { returns(T.nilable(String)) }
18
+ attr_reader :repo_contents_path
19
+
20
+ sig { returns(T::Array[T::Hash[String, String]]) }
21
+ attr_reader :credentials
8
22
 
9
- def initialize(dependency_files:, repo_contents_path: nil, source:,
23
+ sig { returns(T.nilable(Dependabot::Source)) }
24
+ attr_reader :source
25
+
26
+ sig { returns(T::Hash[Symbol, T.untyped]) }
27
+ attr_reader :options
28
+
29
+ sig do
30
+ params(
31
+ dependency_files: T::Array[Dependabot::DependencyFile],
32
+ source: T.nilable(Dependabot::Source),
33
+ repo_contents_path: T.nilable(String),
34
+ credentials: T::Array[T::Hash[String, String]],
35
+ reject_external_code: T::Boolean,
36
+ options: T::Hash[Symbol, T.untyped]
37
+ )
38
+ .void
39
+ end
40
+ def initialize(dependency_files:, source:, repo_contents_path: nil,
10
41
  credentials: [], reject_external_code: false, options: {})
11
42
  @dependency_files = dependency_files
12
43
  @repo_contents_path = repo_contents_path
@@ -18,16 +49,15 @@ module Dependabot
18
49
  check_required_files
19
50
  end
20
51
 
21
- def parse
22
- raise NotImplementedError
23
- end
52
+ sig { abstract.returns(Dependabot::DependencyFile) }
53
+ def parse; end
24
54
 
25
55
  private
26
56
 
27
- def check_required_files
28
- raise NotImplementedError
29
- end
57
+ sig { abstract.void }
58
+ def check_required_files; end
30
59
 
60
+ sig { params(filename: String).returns(T.nilable(Dependabot::DependencyFile)) }
31
61
  def get_original_file(filename)
32
62
  dependency_files.find { |f| f.name == filename }
33
63
  end
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -1,8 +1,9 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
5
5
  require "gitlab"
6
+ require "sorbet-runtime"
6
7
  require "dependabot/clients/github_with_retries"
7
8
  require "dependabot/clients/gitlab_with_retries"
8
9
  require "dependabot/clients/bitbucket_with_retries"
@@ -13,7 +14,10 @@ require "dependabot/source"
13
14
  require "dependabot/dependency"
14
15
  require "dependabot/git_metadata_fetcher"
15
16
  module Dependabot
17
+ # rubocop:disable Metrics/ClassLength
16
18
  class GitCommitChecker
19
+ extend T::Sig
20
+
17
21
  VERSION_REGEX = /
18
22
  (?<version>
19
23
  (?<=^v)[0-9]+(?:\-[a-z0-9]+)?
@@ -22,6 +26,17 @@ module Dependabot
22
26
  )$
23
27
  /ix
24
28
 
29
+ sig do
30
+ params(
31
+ dependency: Dependabot::Dependency,
32
+ credentials: T::Array[T::Hash[String, String]],
33
+ ignored_versions: T::Array[String],
34
+ raise_on_ignored: T::Boolean,
35
+ consider_version_branches_pinned: T::Boolean,
36
+ dependency_source_details: T.nilable(T::Hash[Symbol, String])
37
+ )
38
+ .void
39
+ end
25
40
  def initialize(dependency:, credentials:,
26
41
  ignored_versions: [], raise_on_ignored: false,
27
42
  consider_version_branches_pinned: false, dependency_source_details: nil)
@@ -33,58 +48,68 @@ module Dependabot
33
48
  @dependency_source_details = dependency_source_details
34
49
  end
35
50
 
51
+ sig { returns(T::Boolean) }
36
52
  def git_dependency?
37
53
  return false if dependency_source_details.nil?
38
54
 
39
- dependency_source_details.fetch(:type) == "git"
55
+ dependency_source_details&.fetch(:type) == "git"
40
56
  end
41
57
 
58
+ # rubocop:disable Metrics/PerceivedComplexity
59
+ sig { returns(T::Boolean) }
42
60
  def pinned?
43
61
  raise "Not a git dependency!" unless git_dependency?
44
62
 
45
- branch = dependency_source_details.fetch(:branch)
63
+ branch = dependency_source_details&.fetch(:branch)
46
64
 
47
65
  return false if ref.nil?
48
66
  return false if branch == ref
49
67
  return true if branch
50
- return true if dependency.version&.start_with?(ref)
68
+ return true if dependency.version&.start_with?(T.must(ref))
51
69
 
52
70
  # If the specified `ref` is actually a tag, we're pinned
53
- return true if local_upload_pack.match?(%r{ refs/tags/#{ref}$})
71
+ return true if local_upload_pack&.match?(%r{ refs/tags/#{ref}$})
54
72
 
55
73
  # Assume we're pinned unless the specified `ref` is actually a branch
56
- return true unless local_upload_pack.match?(%r{ refs/heads/#{ref}$})
74
+ return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})
57
75
 
58
76
  # TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
59
- @consider_version_branches_pinned && version_tag?(ref)
77
+ @consider_version_branches_pinned && version_tag?(T.must(ref))
60
78
  end
79
+ # rubocop:enable Metrics/PerceivedComplexity
61
80
 
81
+ sig { returns(T::Boolean) }
62
82
  def pinned_ref_looks_like_version?
63
83
  return false unless pinned?
64
84
 
65
- version_tag?(ref)
85
+ version_tag?(T.must(ref))
66
86
  end
67
87
 
88
+ sig { returns(T::Boolean) }
68
89
  def pinned_ref_looks_like_commit_sha?
69
- return false unless ref && ref_looks_like_commit_sha?(ref)
90
+ return false unless ref && ref_looks_like_commit_sha?(T.must(ref))
70
91
 
