RubyGems - dependabot-core - Versions diffs - 0.94.13 → 0.95.0 - Mend

dependabot-core 0.94.13 → 0.95.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

checksums.yaml +4 -4
metadata +13 -337
data/CHANGELOG.md +0 -7079
data/LICENSE +0 -39
data/README.md +0 -114
data/helpers/test/run.rb +0 -18
data/helpers/utils/git-credential-store-immutable +0 -10
data/lib/dependabot/clients/bitbucket.rb +0 -105
data/lib/dependabot/clients/github_with_retries.rb +0 -121
data/lib/dependabot/clients/gitlab.rb +0 -72
data/lib/dependabot/dependency.rb +0 -115
data/lib/dependabot/dependency_file.rb +0 -60
data/lib/dependabot/errors.rb +0 -179
data/lib/dependabot/file_fetchers/README.md +0 -65
data/lib/dependabot/file_fetchers/base.rb +0 -368
data/lib/dependabot/file_fetchers.rb +0 -18
data/lib/dependabot/file_parsers/README.md +0 -45
data/lib/dependabot/file_parsers/base/dependency_set.rb +0 -77
data/lib/dependabot/file_parsers/base.rb +0 -31
data/lib/dependabot/file_parsers.rb +0 -18
data/lib/dependabot/file_updaters/README.md +0 -58
data/lib/dependabot/file_updaters/base.rb +0 -52
data/lib/dependabot/file_updaters.rb +0 -18
data/lib/dependabot/git_commit_checker.rb +0 -412
data/lib/dependabot/metadata_finders/README.md +0 -53
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +0 -321
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +0 -177
data/lib/dependabot/metadata_finders/base/commits_finder.rb +0 -221
data/lib/dependabot/metadata_finders/base/release_finder.rb +0 -255
data/lib/dependabot/metadata_finders/base.rb +0 -117
data/lib/dependabot/metadata_finders.rb +0 -18
data/lib/dependabot/pull_request_creator/branch_namer.rb +0 -170
data/lib/dependabot/pull_request_creator/commit_signer.rb +0 -63
data/lib/dependabot/pull_request_creator/github.rb +0 -277
data/lib/dependabot/pull_request_creator/gitlab.rb +0 -136
data/lib/dependabot/pull_request_creator/labeler.rb +0 -373
data/lib/dependabot/pull_request_creator/message_builder.rb +0 -906
data/lib/dependabot/pull_request_creator.rb +0 -153
data/lib/dependabot/pull_request_updater/github.rb +0 -165
data/lib/dependabot/pull_request_updater.rb +0 -43
data/lib/dependabot/shared_helpers.rb +0 -224
data/lib/dependabot/source.rb +0 -120
data/lib/dependabot/update_checkers/README.md +0 -67
data/lib/dependabot/update_checkers/base.rb +0 -220
data/lib/dependabot/update_checkers.rb +0 -18
data/lib/dependabot/utils.rb +0 -33
data/lib/dependabot/version.rb +0 -5
data/lib/dependabot.rb +0 -4
data/lib/rubygems_version_patch.rb +0 -14

data/lib/dependabot/update_checkers/README.md DELETED Viewed

@@ -1,67 +0,0 @@
-# Update checkers
-Update checkers check whether a given dependency is up-to-date. If it isn't,
-they augment it with details of the version to update to.
-There is a `Dependabot::UpdateCheckers` class for each language Dependabot
-supports.
-## Public API
-Each `Dependabot::UpdateCheckers` class implements the following methods:
-| Method                       | Description                                                                                   |
-|------------------------------|-----------------------------------------------------------------------------------------------|
-| `#up_to_date?`               | Returns a boolean for whether the dependency this instance was created with is currently at the latest version. |
-| `#can_update?`               | Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable. |
-| `#updated_dependencies`      | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous valuse are stored on the instance as `previous_version` and `previous_requirements`. |
-| `#latest_version`            | See the "Writing an update checker" section. |
-| `#latest_resolvable_version` | See the "Writing an update checker" section. |
-| `#updated_requirements`      | See the "Writing an update checker" section. |
-An integration might look as follows:
-```ruby
-require 'dependabot/update_checkers'
-dependency = dependencies.first
-update_checker_class = Dependabot::UpdateCheckers::Ruby::Bundler
-update_checker = update_checker_class.new(
-  dependency: dependency,
-  dependency_files: files,
-  credentials: [{
-    "type" => "git_source",
-    "host" => "github.com",
-    "username" => "x-access-token",
-    "password" => "token"
-  }]
-)
-puts "Update needed for #{dependency.name}? "\
-     "#{update_checker.can_update?(requirements_to_update: :own)}"
-```
-## Writing an update checker for a new language
-All new update checkers should inherit from `Dependabot::UpdateCheckers::Base` and
-implement the following methods:
-| Method                       | Description                                                                                   |
-|------------------------------|-----------------------------------------------------------------------------------------------|
-| `#latest_version`            | The latest version of the dependency, ignoring resolvability. This is used to short-circuit update checking when the dependency is already at the latest version (since checking resolvability is typically slow). |
-| `#latest_resolvable_version` | The latest version of the dependency that will still allow the full dependency set to resolve. |
-| `#latest_resolvable_version_with_no_unlock` | The latest version of the dependency that satisfies the dependency's current version constraints and will still allow the full dependency set to resolve. |
-| `#updated_requirements`      | An updated set of requirements for the dependency that should replace the existing requirements in the manifest file. Use by the file updater class when updating the manifest file. |
-| `#latest_version_resolvable_with_full_unlock?` | A boolean for whether the latest version can be resolved if all other dependencies are unlocked in the manifest file. Can be set to always return `false` if multi-dependency updates aren't yet supported. |
-| `#updated_dependencies_after_full_unlock` | And updated set of dependencies after a full unlock and update has taken place. Not required if `latest_version_resolvable_with_full_unlock?` always returns false. |
-To ensure the above are implemented, you should include
-`it_behaves_like "a dependency update checker"` in your specs for the new update
-checker.
-Writing update checkers generally gets tricky when resolvability has to
-be taken into account. It is almost always easiest to do so in the language your
-update checker relates to, so you may wish to shell out to that language. See
-`UpdateCheckers::Php::Composer` for an example of how to do so.

