dependabot-common 0.271.0 → 0.272.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/errors.rb +12 -0
- data/lib/dependabot/file_parsers/base.rb +6 -0
- data/lib/dependabot/file_updaters/base.rb +2 -2
- data/lib/dependabot/notices.rb +168 -0
- data/lib/dependabot/package_manager.rb +84 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +25 -3
- data/lib/dependabot/sem_version2.rb +131 -0
- data/lib/dependabot.rb +1 -1
- metadata +6 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 317e2fbaa5340fe4a995a419da5ace365912a1a47de42ebc79adf23cc704b98c
|
4
|
+
data.tar.gz: 214d238bc3b6de57972e5676aac6e6b837187fb6fee5c050d673257ed751ef9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 64b49b8b1dec8d348b62090c5d67b5793f1ded64126b493fbc848aea8075ccaaa2c852cf14702bfd3bcea4c26b79a0e99cfe54f9d0a7f326af8a97aa2f53bd34
|
7
|
+
data.tar.gz: e1020c4794c5ca79434d4c488d20f565fbc6b0694f03def3e948700803aa46fa6ecfa19bdf740b83b68764bd9624c46496e51fe8dddecebeda6b1d6afe9370ad
|
data/lib/dependabot/errors.rb
CHANGED
@@ -226,6 +226,11 @@ module Dependabot
|
|
226
226
|
"error-message": error.message
|
227
227
|
}
|
228
228
|
}
|
229
|
+
when Dependabot::OutOfDisk
|
230
|
+
{
|
231
|
+
"error-type": "out_of_disk",
|
232
|
+
"error-detail": {}
|
233
|
+
}
|
229
234
|
when Dependabot::GoModulePathMismatch
|
230
235
|
{
|
231
236
|
"error-type": "go_module_path_mismatch",
|
@@ -235,6 +240,11 @@ module Dependabot
|
|
235
240
|
"go-mod": error.go_mod
|
236
241
|
}
|
237
242
|
}
|
243
|
+
when BadRequirementError
|
244
|
+
{
|
245
|
+
"error-type": "illformed_requirement",
|
246
|
+
"error-detail": { message: error.message }
|
247
|
+
}
|
238
248
|
when
|
239
249
|
IncompatibleCPU,
|
240
250
|
NetworkUnsafeHTTP
|
@@ -508,6 +518,8 @@ module Dependabot
|
|
508
518
|
|
509
519
|
class DependencyFileNotResolvable < DependabotError; end
|
510
520
|
|
521
|
+
class BadRequirementError < Gem::Requirement::BadRequirementError; end
|
522
|
+
|
511
523
|
#######################
|
512
524
|
# Source level errors #
|
513
525
|
#######################
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
5
5
|
require "dependabot/credential"
|
6
|
+
require "dependabot/package_manager"
|
6
7
|
|
7
8
|
module Dependabot
|
8
9
|
module FileParsers
|
@@ -53,6 +54,11 @@ module Dependabot
|
|
53
54
|
sig { abstract.returns(T::Array[Dependabot::Dependency]) }
|
54
55
|
def parse; end
|
55
56
|
|
57
|
+
sig { returns(T.nilable(PackageManagerBase)) }
|
58
|
+
def package_manager
|
59
|
+
nil
|
60
|
+
end
|
61
|
+
|
56
62
|
private
|
57
63
|
|
58
64
|
sig { abstract.void }
|
@@ -28,8 +28,8 @@ module Dependabot
|
|
28
28
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
29
29
|
attr_reader :options
|
30
30
|
|
31
|
-
sig { overridable.
|
32
|
-
def self.updated_files_regex
|
31
|
+
sig { overridable.returns(T::Array[Regexp]) }
|
32
|
+
def self.updated_files_regex
|
33
33
|
raise NotImplementedError
|
34
34
|
end
|
35
35
|
|
@@ -0,0 +1,168 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
require "dependabot/package_manager"