71
92
  return false unless pinned?
72
93
 
73
- local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
94
+ local_repo_git_metadata_fetcher.head_commit_for_ref(T.must(ref)).nil?
74
95
  end
75
96
 
97
+ sig { returns(T.nilable(String)) }
76
98
  def head_commit_for_pinned_ref
77
- local_repo_git_metadata_fetcher.head_commit_for_ref_sha(ref)
99
+ local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
78
100
  end
79
101
 
102
+ sig { params(ref: String).returns(T::Boolean) }
80
103
  def ref_looks_like_commit_sha?(ref)
81
104
  ref.match?(/^[0-9a-f]{6,40}$/)
82
105
  end
83
106
 
107
+ sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
84
108
  def branch_or_ref_in_release?(version)
85
109
  pinned_ref_in_release?(version) || branch_behind_release?(version)
86
110
  end
87
111
 
112
+ sig { returns(T.nilable(String)) }
88
113
  def head_commit_for_current_branch
89
114
  ref = ref_or_branch || "HEAD"
90
115
 
@@ -94,42 +119,51 @@ module Dependabot
94
119
  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
95
120
  end
96
121
 
122
+ sig { params(name: String).returns(T.nilable(String)) }
97
123
  def head_commit_for_local_branch(name)
98
124
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
99
125
  end
100
126
 
127
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
101
128
  def local_ref_for_latest_version_matching_existing_precision
102
129
  allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
103
130
 
104
131
  max_local_tag_for_current_precision(allowed_refs)
105
132
  end
106
133
 
134
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
107
135
  def local_tag_for_latest_version
108
136
  max_local_tag(allowed_version_tags)
109
137
  end
110
138
 
139
+ sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
111
140
  def local_tags_for_allowed_versions_matching_existing_precision
112
141
  select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
113
142
  end
114
143
 
144
+ sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
115
145
  def local_tags_for_allowed_versions
116
146
  allowed_version_tags.map { |t| to_local_tag(t) }
117
147
  end
118
148
 
149
+ sig { returns(T::Array[Dependabot::GitRef]) }
119
150
  def allowed_version_tags
120
151
  allowed_versions(local_tags)
121
152
  end
122
153
 
154
+ sig { returns(T::Array[Dependabot::GitRef]) }
123
155
  def allowed_version_refs
124
156
  allowed_versions(local_refs)
125
157
  end
126
158
 
159
+ sig { returns(T.nilable(Gem::Version)) }
127
160
  def current_version
128
- return unless dependency.version && version_tag?(dependency.version)
161
+ return unless dependency.version && version_tag?(T.must(dependency.version))
129
162
 
130
- version_from_ref(dependency.version)
163
+ version_from_ref(T.must(dependency.version))
131
164
  end
132
165
 
166
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[T.any(Dependabot::GitRef, Gem::Version)]) }
133
167
  def filter_lower_versions(tags)
134
168
  return tags unless current_version
135
169
 
@@ -142,23 +176,30 @@ module Dependabot
142
176
  end
143
177
  end
144
178
 
179
+ sig { returns(T.nilable(String)) }
145
180
  def most_specific_tag_equivalent_to_pinned_ref
146
- commit_sha = head_commit_for_local_branch(ref)
181
+ commit_sha = head_commit_for_local_branch(T.must(ref))
147
182
  most_specific_version_tag_for_sha(commit_sha)
148
183
  end
149
184
 
185
+ sig { returns(T.nilable(String)) }
150
186
  def local_tag_for_pinned_sha
151
- return @local_tag_for_pinned_sha if defined?(@local_tag_for_pinned_sha)
187
+ return unless pinned_ref_looks_like_commit_sha?
152
188
 
153
- @local_tag_for_pinned_sha = most_specific_version_tag_for_sha(ref) if pinned_ref_looks_like_commit_sha?
189
+ @local_tag_for_pinned_sha = T.let(
190
+ most_specific_version_tag_for_sha(ref),
191
+ T.nilable(String)
192
+ )
154
193
  end
155
194
 
195
+ sig { returns(T.nilable(Gem::Version)) }
156
196
  def version_for_pinned_sha
157
197
  return unless local_tag_for_pinned_sha && version_class.correct?(local_tag_for_pinned_sha)
158
198
 
159
199
  version_class.new(local_tag_for_pinned_sha)
160
200
  end
161
201
 
202
+ sig { returns(T::Boolean) }
162
203
  def git_repo_reachable?
163
204
  local_upload_pack
164
205
  true
@@ -166,26 +207,37 @@ module Dependabot
166
207
  false
167
208
  end
168
209
 
210
+ sig { returns(T.nilable(T::Hash[T.any(Symbol, String), T.untyped])) }
169
211
  def dependency_source_details
170
212
  @dependency_source_details || dependency.source_details(allowed_types: ["git"])
171
213
  end
172
214
 
215
+ sig { params(commit_sha: T.nilable(String)).returns(T.nilable(String)) }
173
216
  def most_specific_version_tag_for_sha(commit_sha)
174
217
  tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
175
218
  .sort_by { |t| version_class.new(t.name) }
176
219
  return if tags.empty?
177
220
 
178
- tags[-1].name
221
+ tags[-1]&.name
179
222
  end
180
223
 
181
224
  private
182
225
 
183
- attr_reader :dependency, :credentials, :ignored_versions
226
+ sig { returns(Dependabot::Dependency) }
227
+ attr_reader :dependency
184
228
 
