dependabot-common 0.240.0 → 0.241.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/file_parsers/base.rb +39 -9
- data/lib/dependabot/git_commit_checker.rb +160 -48
- data/lib/dependabot/metadata_finders/base.rb +94 -40
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +5 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +2 -2
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +59 -31
- data/lib/dependabot/pull_request_creator/branch_namer.rb +47 -6
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b381e33a32a95b7956fbcff6abec4736f2f190b4c8ab0eece99a2181037f52e
|
|
4
|
+
data.tar.gz: 5006821762970d60de1f3682cd1931f9e86cd0d44d8b9d5ec6eb7778a3bf329a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4d8272f9614610836187d6a34fc20acd78b0326d8759d633afc7879492f9edffc3189d148e643750f0f47c1fec54071545ff7d2981499f82c8273addb527fc36
|
|
7
|
+
data.tar.gz: 4248ef1d9c5dce4afad397af2b557e8414a673d48351924255be59d211a0538b6f98ac73ce4f75458168379301be42c0b9a03517266ac6de8d2205346e95a8d3
|
|
@@ -1,12 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module FileParsers
|
|
6
8
|
class Base
|
|
7
|
-
|
|
9
|
+
extend T::Sig
|
|
10
|
+
extend T::Helpers
|
|
11
|
+
|
|
12
|
+
abstract!
|
|
13
|
+
|
|
14
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
15
|
+
attr_reader :dependency_files
|
|
16
|
+
|
|
17
|
+
sig { returns(T.nilable(String)) }
|
|
18
|
+
attr_reader :repo_contents_path
|
|
19
|
+
|
|
20
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
|
21
|
+
attr_reader :credentials
|
|
8
22
|
|
|
9
|
-
|
|
23
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
|
24
|
+
attr_reader :source
|
|
25
|
+
|
|
26
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
27
|
+
attr_reader :options
|
|
28
|
+
|
|
29
|
+
sig do
|
|
30
|
+
params(
|
|
31
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
32
|
+
source: T.nilable(Dependabot::Source),
|
|
33
|
+
repo_contents_path: T.nilable(String),
|
|
34
|
+
credentials: T::Array[T::Hash[String, String]],
|
|
35
|
+
reject_external_code: T::Boolean,
|
|
36
|
+
options: T::Hash[Symbol, T.untyped]
|
|
37
|
+
)
|
|
38
|
+
.void
|
|
39
|
+
end
|
|
40
|
+
def initialize(dependency_files:, source:, repo_contents_path: nil,
|
|
10
41
|
credentials: [], reject_external_code: false, options: {})
|
|
11
42
|
@dependency_files = dependency_files
|
|
12
43
|
@repo_contents_path = repo_contents_path
|
|
@@ -18,16 +49,15 @@ module Dependabot
|
|
|
18
49
|
check_required_files
|
|
19
50
|
end
|
|
20
51
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
end
|
|
52
|
+
sig { abstract.returns(Dependabot::DependencyFile) }
|
|
53
|
+
def parse; end
|
|
24
54
|
|
|
25
55
|
private
|
|
26
56
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
end
|
|
57
|
+
sig { abstract.void }
|
|
58
|
+
def check_required_files; end
|
|
30
59
|
|
|
60
|
+
sig { params(filename: String).returns(T.nilable(Dependabot::DependencyFile)) }
|
|
31
61
|
def get_original_file(filename)
|
|
32
62
|
dependency_files.find { |f| f.name == filename }
|
|
33
63
|
end
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
5
5
|
require "gitlab"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
require "dependabot/clients/github_with_retries"
|
|
7
8
|
require "dependabot/clients/gitlab_with_retries"
|
|
8
9
|
require "dependabot/clients/bitbucket_with_retries"
|
|
@@ -13,7 +14,10 @@ require "dependabot/source"
|
|
|
13
14
|
require "dependabot/dependency"
|
|
14
15
|
require "dependabot/git_metadata_fetcher"
|
|
15
16
|
module Dependabot
|
|
17
|
+
# rubocop:disable Metrics/ClassLength
|
|
16
18
|
class GitCommitChecker
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
17
21
|
VERSION_REGEX = /
|
|
18
22
|
(?<version>
|
|
19
23
|
(?<=^v)[0-9]+(?:\-[a-z0-9]+)?
|
|
@@ -22,6 +26,17 @@ module Dependabot
|
|
|
22
26
|
)$
|
|
23
27
|
/ix
|
|
24
28
|
|
|
29
|
+
sig do
|
|
30
|
+
params(
|
|
31
|
+
dependency: Dependabot::Dependency,
|
|
32
|
+
credentials: T::Array[T::Hash[String, String]],
|
|
33
|
+
ignored_versions: T::Array[String],
|
|
34
|
+
raise_on_ignored: T::Boolean,
|
|
35
|
+
consider_version_branches_pinned: T::Boolean,
|
|
36
|
+
dependency_source_details: T.nilable(T::Hash[Symbol, String])
|
|
37
|
+
)
|
|
38
|
+
.void
|
|
39
|
+
end
|
|
25
40
|
def initialize(dependency:, credentials:,
|
|
26
41
|
ignored_versions: [], raise_on_ignored: false,
|
|
27
42
|
consider_version_branches_pinned: false, dependency_source_details: nil)
|
|
@@ -33,58 +48,68 @@ module Dependabot
|
|
|
33
48
|
@dependency_source_details = dependency_source_details
|
|
34
49
|
end
|
|
35
50
|
|
|
51
|
+
sig { returns(T::Boolean) }
|
|
36
52
|
def git_dependency?
|
|
37
53
|
return false if dependency_source_details.nil?
|
|
38
54
|
|
|
39
|
-
dependency_source_details
|
|
55
|
+
dependency_source_details&.fetch(:type) == "git"
|
|
40
56
|
end
|
|
41
57
|
|
|
58
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
59
|
+
sig { returns(T::Boolean) }
|
|
42
60
|
def pinned?
|
|
43
61
|
raise "Not a git dependency!" unless git_dependency?
|
|
44
62
|
|
|
45
|
-
branch = dependency_source_details
|
|
63
|
+
branch = dependency_source_details&.fetch(:branch)
|
|
46
64
|
|
|
47
65
|
return false if ref.nil?
|
|
48
66
|
return false if branch == ref
|
|
49
67
|
return true if branch
|
|
50
|
-
return true if dependency.version&.start_with?(ref)
|
|
68
|
+
return true if dependency.version&.start_with?(T.must(ref))
|
|
51
69
|
|
|
52
70
|
# If the specified `ref` is actually a tag, we're pinned
|
|
53
|
-
return true if local_upload_pack
|
|
71
|
+
return true if local_upload_pack&.match?(%r{ refs/tags/#{ref}$})
|
|
54
72
|
|
|
55
73
|
# Assume we're pinned unless the specified `ref` is actually a branch
|
|
56
|
-
return true unless local_upload_pack
|
|
74
|
+
return true unless local_upload_pack&.match?(%r{ refs/heads/#{ref}$})
|
|
57
75
|
|
|
58
76
|
# TODO: Research whether considering branches that look like versions pinned makes sense for all ecosystems
|
|
59
|
-
@consider_version_branches_pinned && version_tag?(ref)
|
|
77
|
+
@consider_version_branches_pinned && version_tag?(T.must(ref))
|
|
60
78
|
end
|
|
79
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
61
80
|
|
|
81
|
+
sig { returns(T::Boolean) }
|
|
62
82
|
def pinned_ref_looks_like_version?
|
|
63
83
|
return false unless pinned?
|
|
64
84
|
|
|
65
|
-
version_tag?(ref)
|
|
85
|
+
version_tag?(T.must(ref))
|
|
66
86
|
end
|
|
67
87
|
|
|
88
|
+
sig { returns(T::Boolean) }
|
|
68
89
|
def pinned_ref_looks_like_commit_sha?
|
|
69
|
-
return false unless ref && ref_looks_like_commit_sha?(ref)
|
|
90
|
+
return false unless ref && ref_looks_like_commit_sha?(T.must(ref))
|
|
70
91
|
|
|
71
92
|
return false unless pinned?
|
|
72
93
|
|
|
73
|
-
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
|
94
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(T.must(ref)).nil?
|
|
74
95
|
end
|
|
75
96
|
|
|
97
|
+
sig { returns(T.nilable(String)) }
|
|
76
98
|
def head_commit_for_pinned_ref
|
|
77
|
-
local_repo_git_metadata_fetcher.head_commit_for_ref_sha(ref)
|
|
99
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
|
|
78
100
|
end
|
|
79
101
|
|
|
102
|
+
sig { params(ref: String).returns(T::Boolean) }
|
|
80
103
|
def ref_looks_like_commit_sha?(ref)
|
|
81
104
|
ref.match?(/^[0-9a-f]{6,40}$/)
|
|
82
105
|
end
|
|
83
106
|
|
|
107
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
|
84
108
|
def branch_or_ref_in_release?(version)
|
|
85
109
|
pinned_ref_in_release?(version) || branch_behind_release?(version)
|
|
86
110
|
end
|
|
87
111
|
|
|
112
|
+
sig { returns(T.nilable(String)) }
|
|
88
113
|
def head_commit_for_current_branch
|
|
89
114
|
ref = ref_or_branch || "HEAD"
|
|
90
115
|
|
|
@@ -94,42 +119,51 @@ module Dependabot
|
|
|
94
119
|
raise Dependabot::GitDependencyReferenceNotFound, dependency.name
|
|
95
120
|
end
|
|
96
121
|
|
|
122
|
+
sig { params(name: String).returns(T.nilable(String)) }
|
|
97
123
|
def head_commit_for_local_branch(name)
|
|
98
124
|
local_repo_git_metadata_fetcher.head_commit_for_ref(name)
|
|
99
125
|
end
|
|
100
126
|
|
|
127
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
101
128
|
def local_ref_for_latest_version_matching_existing_precision
|
|
102
129
|
allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
|
|
103
130
|
|
|
104
131
|
max_local_tag_for_current_precision(allowed_refs)
|
|
105
132
|
end
|
|
106
133
|
|
|
134
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
107
135
|
def local_tag_for_latest_version
|
|
108
136
|
max_local_tag(allowed_version_tags)
|
|
109
137
|
end
|
|
110
138
|
|
|
139
|
+
sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
|
|
111
140
|
def local_tags_for_allowed_versions_matching_existing_precision
|
|
112
141
|
select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
|
|
113
142
|
end
|
|
114
143
|
|
|
144
|
+
sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
|
|
115
145
|
def local_tags_for_allowed_versions
|
|
116
146
|
allowed_version_tags.map { |t| to_local_tag(t) }
|
|
117
147
|
end
|
|
118
148
|
|
|
149
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
|
119
150
|
def allowed_version_tags
|
|
120
151
|
allowed_versions(local_tags)
|
|
121
152
|
end
|
|
122
153
|
|
|
154
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
|
123
155
|
def allowed_version_refs
|
|
124
156
|
allowed_versions(local_refs)
|
|
125
157
|
end
|
|
126
158
|
|
|
159
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
127
160
|
def current_version
|
|
128
|
-
return unless dependency.version && version_tag?(dependency.version)
|
|
161
|
+
return unless dependency.version && version_tag?(T.must(dependency.version))
|
|
129
162
|
|
|
130
|
-
version_from_ref(dependency.version)
|
|
163
|
+
version_from_ref(T.must(dependency.version))
|
|
131
164
|
end
|
|
132
165
|
|
|
166
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[T.any(Dependabot::GitRef, Gem::Version)]) }
|
|
133
167
|
def filter_lower_versions(tags)
|
|
134
168
|
return tags unless current_version
|
|
135
169
|
|
|
@@ -142,23 +176,30 @@ module Dependabot
|
|
|
142
176
|
end
|
|
143
177
|
end
|
|
144
178
|
|
|
179
|
+
sig { returns(T.nilable(String)) }
|
|
145
180
|
def most_specific_tag_equivalent_to_pinned_ref
|
|
146
|
-
commit_sha = head_commit_for_local_branch(ref)
|
|
181
|
+
commit_sha = head_commit_for_local_branch(T.must(ref))
|
|
147
182
|
most_specific_version_tag_for_sha(commit_sha)
|
|
148
183
|
end
|
|
149
184
|
|
|
185
|
+
sig { returns(T.nilable(String)) }
|
|
150
186
|
def local_tag_for_pinned_sha
|
|
151
|
-
return
|
|
187
|
+
return unless pinned_ref_looks_like_commit_sha?
|
|
152
188
|
|
|
153
|
-
@local_tag_for_pinned_sha =
|
|
189
|
+
@local_tag_for_pinned_sha = T.let(
|
|
190
|
+
most_specific_version_tag_for_sha(ref),
|
|
191
|
+
T.nilable(String)
|
|
192
|
+
)
|
|
154
193
|
end
|
|
155
194
|
|
|
195
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
156
196
|
def version_for_pinned_sha
|
|
157
197
|
return unless local_tag_for_pinned_sha && version_class.correct?(local_tag_for_pinned_sha)
|
|
158
198
|
|
|
159
199
|
version_class.new(local_tag_for_pinned_sha)
|
|
160
200
|
end
|
|
161
201
|
|
|
202
|
+
sig { returns(T::Boolean) }
|
|
162
203
|
def git_repo_reachable?
