dependabot-git_submodules 0.242.1 → 0.243.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 716dd72f8facbeeaef3091f023c30cfe54bbb375075dadacd47f5e4ae5cd9ac3
4
- data.tar.gz: be4b3ddfed7bcdc7190e8840d4e2c3fa02be9a9bfe958bea7c43e5bcba22abfc
3
+ metadata.gz: 501cfe638fdfb8bf8da3db2bd6c77a6c355a9310c98ce0c44a5c80b304f38cb7
4
+ data.tar.gz: 4e430039d30a9b4e06a45fb902fe9151062d066e34c69035ae176f51167c708e
5
5
  SHA512:
6
- metadata.gz: 783288c98a26fb637445c2ad00593ffe40e86c6c20282fe044be2c498210ef58ac5407bfef4737f23f7059df57a7309ddb84d80dbe537350fb384ad5a5f5021d
7
- data.tar.gz: 88c00f172454bd0d23201005e0a65c6612731cf26d3b0b8ec32a6d6a21c8f45cf913403fc871fa713159a60805227392768d2aee01a920ff98e80723cd75f47d
6
+ metadata.gz: 2e00d73c5ea20bb0cb12c807a2ccc2d4b3555abcab5da3110c99d0457639637d23220df65bc51ae3ac7bcb5b0b2d84cafbc4e3a4c22395df78f202717126f92c
7
+ data.tar.gz: df68426cf7f3d3adb96e585ffa72f6a67f6e37e696fb3f7c29084d197b965694b1406aa8ebc9ab8887b0be2fec5115f78f28c28ff32fa33bb4a59c8b8c83933c
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parseconfig"
@@ -13,10 +13,12 @@ module Dependabot
13
13
  extend T::Sig
14
14
  extend T::Helpers
15
15
 
16
+ sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
16
17
  def self.required_files_in?(filenames)
17
18
  filenames.include?(".gitmodules")
18
19
  end
19
20
 
21
+ sig { override.returns(String) }
20
22
  def self.required_files_message
21
23
  "Repo must contain a .gitmodules file."
22
24
  end
@@ -31,26 +33,40 @@ module Dependabot
31
33
 
32
34
  private
33
35
 
36
+ sig { returns(Dependabot::DependencyFile) }
34
37
  def gitmodules_file
35
- @gitmodules_file ||= fetch_file_from_host(".gitmodules")
38
+ @gitmodules_file ||=
39
+ T.let(
40
+ fetch_file_from_host(".gitmodules"),
41
+ T.nilable(Dependabot::DependencyFile)
42
+ )
36
43
  end
37
44
 
45
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
38
46
  def submodule_refs
39
47
  @submodule_refs ||=
40
- submodule_paths
41
- .map { |path| fetch_submodule_ref_from_host(path) }
42
- .tap { |refs| refs.each { |f| f.support_file = true } }
43
- .uniq
48
+ T.let(
49
+ submodule_paths
50
+ .map { |path| fetch_submodule_ref_from_host(path) }
51
+ .tap { |refs| refs.each { |f| f.support_file = true } }
52
+ .uniq,
53
+ T.nilable(T::Array[Dependabot::DependencyFile])
54
+ )
44
55
  end
45
56
 
57
+ sig { returns(T::Array[String]) }
46
58
  def submodule_paths
47
59
  @submodule_paths ||=
48
- Dependabot::SharedHelpers.in_a_temporary_directory do
49
- File.write(".gitmodules", gitmodules_file.content)
50
- ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
51
- end
60
+ T.let(
61
+ Dependabot::SharedHelpers.in_a_temporary_directory do
62
+ File.write(".gitmodules", gitmodules_file.content)
63
+ ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
64
+ end,
65
+ T.nilable(T::Array[String])
66
+ )
52
67
  end
53
68
 