229
+ sig { returns(T::Array[T::Hash[String, String]]) }
230
+ attr_reader :credentials
231
+
232
+ sig { returns(T::Array[String]) }
233
+ attr_reader :ignored_versions
234
+
235
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
185
236
  def max_local_tag_for_current_precision(tags)
186
237
  max_local_tag(select_matching_existing_precision(tags))
187
238
  end
188
239
 
240
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
189
241
  def max_local_tag(tags)
190
242
  max_version_tag = tags.max_by { |t| version_from_tag(t) }
191
243
 
@@ -193,16 +245,19 @@ module Dependabot
193
245
  end
194
246
 
195
247
  # Find the latest version with the same precision as the pinned version.
248
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
196
249
  def select_matching_existing_precision(tags)
197
- current_precision = precision(dependency.version)
250
+ current_precision = precision(T.must(dependency.version))
198
251
 
199
252
  tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
200
253
  end
201
254
 
255
+ sig { params(version: String).returns(Integer) }
202
256
  def precision(version)
203
257
  version.split(".").length
204
258
  end
205
259
 
260
+ sig { params(local_tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
206
261
  def allowed_versions(local_tags)
207
262
  tags =
208
263
  local_tags
@@ -217,6 +272,7 @@ module Dependabot
217
272
  .reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
218
273
  end
219
274
 
275
+ sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
220
276
  def pinned_ref_in_release?(version)
221
277
  raise "Not a git dependency!" unless git_dependency?
222
278
 
@@ -227,12 +283,13 @@ module Dependabot
227
283
  return false unless tag
228
284
 
229
285
  commit_included_in_tag?(
230
- commit: ref,
286
+ commit: T.must(ref),
231
287
  tag: tag,
232
288
  allow_identical: true
233
289
  )
234
290
  end
235
291
 
292
+ sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
236
293
  def branch_behind_release?(version)
237
294
  raise "Not a git dependency!" unless git_dependency?
238
295
 
@@ -245,24 +302,28 @@ module Dependabot
245
302
  # Check if behind, excluding the case where it's identical, because
246
303
  # we normally wouldn't switch you from tracking master to a release.
247
304
  commit_included_in_tag?(
248
- commit: ref_or_branch,
305
+ commit: T.must(ref_or_branch),
249
306
  tag: tag,
250
307
  allow_identical: false
251
308
  )
252
309
  end
253
310
 
311
+ sig { returns(T.nilable(String)) }
254
312
  def local_upload_pack
255
313
  local_repo_git_metadata_fetcher.upload_pack
256
314
  end
257
315
 
316
+ sig { returns(T::Array[Dependabot::GitRef]) }
258
317
  def local_refs
259
318
  handle_tag_prefix(local_repo_git_metadata_fetcher.refs_for_upload_pack)
260
319
  end
261
320
 
321
+ sig { returns(T::Array[Dependabot::GitRef]) }
262
322
  def local_tags
263
323
  handle_tag_prefix(local_repo_git_metadata_fetcher.tags_for_upload_pack)
264
324
  end
265
325
 
326
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
266
327
  def handle_tag_prefix(tags)
267
328
  if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
268
329
  tags = tags.map do |tag|
@@ -273,6 +334,14 @@ module Dependabot
273
334
  tags
274
335
  end
275
336
 
337
+ sig do
338
+ params(
339
+ tag: String,
340
+ commit: String,
341
+ allow_identical: T::Boolean
342
+ )
343
+ .returns(T::Boolean)
344
+ end
276
345
  def commit_included_in_tag?(tag:, commit:, allow_identical: false)
277
346
  status =
278
347
  case Source.from_url(listing_source_url)&.provider
@@ -292,6 +361,7 @@ module Dependabot
292
361
  false
293
362
  end
294
363
 
364
+ sig { params(ref1: String, ref2: String).returns(String) }
295
365
  def github_commit_comparison_status(ref1, ref2)
296
366
  client = Clients::GithubWithRetries
297
367
  .for_github_dot_com(credentials: credentials)
@@ -299,6 +369,7 @@ module Dependabot
299
369
  client.compare(listing_source_repo, ref1, ref2).status
300
370
  end
301
371
 
372
+ sig { params(ref1: String, ref2: String).returns(String) }
302
373
  def gitlab_commit_comparison_status(ref1, ref2)
303
374
  client = Clients::GitlabWithRetries
304
375
  .for_gitlab_dot_com(credentials: credentials)
@@ -312,6 +383,7 @@ module Dependabot
312
383
  end
313
384
  end
314
385
 
386
+ sig { params(ref1: String, ref2: String).returns(String) }
315
387
  def bitbucket_commit_comparison_status(ref1, ref2)
316
388
  url = "https://api.bitbucket.org/2.0/repositories/" \
317
389
  "#{listing_source_repo}/commits/?" \
@@ -330,33 +402,39 @@ module Dependabot
330
402
  end
331
403
  end
332
404
 
405
+ sig { returns(T.nilable(String)) }
333
406
  def ref_or_branch
334
- ref || dependency_source_details.fetch(:branch)
407
+ ref || dependency_source_details&.fetch(:branch)
335
408
  end
336
409
 
410
+ sig { returns(T.nilable(String)) }
337
411
  def ref
338
- dependency_source_details.fetch(:ref)
412
+ dependency_source_details&.fetch(:ref)
339
413
  end
340
414
 
415
+ sig { params(tag: String).returns(T::Boolean) }
341
416
  def version_tag?(tag)
342
417
  tag.match?(VERSION_REGEX)
343
418
  end
344
419
 
420
+ sig { params(tag: String).returns(T::Boolean) }
345
421
  def matches_existing_prefix?(tag)
346
422
  return true unless ref_or_branch
347
423
 