|
|
163
204
|
local_upload_pack
|
|
164
205
|
true
|
|
@@ -166,26 +207,37 @@ module Dependabot
|
|
|
166
207
|
false
|
|
167
208
|
end
|
|
168
209
|
|
|
210
|
+
sig { returns(T.nilable(T::Hash[T.any(Symbol, String), T.untyped])) }
|
|
169
211
|
def dependency_source_details
|
|
170
212
|
@dependency_source_details || dependency.source_details(allowed_types: ["git"])
|
|
171
213
|
end
|
|
172
214
|
|
|
215
|
+
sig { params(commit_sha: T.nilable(String)).returns(T.nilable(String)) }
|
|
173
216
|
def most_specific_version_tag_for_sha(commit_sha)
|
|
174
217
|
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
|
175
218
|
.sort_by { |t| version_class.new(t.name) }
|
|
176
219
|
return if tags.empty?
|
|
177
220
|
|
|
178
|
-
tags[-1]
|
|
221
|
+
tags[-1]&.name
|
|
179
222
|
end
|
|
180
223
|
|
|
181
224
|
private
|
|
182
225
|
|
|
183
|
-
|
|
226
|
+
sig { returns(Dependabot::Dependency) }
|
|
227
|
+
attr_reader :dependency
|
|
184
228
|
|
|
229
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
|
230
|
+
attr_reader :credentials
|
|
231
|
+
|
|
232
|
+
sig { returns(T::Array[String]) }
|
|
233
|
+
attr_reader :ignored_versions
|
|
234
|
+
|
|
235
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
185
236
|
def max_local_tag_for_current_precision(tags)
|
|
186
237
|
max_local_tag(select_matching_existing_precision(tags))
|
|
187
238
|
end
|
|
188
239
|
|
|
240
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
189
241
|
def max_local_tag(tags)
|
|
190
242
|
max_version_tag = tags.max_by { |t| version_from_tag(t) }
|
|
191
243
|
|
|
@@ -193,16 +245,19 @@ module Dependabot
|
|
|
193
245
|
end
|
|
194
246
|
|
|
195
247
|
# Find the latest version with the same precision as the pinned version.
|
|
248
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
196
249
|
def select_matching_existing_precision(tags)
|
|
197
|
-
current_precision = precision(dependency.version)
|
|
250
|
+
current_precision = precision(T.must(dependency.version))
|
|
198
251
|
|
|
199
252
|
tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
|
|
200
253
|
end
|
|
201
254
|
|
|
255
|
+
sig { params(version: String).returns(Integer) }
|
|
202
256
|
def precision(version)
|
|
203
257
|
version.split(".").length
|
|
204
258
|
end
|
|
205
259
|
|
|
260
|
+
sig { params(local_tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
206
261
|
def allowed_versions(local_tags)
|
|
207
262
|
tags =
|
|
208
263
|
local_tags
|
|
@@ -217,6 +272,7 @@ module Dependabot
|
|
|
217
272
|
.reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
|
218
273
|
end
|
|
219
274
|
|
|
275
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
|
220
276
|
def pinned_ref_in_release?(version)
|
|
221
277
|
raise "Not a git dependency!" unless git_dependency?
|
|
222
278
|
|
|
@@ -227,12 +283,13 @@ module Dependabot
|
|
|
227
283
|
return false unless tag
|
|
228
284
|
|
|
229
285
|
commit_included_in_tag?(
|
|
230
|
-
commit: ref,
|
|
286
|
+
commit: T.must(ref),
|
|
231
287
|
tag: tag,
|
|
232
288
|
allow_identical: true
|
|
233
289
|
)
|
|
234
290
|
end
|
|
235
291
|
|
|
292
|
+
sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
|
|
236
293
|
def branch_behind_release?(version)
|
|
237
294
|
raise "Not a git dependency!" unless git_dependency?
|
|
238
295
|
|
|
@@ -245,24 +302,28 @@ module Dependabot
|
|
|
245
302
|
# Check if behind, excluding the case where it's identical, because
|
|
246
303
|
# we normally wouldn't switch you from tracking master to a release.
|
|
247
304
|
commit_included_in_tag?(
|
|
248
|
-
commit: ref_or_branch,
|
|
305
|
+
commit: T.must(ref_or_branch),
|
|
249
306
|
tag: tag,
|
|
250
307
|
allow_identical: false
|
|
251
308
|
)
|
|
252
309
|
end
|
|
253
310
|
|
|
311
|
+
sig { returns(T.nilable(String)) }
|
|
254
312
|
def local_upload_pack
|
|
255
313
|
local_repo_git_metadata_fetcher.upload_pack
|
|
256
314
|
end
|
|
257
315
|
|
|
316
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
|
258
317
|
def local_refs
|
|
259
318
|
handle_tag_prefix(local_repo_git_metadata_fetcher.refs_for_upload_pack)
|
|
260
319
|
end
|
|
261
320
|
|
|
321
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
|
262
322
|
def local_tags
|
|
263
323
|
handle_tag_prefix(local_repo_git_metadata_fetcher.tags_for_upload_pack)
|
|
264
324
|
end
|
|
265
325
|
|
|
326
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
266
327
|
def handle_tag_prefix(tags)
|
|
267
328
|
if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
|
|
268
329
|
tags = tags.map do |tag|
|
|
@@ -273,6 +334,14 @@ module Dependabot
|
|
|
273
334
|
tags
|
|
274
335
|
end
|
|
275
336
|
|
|
337
|
+
sig do
|
|
338
|
+
params(
|
|
339
|
+
tag: String,
|
|
340
|
+
commit: String,
|
|
341
|
+
allow_identical: T::Boolean
|
|
342
|
+
)
|
|
343
|
+
.returns(T::Boolean)
|
|
344
|
+
end
|
|
276
345
|
def commit_included_in_tag?(tag:, commit:, allow_identical: false)
|
|
277
346
|
status =
|
|
278
347
|
case Source.from_url(listing_source_url)&.provider
|
|
@@ -292,6 +361,7 @@ module Dependabot
|
|
|
292
361
|
false
|
|
293
362
|
end
|
|
294
363
|
|
|
364
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
|
295
365
|
def github_commit_comparison_status(ref1, ref2)
|
|
296
366
|
client = Clients::GithubWithRetries
|
|
297
367
|
.for_github_dot_com(credentials: credentials)
|
|
@@ -299,6 +369,7 @@ module Dependabot
|
|
|
299
369
|
client.compare(listing_source_repo, ref1, ref2).status
|
|
300
370
|
end
|
|
301
371
|
|
|
372
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
|
302
373
|
def gitlab_commit_comparison_status(ref1, ref2)
|
|
