RubyGems - dependabot-common - Versions diffs - 0.368.0 → 0.369.0 - Mend

dependabot-common 0.368.0 → 0.369.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/package/package_latest_version_finder.rb +18 -28
data/lib/dependabot/package/release_cooldown_options.rb +23 -0
data/lib/dependabot/update_checkers/cooldown_calculation.rb +55 -0
data/lib/dependabot.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c25acad8cb0f120b8d120817720c6ce88f8706d7f01a90d6866aa1040c0d7f6
-  data.tar.gz: 16f00b502775dcd9138151c7c897fd4515818606e2786a648e00fdb05514e3ad
+  metadata.gz: 97fcef0209b5b2952117cc5243bafe7197d64e5f2a580e67ad49150ec48e9e15
+  data.tar.gz: 346323c2b42a8867babee2db48e172c481ba9ff1db34bf27cd5b13524fbc20ce
 SHA512:
-  metadata.gz: 1898c4f3c9a12977bbfd56734074d4924db3b7d5e225784e4e159a9d1005fcd8fee8d285fb879709b2c26c1492d1541958bcbb730da338e6dcb57a5ca26d1542
-  data.tar.gz: ec18e45926c7d9a1e3fab40a4834de013d23dc7f43600c8060d44be6c50501d1e4d5b3f2d0cf6c9b0011140f378a569cc76171ec18bbe2536ea5141520751fb8
+  metadata.gz: 23598cbf345a9739f2d70bc0a61f144b73d941fda669b8eb5f98a33780d3630de6606e10901930279dc6884699f959f2c632fcedf2645c7831fd0ecaf2a71f36
+  data.tar.gz: '037492b04dc67c83c2a83fcd9779231ed396cab4e5495d8647c9d6586a12e6283f72642c4ad6e5bc76581dcc41a6f8385bacaee47854dde6ceb9d4dc20af9b55'

data/lib/dependabot/package/package_latest_version_finder.rb CHANGED Viewed

@@ -9,6 +9,7 @@ require "sorbet-runtime"
 require "dependabot/security_advisory"
 require "dependabot/dependency"
 require "dependabot/update_checkers/version_filters"
+require "dependabot/update_checkers/cooldown_calculation"
 require "dependabot/registry_client"
 require "dependabot/package/package_details"
 require "dependabot/package/release_cooldown_options"
@@ -19,8 +20,6 @@ module Dependabot
       extend T::Sig
       extend T::Helpers
-      DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
       abstract!
       sig { returns(Dependabot::Dependency) }
@@ -202,13 +201,18 @@ module Dependabot
       def in_cooldown_period?(release)
         return false unless release.released_at
-        current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
-        days = cooldown_days_for(current_version, release.version)
+        cooldown = @cooldown_options
+        return false if Dependabot::UpdateCheckers::CooldownCalculation.skip_cooldown?(
+          cooldown, dependency.name, cooldown_enabled: cooldown_enabled?
+        )
-        # Calculate the number of seconds passed since the release
-        passed_seconds = Time.now.to_i - release.released_at.to_i
-        # Check if the release is within the cooldown period
-        passed_seconds < days * DAY_IN_SECONDS
+        current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
+        days = Dependabot::UpdateCheckers::CooldownCalculation.cooldown_days_for(
+          T.must(cooldown), current_version, release.version
+        )
+        Dependabot::UpdateCheckers::CooldownCalculation.within_cooldown_window?(
+          T.must(release.released_at), days
+        )
       end
       sig do
@@ -308,27 +312,13 @@ module Dependabot
       end
       def cooldown_days_for(current_version, new_version)
         cooldown = @cooldown_options
-        return 0 if cooldown.nil?
-        return 0 unless cooldown_enabled?
-        return 0 unless cooldown.included?(dependency.name)
-        return cooldown.default_days if current_version.nil?
-        current_version_semver = current_version.semver_parts
-        new_version_semver = new_version.semver_parts
-        # If semver_parts is nil for either, return default cooldown
-        return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
-        # Ensure values are always integers
-        current_major, current_minor, current_patch = current_version_semver
-        new_major, new_minor, new_patch = new_version_semver
-        # Determine cooldown based on version difference
-        return cooldown.semver_major_days if new_major > current_major
-        return cooldown.semver_minor_days if new_minor > current_minor
-        return cooldown.semver_patch_days if new_patch > current_patch
+        return 0 if Dependabot::UpdateCheckers::CooldownCalculation.skip_cooldown?(
+          cooldown, dependency.name, cooldown_enabled: cooldown_enabled?
+        )
-        cooldown.default_days
+        Dependabot::UpdateCheckers::CooldownCalculation.cooldown_days_for(
+          T.must(cooldown), current_version, new_version
+        )
       end
       sig { returns(T::Boolean) }