348
- if version_tag?(ref_or_branch)
349
- same_prefix?(ref_or_branch, tag)
424
+ if version_tag?(T.must(ref_or_branch))
425
+ same_prefix?(T.must(ref_or_branch), tag)
350
426
  else
351
- local_tag_for_pinned_sha.nil? || same_prefix?(local_tag_for_pinned_sha, tag)
427
+ local_tag_for_pinned_sha.nil? || same_prefix?(T.must(local_tag_for_pinned_sha), tag)
352
428
  end
353
429
  end
354
430
 
431
+ sig { params(tag: String, other_tag: String).returns(T::Boolean) }
355
432
  def same_prefix?(tag, other_tag)
356
433
  tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "") ==
357
434
  other_tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "")
358
435
  end
359
436
 
437
+ sig { params(tag: T.nilable(Dependabot::GitRef)).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
360
438
  def to_local_tag(tag)
361
439
  return unless tag
362
440
 
@@ -369,8 +447,9 @@ module Dependabot
369
447
  }
370
448
  end
371
449
 
450
+ sig { returns(T.nilable(String)) }
372
451
  def listing_source_url
373
- @listing_source_url ||=
452
+ @listing_source_url ||= T.let(
374
453
  begin
375
454
  # Remove the git source, so the metadata finder looks on the
376
455
  # registry
@@ -385,100 +464,133 @@ module Dependabot
385
464
  .for_package_manager(dependency.package_manager)
386
465
  .new(dependency: candidate_dep, credentials: credentials)
387
466
  .source_url
388
- end
467
+ end,
468
+ T.nilable(String)
469
+ )
389
470
  end
390
471
 
472
+ sig { returns(T.nilable(String)) }
391
473
  def listing_source_repo
392
474
  return unless listing_source_url
393
475
 
394
476
  Source.from_url(listing_source_url)&.repo
395
477
  end
396
478
 
479
+ sig { params(version: String).returns(T.nilable(String)) }
397
480
  def listing_tag_for_version(version)
398
481
  listing_tags
399
482
  .find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
400
483
  &.name
401
484
  end
402
485
 
486
+ sig { returns(T::Array[Dependabot::GitRef]) }
403
487
  def listing_tags
404
488
  return [] unless listing_source_url
405
489
 
406
- @listing_tags ||= begin
407
- tags = listing_repo_git_metadata_fetcher.tags
490
+ @listing_tags ||= T.let(
491
+ begin
492
+ tags = listing_repo_git_metadata_fetcher.tags
408
493
 
409
- if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
410
- tags = tags.map do |tag|
411
- tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
494
+ if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
495
+ tags = tags.map do |tag|
496
+ tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
497
+ end
412
498
  end
413
- end
414
499
 
415
- tags
416
- rescue GitDependenciesNotReachable
417
- []
418
- end
500
+ tags
501
+ rescue GitDependenciesNotReachable
502
+ []
503
+ end,
504
+ T.nilable(T::Array[Dependabot::GitRef])
505
+ )
419
506
  end
420
507
 
508
+ sig { returns(T.nilable(String)) }
421
509
  def listing_upload_pack
422
510
  return unless listing_source_url
423
511
 
424
512
  listing_repo_git_metadata_fetcher.upload_pack
425
513
  end
426
514
 
515
+ sig { returns(T::Array[Dependabot::Requirement]) }
427
516
  def ignore_requirements
428
517
  ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
429
518
  end
430
519
 
520
+ sig { returns(T::Boolean) }
431
521
  def wants_prerelease?
432
522
  return false unless dependency_source_details&.fetch(:ref, nil)
433
523
  return false unless pinned_ref_looks_like_version?
434
524
 
435
- version = version_from_ref(ref)
525
+ version = version_from_ref(T.must(ref))
436
526
  version.prerelease?
437
527
  end
438
528
 
529
+ sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
439
530
  def tag_included_in_ignore_requirements?(tag)
440
531
  version = version_from_tag(tag)
441
532
  ignore_requirements.any? { |r| r.satisfied_by?(version) }
442
533
  end
443
534
 
535
+ sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
444
536
  def tag_is_prerelease?(tag)
445
537
  version_from_tag(tag).prerelease?
446
538
  end
447
539
 
540
+ sig { params(tag: Dependabot::GitRef).returns(Gem::Version) }
448
541
  def version_from_tag(tag)
449
542
  version_from_ref(tag.name)
450
543
  end
451
544
 
545
+ sig { params(name: String).returns(Gem::Version) }
452
546
  def version_from_ref(name)
453
547
  version_class.new(scan_version(name))
454
548
  end
455
549
 
550
+ sig { params(name: String).returns(String) }
456
551
  def scan_version(name)
457
- name.match(VERSION_REGEX).named_captures.fetch("version")
552
+ T.must(T.must(name.match(VERSION_REGEX)).named_captures.fetch("version"))
458
553
  end
459
554
 
555
+ sig { returns(T.class_of(Gem::Version)) }
460
556
  def version_class
461
- @version_class ||= dependency.version_class
557
+ @version_class ||= T.let(
558
+ dependency.version_class,
559
+ T.nilable(T.class_of(Gem::Version))
560
+ )
462
561
  end
463
562
 
563
+ sig { returns(T.class_of(Dependabot::Requirement)) }
464
564
  def requirement_class
465
- @requirement_class ||= dependency.requirement_class
565
+ @requirement_class ||= T.let(
566
+ dependency.requirement_class,
567
+ T.nilable(T.class_of(Dependabot::Requirement))
568
+ )
466
569
  end
467
570
 