303
374
|
client = Clients::GitlabWithRetries
|
|
304
375
|
.for_gitlab_dot_com(credentials: credentials)
|
|
@@ -312,6 +383,7 @@ module Dependabot
|
|
|
312
383
|
end
|
|
313
384
|
end
|
|
314
385
|
|
|
386
|
+
sig { params(ref1: String, ref2: String).returns(String) }
|
|
315
387
|
def bitbucket_commit_comparison_status(ref1, ref2)
|
|
316
388
|
url = "https://api.bitbucket.org/2.0/repositories/" \
|
|
317
389
|
"#{listing_source_repo}/commits/?" \
|
|
@@ -330,33 +402,39 @@ module Dependabot
|
|
|
330
402
|
end
|
|
331
403
|
end
|
|
332
404
|
|
|
405
|
+
sig { returns(T.nilable(String)) }
|
|
333
406
|
def ref_or_branch
|
|
334
|
-
ref || dependency_source_details
|
|
407
|
+
ref || dependency_source_details&.fetch(:branch)
|
|
335
408
|
end
|
|
336
409
|
|
|
410
|
+
sig { returns(T.nilable(String)) }
|
|
337
411
|
def ref
|
|
338
|
-
dependency_source_details
|
|
412
|
+
dependency_source_details&.fetch(:ref)
|
|
339
413
|
end
|
|
340
414
|
|
|
415
|
+
sig { params(tag: String).returns(T::Boolean) }
|
|
341
416
|
def version_tag?(tag)
|
|
342
417
|
tag.match?(VERSION_REGEX)
|
|
343
418
|
end
|
|
344
419
|
|
|
420
|
+
sig { params(tag: String).returns(T::Boolean) }
|
|
345
421
|
def matches_existing_prefix?(tag)
|
|
346
422
|
return true unless ref_or_branch
|
|
347
423
|
|
|
348
|
-
if version_tag?(ref_or_branch)
|
|
349
|
-
same_prefix?(ref_or_branch, tag)
|
|
424
|
+
if version_tag?(T.must(ref_or_branch))
|
|
425
|
+
same_prefix?(T.must(ref_or_branch), tag)
|
|
350
426
|
else
|
|
351
|
-
local_tag_for_pinned_sha.nil? || same_prefix?(local_tag_for_pinned_sha, tag)
|
|
427
|
+
local_tag_for_pinned_sha.nil? || same_prefix?(T.must(local_tag_for_pinned_sha), tag)
|
|
352
428
|
end
|
|
353
429
|
end
|
|
354
430
|
|
|
431
|
+
sig { params(tag: String, other_tag: String).returns(T::Boolean) }
|
|
355
432
|
def same_prefix?(tag, other_tag)
|
|
356
433
|
tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "") ==
|
|
357
434
|
other_tag.gsub(VERSION_REGEX, "").gsub(/v$/i, "")
|
|
358
435
|
end
|
|
359
436
|
|
|
437
|
+
sig { params(tag: T.nilable(Dependabot::GitRef)).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
360
438
|
def to_local_tag(tag)
|
|
361
439
|
return unless tag
|
|
362
440
|
|
|
@@ -369,8 +447,9 @@ module Dependabot
|
|
|
369
447
|
}
|
|
370
448
|
end
|
|
371
449
|
|
|
450
|
+
sig { returns(T.nilable(String)) }
|
|
372
451
|
def listing_source_url
|
|
373
|
-
@listing_source_url ||=
|
|
452
|
+
@listing_source_url ||= T.let(
|
|
374
453
|
begin
|
|
375
454
|
# Remove the git source, so the metadata finder looks on the
|
|
376
455
|
# registry
|
|
@@ -385,100 +464,133 @@ module Dependabot
|
|
|
385
464
|
.for_package_manager(dependency.package_manager)
|
|
386
465
|
.new(dependency: candidate_dep, credentials: credentials)
|
|
387
466
|
.source_url
|
|
388
|
-
end
|
|
467
|
+
end,
|
|
468
|
+
T.nilable(String)
|
|
469
|
+
)
|
|
389
470
|
end
|
|
390
471
|
|
|
472
|
+
sig { returns(T.nilable(String)) }
|
|
391
473
|
def listing_source_repo
|
|
392
474
|
return unless listing_source_url
|
|
393
475
|
|
|
394
476
|
Source.from_url(listing_source_url)&.repo
|
|
395
477
|
end
|
|
396
478
|
|
|
479
|
+
sig { params(version: String).returns(T.nilable(String)) }
|
|
397
480
|
def listing_tag_for_version(version)
|
|
398
481
|
listing_tags
|
|
399
482
|
.find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
|
400
483
|
&.name
|
|
401
484
|
end
|
|
402
485
|
|
|
486
|
+
sig { returns(T::Array[Dependabot::GitRef]) }
|
|
403
487
|
def listing_tags
|
|
404
488
|
return [] unless listing_source_url
|
|
405
489
|
|
|
406
|
-
@listing_tags ||=
|
|
407
|
-
|
|
490
|
+
@listing_tags ||= T.let(
|
|
491
|
+
begin
|
|
492
|
+
tags = listing_repo_git_metadata_fetcher.tags
|
|
408
493
|
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
494
|
+
if dependency_source_details&.fetch(:ref, nil)&.start_with?("tags/")
|
|
495
|
+
tags = tags.map do |tag|
|
|
496
|
+
tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
|
|
497
|
+
end
|
|
412
498
|
end
|
|
413
|
-
end
|
|
414
499
|
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
500
|
+
tags
|
|
501
|
+
rescue GitDependenciesNotReachable
|
|
502
|
+
[]
|
|
503
|
+
end,
|
|
504
|
+
T.nilable(T::Array[Dependabot::GitRef])
|
|
505
|
+
)
|
|
419
506
|
end
|
|
420
507
|
|
|
508
|
+
sig { returns(T.nilable(String)) }
|
|
421
509
|
def listing_upload_pack
|
|
422
510
|
return unless listing_source_url
|
|
423
511
|
|
|
424
512
|
listing_repo_git_metadata_fetcher.upload_pack
|
|
425
513
|
end
|
|
426
514
|
|
|
515
|
+
sig { returns(T::Array[Dependabot::Requirement]) }
|
|
427
516
|
def ignore_requirements
|
|
428
517
|
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
|
429
518
|
end
|
|
430
519
|
|
|
520
|
+
sig { returns(T::Boolean) }
|
|
431
521
|
def wants_prerelease?
|
|
432
522
|
return false unless dependency_source_details&.fetch(:ref, nil)
|
|
433
523
|
return false unless pinned_ref_looks_like_version?
|
|
434
524
|
|
|
435
|
-
version = version_from_ref(ref)
|
|
525
|
+
version = version_from_ref(T.must(ref))
|
|
436
526
|
version.prerelease?
|
|
437
527
|
end
|
|
438
528
|
|
|
529
|
+
sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
|
|
439
530
|
def tag_included_in_ignore_requirements?(tag)
|
|
440
531
|
version = version_from_tag(tag)
|
|
441
532
|
ignore_requirements.any? { |r| r.satisfied_by?(version) }
|
|
442
533
|
end
|
|
443
534
|
|
|
535
|
+
sig { params(tag: Dependabot::GitRef).returns(T::Boolean) }
|
|
444
536
|
def tag_is_prerelease?(tag)
|
|
445
537
|
version_from_tag(tag).prerelease?
