dependabot-core 0.94.13 → 0.95.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. metadata +13 -337
  3. data/CHANGELOG.md +0 -7079
  4. data/LICENSE +0 -39
  5. data/README.md +0 -114
  6. data/helpers/test/run.rb +0 -18
  7. data/helpers/utils/git-credential-store-immutable +0 -10
  8. data/lib/dependabot/clients/bitbucket.rb +0 -105
  9. data/lib/dependabot/clients/github_with_retries.rb +0 -121
  10. data/lib/dependabot/clients/gitlab.rb +0 -72
  11. data/lib/dependabot/dependency.rb +0 -115
  12. data/lib/dependabot/dependency_file.rb +0 -60
  13. data/lib/dependabot/errors.rb +0 -179
  14. data/lib/dependabot/file_fetchers/README.md +0 -65
  15. data/lib/dependabot/file_fetchers/base.rb +0 -368
  16. data/lib/dependabot/file_fetchers.rb +0 -18
  17. data/lib/dependabot/file_parsers/README.md +0 -45
  18. data/lib/dependabot/file_parsers/base/dependency_set.rb +0 -77
  19. data/lib/dependabot/file_parsers/base.rb +0 -31
  20. data/lib/dependabot/file_parsers.rb +0 -18
  21. data/lib/dependabot/file_updaters/README.md +0 -58
  22. data/lib/dependabot/file_updaters/base.rb +0 -52
  23. data/lib/dependabot/file_updaters.rb +0 -18
  24. data/lib/dependabot/git_commit_checker.rb +0 -412
  25. data/lib/dependabot/metadata_finders/README.md +0 -53
  26. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +0 -321
  27. data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +0 -177
  28. data/lib/dependabot/metadata_finders/base/commits_finder.rb +0 -221
  29. data/lib/dependabot/metadata_finders/base/release_finder.rb +0 -255
  30. data/lib/dependabot/metadata_finders/base.rb +0 -117
  31. data/lib/dependabot/metadata_finders.rb +0 -18
  32. data/lib/dependabot/pull_request_creator/branch_namer.rb +0 -170
  33. data/lib/dependabot/pull_request_creator/commit_signer.rb +0 -63
  34. data/lib/dependabot/pull_request_creator/github.rb +0 -277
  35. data/lib/dependabot/pull_request_creator/gitlab.rb +0 -136
  36. data/lib/dependabot/pull_request_creator/labeler.rb +0 -373
  37. data/lib/dependabot/pull_request_creator/message_builder.rb +0 -906
  38. data/lib/dependabot/pull_request_creator.rb +0 -153
  39. data/lib/dependabot/pull_request_updater/github.rb +0 -165
  40. data/lib/dependabot/pull_request_updater.rb +0 -43
  41. data/lib/dependabot/shared_helpers.rb +0 -224
  42. data/lib/dependabot/source.rb +0 -120
  43. data/lib/dependabot/update_checkers/README.md +0 -67
  44. data/lib/dependabot/update_checkers/base.rb +0 -220
  45. data/lib/dependabot/update_checkers.rb +0 -18
  46. data/lib/dependabot/utils.rb +0 -33
  47. data/lib/dependabot/version.rb +0 -5
  48. data/lib/dependabot.rb +0 -4
  49. data/lib/rubygems_version_patch.rb +0 -14
@@ -1,67 +0,0 @@
1
- # Update checkers
2
-
3
- Update checkers check whether a given dependency is up-to-date. If it isn't,
4
- they augment it with details of the version to update to.
5
-
6
- There is a `Dependabot::UpdateCheckers` class for each language Dependabot
7
- supports.