|
6
|
+
|
7
|
+
module Dependabot
|
8
|
+
class Notice
|
9
|
+
extend T::Sig
|
10
|
+
|
11
|
+
sig { returns(String) }
|
12
|
+
attr_reader :mode, :type, :package_manager_name, :message, :markdown
|
13
|
+
|
14
|
+
# Initializes a new Notice object.
|
15
|
+
# @param mode [String] The mode of the notice (e.g., "WARN", "ERROR").
|
16
|
+
# @param type [String] The type of the notice (e.g., "bundler_deprecated_warn").
|
17
|
+
# @param package_manager_name [String] The name of the package manager (e.g., "bundler").
|
18
|
+
# @param message [String] The main message of the notice.
|
19
|
+
# @param markdown [String] The markdown formatted message.
|
20
|
+
sig do
|
21
|
+
params(
|
22
|
+
mode: String,
|
23
|
+
type: String,
|
24
|
+
package_manager_name: String,
|
25
|
+
message: String,
|
26
|
+
markdown: String
|
27
|
+
).void
|
28
|
+
end
|
29
|
+
def initialize(mode:, type:, package_manager_name:, message: "", markdown: "")
|
30
|
+
@mode = mode
|
31
|
+
@type = type
|
32
|
+
@package_manager_name = package_manager_name
|
33
|
+
@message = message
|
34
|
+
@markdown = markdown
|
35
|
+
end
|
36
|
+
|
37
|
+
# Converts the Notice object to a hash.
|
38
|
+
# @return [Hash] The hash representation of the notice.
|
39
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
40
|
+
def to_hash
|
41
|
+
{
|
42
|
+
mode: @mode,
|
43
|
+
type: @type,
|
44
|
+
package_manager_name: @package_manager_name,
|
45
|
+
message: @message,
|
46
|
+
markdown: @markdown
|
47
|
+
}
|
48
|
+
end
|
49
|
+
|
50
|
+
# Generates a message for supported versions.
|
51
|
+
# @param supported_versions [Array<Dependabot::Version>, nil] The supported versions of the package manager.
|
52
|
+
# @param support_later_versions [Boolean] Whether later versions are supported.
|
53
|
+
# @return [String, nil] The generated message or nil if no supported versions are provided.
|
54
|
+
sig do
|
55
|
+
params(
|
56
|
+
supported_versions: T.nilable(T::Array[Dependabot::Version]),
|
57
|
+
support_later_versions: T::Boolean
|
58
|
+
).returns(String)
|
59
|
+
end
|
60
|
+
def self.generate_supported_versions_message(supported_versions, support_later_versions)
|
61
|
+
return "" unless supported_versions&.any?
|
62
|
+
|
63
|
+
versions_string = supported_versions.map { |version| "`v#{version}`" }
|
64
|
+
|
65
|
+
versions_string[-1] = "or #{versions_string[-1]}" if versions_string.count > 1 && !support_later_versions
|
66
|
+
|
67
|
+
versions_string = versions_string.join(", ")
|
68
|
+
|
69
|
+
later_message = support_later_versions ? ", or later" : ""
|
70
|
+
|
71
|
+
return "Please upgrade to version #{versions_string}#{later_message}." if supported_versions.count == 1
|
72
|
+
|
73
|
+
"Please upgrade to one of the following versions: #{versions_string}#{later_message}."
|
74
|
+
end
|
75
|
+
|
76
|
+
# Generates a support notice for the given package manager.
|
77
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
78
|
+
# @return [Notice, nil] The generated notice or nil if no notice is applicable.
|
79
|
+
sig do
|
80
|
+
params(
|
81
|
+
package_manager: PackageManagerBase
|
82
|
+
).returns(T.nilable(Notice))
|
83
|
+
end
|
84
|
+
def self.generate_support_notice(package_manager)
|
85
|
+
deprecation_notice = generate_pm_deprecation_notice(package_manager)
|
86
|
+
|
87
|
+
return deprecation_notice if deprecation_notice
|
88
|
+
|
89
|
+
generate_pm_unsupported_notice(package_manager)
|
90
|
+
end
|
91
|
+
|
92
|
+
# Generates a deprecation notice for the given package manager.
|
93
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
94
|
+
# @return [Notice, nil] The generated deprecation notice or nil if the package manager is not deprecated.
|
95
|
+
sig do
|
96
|
+
params(
|
97
|
+
package_manager: PackageManagerBase
|
98
|
+
).returns(T.nilable(Notice))
|
99
|
+
end
|
100
|
+
def self.generate_pm_deprecation_notice(package_manager)
|
101
|
+
return nil unless package_manager.deprecated?
|
102
|
+
|
103
|
+
mode = "WARN"
|
104
|
+
supported_versions_message = generate_supported_versions_message(
|
105
|
+
package_manager.supported_versions,
|
106
|
+
package_manager.support_later_versions?
|
107
|
+
)
|
108
|
+
notice_type = "#{package_manager.name}_deprecated_#{mode.downcase}"
|
109
|
+
message = "Dependabot will stop supporting `#{package_manager.name} v#{package_manager.version}`!"