|
|
446
538
|
end
|
|
447
539
|
|
|
540
|
+
sig { params(tag: Dependabot::GitRef).returns(Gem::Version) }
|
|
448
541
|
def version_from_tag(tag)
|
|
449
542
|
version_from_ref(tag.name)
|
|
450
543
|
end
|
|
451
544
|
|
|
545
|
+
sig { params(name: String).returns(Gem::Version) }
|
|
452
546
|
def version_from_ref(name)
|
|
453
547
|
version_class.new(scan_version(name))
|
|
454
548
|
end
|
|
455
549
|
|
|
550
|
+
sig { params(name: String).returns(String) }
|
|
456
551
|
def scan_version(name)
|
|
457
|
-
name.match(VERSION_REGEX).named_captures.fetch("version")
|
|
552
|
+
T.must(T.must(name.match(VERSION_REGEX)).named_captures.fetch("version"))
|
|
458
553
|
end
|
|
459
554
|
|
|
555
|
+
sig { returns(T.class_of(Gem::Version)) }
|
|
460
556
|
def version_class
|
|
461
|
-
@version_class ||=
|
|
557
|
+
@version_class ||= T.let(
|
|
558
|
+
dependency.version_class,
|
|
559
|
+
T.nilable(T.class_of(Gem::Version))
|
|
560
|
+
)
|
|
462
561
|
end
|
|
463
562
|
|
|
563
|
+
sig { returns(T.class_of(Dependabot::Requirement)) }
|
|
464
564
|
def requirement_class
|
|
465
|
-
@requirement_class ||=
|
|
565
|
+
@requirement_class ||= T.let(
|
|
566
|
+
dependency.requirement_class,
|
|
567
|
+
T.nilable(T.class_of(Dependabot::Requirement))
|
|
568
|
+
)
|
|
466
569
|
end
|
|
467
570
|
|
|
571
|
+
sig { returns(Dependabot::GitMetadataFetcher) }
|
|
468
572
|
def local_repo_git_metadata_fetcher
|
|
469
573
|
@local_repo_git_metadata_fetcher ||=
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
574
|
+
T.let(
|
|
575
|
+
GitMetadataFetcher.new(
|
|
576
|
+
url: dependency_source_details&.fetch(:url),
|
|
577
|
+
credentials: credentials
|
|
578
|
+
),
|
|
579
|
+
T.nilable(Dependabot::GitMetadataFetcher)
|
|
473
580
|
)
|
|
474
581
|
end
|
|
475
582
|
|
|
583
|
+
sig { returns(Dependabot::GitMetadataFetcher) }
|
|
476
584
|
def listing_repo_git_metadata_fetcher
|
|
477
585
|
@listing_repo_git_metadata_fetcher ||=
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
586
|
+
T.let(
|
|
587
|
+
GitMetadataFetcher.new(
|
|
588
|
+
url: T.must(listing_source_url),
|
|
589
|
+
credentials: credentials
|
|
590
|
+
),
|
|
591
|
+
T.nilable(Dependabot::GitMetadataFetcher)
|
|
481
592
|
)
|
|
482
593
|
end
|
|
483
594
|
end
|
|
595
|
+
# rubocop:enable Metrics/ClassLength
|
|
484
596
|
end
|
|
@@ -1,24 +1,40 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/source"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module MetadataFinders
|
|
8
9
|
class Base
|
|
10
|
+
extend T::Sig
|
|
11
|
+
extend T::Helpers
|
|
12
|
+
|
|
9
13
|
require "dependabot/metadata_finders/base/changelog_finder"
|
|
10
14
|
require "dependabot/metadata_finders/base/release_finder"
|
|
11
15
|
require "dependabot/metadata_finders/base/commits_finder"
|
|
12
16
|
|
|
13
|
-
PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = %w(npm_and_yarn pub).freeze
|
|
17
|
+
PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES = T.let(%w(npm_and_yarn pub).freeze, T::Array[String])
|
|
18
|
+
|
|
19
|
+
sig { returns(Dependabot::Dependency) }
|
|
20
|
+
attr_reader :dependency
|
|
14
21
|
|
|
15
|
-
|
|
22
|
+
sig { returns(T::Array[T::Hash[String, String]]) }
|
|
23
|
+
attr_reader :credentials
|
|
16
24
|
|
|
25
|
+
sig do
|
|
26
|
+
params(
|
|
27
|
+
dependency: Dependabot::Dependency,
|
|
28
|
+
credentials: T::Array[T::Hash[String, String]]
|
|
29
|
+
)
|
|
30
|
+
.void
|
|
31
|
+
end
|
|
17
32
|
def initialize(dependency:, credentials:)
|
|
18
33
|
@dependency = dependency
|
|
19
34
|
@credentials = credentials
|
|
20
35
|
end
|
|
21
36
|
|
|
37
|
+
sig { returns(T.nilable(String)) }
|
|
22
38
|
def source_url
|
|
23
39
|
if reliable_source_directory?
