dependabot-git_submodules 0.242.1 → 0.243.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/git_submodules/file_fetcher.rb +28 -11
- data/lib/dependabot/git_submodules/file_parser.rb +15 -2
- data/lib/dependabot/git_submodules/file_updater.rb +21 -6
- data/lib/dependabot/git_submodules/metadata_finder.rb +6 -1
- data/lib/dependabot/git_submodules/requirement.rb +3 -2
- data/lib/dependabot/git_submodules/update_checker.rb +17 -2
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 501cfe638fdfb8bf8da3db2bd6c77a6c355a9310c98ce0c44a5c80b304f38cb7
|
|
4
|
+
data.tar.gz: 4e430039d30a9b4e06a45fb902fe9151062d066e34c69035ae176f51167c708e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e00d73c5ea20bb0cb12c807a2ccc2d4b3555abcab5da3110c99d0457639637d23220df65bc51ae3ac7bcb5b0b2d84cafbc4e3a4c22395df78f202717126f92c
|
|
7
|
+
data.tar.gz: df68426cf7f3d3adb96e585ffa72f6a67f6e37e696fb3f7c29084d197b965694b1406aa8ebc9ab8887b0be2fec5115f78f28c28ff32fa33bb4a59c8b8c83933c
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parseconfig"
|
|
@@ -13,10 +13,12 @@ module Dependabot
|
|
|
13
13
|
extend T::Sig
|
|
14
14
|
extend T::Helpers
|
|
15
15
|
|
|
16
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
16
17
|
def self.required_files_in?(filenames)
|
|
17
18
|
filenames.include?(".gitmodules")
|
|
18
19
|
end
|
|
19
20
|
|
|
21
|
+
sig { override.returns(String) }
|
|
20
22
|
def self.required_files_message
|
|
21
23
|
"Repo must contain a .gitmodules file."
|
|
22
24
|
end
|
|
@@ -31,26 +33,40 @@ module Dependabot
|
|
|
31
33
|
|
|
32
34
|
private
|
|
33
35
|
|
|
36
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
34
37
|
def gitmodules_file
|
|
35
|
-
@gitmodules_file ||=
|
|
38
|
+
@gitmodules_file ||=
|
|
39
|
+
T.let(
|
|
40
|
+
fetch_file_from_host(".gitmodules"),
|
|
41
|
+
T.nilable(Dependabot::DependencyFile)
|
|
42
|
+
)
|
|
36
43
|
end
|
|
37
44
|
|
|
45
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
38
46
|
def submodule_refs
|
|
39
47
|
@submodule_refs ||=
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
48
|
+
T.let(
|
|
49
|
+
submodule_paths
|
|
50
|
+
.map { |path| fetch_submodule_ref_from_host(path) }
|
|
51
|
+
.tap { |refs| refs.each { |f| f.support_file = true } }
|
|
52
|
+
.uniq,
|
|
53
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
|
54
|
+
)
|
|
44
55
|
end
|
|
45
56
|
|
|
57
|
+
sig { returns(T::Array[String]) }
|
|
46
58
|
def submodule_paths
|
|
47
59
|
@submodule_paths ||=
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
60
|
+
T.let(
|
|
61
|
+
Dependabot::SharedHelpers.in_a_temporary_directory do
|
|
62
|
+
File.write(".gitmodules", gitmodules_file.content)
|
|
63
|
+
ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
|
|
64
|
+
end,
|
|
65
|
+
T.nilable(T::Array[String])
|
|
66
|
+
)
|
|
52
67
|
end
|
|
53
68
|
|
|
69
|
+
sig { params(submodule_path: T.nilable(String)).returns(Dependabot::DependencyFile) }
|
|
54
70
|
def fetch_submodule_ref_from_host(submodule_path)
|
|
55
71
|
path = Pathname.new(File.join(directory, submodule_path))
|
|
56
72
|
.cleanpath.to_path.gsub(%r{^/*}, "")
|
|
@@ -61,7 +77,7 @@ module Dependabot
|
|
|
61
77
|
tmp_path = path.gsub(%r{^/*}, "")
|
|
62
78
|
T.unsafe(gitlab_client).get_file(repo, tmp_path, commit).blob_id
|
|
63
79
|
when "azure"
|
|
64
|
-
azure_client.fetch_file_contents(commit, path)
|
|
80
|
+
azure_client.fetch_file_contents(T.must(commit), path)
|
|
65
81
|
else raise "Unsupported provider '#{source.provider}'."