571
+ sig { returns(Dependabot::GitMetadataFetcher) }
468
572
  def local_repo_git_metadata_fetcher
469
573
  @local_repo_git_metadata_fetcher ||=
470
- GitMetadataFetcher.new(
471
- url: dependency_source_details.fetch(:url),
472
- credentials: credentials
574
+ T.let(
575
+ GitMetadataFetcher.new(
576
+ url: dependency_source_details&.fetch(:url),
577
+ credentials: credentials
578
+ ),
579
+ T.nilable(Dependabot::GitMetadataFetcher)
473
580
  )
474
581
  end
475
582
 
583
+ sig { returns(Dependabot::GitMetadataFetcher) }
476
584
  def listing_repo_git_metadata_fetcher
477
585
  @listing_repo_git_metadata_fetcher ||=
478
- GitMetadataFetcher.new(
479
- url: listing_source_url,
480
- credentials: credentials
586
+ T.let(
587
+ GitMetadataFetcher.new(
588
+ url: T.must(listing_source_url),
589
+ credentials: credentials
590
+ ),
591
+ T.nilable(Dependabot::GitMetadataFetcher)
481
592
  )
482
593
  end
483
594
  end
595
+ # rubocop:enable Metrics/ClassLength
484
596
  end
data/lib/dependabot/metadata_finders/base.rb CHANGED
@@ -1,24 +1,40 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/source"
5
6
 
6
7
  module Dependabot
7
8
  module MetadataFinders
8
9
  class Base
10
+ extend T::Sig
11
+ extend T::Helpers
12
+
9
13
  require "dependabot/metadata_finders/base/changelog_finder"
10
14
  require "dependabot/metadata_finders/base/release_finder"
11
15
  require "dependabot/metadata_finders/base/commits_finder"
12
16
 
13
- PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = %w(npm_and_yarn pub).freeze
17
+ PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = T.let(%w(npm_and_yarn pub).freeze, T::Array[String])
18
+
19
+ sig { returns(Dependabot::Dependency) }
20
+ attr_reader :dependency
14
21
 
15
- attr_reader :dependency, :credentials
22
+ sig { returns(T::Array[T::Hash[String, String]]) }
23
+ attr_reader :credentials
16
24
 
25
+ sig do
26
+ params(
27
+ dependency: Dependabot::Dependency,
28
+ credentials: T::Array[T::Hash[String, String]]
29
+ )
30
+ .void
31
+ end
17
32
  def initialize(dependency:, credentials:)
18
33
  @dependency = dependency
19
34
  @credentials = credentials
20
35
  end
21
36
 
37
+ sig { returns(T.nilable(String)) }
22
38
  def source_url
23
39
  if reliable_source_directory?
24
40
  source&.url_with_directory
@@ -27,106 +43,144 @@ module Dependabot
27
43
  end
28
44
  end
29
45
 
46
+ sig { returns(T.nilable(String)) }
30
47
  def homepage_url
31
48
  source_url
32
49
  end
33
50
 
51
+ sig { returns(T.nilable(String)) }
34
52
  def changelog_url
35
- @changelog_finder ||= ChangelogFinder.new(
36
- dependency: dependency,
37
- source: source,
38
- credentials: credentials,
39
- suggested_changelog_url: suggested_changelog_url
53
+ @changelog_finder ||= T.let(
54
+ ChangelogFinder.new(
55
+ dependency: dependency,
56
+ source: source,
57
+ credentials: credentials,
58
+ suggested_changelog_url: suggested_changelog_url
59
+ ),
60
+ T.nilable(ChangelogFinder)
40
61
  )
41
62
  @changelog_finder.changelog_url
42
63
  end
43
64
 
65
+ sig { returns(T.nilable(String)) }
44
66
  def changelog_text
45
- @changelog_finder ||= ChangelogFinder.new(
46
- dependency: dependency,
47
- source: source,
48
- credentials: credentials,
49
- suggested_changelog_url: suggested_changelog_url
67
+ @changelog_finder ||= T.let(
68
+ ChangelogFinder.new(
69
+ dependency: dependency,
70
+ source: source,
71
+ credentials: credentials,
72
+ suggested_changelog_url: suggested_changelog_url
73
+ ),
74
+ T.nilable(ChangelogFinder)
50
75
  )
51
76
  @changelog_finder.changelog_text
52
77
  end
53
78
 
79
+ sig { returns(T.nilable(String)) }
54
80
  def upgrade_guide_url
55
- @changelog_finder ||= ChangelogFinder.new(
56
- dependency: dependency,
57
- source: source,
58
- credentials: credentials,
59
- suggested_changelog_url: suggested_changelog_url
81
+ @changelog_finder ||= T.let(
82
+ ChangelogFinder.new(
83
+ dependency: dependency,
84
+ source: source,
85
+ credentials: credentials,
86
+ suggested_changelog_url: suggested_changelog_url
87
+ ),
88
+ T.nilable(ChangelogFinder)
60
89
  )
61
90
  @changelog_finder.upgrade_guide_url
62
91
  end
63
92
 
93
+ sig { returns(T.nilable(String)) }
64
94
  def upgrade_guide_text
65
- @changelog_finder ||= ChangelogFinder.new(
66
- dependency: dependency,
67
- source: source,
68
- credentials: credentials,
69
- suggested_changelog_url: suggested_changelog_url
95
+ @changelog_finder ||= T.let(
96
+ ChangelogFinder.new(
97
+ dependency: dependency,
98
+ source: source,
99
+ credentials: credentials,
100
+ suggested_changelog_url: suggested_changelog_url
101
+ ),
102
+ T.nilable(ChangelogFinder)
70
103
  )
71
104
  @changelog_finder.upgrade_guide_text
72
105
  end
73
106
 