|
|
24
40
|
source&.url_with_directory
|
|
@@ -27,106 +43,144 @@ module Dependabot
|
|
|
27
43
|
end
|
|
28
44
|
end
|
|
29
45
|
|
|
46
|
+
sig { returns(T.nilable(String)) }
|
|
30
47
|
def homepage_url
|
|
31
48
|
source_url
|
|
32
49
|
end
|
|
33
50
|
|
|
51
|
+
sig { returns(T.nilable(String)) }
|
|
34
52
|
def changelog_url
|
|
35
|
-
@changelog_finder ||=
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
53
|
+
@changelog_finder ||= T.let(
|
|
54
|
+
ChangelogFinder.new(
|
|
55
|
+
dependency: dependency,
|
|
56
|
+
source: source,
|
|
57
|
+
credentials: credentials,
|
|
58
|
+
suggested_changelog_url: suggested_changelog_url
|
|
59
|
+
),
|
|
60
|
+
T.nilable(ChangelogFinder)
|
|
40
61
|
)
|
|
41
62
|
@changelog_finder.changelog_url
|
|
42
63
|
end
|
|
43
64
|
|
|
65
|
+
sig { returns(T.nilable(String)) }
|
|
44
66
|
def changelog_text
|
|
45
|
-
@changelog_finder ||=
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
67
|
+
@changelog_finder ||= T.let(
|
|
68
|
+
ChangelogFinder.new(
|
|
69
|
+
dependency: dependency,
|
|
70
|
+
source: source,
|
|
71
|
+
credentials: credentials,
|
|
72
|
+
suggested_changelog_url: suggested_changelog_url
|
|
73
|
+
),
|
|
74
|
+
T.nilable(ChangelogFinder)
|
|
50
75
|
)
|
|
51
76
|
@changelog_finder.changelog_text
|
|
52
77
|
end
|
|
53
78
|
|
|
79
|
+
sig { returns(T.nilable(String)) }
|
|
54
80
|
def upgrade_guide_url
|
|
55
|
-
@changelog_finder ||=
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
81
|
+
@changelog_finder ||= T.let(
|
|
82
|
+
ChangelogFinder.new(
|
|
83
|
+
dependency: dependency,
|
|
84
|
+
source: source,
|
|
85
|
+
credentials: credentials,
|
|
86
|
+
suggested_changelog_url: suggested_changelog_url
|
|
87
|
+
),
|
|
88
|
+
T.nilable(ChangelogFinder)
|
|
60
89
|
)
|
|
61
90
|
@changelog_finder.upgrade_guide_url
|
|
62
91
|
end
|
|
63
92
|
|
|
93
|
+
sig { returns(T.nilable(String)) }
|
|
64
94
|
def upgrade_guide_text
|
|
65
|
-
@changelog_finder ||=
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
95
|
+
@changelog_finder ||= T.let(
|
|
96
|
+
ChangelogFinder.new(
|
|
97
|
+
dependency: dependency,
|
|
98
|
+
source: source,
|
|
99
|
+
credentials: credentials,
|
|
100
|
+
suggested_changelog_url: suggested_changelog_url
|
|
101
|
+
),
|
|
102
|
+
T.nilable(ChangelogFinder)
|
|
70
103
|
)
|
|
71
104
|
@changelog_finder.upgrade_guide_text
|
|
72
105
|
end
|
|
73
106
|
|
|
107
|
+
sig { returns(T.nilable(String)) }
|
|
74
108
|
def releases_url
|
|
75
|
-
@release_finder ||=
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
109
|
+
@release_finder ||= T.let(
|
|
110
|
+
ReleaseFinder.new(
|
|
111
|
+
dependency: dependency,
|
|
112
|
+
source: source,
|
|
113
|
+
credentials: credentials
|
|
114
|
+
),
|
|
115
|
+
T.nilable(ReleaseFinder)
|
|
79
116
|
)
|
|
80
117
|
@release_finder.releases_url
|
|
81
118
|
end
|
|
82
119
|
|
|
120
|
+
sig { returns(T.nilable(String)) }
|
|
83
121
|
def releases_text
|
|
84
|
-
@release_finder ||=
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
122
|
+
@release_finder ||= T.let(
|
|
123
|
+
ReleaseFinder.new(
|
|
124
|
+
dependency: dependency,
|
|
125
|
+
source: source,
|
|
126
|
+
credentials: credentials
|
|
127
|
+
),
|
|
128
|
+
T.nilable(ReleaseFinder)
|
|
88
129
|
)
|
|
89
130
|
@release_finder.releases_text
|
|
90
131
|
end
|
|
91
132
|
|
|
133
|
+
sig { returns(T.nilable(String)) }
|
|
92
134
|
def commits_url
|
|
93
|
-
@commits_finder ||=
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
135
|
+
@commits_finder ||= T.let(
|
|
136
|
+
CommitsFinder.new(
|
|
137
|
+
dependency: dependency,
|
|
138
|
+
source: source,
|
|
139
|
+
credentials: credentials
|
|
140
|
+
),
|
|
141
|
+
T.nilable(CommitsFinder)
|
|
97
142
|
)
|
|
98
143
|
@commits_finder.commits_url
|
|
99
144
|
end
|
|
100
145
|
|
|
146
|
+
sig { returns(T::Array[T::Hash[Symbol, String]]) }
|
|
101
147
|
def commits
|
|
102
|
-
@commits_finder ||=
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
148
|
+
@commits_finder ||= T.let(
|
|
149
|
+
CommitsFinder.new(
|
|
150
|
+
dependency: dependency,
|
|
151
|
+
source: source,
|
|
152
|
+
credentials: credentials
|
|
153
|
+
),
|
|
154
|
+
T.nilable(CommitsFinder)
|
|
106
155
|
)
|
|
107
156
|
@commits_finder.commits
|
|
108
157
|
end
|
|
109
158
|
|
|
159
|
+
sig { overridable.returns(T.nilable(String)) }
|
|
110
160
|
def maintainer_changes
|
|
111
161
|
nil
|
|
112
162
|
end
|
|
113
163
|
|
|
114
164
|
private
|
|
115
165
|
|
|
166
|
+
sig { overridable.returns(T.nilable(String)) }
|
|
116
167
|
def suggested_changelog_url
|
|
117
168
|
nil
|
|
118
169
|
end
|
|
119
170
|
|
|
171
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
|
120
172
|
def source
|
|
121
173
|
return @source if defined?(@source)
|
|
122
174
|
|
|
123
|
-
@source = look_up_source
|
|
175
|
+
@source = T.let(look_up_source, T.nilable(Dependabot::Source))
|
|
124
176
|
end
|
|
125
177
|
|
|
178
|
+
sig { overridable.returns(Dependabot::Source) }
|
|
126
179
|
def look_up_source
|
|
127
180
|
raise NotImplementedError
|
|
128
181
|
end
|
|
129
182
|
|
|
183
|
+
sig { returns(T::Boolean) }
|
|
130
184
|
def reliable_source_directory?
|
|
131
185
|
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
|
132
186
|
.include?(dependency.package_manager)
|
|
@@ -14,7 +14,7 @@ module Dependabot
|
|
|
14
14
|
params(
|
|
15
15
|
dependencies: T::Array[Dependabot::Dependency],
|
|
16
16
|
files: T::Array[Dependabot::DependencyFile],
|
|
17
|
-
target_branch: String,
|
|
17
|
+
target_branch: T.nilable(String),
|
|
18
18
|
dependency_group: Dependabot::DependencyGroup,
|
|
19
19
|
includes_security_fixes: T::Boolean,
|
|
20
20
|
separator: String,
|
|
@@ -38,7 +38,7 @@ module Dependabot
|
|
|
38
38
|
@includes_security_fixes = includes_security_fixes
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
sig { returns(String) }
|
|
41
|
+
sig { override.returns(String) }
|
|
42
42
|
def new_branch_name
|
|
43
43
|
sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
|
|
44
44
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "digest"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
require "dependabot/metadata_finders"
|
|
7
8
|
require "dependabot/pull_request_creator/branch_namer/base"
|
|
@@ -10,30 +11,37 @@ module Dependabot
|
|
|
10
11
|
class PullRequestCreator
|
|
11
12
|
class BranchNamer
|
|
12
13
|
class SoloStrategy < Base
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
16
|
+
sig { override.returns(String) }
|
|
13
17
|
def new_branch_name
|
|
14
18
|
@name ||=
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
19
|
+
T.let(
|
|
20
|
+
begin
|
|
21
|
+
dependency_name_part =
|
|
22
|
+
if dependencies.count > 1 && updating_a_property?
