dependabot-julia 0.348.1 → 0.350.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/julia/file_updater.rb +36 -4
  3. data/lib/dependabot/julia/requirement.rb +23 -6
  4. data/lib/dependabot/julia/update_checker/latest_version_finder.rb +39 -5
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32e7f09482a6674bad0b220cf0282c727f14358f1263edd5344c6931ccb67be5
4
- data.tar.gz: 19a4591beda7d2324c3f0d09404d7b2d3f4d9cdd80f149c153ba87a01b97285b
3
+ metadata.gz: 7b76a691fe02dcf7ba48471e19dbff5bb27c0d11658a28287ba3c4db4fe1f29a
4
+ data.tar.gz: b5c5348d33c979b5fc367ccb7a43ae70cca8c217d0d76e8985ea041fc50aec33
5
5
  SHA512:
6
- metadata.gz: daffac3a10018571d7987763ba1485364a0e336eea26d73cc968ec15188378abf7e3594375d03fbd195848ec1e36648a7dd9ceab009685eef7e8746bf45006ff
7
- data.tar.gz: a0bfd78e85d9a2146d64c412afe8302929d5a6ab5d722658edb665948819f868ddcf043e9f9a524e1458d95668e636df0ad79d09765f97b2a2f51621301078e7
6
+ metadata.gz: ee6424e59c7b88244bb9f9ae199431e324b75dbca6960ee5633c59ceaeb324d9030c41e231236a35f796021c8180177dff8829c5c5de449bdb8735a8585db8a4
7
+ data.tar.gz: 6cdf548f191288ce63c798e3c2b4656eb7c23799b38a01d8342564f9b72d21a0ef3a47d39a6432321a07e9c44716035f935aefe48bf6c22f997761071560a445
data/lib/dependabot/julia/file_updater.rb CHANGED
@@ -321,15 +321,47 @@ module Dependabot
321
321
 
322
322
  sig { params(content: String, dependency_name: String, requirement: String).returns(String) }
323
323
  def add_compat_entry_to_content(content, dependency_name, requirement)
324
- # Find [compat] section or create it
325
324
  if content.match?(/^\s*\[compat\]\s*$/m)
326
- # Add to existing [compat] section
327
- content.gsub(/(\[compat\]\s*\n)/, "\\1#{dependency_name} = \"#{requirement}\"\n")
325
+ compat_section_match = content.match(/^\[compat\]\s*\n((?:(?!\[)[^\n]*\n)*?)(?=^\[|\z)/m)
326
+ return content unless compat_section_match
327
+
328
+ compat_section = T.must(compat_section_match[1])
329
+ entries = parse_compat_entries(compat_section)
330
+ entries[dependency_name] = requirement
331
+ sorted_entries = sort_compat_entries(entries)
332
+ new_compat_section = build_compat_section(sorted_entries)
333
+
334
+ content.sub(T.must(compat_section_match[0]), "[compat]\n#{new_compat_section}")
328
335
  else
329
- # Add new [compat] section at the end
330
336
  content + "\n[compat]\n#{dependency_name} = \"#{requirement}\"\n"
331
337
  end
332
338
  end
339
+
340
+ sig { params(compat_section: String).returns(T::Hash[String, String]) }
341
+ def parse_compat_entries(compat_section)
342
+ entries = {}
343
+ compat_section.each_line do |line|
344
+ next if line.strip.empty? || line.strip.start_with?("#")
345
+
346
+ match = line.match(/^\s*([^=\s]+)\s*=\s*(.+?)(?:\s*#.*)?$/)
347
+ next unless match
348
+
349
+ key = T.must(match[1]).strip
350
+ value = T.must(match[2]).strip.gsub(/^["']|["']$/, "")
351
+ entries[key] = value
352
+ end
353
+ entries
354
+ end
355
+
356
+ sig { params(entries: T::Hash[String, String]).returns(T::Hash[String, String]) }
357
+ def sort_compat_entries(entries)
358
+ entries.sort.to_h
359
+ end
360
+
361
+ sig { params(entries: T::Hash[String, String]).returns(String) }
362
+ def build_compat_section(entries)
363
+ entries.map { |name, requirement| "#{name} = \"#{requirement}\"\n" }.join
364
+ end
333
365
  end
334
366
  end
335
367
  end
data/lib/dependabot/julia/requirement.rb CHANGED
@@ -17,19 +17,36 @@ module Dependabot
17
17
  # Note: Missing compat entry (nil/empty) means any version is acceptable
18
18
  return [new(">= 0")] if requirement_string.nil? || requirement_string.empty?
19
19
 
20
- # Split by comma for multiple constraints
21
20
  constraints = requirement_string.split(",").map(&:strip)
22
21
 