107
+ sig { returns(T.nilable(String)) }
74
108
  def releases_url
75
- @release_finder ||= ReleaseFinder.new(
76
- dependency: dependency,
77
- source: source,
78
- credentials: credentials
109
+ @release_finder ||= T.let(
110
+ ReleaseFinder.new(
111
+ dependency: dependency,
112
+ source: source,
113
+ credentials: credentials
114
+ ),
115
+ T.nilable(ReleaseFinder)
79
116
  )
80
117
  @release_finder.releases_url
81
118
  end
82
119
 
120
+ sig { returns(T.nilable(String)) }
83
121
  def releases_text
84
- @release_finder ||= ReleaseFinder.new(
85
- dependency: dependency,
86
- source: source,
87
- credentials: credentials
122
+ @release_finder ||= T.let(
123
+ ReleaseFinder.new(
124
+ dependency: dependency,
125
+ source: source,
126
+ credentials: credentials
127
+ ),
128
+ T.nilable(ReleaseFinder)
88
129
  )
89
130
  @release_finder.releases_text
90
131
  end
91
132
 
133
+ sig { returns(T.nilable(String)) }
92
134
  def commits_url
93
- @commits_finder ||= CommitsFinder.new(
94
- dependency: dependency,
95
- source: source,
96
- credentials: credentials
135
+ @commits_finder ||= T.let(
136
+ CommitsFinder.new(
137
+ dependency: dependency,
138
+ source: source,
139
+ credentials: credentials
140
+ ),
141
+ T.nilable(CommitsFinder)
97
142
  )
98
143
  @commits_finder.commits_url
99
144
  end
100
145
 
146
+ sig { returns(T::Array[T::Hash[Symbol, String]]) }
101
147
  def commits
102
- @commits_finder ||= CommitsFinder.new(
103
- dependency: dependency,
104
- source: source,
105
- credentials: credentials
148
+ @commits_finder ||= T.let(
149
+ CommitsFinder.new(
150
+ dependency: dependency,
151
+ source: source,
152
+ credentials: credentials
153
+ ),
154
+ T.nilable(CommitsFinder)
106
155
  )
107
156
  @commits_finder.commits
108
157
  end
109
158
 
159
+ sig { overridable.returns(T.nilable(String)) }
110
160
  def maintainer_changes
111
161
  nil
112
162
  end
113
163
 
114
164
  private
115
165
 
166
+ sig { overridable.returns(T.nilable(String)) }
116
167
  def suggested_changelog_url
117
168
  nil
118
169
  end
119
170
 
171
+ sig { returns(T.nilable(Dependabot::Source)) }
120
172
  def source
121
173
  return @source if defined?(@source)
122
174
 
123
- @source = look_up_source
175
+ @source = T.let(look_up_source, T.nilable(Dependabot::Source))
124
176
  end
125
177
 
178
+ sig { overridable.returns(Dependabot::Source) }
126
179
  def look_up_source
127
180
  raise NotImplementedError
128
181
  end
129
182
 
183
+ sig { returns(T::Boolean) }
130
184
  def reliable_source_directory?
131
185
  MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
132
186
  .include?(dependency.package_manager)
data/lib/dependabot/pull_request_creator/branch_namer/base.rb CHANGED
@@ -48,6 +48,11 @@ module Dependabot
48
48
  @max_length = max_length
49
49
  end
50
50
 
51
+ sig { overridable.returns(String) }
52
+ def new_branch_name
53
+ raise NotImplementedError
54
+ end
55
+
51
56
  private
52
57
 
53
58
  sig { params(ref_name: String).returns(String) }
data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb CHANGED
@@ -14,7 +14,7 @@ module Dependabot
14
14
  params(
15
15
  dependencies: T::Array[Dependabot::Dependency],
16
16
  files: T::Array[Dependabot::DependencyFile],
17
- target_branch: String,
17
+ target_branch: T.nilable(String),
18
18
  dependency_group: Dependabot::DependencyGroup,
19
19
  includes_security_fixes: T::Boolean,
20
20
  separator: String,
@@ -38,7 +38,7 @@ module Dependabot
38
38
  @includes_security_fixes = includes_security_fixes
39
39
  end
40
40
 
41
- sig { returns(String) }
41
+ sig { override.returns(String) }
42
42
  def new_branch_name
43
43
  sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
44
44
  end
data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb CHANGED
@@ -1,7 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "digest"
5
+ require "sorbet-runtime"
5
6
 
6
7
  require "dependabot/metadata_finders"
7
8
  require "dependabot/pull_request_creator/branch_namer/base"
@@ -10,30 +11,37 @@ module Dependabot
10
11
  class PullRequestCreator
11
12
  class BranchNamer
12
13
  class SoloStrategy < Base
14
+ extend T::Sig
15
+
16
+ sig { override.returns(String) }
13
17
  def new_branch_name
14
18
  @name ||=
15
- begin
16
- dependency_name_part =
17
- if dependencies.count > 1 && updating_a_property?
18
- property_name
19
- elsif dependencies.count > 1 && updating_a_dependency_set?
20
- dependency_set.fetch(:group)
21
- else
22
- dependencies
23
- .map(&:name)
24
- .join("-and-")
25
- .tr(":[]", "-")
26
- .tr("@", "")
27
- end
28
-
29
- "#{dependency_name_part}-#{branch_version_suffix}"
30
- end
19
+ T.let(
20
+ begin
21
+ dependency_name_part =
22
+ if dependencies.count > 1 && updating_a_property?
23
+ property_name
24
+ elsif dependencies.count > 1 && updating_a_dependency_set?
25
+ dependency_set.fetch(:group)
26
+ else
27
+ dependencies
28
+ .map(&:name)
29
+ .join("-and-")
30
+ .tr(":[]", "-")
31
+ .tr("@", "")
32
+ end
33
+
34
+ "#{dependency_name_part}-#{branch_version_suffix}"
35
+ end,
36
+ T.nilable(String)
37
+ )
31
38
 