|
110
|
+
## Create a warning markdown message
|
111
|
+
markdown = "> [!WARNING]\n"
|
112
|
+
## Add the deprecation warning to the message
|
113
|
+
markdown += "> #{message}\n>\n"
|
114
|
+
|
115
|
+
## Add the supported versions to the message
|
116
|
+
unless supported_versions_message.empty?
|
117
|
+
message += "\n#{supported_versions_message}\n"
|
118
|
+
markdown += "> #{supported_versions_message}\n>\n"
|
119
|
+
end
|
120
|
+
|
121
|
+
Notice.new(
|
122
|
+
mode: mode,
|
123
|
+
type: notice_type,
|
124
|
+
package_manager_name: package_manager.name,
|
125
|
+
message: message,
|
126
|
+
markdown: markdown
|
127
|
+
)
|
128
|
+
end
|
129
|
+
|
130
|
+
# Generates an unsupported notice for the given package manager.
|
131
|
+
# @param package_manager [PackageManagerBase] The package manager object.
|
132
|
+
# @return [Notice, nil] The generated unsupported notice or nil if the package manager is not unsupported.
|
133
|
+
sig do
|
134
|
+
params(
|
135
|
+
package_manager: PackageManagerBase
|
136
|
+
).returns(T.nilable(Notice))
|
137
|
+
end
|
138
|
+
def self.generate_pm_unsupported_notice(package_manager)
|
139
|
+
return nil unless package_manager.unsupported?
|
140
|
+
|
141
|
+
mode = "ERROR"
|
142
|
+
supported_versions_message = generate_supported_versions_message(
|
143
|
+
package_manager.supported_versions,
|
144
|
+
package_manager.support_later_versions?
|
145
|
+
)
|
146
|
+
notice_type = "#{package_manager.name}_unsupported_#{mode.downcase}"
|
147
|
+
message = "Dependabot no longer supports `#{package_manager.name} v#{package_manager.version}`!"
|
148
|
+
## Create an error markdown message
|
149
|
+
markdown = "> [!IMPORTANT]\n"
|
150
|
+
## Add the error message to the message
|
151
|
+
markdown += "> #{message}\n>\n"
|
152
|
+
|
153
|
+
## Add the supported versions to the message
|
154
|
+
unless supported_versions_message.empty?
|
155
|
+
message += "\n#{supported_versions_message}\n"
|
156
|
+
markdown += "> #{supported_versions_message}\n>\n"
|
157
|
+
end
|
158
|
+
|
159
|
+
Notice.new(
|
160
|
+
mode: mode,
|
161
|
+
type: notice_type,
|
162
|
+
package_manager_name: package_manager.name,
|
163
|
+
message: message,
|
164
|
+
markdown: markdown
|
165
|
+
)
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
6
|
+
module Dependabot
|
7
|
+
class PackageManagerBase
|
8
|
+
extend T::Sig
|
9
|
+
extend T::Helpers
|
10
|
+
|
11
|
+
abstract!
|
12
|
+
|
13
|
+
# The name of the package manager (e.g., "bundler").
|
14
|
+
# @example
|
15
|
+
# package_manager.name #=> "bundler"
|
16
|
+
sig { abstract.returns(String) }
|
17
|
+
def name; end
|
18
|
+
|
19
|
+
# The version of the package manager (e.g., Dependabot::Version.new("2.1.4")).
|
20
|
+
# @example
|
21
|
+
# package_manager.version #=> Dependabot::Version.new("2.1.4")
|
22
|
+
sig { abstract.returns(Dependabot::Version) }
|
23
|
+
def version; end
|
24
|
+
|
25
|
+
# Returns an array of deprecated versions of the package manager.
|
26
|
+
# By default, returns an empty array if not overridden in the subclass.
|
27
|
+
# @example
|
28
|
+
# package_manager.deprecated_versions #=> [Dependabot::Version.new("1.0.0"), Dependabot::Version.new("1.1.0")]
|
29
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
30
|
+
def deprecated_versions
|
31
|
+
[]
|
32
|
+
end
|
33
|
+
|
34
|
+
# Returns an array of unsupported versions of the package manager.
|
35
|
+
# By default, returns an empty array if not overridden in the subclass.
|
36
|
+
# @example
|
37
|
+
# package_manager.unsupported_versions #=> [Dependabot::Version.new("0.9.0")]
|
38
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
39
|
+
def unsupported_versions
|
40
|
+
[]
|
41
|
+
end
|
42
|
+
|
43
|
+
# Returns an array of supported versions of the package manager.
|
44
|
+
# By default, returns an empty array if not overridden in the subclass.
|
45
|
+
# @example
|
46
|
+
# package_manager.supported_versions #=> [Dependabot::Version.new("2.0.0"), Dependabot::Version.new("2.1.0")]
|
47
|
+
sig { returns(T::Array[Dependabot::Version]) }
|
48
|
+
def supported_versions
|
49
|
+
[]
|
50
|
+
end
|
51
|
+
|
52
|
+
# Checks if the current version is deprecated.
|
53
|
+
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
54
|
+
# @example
|
55
|
+
# package_manager.deprecated? #=> true
|
56
|
+
sig { returns(T::Boolean) }
|
57
|
+
def deprecated?
|
58
|
+
deprecated_versions.include?(version)
|
59
|
+
end
|
60
|
+
|
61
|
+
# Checks if the current version is unsupported.
|
62
|
+
# Returns true if the version is in the unsupported_versions array; false otherwise.
|
63
|
+
# @example
|
64
|
+
# package_manager.unsupported? #=> false
|
65
|
+
sig { returns(T::Boolean) }
|
66
|
+
def unsupported?
|
67
|
+
return true if unsupported_versions.include?(version)
|
68
|
+
|
69
|
+
supported_versions = self.supported_versions
|
70
|
+
return version < supported_versions.first if supported_versions.any?
|
71
|
+
|
72
|
+
false
|
73
|
+
end
|
74
|
+
|
75
|
+
# Indicates if the package manager supports later versions beyond those listed in supported_versions.
|
76
|
+
# By default, returns false if not overridden in the subclass.
|
77
|
+
# @example
|
78
|
+
# package_manager.support_later_versions? #=> true
|
79
|
+
sig { returns(T::Boolean) }
|
80
|
+
def support_later_versions?
|
81
|
+
false
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
@@ -12,6 +12,7 @@ require "dependabot/logger"
|
|
12
12
|
require "dependabot/metadata_finders"
|
13
13
|
require "dependabot/pull_request_creator"
|
14
14
|
require "dependabot/pull_request_creator/message"
|
15
|
+
require "dependabot/notices"
|
15
16
|
|
16
17
|
# rubocop:disable Metrics/ClassLength
|
17
18
|
module Dependabot
|
@@ -64,6 +65,9 @@ module Dependabot
|
|
64
65
|
sig { returns(T::Array[T::Hash[String, String]]) }
|
65
66
|
attr_reader :ignore_conditions
|
66
67
|
|
68
|
+
sig { returns(T.nilable(T::Array[Dependabot::Notice])) }
|
69
|
+
attr_reader :notices
|
70
|
+
|
67
71
|
TRUNCATED_MSG = "...\n\n_Description has been truncated_"
|
68
72
|
|
69
73
|
sig do
|
@@ -80,7 +84,8 @@ module Dependabot
|
|
80
84
|
dependency_group: T.nilable(Dependabot::DependencyGroup),
|
81
85
|
pr_message_max_length: T.nilable(Integer),
|
82
86
|
pr_message_encoding: T.nilable(Encoding),
|
83
|
-
ignore_conditions: T::Array[T::Hash[String, String]]
|
87
|
+
ignore_conditions: T::Array[T::Hash[String, String]],
|
88
|
+
notices: T.nilable(T::Array[Dependabot::Notice])
|
84
89
|
)
|
85
90
|
.void
|
86
91
|
end
|
@@ -88,7 +93,8 @@ module Dependabot
|
|
88
93
|
pr_message_header: nil, pr_message_footer: nil,
|
89
94
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
90
95
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
91
|
-
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
96
|
+
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil,
|
97
|
+
ignore_conditions: [], notices: nil)
|
92
98
|
@dependencies = dependencies
|
93
99
|
@files = files
|
94
100
|
@source = source
|
@@ -102,6 +108,7 @@ module Dependabot
|
|
102
108
|
@pr_message_max_length = pr_message_max_length
|
103
109
|
@pr_message_encoding = pr_message_encoding
|
104
110
|
@ignore_conditions = ignore_conditions
|
111
|
+
@notices = notices
|
105
112
|
end
|
106
113
|
|
107
114
|
sig { params(pr_message_max_length: Integer).returns(Integer) }
|
@@ -119,7 +126,8 @@ module Dependabot
|
|
119
126
|
|
120
127
|
sig { returns(String) }
|
121
128
|
def pr_message
|
122
|
-
msg = "#{
|
129
|
+
msg = "#{pr_notices}" \
|
130
|
+
"#{suffixed_pr_message_header}" \
|
123
131
|
"#{commit_message_intro}" \
|
124
132
|
"#{metadata_cascades}" \
|
125
133
|
"#{ignore_conditions_table}" \
|
@@ -131,6 +139,18 @@ module Dependabot
|
|
131
139
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
132
140
|
end
|
133
141
|
|
142
|
+
sig { returns(T.nilable(String)) }
|
143
|
+
def pr_notices
|
144
|
+
notices = @notices || []
|
145
|
+
unique_messages = notices.filter_map do |notice|
|
146
|
+
markdown = notice.markdown if notice
|
147
|
+
markdown unless markdown.empty?