data/lib/dependabot/update_checkers/base.rb DELETED Viewed

@@ -1,220 +0,0 @@
-# frozen_string_literal: true
-require "json"
-require "dependabot/utils"
-module Dependabot
-  module UpdateCheckers
-    class Base
-      attr_reader :dependency, :dependency_files, :credentials,
-                  :ignored_versions, :requirements_update_strategy
-      def initialize(dependency:, dependency_files:, credentials:,
-                     ignored_versions: [], requirements_update_strategy: nil)
-        @dependency = dependency
-        @dependency_files = dependency_files
-        @credentials = credentials
-        @requirements_update_strategy = requirements_update_strategy
-        @ignored_versions = ignored_versions
-      end
-      def up_to_date?
-        if dependency.appears_in_lockfile?
-          version_up_to_date?
-        else
-          requirements_up_to_date?
-        end
-      end
-      def can_update?(requirements_to_unlock:)
-        if dependency.appears_in_lockfile?
-          version_can_update?(requirements_to_unlock: requirements_to_unlock)
-        else
-          # TODO: Handle full unlock updates for dependencies without a lockfile
-          return false if requirements_to_unlock == :none
-          requirements_can_update?
-        end
-      end
-      def updated_dependencies(requirements_to_unlock:)
-        unless can_update?(requirements_to_unlock: requirements_to_unlock)
-          return []
-        end
-        case requirements_to_unlock&.to_sym
-        when :none then [updated_dependency_without_unlock]
-        when :own then [updated_dependency_with_own_req_unlock]
-        when :all then updated_dependencies_after_full_unlock
-        else raise "Unknown unlock level '#{requirements_to_unlock}'"
-        end
-      end
-      def latest_version
-        raise NotImplementedError
-      end
-      def latest_resolvable_version
-        raise NotImplementedError
-      end
-      def latest_resolvable_version_with_no_unlock
-        raise NotImplementedError
-      end
-      def updated_requirements
-        raise NotImplementedError
-      end
-      def version_class
-        Utils.version_class_for_package_manager(dependency.package_manager)
-      end
-      def requirement_class
-        Utils.requirement_class_for_package_manager(dependency.package_manager)
-      end
-      # For some langauges, the manifest file may be constructed such that
-      # Dependabot has no way to update it (e.g., if it fetches its versions
-      # from a web API). This method is overridden in those cases.
-      def requirements_unlocked_or_can_be?
-        true
-      end
-      private
-      def latest_version_resolvable_with_full_unlock?
-        raise NotImplementedError
-      end
-      def updated_dependency_without_unlock
-        Dependency.new(
-          name: dependency.name,
-          version: latest_resolvable_version_with_no_unlock.to_s,
-          requirements: dependency.requirements,
-          previous_version: dependency.version,
-          previous_requirements: dependency.requirements,
-          package_manager: dependency.package_manager
-        )
-      end
-      def updated_dependency_with_own_req_unlock
-        Dependency.new(
-          name: dependency.name,
-          version: latest_resolvable_version.to_s,
-          requirements: updated_requirements,
-          previous_version: dependency.version,
-          previous_requirements: dependency.requirements,
-          package_manager: dependency.package_manager
-        )
-      end
-      def updated_dependencies_after_full_unlock
-        raise NotImplementedError
-      end
-      def version_up_to_date?
-        return sha1_version_up_to_date? if existing_version_is_sha?
-        numeric_version_up_to_date?
-      end
-      def version_can_update?(requirements_to_unlock:)
-        if existing_version_is_sha?
-          return sha1_version_can_update?(
-            requirements_to_unlock: requirements_to_unlock
-          )
-        end
-        numeric_version_can_update?(
-          requirements_to_unlock: requirements_to_unlock
-        )
-      end
-      def existing_version_is_sha?
-        return false if version_class.correct?(dependency.version)
-        dependency.version.match?(/^[0-9a-f]{6,}$/)
-      end
-      def sha1_version_up_to_date?
-        latest_version&.to_s&.start_with?(dependency.version)
-      end
-      def sha1_version_can_update?(requirements_to_unlock:)
-        return false if sha1_version_up_to_date?
-        # All we can do with SHA-1 hashes is check for presence and equality
-        case requirements_to_unlock&.to_sym
-        when :none
-          new_version = latest_resolvable_version_with_no_unlock
-          new_version && !new_version.to_s.start_with?(dependency.version)
-        when :own
-          new_version = latest_resolvable_version
-          new_version && !new_version.to_s.start_with?(dependency.version)
-        when :all
-          latest_version_resolvable_with_full_unlock?
-        else raise "Unknown unlock level '#{requirements_to_unlock}'"
-        end
-      end
-      def numeric_version_up_to_date?
-        return false unless latest_version
-        # If a lockfile isn't out of date and the package has switched to a git
-        # source then we'll get a numeric version switching to a git SHA. In
-        # this case we treat the verison as up-to-date so that it's ignored.
-        return true if latest_version.to_s.match?(/^[0-9a-f]{40}$/)
-        latest_version <= version_class.new(dependency.version)
-      end
-      def numeric_version_can_update?(requirements_to_unlock:)
-        return false if numeric_version_up_to_date?
-        case requirements_to_unlock&.to_sym
-        when :none
-          new_version = latest_resolvable_version_with_no_unlock
-          new_version && new_version > version_class.new(dependency.version)
-        when :own
-          new_version = latest_resolvable_version
-          new_version && new_version > version_class.new(dependency.version)
-        when :all
-          latest_version_resolvable_with_full_unlock?
-        else raise "Unknown unlock level '#{requirements_to_unlock}'"
-        end
-      end
-      def requirements_up_to_date?
-        return true if (updated_requirements - dependency.requirements).none?
-        return false unless latest_version
-        return false unless version_class.correct?(latest_version.to_s)
-        return false unless version_from_requirements
-        version_from_requirements >= version_class.new(latest_version.to_s)
-      end
-      def version_from_requirements
-        @version_from_requirements ||=
-          dependency.requirements.map { |r| r.fetch(:requirement) }.compact.
-          flat_map { |req_str| requirement_class.requirements_array(req_str) }.
-          flat_map(&:requirements).
-          reject { |req_array| req_array.first.start_with?("<") }.
-          map(&:last).
-          max
-      end
-      def requirements_can_update?
-        changed_reqs = updated_requirements - dependency.requirements
-        return false if changed_reqs.none?
-        changed_reqs.none? { |r| r[:requirement] == :unfixable }
-      end
-      def ignore_reqs
-        ignored_versions.map { |req| requirement_class.new(req.split(",")) }
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers.rb DELETED Viewed

