dependabot-julia 0.349.0 → 0.350.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b76a691fe02dcf7ba48471e19dbff5bb27c0d11658a28287ba3c4db4fe1f29a
|
|
4
|
+
data.tar.gz: b5c5348d33c979b5fc367ccb7a43ae70cca8c217d0d76e8985ea041fc50aec33
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee6424e59c7b88244bb9f9ae199431e324b75dbca6960ee5633c59ceaeb324d9030c41e231236a35f796021c8180177dff8829c5c5de449bdb8735a8585db8a4
|
|
7
|
+
data.tar.gz: 6cdf548f191288ce63c798e3c2b4656eb7c23799b38a01d8342564f9b72d21a0ef3a47d39a6432321a07e9c44716035f935aefe48bf6c22f997761071560a445
|
|
@@ -321,15 +321,47 @@ module Dependabot
|
|
|
321
321
|
|
|
322
322
|
sig { params(content: String, dependency_name: String, requirement: String).returns(String) }
|
|
323
323
|
def add_compat_entry_to_content(content, dependency_name, requirement)
|
|
324
|
-
# Find [compat] section or create it
|
|
325
324
|
if content.match?(/^\s*\[compat\]\s*$/m)
|
|
326
|
-
|
|
327
|
-
content
|
|
325
|
+
compat_section_match = content.match(/^\[compat\]\s*\n((?:(?!\[)[^\n]*\n)*?)(?=^\[|\z)/m)
|
|
326
|
+
return content unless compat_section_match
|
|
327
|
+
|
|
328
|
+
compat_section = T.must(compat_section_match[1])
|
|
329
|
+
entries = parse_compat_entries(compat_section)
|
|
330
|
+
entries[dependency_name] = requirement
|
|
331
|
+
sorted_entries = sort_compat_entries(entries)
|
|
332
|
+
new_compat_section = build_compat_section(sorted_entries)
|
|
333
|
+
|
|
334
|
+
content.sub(T.must(compat_section_match[0]), "[compat]\n#{new_compat_section}")
|
|
328
335
|
else
|
|
329
|
-
# Add new [compat] section at the end
|
|
330
336
|
content + "\n[compat]\n#{dependency_name} = \"#{requirement}\"\n"
|
|
331
337
|
end
|
|
332
338
|
end
|
|
339
|
+
|
|
340
|
+
sig { params(compat_section: String).returns(T::Hash[String, String]) }
|
|
341
|
+
def parse_compat_entries(compat_section)
|
|
342
|
+
entries = {}
|
|
343
|
+
compat_section.each_line do |line|
|
|
344
|
+
next if line.strip.empty? || line.strip.start_with?("#")
|
|
345
|
+
|
|
346
|
+
match = line.match(/^\s*([^=\s]+)\s*=\s*(.+?)(?:\s*#.*)?$/)
|
|
347
|
+
next unless match
|
|
348
|
+
|
|
349
|
+
key = T.must(match[1]).strip
|
|
350
|
+
value = T.must(match[2]).strip.gsub(/^["']|["']$/, "")
|
|
351
|
+
entries[key] = value
|
|
352
|
+
end
|
|
353
|
+
entries
|
|
354
|
+
end
|
|
355
|
+
|
|
356
|
+
sig { params(entries: T::Hash[String, String]).returns(T::Hash[String, String]) }
|
|
357
|
+
def sort_compat_entries(entries)
|
|
358
|
+
entries.sort.to_h
|
|
359
|
+
end
|
|
360
|
+
|
|
361
|
+
sig { params(entries: T::Hash[String, String]).returns(String) }
|
|
362
|
+
def build_compat_section(entries)
|
|
363
|
+
entries.map { |name, requirement| "#{name} = \"#{requirement}\"\n" }.join
|
|
364
|
+
end
|
|
333
365
|
end
|
|
334
366
|
end
|
|
335
367
|
end
|
|
@@ -17,19 +17,36 @@ module Dependabot
|
|
|
17
17
|
# Note: Missing compat entry (nil/empty) means any version is acceptable
|
|
18
18
|
return [new(">= 0")] if requirement_string.nil? || requirement_string.empty?