|
|
66
82
|
end
|
|
67
83
|
|
|
@@ -77,6 +93,7 @@ module Dependabot
|
|
|
77
93
|
raise Dependabot::DependencyFileNotFound, path
|
|
78
94
|
end
|
|
79
95
|
|
|
96
|
+
sig { params(path: String).returns(String) }
|
|
80
97
|
def fetch_github_submodule_commit(path)
|
|
81
98
|
content = T.unsafe(github_client).contents(
|
|
82
99
|
repo,
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parseconfig"
|
|
5
|
+
require "sorbet-runtime"
|
|
6
|
+
|
|
5
7
|
require "dependabot/dependency"
|
|
6
8
|
require "dependabot/file_parsers"
|
|
7
9
|
require "dependabot/file_parsers/base"
|
|
@@ -10,6 +12,9 @@ require "dependabot/shared_helpers"
|
|
|
10
12
|
module Dependabot
|
|
11
13
|
module GitSubmodules
|
|
12
14
|
class FileParser < Dependabot::FileParsers::Base
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
13
18
|
def parse
|
|
14
19
|
Dependabot::SharedHelpers.in_a_temporary_directory do
|
|
15
20
|
File.write(".gitmodules", gitmodules_file.content)
|
|
@@ -39,6 +44,7 @@ module Dependabot
|
|
|
39
44
|
|
|
40
45
|
private
|
|
41
46
|
|
|
47
|
+
sig { params(url: String).returns(String) }
|
|
42
48
|
def absolute_url(url)
|
|
43
49
|
# Submodules can be specified with a relative URL (e.g., ../repo.git)
|
|
44
50
|
# which we want to expand out into a full URL if present.
|
|
@@ -48,6 +54,7 @@ module Dependabot
|
|
|
48
54
|
"https://#{source&.hostname}/#{path.cleanpath}"
|
|
49
55
|
end
|
|
50
56
|
|
|
57
|
+
sig { params(path: String).returns(T.nilable(String)) }
|
|
51
58
|
def submodule_sha(path)
|
|
52
59
|
submodule = dependency_files.find { |f| f.name == path }
|
|
53
60
|
raise "Submodule not found #{path}" unless submodule
|
|
@@ -55,10 +62,16 @@ module Dependabot
|
|
|
55
62
|
submodule.content
|
|
56
63
|
end
|
|
57
64
|
|
|
65
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
58
66
|
def gitmodules_file
|
|
59
|
-
@gitmodules_file ||=
|
|
67
|
+
@gitmodules_file ||=
|
|
68
|
+
T.let(
|
|
69
|
+
T.must(get_original_file(".gitmodules")),
|
|
70
|
+
T.nilable(Dependabot::DependencyFile)
|
|
71
|
+
)
|
|
60
72
|
end
|
|
61
73
|
|
|
74
|
+
sig { override.void }
|
|
62
75
|
def check_required_files
|
|
63
76
|
%w(.gitmodules).each do |filename|
|
|
64
77
|
raise "No #{filename}!" unless get_original_file(filename)
|
|
@@ -1,37 +1,52 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/file_updaters"
|
|
5
7
|
require "dependabot/file_updaters/base"
|
|
6
8
|
|
|
7
9
|
module Dependabot
|
|
8
10
|
module GitSubmodules
|
|
9
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
14
|
+
sig { override.returns(T::Array[Regexp]) }
|
|
10
15
|
def self.updated_files_regex
|
|
11
16
|
[]
|
|
12
17
|
end
|
|
13
18
|
|
|
19
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
14
20
|
def updated_dependency_files
|
|
15
|
-
[updated_file(file: submodule, content: dependency.version)]
|
|
21
|
+
[updated_file(file: submodule, content: T.must(dependency.version))]
|
|
16
22
|
end
|
|
17
23
|
|
|
18
24
|
private
|
|
19
25
|
|
|
26
|
+
sig { returns(Dependabot::Dependency) }
|
|
20
27
|
def dependency
|
|
21
28
|
# Git submodules will only ever be updating a single dependency
|
|
22
|
-
dependencies.first
|
|
29
|
+
T.must(dependencies.first)
|
|
23
30
|
end
|
|
24
31
|
|
|
32
|
+
sig { override.void }
|
|
25
33
|
def check_required_files
|
|
26
34
|
%w(.gitmodules).each do |filename|
|
|
27
35
|
raise "No #{filename}!" unless get_original_file(filename)
|
|
28
36
|
end
|
|
29
37
|
end
|
|
30
38
|
|
|
39
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
31
40
|
def submodule
|
|
32
|
-
@submodule ||=
|
|
33
|
-
|
|
34
|
-
|
|
41
|
+
@submodule ||=
|
|
42
|
+
T.let(
|
|
43
|
+
T.must(
|
|
44
|
+
dependency_files.find do |file|
|
|