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-module Dependabot
-  module UpdateCheckers
-    @update_checkers = {}
-    def self.for_package_manager(package_manager)
-      update_checker = @update_checkers[package_manager]
-      return update_checker if update_checker
-      raise "Unsupported package_manager #{package_manager}"
-    end
-    def self.register(package_manager, update_checker)
-      @update_checkers[package_manager] = update_checker
-    end
-  end
-end

data/lib/dependabot/utils.rb DELETED Viewed

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-# TODO: in due course, these "registries" should live in a wrapper gem, not
-#       dependabot-core.
-module Dependabot
-  module Utils
-    @version_classes = {}
-    def self.version_class_for_package_manager(package_manager)
-      version_class = @version_classes[package_manager]
-      return version_class if version_class
-      raise "Unsupported package_manager #{package_manager}"
-    end
-    def self.register_version_class(package_manager, version_class)
-      @version_classes[package_manager] = version_class
-    end
-    @requirement_classes = {}
-    def self.requirement_class_for_package_manager(package_manager)
-      requirement_class = @requirement_classes[package_manager]
-      return requirement_class if requirement_class
-      raise "Unsupported package_manager #{package_manager}"
-    end
-    def self.register_requirement_class(package_manager, requirement_class)
-      @requirement_classes[package_manager] = requirement_class
-    end
-  end
-end

data/lib/dependabot/version.rb DELETED Viewed

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-module Dependabot
-  VERSION = "0.94.13"
-end

data/lib/dependabot.rb DELETED Viewed

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-module Dependabot
-end

data/lib/rubygems_version_patch.rb DELETED Viewed

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-require "rubygems/version"
-# Opt in to Rubygems 4 behaviour
-module Gem
-  class Version
-    def self.correct?(version)
-      return false if version.nil?
-      version.to_s.match?(ANCHORED_VERSION_PATTERN)
-    end
-  end
-end