69
+ sig { params(submodule_path: T.nilable(String)).returns(Dependabot::DependencyFile) }
54
70
  def fetch_submodule_ref_from_host(submodule_path)
55
71
  path = Pathname.new(File.join(directory, submodule_path))
56
72
  .cleanpath.to_path.gsub(%r{^/*}, "")
@@ -61,7 +77,7 @@ module Dependabot
61
77
  tmp_path = path.gsub(%r{^/*}, "")
62
78
  T.unsafe(gitlab_client).get_file(repo, tmp_path, commit).blob_id
63
79
  when "azure"
64
- azure_client.fetch_file_contents(commit, path)
80
+ azure_client.fetch_file_contents(T.must(commit), path)
65
81
  else raise "Unsupported provider '#{source.provider}'."
66
82
  end
67
83
 
@@ -77,6 +93,7 @@ module Dependabot
77
93
  raise Dependabot::DependencyFileNotFound, path
78
94
  end
79
95
 
96
+ sig { params(path: String).returns(String) }
80
97
  def fetch_github_submodule_commit(path)
81
98
  content = T.unsafe(github_client).contents(
82
99
  repo,
@@ -1,7 +1,9 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parseconfig"
5
+ require "sorbet-runtime"
6
+
5
7
  require "dependabot/dependency"
6
8
  require "dependabot/file_parsers"
7
9
  require "dependabot/file_parsers/base"
@@ -10,6 +12,9 @@ require "dependabot/shared_helpers"
10
12
  module Dependabot
11
13
  module GitSubmodules
12
14
  class FileParser < Dependabot::FileParsers::Base
15
+ extend T::Sig
16
+
17
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
13
18
  def parse
14
19
  Dependabot::SharedHelpers.in_a_temporary_directory do
15
20
  File.write(".gitmodules", gitmodules_file.content)
@@ -39,6 +44,7 @@ module Dependabot
39
44
 
40
45
  private
41
46
 
47
+ sig { params(url: String).returns(String) }
42
48
  def absolute_url(url)
43
49
  # Submodules can be specified with a relative URL (e.g., ../repo.git)
44
50
  # which we want to expand out into a full URL if present.
@@ -48,6 +54,7 @@ module Dependabot
48
54
  "https://#{source&.hostname}/#{path.cleanpath}"
49
55
  end
50
56
 
57
+ sig { params(path: String).returns(T.nilable(String)) }
51
58
  def submodule_sha(path)
52
59
  submodule = dependency_files.find { |f| f.name == path }
53
60
  raise "Submodule not found #{path}" unless submodule
@@ -55,10 +62,16 @@ module Dependabot
55
62
  submodule.content
56
63
  end
57
64
 
65
+ sig { returns(Dependabot::DependencyFile) }
58
66
  def gitmodules_file
59
- @gitmodules_file ||= get_original_file(".gitmodules")
67
+ @gitmodules_file ||=
68
+ T.let(
69
+ T.must(get_original_file(".gitmodules")),
70
+ T.nilable(Dependabot::DependencyFile)
71
+ )
60
72
  end
61
73
 
74
+ sig { override.void }
62
75
  def check_required_files
63
76
  %w(.gitmodules).each do |filename|
64
77
  raise "No #{filename}!" unless get_original_file(filename)
@@ -1,37 +1,52 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_updaters"
5
7
  require "dependabot/file_updaters/base"
6
8
 
7
9
  module Dependabot
8
10
  module GitSubmodules
9
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
+ extend T::Sig
13
+
14
+ sig { override.returns(T::Array[Regexp]) }
10
15
  def self.updated_files_regex
11
16
  []
12
17
  end
13
18
 
19
+ sig { override.returns(T::Array[Dependabot::DependencyFile]) }
14
20
  def updated_dependency_files
15
- [updated_file(file: submodule, content: dependency.version)]
21
+ [updated_file(file: submodule, content: T.must(dependency.version))]
16
22
  end
17
23
 
18
24
  private
19
25
 
26
+ sig { returns(Dependabot::Dependency) }
20
27
  def dependency
21
28
  # Git submodules will only ever be updating a single dependency
22
- dependencies.first
29
+ T.must(dependencies.first)
23
30
  end
24
31
 
32
+ sig { override.void }
25
33
  def check_required_files
26
34
  %w(.gitmodules).each do |filename|
27
35
  raise "No #{filename}!" unless get_original_file(filename)
28
36
  end
29
37
  end
30
38
 