8
-
9
- ## Public API
10
-
11
- Each `Dependabot::UpdateCheckers` class implements the following methods:
12
-
13
- | Method | Description |
14
- |------------------------------|-----------------------------------------------------------------------------------------------|
15
- | `#up_to_date?` | Returns a boolean for whether the dependency this instance was created with is currently at the latest version. |
16
- | `#can_update?` | Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable. |
17
- | `#updated_dependencies` | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous valuse are stored on the instance as `previous_version` and `previous_requirements`. |
18
- | `#latest_version` | See the "Writing an update checker" section. |
19
- | `#latest_resolvable_version` | See the "Writing an update checker" section. |
20
- | `#updated_requirements` | See the "Writing an update checker" section. |
21
-
22
- An integration might look as follows:
23
-
24
- ```ruby
25
- require 'dependabot/update_checkers'
26
-
27
- dependency = dependencies.first
28
-
29
- update_checker_class = Dependabot::UpdateCheckers::Ruby::Bundler
30
- update_checker = update_checker_class.new(
31
- dependency: dependency,
32
- dependency_files: files,
33
- credentials: [{
34
- "type" => "git_source",
35
- "host" => "github.com",
36
- "username" => "x-access-token",
37
- "password" => "token"
38
- }]
39
- )
40
-
41
- puts "Update needed for #{dependency.name}? "\
42
- "#{update_checker.can_update?(requirements_to_update: :own)}"
43
- ```
44
-
45
- ## Writing an update checker for a new language
46
-
47
- All new update checkers should inherit from `Dependabot::UpdateCheckers::Base` and
48
- implement the following methods:
49
-
50
- | Method | Description |
51
- |------------------------------|-----------------------------------------------------------------------------------------------|
52
- | `#latest_version` | The latest version of the dependency, ignoring resolvability. This is used to short-circuit update checking when the dependency is already at the latest version (since checking resolvability is typically slow). |
53
- | `#latest_resolvable_version` | The latest version of the dependency that will still allow the full dependency set to resolve. |
54
- | `#latest_resolvable_version_with_no_unlock` | The latest version of the dependency that satisfies the dependency's current version constraints and will still allow the full dependency set to resolve. |
55
- | `#updated_requirements` | An updated set of requirements for the dependency that should replace the existing requirements in the manifest file. Use by the file updater class when updating the manifest file. |
56
- | `#latest_version_resolvable_with_full_unlock?` | A boolean for whether the latest version can be resolved if all other dependencies are unlocked in the manifest file. Can be set to always return `false` if multi-dependency updates aren't yet supported. |
57
- | `#updated_dependencies_after_full_unlock` | And updated set of dependencies after a full unlock and update has taken place. Not required if `latest_version_resolvable_with_full_unlock?` always returns false. |
58
-
59
-
60
- To ensure the above are implemented, you should include
61
- `it_behaves_like "a dependency update checker"` in your specs for the new update
62
- checker.
63
-
64
- Writing update checkers generally gets tricky when resolvability has to
65
- be taken into account. It is almost always easiest to do so in the language your
66
- update checker relates to, so you may wish to shell out to that language. See
67
- `UpdateCheckers::Php::Composer` for an example of how to do so.
@@ -1,220 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "json"
4
- require "dependabot/utils"
5
-
6
- module Dependabot
7
- module UpdateCheckers
8
- class Base
9
- attr_reader :dependency, :dependency_files, :credentials,
10
- :ignored_versions, :requirements_update_strategy
11
-
12
- def initialize(dependency:, dependency_files:, credentials:,
13
- ignored_versions: [], requirements_update_strategy: nil)
14
- @dependency = dependency
15
- @dependency_files = dependency_files
16
- @credentials = credentials
17
- @requirements_update_strategy = requirements_update_strategy
18
- @ignored_versions = ignored_versions
19
- end
20
-
21
- def up_to_date?
22
- if dependency.appears_in_lockfile?
23
- version_up_to_date?
24
- else
25
- requirements_up_to_date?
26
- end
27
- end
28
-
29
- def can_update?(requirements_to_unlock:)
30
- if dependency.appears_in_lockfile?
31
- version_can_update?(requirements_to_unlock: requirements_to_unlock)
32
- else
33
- # TODO: Handle full unlock updates for dependencies without a lockfile
34
- return false if requirements_to_unlock == :none
35
-
36
- requirements_can_update?