|
|
23
|
+
property_name
|
|
24
|
+
elsif dependencies.count > 1 && updating_a_dependency_set?
|
|
25
|
+
dependency_set.fetch(:group)
|
|
26
|
+
else
|
|
27
|
+
dependencies
|
|
28
|
+
.map(&:name)
|
|
29
|
+
.join("-and-")
|
|
30
|
+
.tr(":[]", "-")
|
|
31
|
+
.tr("@", "")
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
"#{dependency_name_part}-#{branch_version_suffix}"
|
|
35
|
+
end,
|
|
36
|
+
T.nilable(String)
|
|
37
|
+
)
|
|
31
38
|
|
|
32
39
|
sanitize_branch_name(File.join(prefixes, @name))
|
|
33
40
|
end
|
|
34
41
|
|
|
35
42
|
private
|
|
36
43
|
|
|
44
|
+
sig { returns(T::Array[String]) }
|
|
37
45
|
def prefixes
|
|
38
46
|
[
|
|
39
47
|
prefix,
|
|
@@ -43,46 +51,58 @@ module Dependabot
|
|
|
43
51
|
].compact
|
|
44
52
|
end
|
|
45
53
|
|
|
54
|
+
sig { returns(String) }
|
|
46
55
|
def package_manager
|
|
47
56
|
T.must(dependencies.first).package_manager
|
|
48
57
|
end
|
|
49
58
|
|
|
59
|
+
sig { returns(T::Boolean) }
|
|
50
60
|
def updating_a_property?
|
|
51
61
|
T.must(dependencies.first)
|
|
52
62
|
.requirements
|
|
53
63
|
.any? { |r| r.dig(:metadata, :property_name) }
|
|
54
64
|
end
|
|
55
65
|
|
|
66
|
+
sig { returns(T::Boolean) }
|
|
56
67
|
def updating_a_dependency_set?
|
|
57
68
|
T.must(dependencies.first)
|
|
58
69
|
.requirements
|
|
59
70
|
.any? { |r| r.dig(:metadata, :dependency_set) }
|
|
60
71
|
end
|
|
61
72
|
|
|
73
|
+
sig { returns(String) }
|
|
62
74
|
def property_name
|
|
63
|
-
@property_name ||=
|
|
64
|
-
|
|
65
|
-
|
|
75
|
+
@property_name ||=
|
|
76
|
+
T.let(T.must(dependencies.first).requirements
|
|
77
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
78
|
+
&.dig(:metadata, :property_name),
|
|
79
|
+
T.nilable(String))
|
|
66
80
|
|
|
67
81
|
raise "No property name!" unless @property_name
|
|
68
82
|
|
|
69
83
|
@property_name
|
|
70
84
|
end
|
|
71
85
|
|
|
86
|
+
sig { returns(T::Hash[Symbol, String]) }
|
|
72
87
|
def dependency_set
|
|
73
|
-
@dependency_set ||=
|
|
74
|
-
|
|
75
|
-
|
|
88
|
+
@dependency_set ||=
|
|
89
|
+
T.let(
|
|
90
|
+
T.must(dependencies.first).requirements
|
|
91
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
92
|
+
&.dig(:metadata, :dependency_set),
|
|
93
|
+
T.nilable(T::Hash[String, String])
|
|
94
|
+
)
|
|
76
95
|
|
|
77
96
|
raise "No dependency set!" unless @dependency_set
|
|
78
97
|
|
|
79
98
|
@dependency_set
|
|
80
99
|
end
|
|
81
100
|
|
|
101
|
+
sig { returns(T.nilable(String)) }
|
|
82
102
|
def branch_version_suffix
|
|
83
|
-
dep = dependencies.first
|
|
103
|
+
dep = T.must(dependencies.first)
|
|
84
104
|
|
|
85
|
-
if
|
|
105
|
+
if dep.removed?
|
|
86
106
|
"-removed"
|
|
87
107
|
elsif library? && ref_changed?(dep) && new_ref(dep)
|
|
88
108
|
new_ref(dep)
|
|
@@ -93,6 +113,7 @@ module Dependabot
|
|
|
93
113
|
end
|
|
94
114
|
end
|
|
95
115
|
|
|
116
|
+
sig { params(dependency: Dependabot::Dependency).returns(String) }
|
|
96
117
|
def sanitized_requirement(dependency)
|
|
97
118
|
new_library_requirement(dependency)
|
|
98
119
|
.delete(" ")
|
|
@@ -111,13 +132,14 @@ module Dependabot
|
|
|
111
132
|
.gsub(",", "-and-")
|
|
112
133
|
end
|
|
113
134
|
|
|
135
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
|
114
136
|
def new_version(dependency)
|
|
115
137
|
# Version looks like a git SHA and we could be updating to a specific
|
|
116
138
|
# ref in which case we return that otherwise we return a shorthand sha
|
|
117
|
-
if dependency.version
|
|
139
|
+
if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
|
118
140
|
return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
|
|
119
141
|
|
|
120
|
-
dependency.version[0..6]
|
|
142
|
+
T.must(dependency.version)[0..6]
|
|
121
143
|
elsif dependency.version == dependency.previous_version &&
|
|
122
144
|
package_manager == "docker"
|
|
123
145
|
dependency.requirements
|
|
@@ -128,13 +150,15 @@ module Dependabot
|
|
|
128
150
|
end
|
|
129
151
|
end
|
|
130
152
|
|
|
153
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
|
131
154
|
def previous_ref(dependency)
|
|
132
|
-
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
155
|
+
previous_refs = T.must(dependency.previous_requirements).filter_map do |r|
|
|
133
156
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
134
157
|
end.uniq
|
|
135
158
|
previous_refs.first if previous_refs.count == 1
|
|
136
159
|
end
|
|
137
160
|
|
|
161
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(String)) }
|
|
138
162
|
def new_ref(dependency)
|
|
139
163
|
new_refs = dependency.requirements.filter_map do |r|
|
|
140
164
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
@@ -142,20 +166,22 @@ module Dependabot
|
|
|
142
166
|
new_refs.first if new_refs.count == 1
|
|
143
167
|
end
|
|
144
168
|
|
|
169
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
145
170
|
def ref_changed?(dependency)
|
|
146
171
|
# We could go from multiple previous refs (nil) to a single new ref
|
|
147
172
|
previous_ref(dependency) != new_ref(dependency)
|
|
148
173
|
end
|
|
149
174
|
|
|
175
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.untyped) }
|
|
150
176
|
def new_library_requirement(dependency)
|
|
151
177
|
updated_reqs =
|
|
152
|
-
dependency.requirements - dependency.previous_requirements
|
|
178
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
|
153
179
|
|
|
154
180
|
gemspec =
|
|
155
181
|
updated_reqs.find { |r| r[:file].match?(%r{^[^/]*\.gemspec$}) }
|
|
156
182
|
return gemspec[:requirement] if gemspec
|
|
157
183
|
|
|
158
|
-
updated_reqs.first
|
|
184
|
+
updated_reqs.first&.fetch(:requirement)
|
|
159
185
|
end
|
|
160
186
|
|
|
161
187
|
# TODO: Bring this in line with existing library checks that we do in the
|
|
@@ -163,12 +189,14 @@ module Dependabot
|
|
|
163
189
|
# `requirements_update_strategy`.
|
|
164
190
|
#
|
|
165
191
|
# TODO re-use in MessageBuilder
|
|
192
|
+
sig { returns(T::Boolean) }
|
|
166
193
|
def library?