23
- constraints.map do |constraint|
24
- # Handle Julia-specific patterns - returns an array of gem requirement strings
25
- normalized_constraints = normalize_julia_constraint(constraint)
26
- # Pass the array to Gem::Requirement, which accepts multiple conditions
27
- new(normalized_constraints)
22
+ if compound_constraint?(constraints)
23
+ parse_compound_constraint(constraints)
24
+ else
25
+ parse_separate_constraints(constraints)
28
26
  end
29
27
  rescue Gem::Requirement::BadRequirementError
30
28
  [new(">= 0")]
31
29
  end
32
30
 
31
+ sig { params(constraints: T::Array[String]).returns(T::Boolean) }
32
+ def self.compound_constraint?(constraints)
33
+ # Compound constraints (e.g., ">= 1.0, < 2.0") have operators and multiple parts
34
+ constraints.length > 1 && constraints.any? { |c| c.match?(/^[<>=~^]/) }
35
+ end
36
+
37
+ sig { params(constraints: T::Array[String]).returns(T::Array[Dependabot::Julia::Requirement]) }
38
+ def self.parse_compound_constraint(constraints)
39
+ # Handle compound constraints (e.g., ">= 1.0, < 2.0") as a single requirement
40
+ normalized_constraints = constraints.flat_map { |c| normalize_julia_constraint(c) }
41
+ [new(normalized_constraints)]
42
+ end
43
+
44
+ sig { params(constraints: T::Array[String]).returns(T::Array[Dependabot::Julia::Requirement]) }
45
+ def self.parse_separate_constraints(constraints)
46
+ # Handle separate version specs (e.g., "0.34, 0.35") as multiple requirements
47
+ constraints.map { |constraint| new(normalize_julia_constraint(constraint)) }
48
+ end
49
+
33
50
  sig { params(requirement_string: String).returns(T::Array[Dependabot::Julia::Requirement]) }
34
51
  def self.parse_requirements(requirement_string)
35
52
  requirements_array(requirement_string)
data/lib/dependabot/julia/update_checker/latest_version_finder.rb CHANGED
@@ -96,9 +96,12 @@ module Dependabot
96
96
  versions = releases.map(&:version).sort
97
97
 
98
98
  # Filter out ignored versions
99
- versions = versions.reject do |version|
100
- ignored_versions.any?(version.to_s)
101
- end
99
+ versions = filter_ignored_versions(versions)
100
+ return nil if versions.empty?
101
+
102
+ # Filter out lower versions
103
+ versions = filter_lower_versions(versions)
104
+ return nil if versions.empty?
102
105
 
103
106
  # Filter out vulnerable versions
104
107
  filtered_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
@@ -106,8 +109,6 @@ module Dependabot
106
109
  security_advisories
107
110
  )
108
111
 
109
- raise Dependabot::AllVersionsIgnored if filtered_versions.empty? && raise_on_ignored
110
-
111
112
  filtered_versions.max
112
113
  end
113
114
 
@@ -125,6 +126,39 @@ module Dependabot
125
126
  end
126
127
  end
127
128
 
129
+ sig { params(versions: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
130
+ def filter_ignored_versions(versions)
131
+ filtered = versions.reject do |version|
132
+ ignore_requirements.any? { |req| req.satisfied_by?(version) }
133
+ end
134
+
135
+ if versions.count > filtered.count
136
+ Dependabot.logger.info("Filtered out #{versions.count - filtered.count} ignored versions")
137
+ end
138
+
139
+ if raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
140
+ Dependabot.logger.info("All updates for #{dependency.name} were ignored")
141
+ raise Dependabot::AllVersionsIgnored
142
+ end
143
+
144
+ filtered
145
+ end
146
+
147
+ sig { params(versions: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
148
+ def filter_lower_versions(versions)
149
+ return versions unless dependency.version
150
+
151
+ current_version = Gem::Version.new(dependency.version)
152
+ versions.select { |v| v > current_version }
153
+ end
154
+
155
+ sig { returns(T::Array[Dependabot::Requirement]) }
156
+ def ignore_requirements
157
+ ignored_versions.flat_map do |req_string|
158
+ Dependabot::Julia::Requirement.requirements_array(req_string)
159
+ end
160
+ end
161
+
128
162
  sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
129
163
  def cooldown_active_for_release?(release)
130
164
  cooldown_days = determine_cooldown_days(release.version)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-julia
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.348.1
4
+ version: 0.350.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.348.1
18
+ version: 0.350.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.348.1
25
+ version: 0.350.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -260,7 +260,7 @@ licenses:
260
260
  - MIT
261
261
  metadata:
262
262
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
263
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.348.1
263
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.350.0
264
264
  rdoc_options: []
265
265
  require_paths:
266
266
  - lib