|
|
19
19
|
|
|
20
|
-
# Split by comma for multiple constraints
|
|
21
20
|
constraints = requirement_string.split(",").map(&:strip)
|
|
22
21
|
|
|
23
|
-
constraints
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
new(normalized_constraints)
|
|
22
|
+
if compound_constraint?(constraints)
|
|
23
|
+
parse_compound_constraint(constraints)
|
|
24
|
+
else
|
|
25
|
+
parse_separate_constraints(constraints)
|
|
28
26
|
end
|
|
29
27
|
rescue Gem::Requirement::BadRequirementError
|
|
30
28
|
[new(">= 0")]
|
|
31
29
|
end
|
|
32
30
|
|
|
31
|
+
sig { params(constraints: T::Array[String]).returns(T::Boolean) }
|
|
32
|
+
def self.compound_constraint?(constraints)
|
|
33
|
+
# Compound constraints (e.g., ">= 1.0, < 2.0") have operators and multiple parts
|
|
34
|
+
constraints.length > 1 && constraints.any? { |c| c.match?(/^[<>=~^]/) }
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
sig { params(constraints: T::Array[String]).returns(T::Array[Dependabot::Julia::Requirement]) }
|
|
38
|
+
def self.parse_compound_constraint(constraints)
|
|
39
|
+
# Handle compound constraints (e.g., ">= 1.0, < 2.0") as a single requirement
|
|
40
|
+
normalized_constraints = constraints.flat_map { |c| normalize_julia_constraint(c) }
|
|
41
|
+
[new(normalized_constraints)]
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
sig { params(constraints: T::Array[String]).returns(T::Array[Dependabot::Julia::Requirement]) }
|
|
45
|
+
def self.parse_separate_constraints(constraints)
|
|
46
|
+
# Handle separate version specs (e.g., "0.34, 0.35") as multiple requirements
|
|
47
|
+
constraints.map { |constraint| new(normalize_julia_constraint(constraint)) }
|
|
48
|
+
end
|
|
49
|
+
|
|
33
50
|
sig { params(requirement_string: String).returns(T::Array[Dependabot::Julia::Requirement]) }
|
|
34
51
|
def self.parse_requirements(requirement_string)
|
|
35
52
|
requirements_array(requirement_string)
|
|
@@ -96,9 +96,12 @@ module Dependabot
|
|
|
96
96
|
versions = releases.map(&:version).sort
|
|
97
97
|
|
|
98
98
|
# Filter out ignored versions
|
|
99
|
-
versions = versions
|
|
100
|
-
|
|
101
|
-
|
|
99
|
+
versions = filter_ignored_versions(versions)
|
|
100
|
+
return nil if versions.empty?
|
|
101
|
+
|
|
102
|
+
# Filter out lower versions
|
|
103
|
+
versions = filter_lower_versions(versions)
|
|
104
|
+
return nil if versions.empty?
|
|
102
105
|
|
|
103
106
|
# Filter out vulnerable versions
|
|
104
107
|
filtered_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
|
|
@@ -106,8 +109,6 @@ module Dependabot
|
|
|
106
109
|
security_advisories
|
|
107
110
|
)
|
|
108
111
|
|
|
109
|
-
raise Dependabot::AllVersionsIgnored if filtered_versions.empty? && raise_on_ignored
|
|
110
|
-
|
|
111
112
|
filtered_versions.max
|
|
112
113
|
end
|
|
113
114
|
|
|
@@ -125,6 +126,39 @@ module Dependabot
|
|
|
125
126
|
end
|
|
126
127
|
end
|
|
127
128
|
|
|
129
|
+
sig { params(versions: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
130
|
+
def filter_ignored_versions(versions)
|
|
131
|
+
filtered = versions.reject do |version|
|
|
132
|
+
ignore_requirements.any? { |req| req.satisfied_by?(version) }
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
if versions.count > filtered.count
|
|
136
|
+
Dependabot.logger.info("Filtered out #{versions.count - filtered.count} ignored versions")
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
if raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
|
|
140
|
+
Dependabot.logger.info("All updates for #{dependency.name} were ignored")
|
|
141
|
+
raise Dependabot::AllVersionsIgnored
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
filtered
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
sig { params(versions: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
148
|
+
def filter_lower_versions(versions)
|
|
149
|
+
return versions unless dependency.version
|
|
150
|
+
|
|
151
|
+
current_version = Gem::Version.new(dependency.version)
|
|
152
|
+
versions.select { |v| v > current_version }
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
sig { returns(T::Array[Dependabot::Requirement]) }
|
|
156
|
+
def ignore_requirements
|
|
157
|
+
ignored_versions.flat_map do |req_string|
|
|
158
|
+
Dependabot::Julia::Requirement.requirements_array(req_string)
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
128
162
|
sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
|
|
129
163
|
def cooldown_active_for_release?(release)
|
|
130
164
|
cooldown_days = determine_cooldown_days(release.version)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-julia
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.350.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.350.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.350.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -260,7 +260,7 @@ licenses:
|
|
|
260
260
|
- MIT
|
|
261
261
|
metadata:
|
|
262
262
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
263
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
263
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.350.0
|
|
264
264
|
rdoc_options: []
|
|
265
265
|
require_paths:
|
|
266
266
|
- lib
|