|
|
167
194
|
dependencies.any? { |d| !d.appears_in_lockfile? }
|
|
168
195
|
end
|
|
169
196
|
|
|
197
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
170
198
|
def requirements_changed?(dependency)
|
|
171
|
-
(dependency.requirements - dependency.previous_requirements).any?
|
|
199
|
+
(dependency.requirements - T.must(dependency.previous_requirements)).any?
|
|
172
200
|
end
|
|
173
201
|
end
|
|
174
202
|
end
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "digest"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
require "dependabot/metadata_finders"
|
|
7
8
|
require "dependabot/pull_request_creator"
|
|
@@ -11,9 +12,45 @@ require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
|
|
11
12
|
module Dependabot
|
|
12
13
|
class PullRequestCreator
|
|
13
14
|
class BranchNamer
|
|
14
|
-
|
|
15
|
-
:includes_security_fixes
|
|
15
|
+
extend T::Sig
|
|
16
16
|
|
|
17
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
18
|
+
attr_reader :dependencies
|
|
19
|
+
|
|
20
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
21
|
+
attr_reader :files
|
|
22
|
+
|
|
23
|
+
sig { returns(T.nilable(String)) }
|
|
24
|
+
attr_reader :target_branch
|
|
25
|
+
|
|
26
|
+
sig { returns(String) }
|
|
27
|
+
attr_reader :separator
|
|
28
|
+
|
|
29
|
+
sig { returns(String) }
|
|
30
|
+
attr_reader :prefix
|
|
31
|
+
|
|
32
|
+
sig { returns(T.nilable(Integer)) }
|
|
33
|
+
attr_reader :max_length
|
|
34
|
+
|
|
35
|
+
sig { returns(T.nilable(Dependabot::DependencyGroup)) }
|
|
36
|
+
attr_reader :dependency_group
|
|
37
|
+
|
|
38
|
+
sig { returns(T::Boolean) }
|
|
39
|
+
attr_reader :includes_security_fixes
|
|
40
|
+
|
|
41
|
+
sig do
|
|
42
|
+
params(
|
|
43
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
44
|
+
files: T::Array[Dependabot::DependencyFile],
|
|
45
|
+
target_branch: T.nilable(String),
|
|
46
|
+
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
|
47
|
+
separator: String,
|
|
48
|
+
prefix: String,
|
|
49
|
+
max_length: T.nilable(Integer),
|
|
50
|
+
includes_security_fixes: T::Boolean
|
|
51
|
+
)
|
|
52
|
+
.void
|
|
53
|
+
end
|
|
17
54
|
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
|
18
55
|
separator: "/", prefix: "dependabot", max_length: nil, includes_security_fixes: false)
|
|
19
56
|
@dependencies = dependencies
|
|
@@ -26,14 +63,16 @@ module Dependabot
|
|
|
26
63
|
@includes_security_fixes = includes_security_fixes
|
|
27
64
|
end
|
|
28
65
|
|
|
66
|
+
sig { returns(String) }
|
|
29
67
|
def new_branch_name
|
|
30
68
|
strategy.new_branch_name
|
|
31
69
|
end
|
|
32
70
|
|
|
33
71
|
private
|
|
34
72
|
|
|
73
|
+
sig { returns(Dependabot::PullRequestCreator::BranchNamer::Base) }
|
|
35
74
|
def strategy
|
|
36
|
-
@strategy ||=
|
|
75
|
+
@strategy ||= T.let(
|
|
37
76
|
if dependency_group.nil?
|
|
38
77
|
SoloStrategy.new(
|
|
39
78
|
dependencies: dependencies,
|
|
@@ -48,13 +87,15 @@ module Dependabot
|
|
|
48
87
|
dependencies: dependencies,
|
|
49
88
|
files: files,
|
|
50
89
|
target_branch: target_branch,
|
|
51
|
-
dependency_group: dependency_group,
|
|
90
|
+
dependency_group: T.must(dependency_group),
|
|
52
91
|
includes_security_fixes: includes_security_fixes,
|
|
53
92
|
separator: separator,
|
|
54
93
|
prefix: prefix,
|
|
55
94
|
max_length: max_length
|
|
56
95
|
)
|
|
57
|
-
end
|
|
96
|
+
end,
|
|
97
|
+
T.nilable(Dependabot::PullRequestCreator::BranchNamer::Base)
|
|
98
|
+
)
|
|
58
99
|
end
|
|
59
100
|
end
|
|
60
101
|
end
|
|
@@ -100,7 +100,7 @@ module Dependabot
|
|
|
100
100
|
sig { returns(T::Hash[String, String]) }
|
|
101
101
|
attr_reader :vulnerabilities_fixed
|
|
102
102
|
|
|
103
|
-
sig { returns(T.nilable(T::Array[String])) }
|
|
103
|
+
sig { returns(T.nilable(T.any(T::Array[String], T::Hash[Symbol, T::Array[Integer]]))) }
|
|
104
104
|
attr_reader :reviewers
|
|
105
105
|
|
|
106
106
|
sig { returns(T.nilable(T::Array[String])) }
|
|
@@ -389,7 +389,7 @@ module Dependabot
|
|
|
389
389
|
BranchNamer.new(
|
|
390
390
|
dependencies: dependencies,
|
|
391
391
|
files: files,
|
|
392
|
-
target_branch: source.branch,
|
|
392
|
+
target_branch: T.must(source.branch),
|
|
393
393
|
dependency_group: dependency_group,
|
|
394
394
|
separator: branch_name_separator,
|
|
395
395
|
prefix: branch_name_prefix,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.241.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-01-
|
|
11
|
+
date: 2024-01-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -572,7 +572,7 @@ licenses:
|
|
|
572
572
|
- Nonstandard
|
|
573
573
|
metadata:
|
|
574
574
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
575
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
575
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.241.0
|
|
576
576
|
post_install_message:
|
|
577
577
|
rdoc_options: []
|
|
578
578
|
require_paths:
|