RubyGems - dependabot-elm - Versions diffs - 0.316.0 → 0.317.0 - Mend

dependabot-elm 0.316.0 → 0.317.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/elm/package/package_details_fetcher.rb +65 -0
data/lib/dependabot/elm/update_checker/{elm_19_version_resolver.rb → latest_version_finder.rb} +116 -6
data/lib/dependabot/elm/update_checker.rb +42 -65
metadata +6 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 34441e8c0b32ed0c7cdfd613c37fda2d516eba8a0e1a04db751688198cc95057
-  data.tar.gz: ccd6c792f1ab51bb5cb385ae87ea550a5f01af7337acecfbe1499ec83016dd5a
+  metadata.gz: 7968cf82c69ae8943a5e57f0f413fab605cdc72c47c5315040e5949a51ba86f2
+  data.tar.gz: 29821d940e253f2c8f8e10701521d58f942bbd2adfdaa35423b50d574606027c
 SHA512:
-  metadata.gz: ab4087fd840f3d4de8730b6a92dca3bfc8940dec9aef4c9087ee4c0950fa2677a8c28f1bcb7081f8f6c8c6f904e423a9784118de0c72334763057ef8d574d679
-  data.tar.gz: ed5f13d53cb94a9353c50fd8d68527b88e3f3f03ae46e0731245afceaa168f257b95aea0a62d76c12dbaef1944e2d2a2ac61698219c01237784c42b18a016e65
+  metadata.gz: 7ddb5556b029edd62b19f2d5856c9a8329bc5e8e3fe667877999a1c211f47f4888baebbdb4a406c0375c1841dbe88d42d89e27a8eb14db29fba6061397ae522b
+  data.tar.gz: 62221f67576047ed886feff7cc433a34bf2904e63bbf8c57846acfc79b0e76ea4afc06c5aa1f9f55f3df36e1fd30c7c5d8a6521546813275e859d85018bb6a5f

data/lib/dependabot/elm/package/package_details_fetcher.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# typed: strict
+# frozen_string_literal: true
+require "json"
+require "time"
+require "cgi"
+require "excon"
+require "nokogiri"
+require "sorbet-runtime"
+require "dependabot/registry_client"
+require "dependabot/elm"
+require "dependabot/elm/version"
+require "dependabot/package/package_release"
+require "dependabot/package/package_details"
+module Dependabot
+  module Elm
+    module Package
+      class PackageDetailsFetcher
+        extend T::Sig
+        sig do
+          params(
+            dependency: Dependabot::Dependency
+          ).void
+        end
+        def initialize(dependency:)
+          @dependency = dependency
+          @provider_url = T.let("https://package.elm-lang.org/packages/#{dependency.name}/releases.json",
+                                T.nilable(String))
+        end
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+        sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
+        def fetch_package_releases
+          releases = T.let([], T::Array[Dependabot::Package::PackageRelease])
+          begin
+            response = Dependabot::RegistryClient.get(
+              url: T.must(@provider_url)
+            )
+            return [] unless response.status == 200
+            package_metadata = JSON.parse(response.body)
+            package_metadata.each do |version, release_date|
+              releases << Dependabot::Package::PackageRelease.new(
+                version: Elm::Version.new(version),
+                released_at: release_date ? Time.at(release_date).to_time : nil
+              )
+            end
+            releases
+          rescue StandardError => e
+            Dependabot.logger.error("Error while fetching package info for elm packages: #{e.message}")
+            releases
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/elm/update_checker/{elm_19_version_resolver.rb → latest_version_finder.rb} RENAMED Viewed

@@ -1,20 +1,106 @@
 # typed: strict
 # frozen_string_literal: true
+require "excon"
+require "json"
+require "sorbet-runtime"
 require "open3"
 require "shellwords"
-require "dependabot/shared_helpers"
 require "dependabot/errors"
+require "dependabot/package/package_latest_version_finder"
+require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/elm/file_parser"
+require "dependabot/elm/package/package_details_fetcher"
+require "dependabot/elm/requirement"
 require "dependabot/elm/update_checker"
 require "dependabot/elm/update_checker/cli_parser"
 require "dependabot/elm/update_checker/requirements_updater"
-require "dependabot/elm/requirement"
 module Dependabot
   module Elm
     class UpdateChecker
-      class Elm19VersionResolver
+      class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
+        extend T::Sig
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String],
+            security_advisories: T::Array[Dependabot::SecurityAdvisory],
+            raise_on_ignored: T::Boolean,
+            options: T::Hash[Symbol, T.untyped],
+            cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
+          ).void
+        end
+        def initialize(
+          dependency:,
+          dependency_files:,
+          credentials:,
+          ignored_versions:,
+          security_advisories:,
+          raise_on_ignored:,
+          options: {},
+          cooldown_options: nil
+        )
+          @dependency          = dependency
+          @dependency_files    = dependency_files
+          @credentials         = credentials
+          @ignored_versions    = ignored_versions
+          @security_advisories = security_advisories
+          @raise_on_ignored    = raise_on_ignored
+          @options             = options
+          @cooldown_options = cooldown_options
+          super
+        end
+        sig { returns(Dependabot::Dependency) }
+        attr_reader :dependency
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+        sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
+        attr_reader :cooldown_options
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+        sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
+        attr_reader :security_advisories
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details; end
+        sig { returns(T.nilable(Dependabot::Version)) }
+        def release_version
+          releases = package_releases
+          releases = filter_ignored_versions(T.must(releases))
+          releases = filter_by_cooldown(releases)
+          releases.max_by(&:version)&.version
+        end
+        private
+        sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
+        def package_releases
+          @package_releases = T.let(Dependabot::Elm::Package::PackageDetailsFetcher
+            .new(dependency: dependency)
+            .fetch_package_releases, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
+        end
+        sig { override.returns(T::Boolean) }
+        def cooldown_enabled?
+          Dependabot::Experiments.enabled?(:enable_cooldown_for_elm)
+        end
+      end
+      ################################
+      ################################
+      #### ELM19 version finder ######
+      ################################
+      ################################
+      class Elm19LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
         extend T::Sig
         class UnrecoverableState < StandardError; end
@@ -22,12 +108,14 @@ module Dependabot
         sig do
           params(
             dependency: Dependabot::Dependency,
-            dependency_files: T::Array[Dependabot::DependencyFile]
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
           ).void
         end
-        def initialize(dependency:, dependency_files:)
+        def initialize(dependency:, dependency_files:, cooldown_options: nil)
           @dependency = dependency
           @dependency_files = dependency_files
+          @cooldown_options = cooldown_options
           @install_metadata = T.let(nil, T.nilable(T::Hash[String, Dependabot::Elm::Version]))
           @original_dependency_details ||= T.let(nil, T.nilable(T::Array[Dependabot::Dependency]))
@@ -85,13 +173,28 @@ module Dependabot
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+        sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
+        def package_releases
+          T.let(Dependabot::Elm::Package::PackageDetailsFetcher
+           .new(dependency: dependency)
+           .fetch_package_releases, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
+        end
         sig { params(unlock_requirement: Symbol).returns(T.nilable(Dependabot::Elm::Version)) }
         def fetch_latest_resolvable_version(unlock_requirement)
           changed_deps = install_metadata
           result = check_install_result(changed_deps)
           version_after_install = changed_deps.fetch(dependency.name)
+          # returns current version if new proposed version is in cooldown period
+          new_release = package_releases&.find { |release| release.version == version_after_install }
+          if cooldown_options && in_cooldown_period?(T.must(new_release))
+            Dependabot.logger.info("#{dependency.name} #{new_release} is in cooldown period," \
+                                   " returning current version #{current_version}")
+            return current_version
+          end
           # If the install was clean then we can definitely update
           return version_after_install if result == :clean_bump
@@ -114,6 +217,11 @@ module Dependabot
           :clean_bump
         end
+        sig { override.returns(T::Boolean) }
+        def cooldown_enabled?
+          Dependabot::Experiments.enabled?(:enable_cooldown_for_elm)
+        end
         sig { returns(T::Hash[String, Dependabot::Elm::Version]) }
         def install_metadata
           @install_metadata ||= parse_install_metadata
@@ -221,6 +329,8 @@ module Dependabot
         def requirement_class
           dependency.requirement_class
         end
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details; end
       end
     end
   end