32
39
  sanitize_branch_name(File.join(prefixes, @name))
33
40
  end
34
41
 
35
42
  private
36
43
 
44
+ sig { returns(T::Array[String]) }
37
45
  def prefixes
38
46
  [
39
47
  prefix,
@@ -43,46 +51,58 @@ module Dependabot
43
51
  ].compact
44
52
  end
45
53
 
54
+ sig { returns(String) }
46
55
  def package_manager
47
56
  T.must(dependencies.first).package_manager
48
57
  end
49
58
 
59
+ sig { returns(T::Boolean) }
50
60
  def updating_a_property?
51
61
  T.must(dependencies.first)
52
62
  .requirements
53
63
  .any? { |r| r.dig(:metadata, :property_name) }
54
64
  end
55
65
 
66
+ sig { returns(T::Boolean) }
56
67
  def updating_a_dependency_set?
57
68
  T.must(dependencies.first)
58
69
  .requirements
59
70
  .any? { |r| r.dig(:metadata, :dependency_set) }
60
71
  end
61
72
 
73
+ sig { returns(String) }
62
74
  def property_name
63
- @property_name ||= T.must(dependencies.first).requirements
64
- .find { |r| r.dig(:metadata, :property_name) }
65
- &.dig(:metadata, :property_name)
75
+ @property_name ||=
76
+ T.let(T.must(dependencies.first).requirements
77
+ .find { |r| r.dig(:metadata, :property_name) }
78
+ &.dig(:metadata, :property_name),
79
+ T.nilable(String))
66
80
 
67
81
  raise "No property name!" unless @property_name
68
82
 
69
83
  @property_name
70
84
  end
71
85
 
86
+ sig { returns(T::Hash[Symbol, String]) }
72
87
  def dependency_set
73
- @dependency_set ||= T.must(dependencies.first).requirements
74
- .find { |r| r.dig(:metadata, :dependency_set) }
75
- &.dig(:metadata, :dependency_set)
88
+ @dependency_set ||=
89
+ T.let(
90
+ T.must(dependencies.first).requirements
91
+ .find { |r| r.dig(:metadata, :dependency_set) }
92
+ &.dig(:metadata, :dependency_set),
93
+ T.nilable(T::Hash[String, String])
94
+ )
76
95
 
77
96
  raise "No dependency set!" unless @dependency_set
78
97
 
79
98
  @dependency_set
80
99
  end
81
100
 
101
+ sig { returns(T.nilable(String)) }
82
102
  def branch_version_suffix
83
- dep = dependencies.first
103
+ dep = T.must(dependencies.first)
84
104
 
85
- if T.must(dep).removed?
105
+ if dep.removed?
86
106
  "-removed"
87
107
  elsif library? && ref_changed?(dep) && new_ref(dep)
88
108
  new_ref(dep)
@@ -93,6 +113,7 @@ module Dependabot
93
113
  end
94
114
  end
95
115
 
116
+ sig { params(dependency: Dependabot::Dependency).returns(String) }
96
117
  def sanitized_requirement(dependency)
97
118
  new_library_requirement(dependency)
98
119
  .delete(" ")
@@ -111,13 +132,14 @@ module Dependabot
111
132
  .gsub(",", "-and-")
112
133
  end
113
134
 
135
+ sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
114
136
  def new_version(dependency)
115
137
  # Version looks like a git SHA and we could be updating to a specific
116
138
  # ref in which case we return that otherwise we return a shorthand sha
117
- if dependency.version.match?(/^[0-9a-f]{40}$/)
139
+ if dependency.version&.match?(/^[0-9a-f]{40}$/)
118
140
  return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
119
141
 
120
- dependency.version[0..6]
142
+ T.must(dependency.version)[0..6]
121
143
  elsif dependency.version == dependency.previous_version &&
122
144
  package_manager == "docker"
123
145
  dependency.requirements
@@ -128,13 +150,15 @@ module Dependabot
128
150
  end
129
151
  end
130
152
 
153
+ sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
131
154
  def previous_ref(dependency)
132
- previous_refs = dependency.previous_requirements.filter_map do |r|
155
+ previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
133
156
  r.dig(:source, "ref") || r.dig(:source, :ref)
134
157
  end.uniq
135
158
  previous_refs.first if previous_refs.count == 1
136
159
  end
137
160
 
161
+ sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
138
162
  def new_ref(dependency)
139
163
  new_refs = dependency.requirements.filter_map do |r|
140
164
  r.dig(:source, "ref") || r.dig(:source, :ref)
@@ -142,20 +166,22 @@ module Dependabot
142
166
  new_refs.first if new_refs.count == 1
143
167
  end
144
168
 
169
+ sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
145
170
  def ref_changed?(dependency)
146
171
  # We could go from multiple previous refs (nil) to a single new ref
147
172
  previous_ref(dependency) != new_ref(dependency)
148
173
  end
149
174
 
175
+ sig { params(dependency: Dependabot::Dependency).returns(T.untyped) }
150
176
  def new_library_requirement(dependency)
151
177
  updated_reqs =
152
- dependency.requirements - dependency.previous_requirements
178
+ dependency.requirements - T.must(dependency.previous_requirements)
153
179
 
154
180
  gemspec =
155
181
  updated_reqs.find { |r| r[:file].match?(%r{^[^/]*\.gemspec$}) }
156
182
  return gemspec[:requirement] if gemspec
157
183
 