data/lib/dependabot/package/release_cooldown_options.rb CHANGED Viewed

@@ -54,6 +54,29 @@ module Dependabot
         @include.empty? || @include.any? { |pattern| File.fnmatch?(pattern, dependency_name) }
       end
+      sig do
+        params(
+          current_semver: T.nilable([Integer, Integer, Integer]),
+          new_semver: T.nilable([Integer, Integer, Integer])
+        ).returns(Integer)
+      end
+      def cooldown_days_for(current_semver, new_semver)
+        return @default_days if current_semver.nil? || new_semver.nil?
+        current_major, current_minor, current_patch = current_semver
+        new_major, new_minor, new_patch = new_semver
+        return @semver_major_days if new_major > current_major
+        if new_major == current_major
+          return @semver_minor_days if new_minor > current_minor
+          return @semver_patch_days if new_minor == current_minor &&
+                                       new_patch > current_patch
+        end
+        @default_days
+      end
       private
       sig { params(dependency_name: String).returns(T::Boolean) }

data/lib/dependabot/update_checkers/cooldown_calculation.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/package/release_cooldown_options"
+require "dependabot/version"
+module Dependabot
+  module UpdateCheckers
+    # Shared utility module for cooldown period calculations.
+    #
+    # Provides stateless module methods used by ecosystem update checkers
+    # to determine whether a release is within its cooldown window and
+    # how many cooldown days apply for a given version bump.
+    module CooldownCalculation
+      extend T::Sig
+      DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
+      sig { params(release_date: Time, cooldown_days: Integer).returns(T::Boolean) }
+      def self.within_cooldown_window?(release_date, cooldown_days)
+        return false if cooldown_days <= 0
+        (Time.now.to_i - release_date.to_i) < (cooldown_days * DAY_IN_SECONDS)
+      end
+      sig do
+        params(
+          cooldown: Dependabot::Package::ReleaseCooldownOptions,
+          current_version: T.nilable(Dependabot::Version),
+          new_version: Dependabot::Version
+        ).returns(Integer)
+      end
+      def self.cooldown_days_for(cooldown, current_version, new_version)
+        return cooldown.default_days unless current_version
+        cooldown.cooldown_days_for(
+          current_version.semver_parts,
+          new_version.semver_parts
+        )
+      end
+      sig do
+        params(
+          cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
+          dependency_name: String,
+          cooldown_enabled: T::Boolean
+        ).returns(T::Boolean)
+      end
+      def self.skip_cooldown?(cooldown, dependency_name, cooldown_enabled: true)
+        cooldown.nil? || !cooldown_enabled || !cooldown.included?(dependency_name)
+      end
+    end
+  end
+end

data/lib/dependabot.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.368.0"
+  VERSION = "0.369.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.368.0
+  version: 0.369.0
 platform: ruby
 authors:
 - Dependabot
@@ -603,6 +603,7 @@ files:
 - lib/dependabot/update_checkers.rb
 - lib/dependabot/update_checkers/README.md
 - lib/dependabot/update_checkers/base.rb
+- lib/dependabot/update_checkers/cooldown_calculation.rb
 - lib/dependabot/update_checkers/version_filters.rb
 - lib/dependabot/utils.rb
 - lib/dependabot/version.rb
@@ -616,7 +617,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.368.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.369.0
 rdoc_options: []
 require_paths:
 - lib