data/lib/dependabot/elm/update_checker.rb CHANGED Viewed

@@ -13,34 +13,17 @@ module Dependabot
       extend T::Sig
       require_relative "update_checker/requirements_updater"
-      require_relative "update_checker/elm_19_version_resolver"
+      require_relative "update_checker/latest_version_finder"
       sig { override.returns(T.nilable(Dependabot::Version)) }
       def latest_version
-        @latest_version ||= T.let(candidate_versions.max, T.nilable(Dependabot::Version))
-      end
-      # Overwrite the base class to allow multi-dependency update PRs for
-      # dependencies for which we don't have a version.
-      sig { override.params(requirements_to_unlock: T.nilable(Symbol)).returns(T::Boolean) }
-      def can_update?(requirements_to_unlock:)
-        if dependency.appears_in_lockfile?
-          version_can_update?(requirements_to_unlock: requirements_to_unlock)
-        elsif requirements_to_unlock == :none
-          false
-        elsif requirements_to_unlock == :own
-          requirements_can_update?
-        elsif requirements_to_unlock == :all
-          updated_dependencies_after_full_unlock.any?
-        else
-          false
-        end
+        @latest_version ||= T.let(T.must(latest_version_finder).release_version, T.nilable(Dependabot::Version))
       end
       sig { override.returns(T.nilable(Dependabot::Version)) }
       def latest_resolvable_version
         @latest_resolvable_version ||= T.let(
-          version_resolver
+          latest_version_finder_elm19
           .latest_resolvable_version(unlock_requirement: :own), T.nilable(Dependabot::Version)
         )
       end
@@ -61,72 +44,66 @@ module Dependabot
         ).updated_requirements
       end
+      # Overwrite the base class to allow multi-dependency update PRs for
+      # dependencies for which we don't have a version.
+      sig { override.params(requirements_to_unlock: T.nilable(Symbol)).returns(T::Boolean) }
+      def can_update?(requirements_to_unlock:)
+        if dependency.appears_in_lockfile?
+          version_can_update?(requirements_to_unlock: requirements_to_unlock)
+        elsif requirements_to_unlock == :none
+          false
+        elsif requirements_to_unlock == :own
+          requirements_can_update?
+        elsif requirements_to_unlock == :all
+          updated_dependencies_after_full_unlock.any?
+        else
+          false
+        end
+      end
       private
-      sig { returns(Elm19VersionResolver) }
-      def version_resolver
-        @version_resolver ||= T.let(
+      sig { returns(Elm19LatestVersionFinder) }
+      def latest_version_finder_elm19
+        @latest_version_finder_elm19 ||= T.let(
           begin
             unless dependency.requirements.any? { |r| r.fetch(:file) == MANIFEST_FILE }
               raise Dependabot::DependencyFileNotResolvable, "No #{MANIFEST_FILE} found"
             end
-            Elm19VersionResolver.new(
+            Elm19LatestVersionFinder.new(
               dependency: dependency,
-              dependency_files: dependency_files
+              dependency_files: dependency_files,
+              cooldown_options: update_cooldown
             )
-          end, T.nilable(Elm19VersionResolver)
+          end, T.nilable(Elm19LatestVersionFinder)
         )
       end
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def updated_dependencies_after_full_unlock
-        version_resolver.updated_dependencies_after_full_unlock
+        latest_version_finder_elm19.updated_dependencies_after_full_unlock
       end
       sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
-        latest_version == version_resolver
+        latest_version == latest_version_finder_elm19
                           .latest_resolvable_version(unlock_requirement: :all)
       end
-      sig { returns(T::Array[Dependabot::Version]) }
-      def candidate_versions
-        filtered = all_versions
-                   .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
-        if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(all_versions).any?
-          raise AllVersionsIgnored
-        end
-        filtered
-      end
-      sig { params(versions_array: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
-      def filter_lower_versions(versions_array)
-        return versions_array unless current_version
-        versions_array
-          .select { |version| version > current_version }
-      end
-      sig { returns(T::Array[Dependabot::Version]) }
-      def all_versions
-        @all_versions ||= T.let(fetch_all_versions, T.nilable(T::Array[Dependabot::Version]))
-      end
-      sig { returns(T::Array[Dependabot::Version]) }
-      def fetch_all_versions
-        response = Dependabot::RegistryClient.get(
-          url: "https://package.elm-lang.org/packages/#{dependency.name}/releases.json"
-        )
-        return [] unless response.status == 200
-        JSON.parse(response.body)
-            .keys
-            .map { |v| version_class.new(v) }
-            .sort
+      sig { returns(T.nilable(Dependabot::Elm::UpdateChecker::LatestVersionFinder)) }
+      def latest_version_finder
+        @latest_version_finder ||=
+          T.let(LatestVersionFinder.new(
+                  dependency: dependency,
+                  credentials: credentials,
+                  dependency_files: dependency_files,
+                  security_advisories: security_advisories,
+                  ignored_versions: ignored_versions,
+                  raise_on_ignored: raise_on_ignored,
+                  cooldown_options: update_cooldown
+                ),
+                T.nilable(Dependabot::Elm::UpdateChecker::LatestVersionFinder))
       end
       # Overwrite the base class's requirements_up_to_date? method to instead

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-elm
 version: !ruby/object:Gem::Version
-  version: 0.316.0
+  version: 0.317.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.316.0
+        version: 0.317.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.316.0
+        version: 0.317.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -248,11 +248,12 @@ files:
 - lib/dependabot/elm/file_updater/elm_json_updater.rb
 - lib/dependabot/elm/language.rb
 - lib/dependabot/elm/metadata_finder.rb
+- lib/dependabot/elm/package/package_details_fetcher.rb
 - lib/dependabot/elm/package_manager.rb
 - lib/dependabot/elm/requirement.rb
 - lib/dependabot/elm/update_checker.rb
 - lib/dependabot/elm/update_checker/cli_parser.rb
-- lib/dependabot/elm/update_checker/elm_19_version_resolver.rb
+- lib/dependabot/elm/update_checker/latest_version_finder.rb
 - lib/dependabot/elm/update_checker/requirements_updater.rb
 - lib/dependabot/elm/version.rb
 homepage: https://github.com/dependabot/dependabot-core
@@ -260,7 +261,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.316.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.317.0
 rdoc_options: []
 require_paths:
 - lib