158
- updated_reqs.first[:requirement]
184
+ updated_reqs.first&.fetch(:requirement)
159
185
  end
160
186
 
161
187
  # TODO: Bring this in line with existing library checks that we do in the
@@ -163,12 +189,14 @@ module Dependabot
163
189
  # `requirements_update_strategy`.
164
190
  #
165
191
  # TODO re-use in MessageBuilder
192
+ sig { returns(T::Boolean) }
166
193
  def library?
167
194
  dependencies.any? { |d| !d.appears_in_lockfile? }
168
195
  end
169
196
 
197
+ sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
170
198
  def requirements_changed?(dependency)
171
- (dependency.requirements - dependency.previous_requirements).any?
199
+ (dependency.requirements - T.must(dependency.previous_requirements)).any?
172
200
  end
173
201
  end
174
202
  end
data/lib/dependabot/pull_request_creator/branch_namer.rb CHANGED
@@ -1,7 +1,8 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "digest"
5
+ require "sorbet-runtime"
5
6
 
6
7
  require "dependabot/metadata_finders"
7
8
  require "dependabot/pull_request_creator"
@@ -11,9 +12,45 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
11
12
  module Dependabot
12
13
  class PullRequestCreator
13
14
  class BranchNamer
14
- attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group,
15
- :includes_security_fixes
15
+ extend T::Sig
16
16
 
17
+ sig { returns(T::Array[Dependabot::Dependency]) }
18
+ attr_reader :dependencies
19
+
20
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
21
+ attr_reader :files
22
+
23
+ sig { returns(T.nilable(String)) }
24
+ attr_reader :target_branch
25
+
26
+ sig { returns(String) }
27
+ attr_reader :separator
28
+
29
+ sig { returns(String) }
30
+ attr_reader :prefix
31
+
32
+ sig { returns(T.nilable(Integer)) }
33
+ attr_reader :max_length
34
+
35
+ sig { returns(T.nilable(Dependabot::DependencyGroup)) }
36
+ attr_reader :dependency_group
37
+
38
+ sig { returns(T::Boolean) }
39
+ attr_reader :includes_security_fixes
40
+
41
+ sig do
42
+ params(
43
+ dependencies: T::Array[Dependabot::Dependency],
44
+ files: T::Array[Dependabot::DependencyFile],
45
+ target_branch: T.nilable(String),
46
+ dependency_group: T.nilable(Dependabot::DependencyGroup),
47
+ separator: String,
48
+ prefix: String,
49
+ max_length: T.nilable(Integer),
50
+ includes_security_fixes: T::Boolean
51
+ )
52
+ .void
53
+ end
17
54
  def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
18
55
  separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
19
56
  @dependencies = dependencies
@@ -26,14 +63,16 @@ module Dependabot
26
63
  @includes_security_fixes = includes_security_fixes
27
64
  end
28
65
 
66
+ sig { returns(String) }
29
67
  def new_branch_name
30
68
  strategy.new_branch_name
31
69
  end
32
70
 
33
71
  private
34
72
 
73
+ sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
35
74
  def strategy
36
- @strategy ||=
75
+ @strategy ||= T.let(
37
76
  if dependency_group.nil?
38
77
  SoloStrategy.new(
39
78
  dependencies: dependencies,
@@ -48,13 +87,15 @@ module Dependabot
48
87
  dependencies: dependencies,
49
88
  files: files,
50
89
  target_branch: target_branch,
51
- dependency_group: dependency_group,
90
+ dependency_group: T.must(dependency_group),
52
91
  includes_security_fixes: includes_security_fixes,
53
92
  separator: separator,
54
93
  prefix: prefix,
55
94
  max_length: max_length
56
95
  )
57
- end
96
+ end,
97
+ T.nilable(Dependabot::PullRequestCreator::BranchNamer::Base)
98
+ )
58
99
  end
59
100
  end
60
101
  end
data/lib/dependabot/pull_request_creator/gitlab.rb CHANGED
@@ -150,7 +150,7 @@ module Dependabot
150
150
  end
151
151
 
152
152
  def approvers_hash
153
- @approvers_hash ||= approvers&.transform_keys(&:to_sym) || {}
153
+ @approvers_hash ||= approvers || {}
154
154
  end
155
155
 
156
156
  def default_branch
data/lib/dependabot/pull_request_creator.rb CHANGED
@@ -100,7 +100,7 @@ module Dependabot
100
100
  sig { returns(T::Hash[String, String]) }
101
101
  attr_reader :vulnerabilities_fixed
102
102
 
103
- sig { returns(T.nilable(T::Array[String])) }
103
+ sig { returns(T.nilable(T.any(T::Array[String], T::Hash[Symbol, T::Array[Integer]]))) }
104
104
  attr_reader :reviewers
105
105
 
106
106
  sig { returns(T.nilable(T::Array[String])) }
@@ -389,7 +389,7 @@ module Dependabot
389
389
  BranchNamer.new(
390
390
  dependencies: dependencies,
391
391
  files: files,
392
- target_branch: source.branch,
392
+ target_branch: T.must(source.branch),
393
393
  dependency_group: dependency_group,
394
394
  separator: branch_name_separator,
395
395
  prefix: branch_name_prefix,
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.240.0"
5
+ VERSION = "0.241.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.240.0
4
+ version: 0.241.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-12 00:00:00.000000000 Z
11
+ date: 2024-01-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -572,7 +572,7 @@ licenses:
572
572
  - Nonstandard
573
573
  metadata:
574
574
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
575
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
575
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.241.0
576
576
  post_install_message:
577
577
  rdoc_options: []
578
578
  require_paths: