dependabot-common 0.284.0 → 0.285.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/ecosystem.rb +34 -11
- data/lib/dependabot/pull_request_creator/github.rb +6 -3
- data/lib/dependabot/requirement.rb +55 -1
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f715ae3932ff54488335714eca22437b802ffe69591bd5e82804ec1b517bc47e
|
|
4
|
+
data.tar.gz: 8bc3dbb798980775b4fa8f091d00bd4687ae323d41d766ee887bae09b0d995e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 91d44bfa9b54c64c11509458bc3414052308ac9ed527c3f15dbc3da25bb314ce9f04712195ebe0cd9116d390f29fa53cfabac0f35a1d5c844362ca1e3f6802bf
|
|
7
|
+
data.tar.gz: 9309be975505a43f6d2182b1cb992367b1d79d4e4fcc1a9eb1458442d8c6749e65e8f71b24efa09c23faba4300dc818053d35e5724ca8c7e5adb6383eeabffe4
|
data/lib/dependabot/ecosystem.rb
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/requirement"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
class Ecosystem
|
|
@@ -12,32 +13,35 @@ module Dependabot
|
|
|
12
13
|
extend T::Helpers
|
|
13
14
|
|
|
14
15
|
abstract!
|
|
15
|
-
# Initialize version information
|
|
16
|
-
# @param name [String] the name
|
|
16
|
+
# Initialize version information for a package manager or language.
|
|
17
|
+
# @param name [String] the name of the package manager or language (e.g., "bundler", "ruby").
|
|
17
18
|
# @param version [Dependabot::Version] the parsed current version.
|
|
18
19
|
# @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
|
|
19
20
|
# @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
|
|
21
|
+
# @param requirement [Dependabot::Requirement] an array of requirements.
|
|
20
22
|
# @example
|
|
21
|
-
# VersionManager.new("bundler", "2.1.4",
|
|
23
|
+
# VersionManager.new("bundler", "2.1.4", nil)
|
|
22
24
|
sig do
|
|
23
25
|
params(
|
|
24
26
|
name: String,
|
|
25
27
|
version: Dependabot::Version,
|
|
26
28
|
deprecated_versions: T::Array[Dependabot::Version],
|
|
27
|
-
supported_versions: T::Array[Dependabot::Version]
|
|
29
|
+
supported_versions: T::Array[Dependabot::Version],
|
|
30
|
+
requirement: T.nilable(Dependabot::Requirement)
|
|
28
31
|
).void
|
|
29
32
|
end
|
|
30
33
|
def initialize(
|
|
31
34
|
name,
|
|
32
35
|
version,
|
|
33
36
|
deprecated_versions = [],
|
|
34
|
-
supported_versions = []
|
|
37
|
+
supported_versions = [],
|
|
38
|
+
requirement = nil
|
|
35
39
|
)
|
|
36
40
|
@name = T.let(name, String)
|
|
37
41
|
@version = T.let(version, Dependabot::Version)
|
|
38
|
-
|
|
39
42
|
@deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
|
|
40
43
|
@supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
|
|
44
|
+
@requirement = T.let(requirement, T.nilable(Dependabot::Requirement))
|
|
41
45
|
end
|
|
42
46
|
|
|
43
47
|
# The name of the package manager (e.g., "bundler", "npm").
|
|
@@ -46,7 +50,7 @@ module Dependabot
|
|
|
46
50
|
sig { returns(String) }
|
|
47
51
|
attr_reader :name
|
|
48
52
|
|
|
49
|
-
# The current version of the package manager.
|
|
53
|
+
# The current version of the package manager or language.
|
|
50
54
|
# @example
|
|
51
55
|
# version #=> Dependabot::Version.new("2.1.4")
|
|
52
56
|
sig { returns(Dependabot::Version) }
|
|
@@ -62,12 +66,21 @@ module Dependabot
|
|
|
62
66
|
sig { returns(T::Array[Dependabot::Version]) }
|
|
63
67
|
attr_reader :supported_versions
|
|
64
68
|
|
|
69
|
+
# The current requirement of the package manager or language.
|
|
70
|
+
# @example
|
|
71
|
+
# requirement #=> nil
|
|
72
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4")
|
|
73
|
+
# requirement #=> Dependabot::Requirement.new(">= 2.1.4, < 3.0")
|
|
74
|
+
sig { returns(T.nilable(Dependabot::Requirement)) }
|
|
75
|
+
attr_reader :requirement
|
|
76
|
+
|
|
65
77
|
# Checks if the current version is deprecated.
|
|
66
78
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
67
79
|
# @example
|
|
68
80
|
# deprecated? #=> true
|
|
69
81
|
sig { returns(T::Boolean) }
|
|
70
82
|
def deprecated?