37
- end
38
- end
39
-
40
- def updated_dependencies(requirements_to_unlock:)
41
- unless can_update?(requirements_to_unlock: requirements_to_unlock)
42
- return []
43
- end
44
-
45
- case requirements_to_unlock&.to_sym
46
- when :none then [updated_dependency_without_unlock]
47
- when :own then [updated_dependency_with_own_req_unlock]
48
- when :all then updated_dependencies_after_full_unlock
49
- else raise "Unknown unlock level '#{requirements_to_unlock}'"
50
- end
51
- end
52
-
53
- def latest_version
54
- raise NotImplementedError
55
- end
56
-
57
- def latest_resolvable_version
58
- raise NotImplementedError
59
- end
60
-
61
- def latest_resolvable_version_with_no_unlock
62
- raise NotImplementedError
63
- end
64
-
65
- def updated_requirements
66
- raise NotImplementedError
67
- end
68
-
69
- def version_class
70
- Utils.version_class_for_package_manager(dependency.package_manager)
71
- end
72
-
73
- def requirement_class
74
- Utils.requirement_class_for_package_manager(dependency.package_manager)
75
- end
76
-
77
- # For some langauges, the manifest file may be constructed such that
78
- # Dependabot has no way to update it (e.g., if it fetches its versions
79
- # from a web API). This method is overridden in those cases.
80
- def requirements_unlocked_or_can_be?
81
- true
82
- end
83
-
84
- private
85
-
86
- def latest_version_resolvable_with_full_unlock?
87
- raise NotImplementedError
88
- end
89
-
90
- def updated_dependency_without_unlock
91
- Dependency.new(
92
- name: dependency.name,
93
- version: latest_resolvable_version_with_no_unlock.to_s,
94
- requirements: dependency.requirements,
95
- previous_version: dependency.version,
96
- previous_requirements: dependency.requirements,
97
- package_manager: dependency.package_manager
98
- )
99
- end
100
-
101
- def updated_dependency_with_own_req_unlock
102
- Dependency.new(
103
- name: dependency.name,
104
- version: latest_resolvable_version.to_s,
105
- requirements: updated_requirements,
106
- previous_version: dependency.version,
107
- previous_requirements: dependency.requirements,
108
- package_manager: dependency.package_manager
109
- )
110
- end
111
-
112
- def updated_dependencies_after_full_unlock
113
- raise NotImplementedError
114
- end
115
-
116
- def version_up_to_date?
117
- return sha1_version_up_to_date? if existing_version_is_sha?
118
-
119
- numeric_version_up_to_date?
120
- end
121
-
122
- def version_can_update?(requirements_to_unlock:)
123
- if existing_version_is_sha?
124
- return sha1_version_can_update?(
125
- requirements_to_unlock: requirements_to_unlock
126
- )
127
- end
128
-
129
- numeric_version_can_update?(
130
- requirements_to_unlock: requirements_to_unlock
131
- )
132
- end
133
-
134
- def existing_version_is_sha?
135
- return false if version_class.correct?(dependency.version)
136
-
137
- dependency.version.match?(/^[0-9a-f]{6,}$/)
138
- end
139
-
140
- def sha1_version_up_to_date?
141
- latest_version&.to_s&.start_with?(dependency.version)
142
- end
143
-
144
- def sha1_version_can_update?(requirements_to_unlock:)
145
- return false if sha1_version_up_to_date?
146
-
147
- # All we can do with SHA-1 hashes is check for presence and equality
148
- case requirements_to_unlock&.to_sym
149
- when :none
150
- new_version = latest_resolvable_version_with_no_unlock
151
- new_version && !new_version.to_s.start_with?(dependency.version)
152
- when :own
153
- new_version = latest_resolvable_version
154
- new_version && !new_version.to_s.start_with?(dependency.version)
155
- when :all
156
- latest_version_resolvable_with_full_unlock?
157
- else raise "Unknown unlock level '#{requirements_to_unlock}'"
158
- end
159
- end
160
-
161
- def numeric_version_up_to_date?