45
|
+
file.name == dependency.name
|
|
46
|
+
end
|
|
47
|
+
),
|
|
48
|
+
T.nilable(Dependabot::DependencyFile)
|
|
49
|
+
)
|
|
35
50
|
end
|
|
36
51
|
end
|
|
37
52
|
end
|
|
@@ -1,14 +1,19 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/metadata_finders"
|
|
5
7
|
require "dependabot/metadata_finders/base"
|
|
6
8
|
|
|
7
9
|
module Dependabot
|
|
8
10
|
module GitSubmodules
|
|
9
11
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
10
14
|
private
|
|
11
15
|
|
|
16
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
|
12
17
|
def look_up_source
|
|
13
18
|
url = dependency.requirements.first&.fetch(:source)&.fetch(:url) ||
|
|
14
19
|
dependency.requirements.first&.fetch(:source)&.fetch("url")
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -21,9 +21,10 @@ module Dependabot
|
|
|
21
21
|
|
|
22
22
|
# Patches Gem::Requirement to make it accept requirement strings like
|
|
23
23
|
# "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
|
|
24
|
+
sig { params(requirements: T.nilable(String)).void }
|
|
24
25
|
def initialize(*requirements)
|
|
25
26
|
requirements = requirements.flatten.flat_map do |req_string|
|
|
26
|
-
req_string
|
|
27
|
+
req_string&.split(",")&.map(&:strip)
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
super(requirements)
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/update_checkers"
|
|
5
7
|
require "dependabot/update_checkers/base"
|
|
6
8
|
require "dependabot/git_submodules/version"
|
|
@@ -10,20 +12,30 @@ require "dependabot/git_submodules/requirement"
|
|
|
10
12
|
module Dependabot
|
|
11
13
|
module GitSubmodules
|
|
12
14
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
|
13
18
|
def latest_version
|
|
14
|
-
@latest_version ||=
|
|
19
|
+
@latest_version ||=
|
|
20
|
+
T.let(
|
|
21
|
+
fetch_latest_version,
|
|
22
|
+
T.nilable(T.any(String, Gem::Version))
|
|
23
|
+
)
|
|
15
24
|
end
|
|
16
25
|
|
|
26
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
|
17
27
|
def latest_resolvable_version
|
|
18
28
|
# Resolvability isn't an issue for submodules.
|
|
19
29
|
latest_version
|
|
20
30
|
end
|
|
21
31
|
|
|
32
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
|
22
33
|
def latest_resolvable_version_with_no_unlock
|
|
23
34
|
# No concept of "unlocking" for submodules
|
|
24
35
|
latest_version
|
|
25
36
|
end
|
|
26
37
|
|
|
38
|
+
sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
27
39
|
def updated_requirements
|
|
28
40
|
# Submodule requirements are the URL and branch to use for the
|
|
29
41
|
# submodule. We never want to update either.
|
|
@@ -32,15 +44,18 @@ module Dependabot
|
|
|
32
44
|
|
|
33
45
|
private
|
|
34
46
|
|
|
47
|
+
sig { override.returns(T::Boolean) }
|
|
35
48
|
def latest_version_resolvable_with_full_unlock?
|
|
36
49
|
# Full unlock checks aren't relevant for submodules
|
|
37
50
|
false
|
|
38
51
|
end
|
|
39
52
|
|
|
53
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
40
54
|
def updated_dependencies_after_full_unlock
|
|
41
55
|
raise NotImplementedError
|
|
42
56
|
end
|
|
43
57
|
|
|
58
|
+
sig { returns(T.nilable(String)) }
|
|
44
59
|
def fetch_latest_version
|
|
45
60
|
git_commit_checker = Dependabot::GitCommitChecker.new(
|
|
46
61
|
dependency: dependency,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.243.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.243.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.243.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parseconfig
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- Nonstandard
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
|
|
265
265
|
post_install_message:
|
|
266
266
|
rdoc_options: []
|
|
267
267
|
require_paths:
|