|
|
83
|
+
# If the version is unsupported, the unsupported error is getting raised separately.
|
|
71
84
|
return false if unsupported?
|
|
72
85
|
|
|
73
86
|
deprecated_versions.include?(version)
|
|
@@ -112,19 +125,23 @@ module Dependabot
|
|
|
112
125
|
|
|
113
126
|
# Initialize with mandatory name and optional language information.
|
|
114
127
|
# @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
|
|
115
|
-
# @param package_manager [VersionManager] the package manager.
|
|
128
|
+
# @param package_manager [VersionManager] the package manager (mandatory).
|
|
129
|
+
# @param language [VersionManager] the language (optional).
|
|
116
130
|
sig do
|
|
117
131
|
params(
|
|
118
132
|
name: String,
|
|
119
|
-
package_manager: VersionManager
|
|
133
|
+
package_manager: VersionManager,
|
|
134
|
+
language: T.nilable(VersionManager)
|
|
120
135
|
).void
|
|
121
136
|
end
|
|
122
137
|
def initialize(
|
|
123
138
|
name:,
|
|
124
|
-
package_manager
|
|
139
|
+
package_manager:,
|
|
140
|
+
language: nil
|
|
125
141
|
)
|
|
126
142
|
@name = T.let(name, String)
|
|
127
143
|
@package_manager = T.let(package_manager, VersionManager)
|
|
144
|
+
@language = T.let(language, T.nilable(VersionManager))
|
|
128
145
|
end
|
|
129
146
|
|
|
130
147
|
# The name of the ecosystem (mandatory).
|
|
@@ -135,10 +152,16 @@ module Dependabot
|
|
|
135
152
|
|
|
136
153
|
# The information related to the package manager (mandatory).
|
|
137
154
|
# @example
|
|
138
|
-
# package_manager #=> VersionManager.new("bundler", "2.1.4",
|
|
155
|
+
# package_manager #=> VersionManager.new("bundler", "2.1.4", deprecated_versions, supported_versions)
|
|
139
156
|
sig { returns(VersionManager) }
|
|
140
157
|
attr_reader :package_manager
|
|
141
158
|
|
|
159
|
+
# The information related to the language (optional).
|
|
160
|
+
# @example
|
|
161
|
+
# language #=> VersionManager.new("ruby", "3.9", deprecated_versions, supported_versions)
|
|
162
|
+
sig { returns(T.nilable(VersionManager)) }
|
|
163
|
+
attr_reader :language
|
|
164
|
+
|
|
142
165
|
# Checks if the current version is deprecated.
|
|
143
166
|
# Returns true if the version is in the deprecated_versions array; false otherwise.
|
|
144
167
|
sig { returns(T::Boolean) }
|
|
@@ -110,6 +110,10 @@ module Dependabot
|
|
|
110
110
|
|
|
111
111
|
sig { returns(T.untyped) }
|
|
112
112
|
def create
|
|
113
|
+
Dependabot.logger.info(
|
|
114
|
+
"Initiating Github pull request."
|
|
115
|
+
)
|
|
116
|
+
|
|
113
117
|
if experiment_duplicate_branch? && branch_exists?(branch_name)
|
|
114
118
|
Dependabot.logger.info(
|
|
115
119
|
"Existing branch \"#{branch_name}\" found. Pull request not created."
|
|
@@ -139,9 +143,8 @@ module Dependabot
|
|
|
139
143
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
140
144
|
sig { params(name: String).returns(T::Boolean) }
|
|
141
145
|
def branch_exists?(name)
|
|
142
|
-
Dependabot.logger.
