dependabot-composer 0.246.0 → 0.247.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '03558ee49b50360c7089d1c179c86c9e72e0e62056c75faf3097044ab5c08937'
4
- data.tar.gz: eaddb798fb0d546ca77f96738e458caf1689271bbb3ecf6f401747ef4829f800
3
+ metadata.gz: 118a4d16af508e1bcb354b4c3df9ad8592ea6496b531dd10226614b8647d0027
4
+ data.tar.gz: 7940777e44b23cd0c483a8300a34f0c897396487bbc52675c82f405285bf634c
5
5
  SHA512:
6
- metadata.gz: 5823ea3746224b5be550fa4584663be65863b64140ed3cc7334ff9820aa09a555870d7a87f6e010ef79992c0e073ca669c1cecfa205d84bcc7dfb12431d52dcd
7
- data.tar.gz: ddeeebe28cfa0d21906bfc5ad30320cd81e9ddfc506bdf10ec7e0462913451d1ab087192a35d82db832c34b079bd066b275a2acb374b054c04a3217c4486a697
6
+ metadata.gz: 2a538299023942027e90ae24dfdb09805384a9adec19c94ce3022237959732fec0b4ea7666982f172a4f38d8984aafc56c1fd60f910565e8c4788bc014b32304
7
+ data.tar.gz: b6ac252eea9883d506350c0983c3955d74b896e0fe59b09f31ade5d67598156971f30b6c40b262c288d7cf54a1948da2100e40df985aecec4f54bbeb1ef00a5d
@@ -6,21 +6,33 @@
6
6
  # https://getcomposer.org/doc/articles/versions.md#writing-version-constraints #
7
7
  ################################################################################
8
8
 
9
+ require "sorbet-runtime"
10
+
11
+ require "dependabot/composer/requirement"
9
12
  require "dependabot/composer/update_checker"
10
13
  require "dependabot/composer/version"
11
- require "dependabot/composer/requirement"
14
+ require "dependabot/requirements_update_strategy"
12
15
 
13
16
  module Dependabot
14
17
  module Composer
15
18
  class UpdateChecker
16
19
  class RequirementsUpdater
20
+ extend T::Sig
21
+
17
22
  ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
18
23
  VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
19
24
  AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
20
25
  OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
21
26
  SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
22
- ALLOWED_UPDATE_STRATEGIES =
23
- %i(lockfile_only widen_ranges bump_versions bump_versions_if_necessary).freeze
27
+ ALLOWED_UPDATE_STRATEGIES = T.let(
28
+ [
29
+ RequirementsUpdateStrategy::LockfileOnly,
30
+ RequirementsUpdateStrategy::WidenRanges,
31
+ RequirementsUpdateStrategy::BumpVersions,
32
+ RequirementsUpdateStrategy::BumpVersionsIfNecessary
33
+ ].freeze,
34
+ T::Array[Dependabot::RequirementsUpdateStrategy]
35
+ )
24
36
 
25
37
  def initialize(requirements:, update_strategy:,
26
38
  latest_resolvable_version:)
@@ -36,7 +48,7 @@ module Dependabot
36
48
  end
37
49
 
38
50
  def updated_requirements
39
- return requirements if update_strategy == :lockfile_only
51
+ return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
40
52
  return requirements unless latest_resolvable_version
41
53
 
42
54
  requirements.map { |req| updated_requirement(req) }
@@ -67,13 +79,13 @@ module Dependabot
67
79
  return req if numeric_or_string_reqs.none?
68
80
  return updated_alias(req) if req_string.match?(ALIAS_REGEX)
69
81
  return req if req_satisfied_by_latest_resolvable?(req_string) &&
70
- update_strategy != :bump_versions
82
+ update_strategy != RequirementsUpdateStrategy::BumpVersions
71
83
 
72
84
  new_req =
73
85
  case update_strategy
74
- when :widen_ranges
86
+ when RequirementsUpdateStrategy::WidenRanges
75
87
  widen_requirement(req, or_separator)
76
- when :bump_versions, :bump_versions_if_necessary
88
+ when RequirementsUpdateStrategy::BumpVersions, RequirementsUpdateStrategy::BumpVersionsIfNecessary
77
89
  update_requirement_version(req, or_separator)
78
90
  end
79
91
 
@@ -2,10 +2,12 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "json"
5
+
6
+ require "dependabot/errors"
7
+ require "dependabot/requirements_update_strategy"
8
+ require "dependabot/shared_helpers"
5
9
  require "dependabot/update_checkers"
6
10
  require "dependabot/update_checkers/base"
7
- require "dependabot/shared_helpers"
8
- require "dependabot/errors"
9
11
 
10
12
  module Dependabot
11
13
  module Composer
@@ -70,15 +72,15 @@ module Dependabot
70
72
  end
71
73
 
72
74
  def requirements_unlocked_or_can_be?
73
- requirements_update_strategy != :lockfile_only
75
+ requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
74
76
  end
75
77
 
76
78
  def requirements_update_strategy
77
79
  # If passed in as an option (in the base class) honour that option
78
- return @requirements_update_strategy.to_sym if @requirements_update_strategy
80
+ return @requirements_update_strategy if @requirements_update_strategy
79
81
 
80
82
  # Otherwise, widen ranges for libraries and bump versions for apps
81
- library? ? :widen_ranges : :bump_versions_if_necessary
83
+ library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersionsIfNecessary
82
84
  end
83
85
 
84
86
  private
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.246.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-01 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.246.0
19
+ version: 0.247.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.246.0
26
+ version: 0.247.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-rspec
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 2.27.1
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 2.27.1
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: rubocop-sorbet
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -272,7 +286,7 @@ licenses:
272
286
  - Nonstandard
273
287
  metadata:
274
288
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
275
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
289
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
276
290
  post_install_message:
277
291
  rdoc_options: []
278
292
  require_paths: