dependabot-git_submodules 0.242.1 → 0.243.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/git_submodules/file_fetcher.rb +28 -11
- data/lib/dependabot/git_submodules/file_parser.rb +15 -2
- data/lib/dependabot/git_submodules/file_updater.rb +21 -6
- data/lib/dependabot/git_submodules/metadata_finder.rb +6 -1
- data/lib/dependabot/git_submodules/requirement.rb +3 -2
- data/lib/dependabot/git_submodules/update_checker.rb +17 -2
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 501cfe638fdfb8bf8da3db2bd6c77a6c355a9310c98ce0c44a5c80b304f38cb7
|
4
|
+
data.tar.gz: 4e430039d30a9b4e06a45fb902fe9151062d066e34c69035ae176f51167c708e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2e00d73c5ea20bb0cb12c807a2ccc2d4b3555abcab5da3110c99d0457639637d23220df65bc51ae3ac7bcb5b0b2d84cafbc4e3a4c22395df78f202717126f92c
|
7
|
+
data.tar.gz: df68426cf7f3d3adb96e585ffa72f6a67f6e37e696fb3f7c29084d197b965694b1406aa8ebc9ab8887b0be2fec5115f78f28c28ff32fa33bb4a59c8b8c83933c
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "parseconfig"
|
@@ -13,10 +13,12 @@ module Dependabot
|
|
13
13
|
extend T::Sig
|
14
14
|
extend T::Helpers
|
15
15
|
|
16
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
16
17
|
def self.required_files_in?(filenames)
|
17
18
|
filenames.include?(".gitmodules")
|
18
19
|
end
|
19
20
|
|
21
|
+
sig { override.returns(String) }
|
20
22
|
def self.required_files_message
|
21
23
|
"Repo must contain a .gitmodules file."
|
22
24
|
end
|
@@ -31,26 +33,40 @@ module Dependabot
|
|
31
33
|
|
32
34
|
private
|
33
35
|
|
36
|
+
sig { returns(Dependabot::DependencyFile) }
|
34
37
|
def gitmodules_file
|
35
|
-
@gitmodules_file ||=
|
38
|
+
@gitmodules_file ||=
|
39
|
+
T.let(
|
40
|
+
fetch_file_from_host(".gitmodules"),
|
41
|
+
T.nilable(Dependabot::DependencyFile)
|
42
|
+
)
|
36
43
|
end
|
37
44
|
|
45
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
38
46
|
def submodule_refs
|
39
47
|
@submodule_refs ||=
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
48
|
+
T.let(
|
49
|
+
submodule_paths
|
50
|
+
.map { |path| fetch_submodule_ref_from_host(path) }
|
51
|
+
.tap { |refs| refs.each { |f| f.support_file = true } }
|
52
|
+
.uniq,
|
53
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
54
|
+
)
|
44
55
|
end
|
45
56
|
|
57
|
+
sig { returns(T::Array[String]) }
|
46
58
|
def submodule_paths
|
47
59
|
@submodule_paths ||=
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
60
|
+
T.let(
|
61
|
+
Dependabot::SharedHelpers.in_a_temporary_directory do
|
62
|
+
File.write(".gitmodules", gitmodules_file.content)
|
63
|
+
ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
|
64
|
+
end,
|
65
|
+
T.nilable(T::Array[String])
|
66
|
+
)
|
52
67
|
end
|
53
68
|
|
69
|
+
sig { params(submodule_path: T.nilable(String)).returns(Dependabot::DependencyFile) }
|
54
70
|
def fetch_submodule_ref_from_host(submodule_path)
|
55
71
|
path = Pathname.new(File.join(directory, submodule_path))
|
56
72
|
.cleanpath.to_path.gsub(%r{^/*}, "")
|
@@ -61,7 +77,7 @@ module Dependabot
|
|
61
77
|
tmp_path = path.gsub(%r{^/*}, "")
|
62
78
|
T.unsafe(gitlab_client).get_file(repo, tmp_path, commit).blob_id
|
63
79
|
when "azure"
|
64
|
-
azure_client.fetch_file_contents(commit, path)
|
80
|
+
azure_client.fetch_file_contents(T.must(commit), path)
|
65
81
|
else raise "Unsupported provider '#{source.provider}'."
|
66
82
|
end
|
67
83
|
|
@@ -77,6 +93,7 @@ module Dependabot
|
|
77
93
|
raise Dependabot::DependencyFileNotFound, path
|
78
94
|
end
|
79
95
|
|
96
|
+
sig { params(path: String).returns(String) }
|
80
97
|
def fetch_github_submodule_commit(path)
|
81
98
|
content = T.unsafe(github_client).contents(
|
82
99
|
repo,
|
@@ -1,7 +1,9 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "parseconfig"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
5
7
|
require "dependabot/dependency"
|
6
8
|
require "dependabot/file_parsers"
|
7
9
|
require "dependabot/file_parsers/base"
|
@@ -10,6 +12,9 @@ require "dependabot/shared_helpers"
|
|
10
12
|
module Dependabot
|
11
13
|
module GitSubmodules
|
12
14
|
class FileParser < Dependabot::FileParsers::Base
|
15
|
+
extend T::Sig
|
16
|
+
|
17
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
13
18
|
def parse
|
14
19
|
Dependabot::SharedHelpers.in_a_temporary_directory do
|
15
20
|
File.write(".gitmodules", gitmodules_file.content)
|
@@ -39,6 +44,7 @@ module Dependabot
|
|
39
44
|
|
40
45
|
private
|
41
46
|
|
47
|
+
sig { params(url: String).returns(String) }
|
42
48
|
def absolute_url(url)
|
43
49
|
# Submodules can be specified with a relative URL (e.g., ../repo.git)
|
44
50
|
# which we want to expand out into a full URL if present.
|
@@ -48,6 +54,7 @@ module Dependabot
|
|
48
54
|
"https://#{source&.hostname}/#{path.cleanpath}"
|
49
55
|
end
|
50
56
|
|
57
|
+
sig { params(path: String).returns(T.nilable(String)) }
|
51
58
|
def submodule_sha(path)
|
52
59
|
submodule = dependency_files.find { |f| f.name == path }
|
53
60
|
raise "Submodule not found #{path}" unless submodule
|
@@ -55,10 +62,16 @@ module Dependabot
|
|
55
62
|
submodule.content
|
56
63
|
end
|
57
64
|
|
65
|
+
sig { returns(Dependabot::DependencyFile) }
|
58
66
|
def gitmodules_file
|
59
|
-
@gitmodules_file ||=
|
67
|
+
@gitmodules_file ||=
|
68
|
+
T.let(
|
69
|
+
T.must(get_original_file(".gitmodules")),
|
70
|
+
T.nilable(Dependabot::DependencyFile)
|
71
|
+
)
|
60
72
|
end
|
61
73
|
|
74
|
+
sig { override.void }
|
62
75
|
def check_required_files
|
63
76
|
%w(.gitmodules).each do |filename|
|
64
77
|
raise "No #{filename}!" unless get_original_file(filename)
|
@@ -1,37 +1,52 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/file_updaters"
|
5
7
|
require "dependabot/file_updaters/base"
|
6
8
|
|
7
9
|
module Dependabot
|
8
10
|
module GitSubmodules
|
9
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
12
|
+
extend T::Sig
|
13
|
+
|
14
|
+
sig { override.returns(T::Array[Regexp]) }
|
10
15
|
def self.updated_files_regex
|
11
16
|
[]
|
12
17
|
end
|
13
18
|
|
19
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
14
20
|
def updated_dependency_files
|
15
|
-
[updated_file(file: submodule, content: dependency.version)]
|
21
|
+
[updated_file(file: submodule, content: T.must(dependency.version))]
|
16
22
|
end
|
17
23
|
|
18
24
|
private
|
19
25
|
|
26
|
+
sig { returns(Dependabot::Dependency) }
|
20
27
|
def dependency
|
21
28
|
# Git submodules will only ever be updating a single dependency
|
22
|
-
dependencies.first
|
29
|
+
T.must(dependencies.first)
|
23
30
|
end
|
24
31
|
|
32
|
+
sig { override.void }
|
25
33
|
def check_required_files
|
26
34
|
%w(.gitmodules).each do |filename|
|
27
35
|
raise "No #{filename}!" unless get_original_file(filename)
|
28
36
|
end
|
29
37
|
end
|
30
38
|
|
39
|
+
sig { returns(Dependabot::DependencyFile) }
|
31
40
|
def submodule
|
32
|
-
@submodule ||=
|
33
|
-
|
34
|
-
|
41
|
+
@submodule ||=
|
42
|
+
T.let(
|
43
|
+
T.must(
|
44
|
+
dependency_files.find do |file|
|
45
|
+
file.name == dependency.name
|
46
|
+
end
|
47
|
+
),
|
48
|
+
T.nilable(Dependabot::DependencyFile)