|
|
143
|
-
"
|
|
144
|
-
"Name : #{name}. IsDuplicate: #{git_metadata_fetcher.ref_names.include?(name)}"
|
|
146
|
+
Dependabot.logger.info(
|
|
147
|
+
"Checking if branch #{name} already exists."
|
|
145
148
|
)
|
|
146
149
|
|
|
147
150
|
git_metadata_fetcher.ref_names.include?(name)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -8,13 +8,67 @@ module Dependabot
|
|
|
8
8
|
extend T::Sig
|
|
9
9
|
extend T::Helpers
|
|
10
10
|
|
|
11
|
+
# Constants for operator groups
|
|
12
|
+
MINIMUM_OPERATORS = %w(>= > ~>).freeze
|
|
13
|
+
MAXIMUM_OPERATORS = %w(<= < ~>).freeze
|
|
14
|
+
|
|
11
15
|
abstract!
|
|
12
16
|
|
|
17
|
+
# Parses requirement strings and returns an array of requirement objects.
|
|
13
18
|
sig do
|
|
14
19
|
abstract
|
|
15
20
|
.params(requirement_string: T.nilable(String))
|
|
16
21
|
.returns(T::Array[Requirement])
|
|
17
22
|
end
|
|
18
23
|
def self.requirements_array(requirement_string); end
|
|
24
|
+
|
|
25
|
+
# Returns all requirement constraints as an array of strings
|
|
26
|
+
sig { returns(T::Array[String]) }
|
|
27
|
+
def constraints
|
|
28
|
+
requirements.map { |op, version| "#{op} #{version}" }
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Returns the highest lower limit among all minimum constraints.
|
|
32
|
+
sig { returns(T.nilable(Gem::Version)) }
|
|
33
|
+
def min_version
|
|
34
|
+
# Select constraints with minimum operators
|
|
35
|
+
min_constraints = requirements.select { |op, _| MINIMUM_OPERATORS.include?(op) }
|
|
36
|
+
|
|
37
|
+
# Choose the maximum version among the minimum constraints
|
|
38
|
+
max_min_constraint = min_constraints.max_by { |_, version| version }
|
|
39
|
+
|
|
40
|
+
# Return the version part of the max constraint, if it exists
|
|
41
|
+
Dependabot::Version.new(max_min_constraint&.last) if max_min_constraint&.last
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Returns the lowest upper limit among all maximum constraints.
|
|
45
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
46
|
+
def max_version
|
|
47
|
+
# Select constraints with maximum operators
|
|
48
|
+
max_constraints = requirements.select { |op, _| MAXIMUM_OPERATORS.include?(op) }
|
|
49
|
+
|
|
50
|
+
# Process each maximum constraint, handling "~>" constraints based on length
|
|
51
|
+
effective_max_versions = max_constraints.map do |op, version|
|
|
52
|
+
if op == "~>"
|
|
53
|
+
# If "~>" constraint, bump based on the specificity of the version
|
|
54
|
+
case version.segments.length
|
|
55
|
+
when 1
|
|
56
|
+
# Bump major version (e.g., 2 -> 3.0.0)
|
|
57
|
+
Dependabot::Version.new((version.segments[0].to_i + 1).to_s + ".0.0")
|
|
58
|
+
when 2
|
|
59
|
+
# Bump minor version (e.g., 2.5 -> 2.6.0)
|
|
60
|
+
Dependabot::Version.new("#{version.segments[0]}.#{version.segments[1] + 1}.0")
|
|
61
|
+
else
|
|
62
|
+
# For three or more segments, use version.bump
|
|
63
|
+
version.bump # e.g., "~> 2.9.9" becomes upper bound 3.0.0
|
|
64
|
+
end
|
|
65
|
+
else
|
|
66
|
+
version
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Return the smallest among the effective maximum constraints
|
|
71
|
+
Dependabot::Version.new(effective_max_versions.min) if effective_max_versions.min
|
|
72
|
+
end
|
|
19
73
|
end
|
|
20
74
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.285.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-11-
|
|
11
|
+
date: 2024-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -614,7 +614,7 @@ licenses:
|
|
|
614
614
|
- MIT
|
|
615
615
|
metadata:
|
|
616
616
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
617
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
617
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.285.0
|
|
618
618
|
post_install_message:
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|