|
148
|
+
end.uniq
|
149
|
+
|
150
|
+
message = unique_messages.join("\n\n")
|
151
|
+
message.empty? ? nil : message
|
152
|
+
end
|
153
|
+
|
134
154
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
135
155
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
136
156
|
sig { params(msg: String).returns(String) }
|
@@ -316,6 +336,8 @@ module Dependabot
|
|
316
336
|
def suffixed_pr_message_header
|
317
337
|
return "" unless pr_message_header
|
318
338
|
|
339
|
+
return "#{pr_message_header}\n\n" if notices
|
340
|
+
|
319
341
|
"#{pr_message_header}\n\n"
|
320
342
|
end
|
321
343
|
|
@@ -0,0 +1,131 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
6
|
+
# See https://semver.org/spec/v2.0.0.html for semver 2 details
|
7
|
+
#
|
8
|
+
module Dependabot
|
9
|
+
class SemVersion2
|
10
|
+
extend T::Sig
|
11
|
+
extend T::Helpers
|
12
|
+
include Comparable
|
13
|
+
|
14
|
+
SEMVER2_REGEX = /^
|
15
|
+
(0|[1-9]\d*)\. # major
|
16
|
+
(0|[1-9]\d*)\. # minor
|
17
|
+
(0|[1-9]\d*) # patch
|
18
|
+
(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))? # pre release
|
19
|
+
(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))? # build metadata
|
20
|
+
$/x
|
21
|
+
|
22
|
+
sig { returns(String) }
|
23
|
+
attr_accessor :major
|
24
|
+
|
25
|
+
sig { returns(String) }
|
26
|
+
attr_accessor :minor
|
27
|
+
|
28
|
+
sig { returns(String) }
|
29
|
+
attr_accessor :patch
|
30
|
+
|
31
|
+
sig { returns(T.nilable(String)) }
|
32
|
+
attr_accessor :build
|
33
|
+
|
34
|
+
sig { returns(T.nilable(String)) }
|
35
|
+
attr_accessor :prerelease
|
36
|
+
|
37
|
+
sig { params(version: String).void }
|
38
|
+
def initialize(version)
|
39
|
+
tokens = parse(version)
|
40
|
+
@major = T.let(T.must(tokens[:major]), String)
|
41
|
+
@minor = T.let(T.must(tokens[:minor]), String)
|
42
|
+
@patch = T.let(T.must(tokens[:patch]), String)
|
43
|
+
@build = T.let(tokens[:build], T.nilable(String))
|
44
|
+
@prerelease = T.let(tokens[:prerelease], T.nilable(String))
|
45
|
+
end
|
46
|
+
|
47
|
+
sig { returns(T::Boolean) }
|
48
|
+
def prerelease?
|
49
|
+
!!prerelease
|
50
|
+
end
|
51
|
+
|
52
|
+
sig { returns(String) }
|
53
|
+
def to_s
|
54
|
+
value = [major, minor, patch].join(".")
|
55
|
+
value += "-#{prerelease}" if prerelease
|
56
|
+
value += "+#{build}" if build
|
57
|
+
value
|
58
|
+
end
|
59
|
+
|
60
|
+
sig { returns(String) }
|
61
|
+
def inspect
|
62
|
+
"#<#{self.class} #{self}>"
|
63
|
+
end
|
64
|
+
|
65
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(T::Boolean) }
|
66
|
+
def eql?(other)
|
67
|
+
other.is_a?(self.class) && to_s == other.to_s
|
68
|
+
end
|
69
|
+
|
70
|
+
sig { params(other: ::Dependabot::SemVersion2).returns(Integer) }
|
71
|
+
def <=>(other)
|
72
|
+
result = major.to_i <=> other.major.to_i
|
73
|
+
return result unless result.zero?