39
+ sig { returns(Dependabot::DependencyFile) }
31
40
  def submodule
32
- @submodule ||= dependency_files.find do |file|
33
- file.name == dependency.name
34
- end
41
+ @submodule ||=
42
+ T.let(
43
+ T.must(
44
+ dependency_files.find do |file|
45
+ file.name == dependency.name
46
+ end
47
+ ),
48
+ T.nilable(Dependabot::DependencyFile)
49
+ )
35
50
  end
36
51
  end
37
52
  end
@@ -1,14 +1,19 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/metadata_finders"
5
7
  require "dependabot/metadata_finders/base"
6
8
 
7
9
  module Dependabot
8
10
  module GitSubmodules
9
11
  class MetadataFinder < Dependabot::MetadataFinders::Base
12
+ extend T::Sig
13
+
10
14
  private
11
15
 
16
+ sig { override.returns(T.nilable(Dependabot::Source)) }
12
17
  def look_up_source
13
18
  url = dependency.requirements.first&.fetch(:source)&.fetch(:url) ||
14
19
  dependency.requirements.first&.fetch(:source)&.fetch("url")
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -21,9 +21,10 @@ module Dependabot
21
21
 
22
22
  # Patches Gem::Requirement to make it accept requirement strings like
23
23
  # "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
24
+ sig { params(requirements: T.nilable(String)).void }
24
25
  def initialize(*requirements)
25
26
  requirements = requirements.flatten.flat_map do |req_string|
26
- req_string.split(",").map(&:strip)
27
+ req_string&.split(",")&.map(&:strip)
27
28
  end
28
29
 
29
30
  super(requirements)
@@ -1,6 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/update_checkers"
5
7
  require "dependabot/update_checkers/base"
6
8
  require "dependabot/git_submodules/version"
@@ -10,20 +12,30 @@ require "dependabot/git_submodules/requirement"
10
12
  module Dependabot
11
13
  module GitSubmodules
12
14
  class UpdateChecker < Dependabot::UpdateCheckers::Base
15
+ extend T::Sig
16
+
17
+ sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
13
18
  def latest_version
14
- @latest_version ||= fetch_latest_version
19
+ @latest_version ||=
20
+ T.let(
21
+ fetch_latest_version,
22
+ T.nilable(T.any(String, Gem::Version))
23
+ )
15
24
  end
16
25
 
26
+ sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
17
27
  def latest_resolvable_version
18
28
  # Resolvability isn't an issue for submodules.
19
29
  latest_version
20
30
  end
21
31
 
32
+ sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
22
33
  def latest_resolvable_version_with_no_unlock
23
34
  # No concept of "unlocking" for submodules
24
35
  latest_version
25
36
  end
26
37
 
38
+ sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
27
39
  def updated_requirements
28
40
  # Submodule requirements are the URL and branch to use for the
29
41
  # submodule. We never want to update either.
@@ -32,15 +44,18 @@ module Dependabot
32
44
 
33
45
  private
34
46
 
47
+ sig { override.returns(T::Boolean) }
35
48
  def latest_version_resolvable_with_full_unlock?
36
49
  # Full unlock checks aren't relevant for submodules
37
50
  false
38
51
  end
39
52
 
53
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
40
54
  def updated_dependencies_after_full_unlock
41
55
  raise NotImplementedError
42
56
  end
43
57
 
58
+ sig { returns(T.nilable(String)) }
44
59
  def fetch_latest_version
45
60
  git_commit_checker = Dependabot::GitCommitChecker.new(
46
61
  dependency: dependency,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-git_submodules
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.242.1
4
+ version: 0.243.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-23 00:00:00.000000000 Z
11
+ date: 2024-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.242.1
19
+ version: 0.243.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.242.1
26
+ version: 0.243.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parseconfig
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -261,7 +261,7 @@ licenses:
261
261
  - Nonstandard
262
262
  metadata:
263
263
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
264
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.242.1
264
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
265
265
  post_install_message:
266
266
  rdoc_options: []
267
267
  require_paths: