dependabot-git_submodules 0.361.1 → 0.361.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 75a02824539aee4dc3114760cb13750df7b0682d881d768ef985cd2f2007ac5a
|
|
4
|
+
data.tar.gz: 1c8cb74244655a987d8e19d1c3d366b3bd8488bc930bbd3b2f288d1cb21b9918
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 748d7b166256bdf2fdef580eea4bb5226e17c3e282e2c852d95437a0a0b3e97956c59afa1e87c96e55c001b1006009e7135df0cb0308e2fefcefa181f5bee42d
|
|
7
|
+
data.tar.gz: d95c8bfcd8fb61e120cf76746ef561403fb23689e8a466992039a473187191e63d1d0324d52df0ee3ec6cde7d3b8b0066c7a4ab1c9a9edcd307f7bedfc1baca3
|
|
@@ -39,11 +39,9 @@ module Dependabot
|
|
|
39
39
|
|
|
40
40
|
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
41
41
|
def available_versions
|
|
42
|
+
sha_to_tags = build_sha_to_tags
|
|
42
43
|
versions_metadata = T.let(fetch_tags_and_release_date, T.nilable(T::Array[GitTagWithDetail]))
|
|
43
44
|
|
|
44
|
-
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
45
|
-
pseudo_version = 1.0
|
|
46
|
-
|
|
47
45
|
# we fallback to the git based tag info if no versions metadata is available
|
|
48
46
|
if versions_metadata&.empty?
|
|
49
47
|
versions_metadata = T.let(
|
|
@@ -52,15 +50,12 @@ module Dependabot
|
|
|
52
50
|
)
|
|
53
51
|
end
|
|
54
52
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
version: GitSubmodules::Version.new((pseudo_version += 1).to_s),
|
|
58
|
-
tag: version_details.tag,
|
|
59
|
-
released_at: version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
|
|
60
|
-
)
|
|
61
|
-
end
|
|
53
|
+
# as git submodules do not have versions (refs/tags are used instead), we use a pseudo version as placeholder
|
|
54
|
+
pseudo_version = T.must(versions_metadata).length + 1
|
|
62
55
|
|
|
63
|
-
|
|
56
|
+
T.must(versions_metadata).flat_map do |version_details|
|
|
57
|
+
process_metadata(version_details, sha_to_tags, pseudo_version -= 1)
|
|
58
|
+
end
|
|
64
59
|
end
|
|
65
60
|
|
|
66
61
|
private
|
|
@@ -69,10 +64,7 @@ module Dependabot
|
|
|
69
64
|
def fetch_latest_tag_info
|
|
70
65
|
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
71
66
|
|
|
72
|
-
git_commit_checker =
|
|
73
|
-
dependency: dependency,
|
|
74
|
-
credentials: credentials
|
|
75
|
-
)
|
|
67
|
+
git_commit_checker = build_client
|
|
76
68
|
|
|
77
69
|
parsed_results <<
|
|
78
70
|
GitTagWithDetail.new(
|
|
@@ -82,38 +74,36 @@ module Dependabot
|
|
|
82
74
|
parsed_results
|
|
83
75
|
end
|
|
84
76
|
|
|
77
|
+
TARGET_COMMITS_TO_FETCH = 500
|
|
78
|
+
private_constant :TARGET_COMMITS_TO_FETCH
|
|
79
|
+
|
|
85
80
|
sig { returns(T::Array[GitTagWithDetail]) }
|
|
86
81
|
def fetch_tags_and_release_date
|
|
87
82
|
parsed_results = T.let([], T::Array[GitTagWithDetail])
|
|
88
83
|
|
|
89
84
|
begin
|
|
90
85
|
Dependabot.logger.info("Fetching release info for Git Submodules: #{dependency.name}")
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
86
|
+
client = build_client
|
|
87
|
+
|
|
88
|
+
sha = T.let(nil, T.nilable(String))
|
|
89
|
+
catch :found do
|
|
90
|
+
while parsed_results.length < TARGET_COMMITS_TO_FETCH
|
|
91
|
+
max_len = Dependabot::GitMetadataFetcher::MAX_COMMITS_PER_PAGE
|
|
92
|
+
max_len -= 1 unless sha.nil?
|
|
93
|
+
commits = get_commits(client, sha)
|
|
94
|
+
break if commits.empty?
|
|
95
|
+
|
|
96
|
+
commits.each do |commit|
|
|
97
|
+
sha = commit["sha"]
|
|
98
|
+
parsed_results << GitTagWithDetail.new(
|
|
99
|
+
tag: sha,
|
|
100
|
+
release_date: commit["commit"]["committer"]["date"]
|
|
101
|
+
)
|
|
102
|
+
throw :found if sha == dependency.version
|
|
103
|
+
end
|
|
104
|
+
break if commits.length < max_len
|
|
105
|
+
end
|
|
104
106
|
end
|
|
105
|
-
|
|
106
|
-
return parsed_results unless response.status == 200
|
|
107
|
-
|
|
108
|
-
releases = JSON.parse(response.body)
|
|
109
|
-
|
|
110
|
-
parsed_results = releases.map do |release|
|
|
111
|
-
GitTagWithDetail.new(
|
|
112
|
-
tag: release["sha"],
|
|
113
|
-
release_date: release["commit"]["committer"]["date"]
|
|
114
|
-
)
|
|
115
|
-
end
|
|
116
|
-
|
|
117
107
|
parsed_results
|
|
118
108
|
rescue StandardError => e
|
|
119
109
|
Dependabot.logger.error("Error while fetching package info for git submodule: #{e.message}")
|
|
@@ -121,10 +111,95 @@ module Dependabot
|
|
|
121
111
|
end
|
|
122
112
|
end
|
|
123
113
|
|
|
114
|
+
sig { returns(Dependabot::GitCommitChecker) }
|
|
115
|
+
def build_client
|
|
116
|
+
Dependabot::GitCommitChecker.new(
|
|
117
|
+
dependency: dependency,
|
|
118
|
+
credentials: credentials
|
|
119
|
+
)
|
|
120
|
+
end
|
|
121
|
+
|
|
124
122
|
sig { returns(String) }
|
|
125
123
|
def url
|
|
126
124
|
dependency.source_details&.fetch(:url, nil)
|
|
127
125
|
end
|
|
126
|
+
|
|
127
|
+
sig { returns(T::Hash[String, T::Array[String]]) }
|
|
128
|
+
def build_sha_to_tags
|
|
129
|
+
build_client.tags.each_with_object({}) do |tag, sha_to_tags|
|
|
130
|
+
(sha_to_tags[tag.commit_sha] ||= []) << tag.name
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
sig do
|
|
135
|
+
params(
|
|
136
|
+
client: Dependabot::GitCommitChecker,
|
|
137
|
+
sha: T.nilable(String)
|
|
138
|
+
).returns(T::Array[T::Hash[String, T.untyped]])
|
|
139
|
+
end
|
|
140
|
+
def get_commits(client, sha)
|
|
141
|
+
response = sha.nil? ? client.ref_details_for_pinned_ref : client.ref_details(sha)
|
|
142
|
+
|
|
143
|
+
unless response.status == 200
|
|
144
|
+
Dependabot.logger.error(
|
|
145
|
+
"Error while fetching details for #{dependency.name} " \
|
|
146
|
+
"Detail : #{response.body}"
|
|
147
|
+
)
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
return [] unless response.status == 200
|
|
151
|
+
|
|
152
|
+
commits = JSON.parse(response.body)
|
|
153
|
+
sha.nil? || commits.empty? ? commits : commits[1..]
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
sig do
|
|
157
|
+
params(
|
|
158
|
+
version_details: GitTagWithDetail,
|
|
159
|
+
sha_to_tags: T::Hash[String, T::Array[String]],
|
|
160
|
+
pseudo_version: Integer
|
|
161
|
+
).returns(T::Array[Dependabot::Package::PackageRelease])
|
|
162
|
+
end
|
|
163
|
+
def process_metadata(version_details, sha_to_tags, pseudo_version)
|
|
164
|
+
released_at = version_details.release_date ? Time.parse(T.must(version_details.release_date)) : nil
|
|
165
|
+
sha = version_details.tag
|
|
166
|
+
|
|
167
|
+
normalized_versions(sha, sha_to_tags, pseudo_version).map do |version|
|
|
168
|
+
Dependabot::Package::PackageRelease.new(
|
|
169
|
+
version: version,
|
|
170
|
+
tag: sha,
|
|
171
|
+
released_at: released_at
|
|
172
|
+
)
|
|
173
|
+
end
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
sig do
|
|
177
|
+
params(
|
|
178
|
+
sha: String,
|
|
179
|
+
sha_to_tags: T::Hash[String, T::Array[String]],
|
|
180
|
+
pseudo_version: Integer
|
|
181
|
+
).returns(T::Array[Dependabot::Version])
|
|
182
|
+
end
|
|
183
|
+
def normalized_versions(sha, sha_to_tags, pseudo_version)
|
|
184
|
+
versions = Array(sha_to_tags[sha]).map do |tag_name|
|
|
185
|
+
normalized_version(tag_name, pseudo_version)
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
versions << normalized_version(sha, pseudo_version)
|
|
189
|
+
|
|
190
|
+
versions.uniq
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
sig { params(tag: String, pseudo_version: Integer).returns(Dependabot::Version) }
|
|
194
|
+
def normalized_version(tag, pseudo_version)
|
|
195
|
+
if Dependabot::Version.valid_semver?(tag)
|
|
196
|
+
Dependabot::Version.new(tag)
|
|
197
|
+
elsif tag.start_with?("v") && GitSubmodules::Version.valid_semver?(T.must(tag[1..]))
|
|
198
|
+
Dependabot::Version.new(tag[1..])
|
|
199
|
+
else
|
|
200
|
+
Dependabot::Version.new("0.0.0-0.#{pseudo_version}")
|
|
201
|
+
end
|
|
202
|
+
end
|
|
128
203
|
end
|
|
129
204
|
end
|
|
130
205
|
end
|
|
@@ -39,7 +39,7 @@ module Dependabot
|
|
|
39
39
|
|
|
40
40
|
# if there are no releases after applying filters, we fallback to the current tag to avoid empty results
|
|
41
41
|
releases = apply_post_fetch_latest_versions_filter(releases)
|
|
42
|
-
releases.
|
|
42
|
+
releases.max_by(&:version)&.tag
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
sig { returns(T.nilable(T::Array[Dependabot::Package::PackageRelease])) }
|
|
@@ -109,7 +109,7 @@ module Dependabot
|
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
releases << Dependabot::Package::PackageRelease.new(
|
|
112
|
-
version: GitSubmodules::Version.new("
|
|
112
|
+
version: GitSubmodules::Version.new("0.0.0-0.0"), # Lower than versions from package_details_fetcher
|
|
113
113
|
tag: dependency.version
|
|
114
114
|
)
|
|
115
115
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-git_submodules
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.361.
|
|
4
|
+
version: 0.361.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.361.
|
|
18
|
+
version: 0.361.2
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.361.
|
|
25
|
+
version: 0.361.2
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parseconfig
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,7 +277,7 @@ licenses:
|
|
|
277
277
|
- MIT
|
|
278
278
|
metadata:
|
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.2
|
|
281
281
|
rdoc_options: []
|
|
282
282
|
require_paths:
|
|
283
283
|
- lib
|