|
74
|
+
|
75
|
+
result = minor.to_i <=> other.minor.to_i
|
76
|
+
return result unless result.zero?
|
77
|
+
|
78
|
+
result = patch.to_i <=> other.patch.to_i
|
79
|
+
return result unless result.zero?
|
80
|
+
|
81
|
+
compare_prereleases(prerelease, other.prerelease)
|
82
|
+
end
|
83
|
+
|
84
|
+
sig { params(version: T.nilable(String)).returns(T::Boolean) }
|
85
|
+
def self.correct?(version)
|
86
|
+
return false if version.nil?
|
87
|
+
|
88
|
+
version.match?(SEMVER2_REGEX)
|
89
|
+
end
|
90
|
+
|
91
|
+
private
|
92
|
+
|
93
|
+
sig { params(version: String).returns(T::Hash[Symbol, T.nilable(String)]) }
|
94
|
+
def parse(version)
|
95
|
+
match = version.match(SEMVER2_REGEX)
|
96
|
+
raise ArgumentError, "Malformed version number string #{version}" unless match
|
97
|
+
|
98
|
+
major, minor, patch, prerelease, build = match.captures
|
99
|
+
|
100
|
+
{ major: major, minor: minor, patch: patch, prerelease: prerelease, build: build }
|
101
|
+
end
|
102
|
+
|
103
|
+
sig { params(prerelease1: T.nilable(String), prerelease2: T.nilable(String)).returns(Integer) }
|
104
|
+
def compare_prereleases(prerelease1, prerelease2) # rubocop:disable Metrics/PerceivedComplexity
|
105
|
+
return 0 if prerelease1.nil? && prerelease2.nil?
|
106
|
+
return -1 if prerelease2.nil?
|
107
|
+
return 1 if prerelease1.nil?
|
108
|
+
|
109
|
+
prerelease1_tokens = prerelease1.split(".")
|
110
|
+
prerelease2_tokens = prerelease2.split(".")
|
111
|
+
|
112
|
+
prerelease1_tokens.zip(prerelease2_tokens) do |t1, t2|
|
113
|
+
return 1 if t2.nil? # t1 is more specific e.g. 1.0.0-rc1.1 vs 1.0.0-rc1
|
114
|
+
|
115
|
+
if t1 =~ /^\d+$/ && t2 =~ /^\d+$/
|
116
|
+
# t1 and t2 are both ints so compare them as such
|
117
|
+
a = t1.to_i
|
118
|
+
b = t2.to_i
|
119
|
+
compare = a <=> b
|
120
|
+
return compare unless compare.zero?
|
121
|
+
end
|
122
|
+
|
123
|
+
comp = t1 <=> t2
|
124
|
+
return T.must(comp) unless T.must(comp).zero?
|
125
|
+
end
|
126
|
+
|
127
|
+
# prereleases are equal or prerelease2 is more specific e.g. 1.0.0-rc1 vs 1.0.0-rc1.1
|
128
|
+
prerelease1_tokens.length == prerelease2_tokens.length ? 0 : -1
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.272.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-08-
|
11
|
+
date: 2024-08-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -551,6 +551,8 @@ files:
|
|
551
551
|
- lib/dependabot/metadata_finders/base/changelog_pruner.rb
|
552
552
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
553
553
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
554
|
+
- lib/dependabot/notices.rb
|
555
|
+
- lib/dependabot/package_manager.rb
|
554
556
|
- lib/dependabot/pull_request_creator.rb
|
555
557
|
- lib/dependabot/pull_request_creator/azure.rb
|
556
558
|
- lib/dependabot/pull_request_creator/bitbucket.rb
|
@@ -578,6 +580,7 @@ files:
|
|
578
580
|
- lib/dependabot/requirements_update_strategy.rb
|
579
581
|
- lib/dependabot/requirements_updater/base.rb
|
580
582
|
- lib/dependabot/security_advisory.rb
|
583
|
+
- lib/dependabot/sem_version2.rb
|
581
584
|
- lib/dependabot/shared_helpers.rb
|
582
585
|
- lib/dependabot/simple_instrumentor.rb
|
583
586
|
- lib/dependabot/source.rb
|
@@ -597,7 +600,7 @@ licenses:
|
|
597
600
|
- MIT
|
598
601
|
metadata:
|
599
602
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
600
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
603
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.272.0
|
601
604
|
post_install_message:
|
602
605
|
rdoc_options: []
|
603
606
|
require_paths:
|