162
- return false unless latest_version
163
-
164
- # If a lockfile isn't out of date and the package has switched to a git
165
- # source then we'll get a numeric version switching to a git SHA. In
166
- # this case we treat the verison as up-to-date so that it's ignored.
167
- return true if latest_version.to_s.match?(/^[0-9a-f]{40}$/)
168
-
169
- latest_version <= version_class.new(dependency.version)
170
- end
171
-
172
- def numeric_version_can_update?(requirements_to_unlock:)
173
- return false if numeric_version_up_to_date?
174
-
175
- case requirements_to_unlock&.to_sym
176
- when :none
177
- new_version = latest_resolvable_version_with_no_unlock
178
- new_version && new_version > version_class.new(dependency.version)
179
- when :own
180
- new_version = latest_resolvable_version
181
- new_version && new_version > version_class.new(dependency.version)
182
- when :all
183
- latest_version_resolvable_with_full_unlock?
184
- else raise "Unknown unlock level '#{requirements_to_unlock}'"
185
- end
186
- end
187
-
188
- def requirements_up_to_date?
189
- return true if (updated_requirements - dependency.requirements).none?
190
- return false unless latest_version
191
- return false unless version_class.correct?(latest_version.to_s)
192
- return false unless version_from_requirements
193
-
194
- version_from_requirements >= version_class.new(latest_version.to_s)
195
- end
196
-
197
- def version_from_requirements
198
- @version_from_requirements ||=
199
- dependency.requirements.map { |r| r.fetch(:requirement) }.compact.
200
- flat_map { |req_str| requirement_class.requirements_array(req_str) }.
201
- flat_map(&:requirements).
202
- reject { |req_array| req_array.first.start_with?("<") }.
203
- map(&:last).
204
- max
205
- end
206
-
207
- def requirements_can_update?
208
- changed_reqs = updated_requirements - dependency.requirements
209
-
210
- return false if changed_reqs.none?
211
-
212
- changed_reqs.none? { |r| r[:requirement] == :unfixable }
213
- end
214
-
215
- def ignore_reqs
216
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
217
- end
218
- end
219
- end
220
- end
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Dependabot
4
- module UpdateCheckers
5
- @update_checkers = {}
6
-
7
- def self.for_package_manager(package_manager)
8
- update_checker = @update_checkers[package_manager]
9
- return update_checker if update_checker
10
-
11
- raise "Unsupported package_manager #{package_manager}"
12
- end
13
-
14
- def self.register(package_manager, update_checker)
15
- @update_checkers[package_manager] = update_checker
16
- end
17
- end
18
- end
@@ -1,33 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # TODO: in due course, these "registries" should live in a wrapper gem, not
4
- # dependabot-core.
5
- module Dependabot
6
- module Utils
7
- @version_classes = {}
8
-
9
- def self.version_class_for_package_manager(package_manager)
10
- version_class = @version_classes[package_manager]
11
- return version_class if version_class
12
-
13
- raise "Unsupported package_manager #{package_manager}"
14
- end
15
-
16
- def self.register_version_class(package_manager, version_class)
17
- @version_classes[package_manager] = version_class
18
- end
19
-
20
- @requirement_classes = {}
21
-
22
- def self.requirement_class_for_package_manager(package_manager)
23
- requirement_class = @requirement_classes[package_manager]
24
- return requirement_class if requirement_class
25
-
26
- raise "Unsupported package_manager #{package_manager}"
27
- end
28
-
29
- def self.register_requirement_class(package_manager, requirement_class)
30
- @requirement_classes[package_manager] = requirement_class
31
- end
32
- end
33
- end
@@ -1,5 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Dependabot
4
- VERSION = "0.94.13"
5
- end
data/lib/dependabot.rb DELETED
@@ -1,4 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Dependabot
4
- end
@@ -1,14 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "rubygems/version"
4
-
5
- # Opt in to Rubygems 4 behaviour
6
- module Gem
7
- class Version
8
- def self.correct?(version)
9
- return false if version.nil?
10
-
11
- version.to_s.match?(ANCHORED_VERSION_PATTERN)
12
- end
13
- end
14
- end