|
49
|
+
)
|
35
50
|
end
|
36
51
|
end
|
37
52
|
end
|
@@ -1,14 +1,19 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/metadata_finders"
|
5
7
|
require "dependabot/metadata_finders/base"
|
6
8
|
|
7
9
|
module Dependabot
|
8
10
|
module GitSubmodules
|
9
11
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
12
|
+
extend T::Sig
|
13
|
+
|
10
14
|
private
|
11
15
|
|
16
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
12
17
|
def look_up_source
|
13
18
|
url = dependency.requirements.first&.fetch(:source)&.fetch(:url) ||
|
14
19
|
dependency.requirements.first&.fetch(:source)&.fetch("url")
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
@@ -21,9 +21,10 @@ module Dependabot
|
|
21
21
|
|
22
22
|
# Patches Gem::Requirement to make it accept requirement strings like
|
23
23
|
# "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
|
24
|
+
sig { params(requirements: T.nilable(String)).void }
|
24
25
|
def initialize(*requirements)
|
25
26
|
requirements = requirements.flatten.flat_map do |req_string|
|
26
|
-
req_string
|
27
|
+
req_string&.split(",")&.map(&:strip)
|
27
28
|
end
|
28
29
|
|
29
30
|
super(requirements)
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/update_checkers"
|
5
7
|
require "dependabot/update_checkers/base"
|
6
8
|
require "dependabot/git_submodules/version"
|
@@ -10,20 +12,30 @@ require "dependabot/git_submodules/requirement"
|
|
10
12
|
module Dependabot
|
11
13
|
module GitSubmodules
|
12
14
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
15
|
+
extend T::Sig
|
16
|
+
|
17
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
13
18
|
def latest_version
|
14
|
-
@latest_version ||=
|
19
|
+
@latest_version ||=
|
20
|
+
T.let(
|
21
|
+
fetch_latest_version,
|
22
|
+
T.nilable(T.any(String, Gem::Version))
|
23
|
+
)
|
15
24
|
end
|
16
25
|
|
26
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
17
27
|
def latest_resolvable_version
|
18
28
|
# Resolvability isn't an issue for submodules.
|
19
29
|
latest_version
|
20
30
|
end
|
21
31
|
|
32
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
22
33
|
def latest_resolvable_version_with_no_unlock
|
23
34
|
# No concept of "unlocking" for submodules
|
24
35
|
latest_version
|
25
36
|
end
|
26
37
|
|
38
|
+
sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
27
39
|
def updated_requirements
|
28
40
|
# Submodule requirements are the URL and branch to use for the
|
29
41
|
# submodule. We never want to update either.
|
@@ -32,15 +44,18 @@ module Dependabot
|
|
32
44
|
|
33
45
|
private
|
34
46
|
|
47
|
+
sig { override.returns(T::Boolean) }
|
35
48
|
def latest_version_resolvable_with_full_unlock?
|
36
49
|
# Full unlock checks aren't relevant for submodules
|
37
50
|
false
|
38
51
|
end
|
39
52
|
|
53
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
40
54
|
def updated_dependencies_after_full_unlock
|
41
55
|
raise NotImplementedError
|
42
56
|
end
|
43
57
|
|
58
|
+
sig { returns(T.nilable(String)) }
|
44
59
|
def fetch_latest_version
|
45
60
|
git_commit_checker = Dependabot::GitCommitChecker.new(
|
46
61
|
dependency: dependency,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-git_submodules
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.243.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.243.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.243.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: parseconfig
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -261,7 +261,7 @@ licenses:
|
|
261
261
|
- Nonstandard
|
262
262
|
metadata:
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
|
265
265
|
post_install_message:
|
266
266
|
rdoc_options: []
|
267
267
|
require_paths:
|