RubyGems - dependabot-nix - Versions diffs - 0.372.0 → 0.373.0 - Mend

dependabot-nix 0.372.0 → 0.373.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/nix/update_checker/latest_version_finder.rb +47 -13
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 917b5846e8f6ab8e635d220b8a3e2a35cdfc954056cef208377752207a180b91
-  data.tar.gz: 35a7af97d0d7225b0e390cdb705eb0f58650d1895a73c399d8328926b5bff74d
+  metadata.gz: 53b61523c3b571914ab9f84f386c8ab456efb4f93db7681a1721811daa723003
+  data.tar.gz: 99a851d470ab8258b980f08ac553546864d7e7d5a68375ee6d6793553f923b25
 SHA512:
-  metadata.gz: d9f38a49f682367b5e8ba1a0573b1d2c75ae5672f04e818b26e69127db9e71eeddf2acec21e834e28c3ee105f0191d78fc78b9b84c5f0bd903d13dd432fbeb90
-  data.tar.gz: d2ca3a0197a030d0383f5b67d7146e207d97770c156604e8b0da0a3aba91e4a8720b3a187ae161f404155cf3b81046f7f4ba86320e3a732004f1a5652bfc2d32
+  metadata.gz: b560b5794a2aedca3c16c62f47f14f56255d8cf64dcce450b4d01f3783adb304ad632597bccf2dc5bed7af77aa718f3fed0bd5bda8adcdaca24d103498afc27f
+  data.tar.gz: 4c09eb9971fd0c5dc5d2b80185c41ba784edbd219bad03a3b51e4f99d2bfcdfb04261a43303f12dd7ebb392c8a2797b58112d304a5850edd9abd2c355c50e4e9

data/lib/dependabot/nix/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -14,6 +14,43 @@ module Dependabot
       class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
         extend T::Sig
+        # All Nix versions are pseudo-versions with prerelease segments (0.0.0-0.N),
+        # so we must always include prereleases to avoid filtering everything out.
+        sig { override.returns(T::Boolean) }
+        def wants_prerelease?
+          true
+        end
+        protected
+        sig do
+          override.params(releases: T::Array[Dependabot::Package::PackageRelease])
+                  .returns(T::Array[Dependabot::Package::PackageRelease])
+        end
+        def filter_by_cooldown(releases)
+          return releases unless cooldown_enabled?
+          return releases unless cooldown_options
+          filtered = releases.reject { |release| in_cooldown_period?(release) }
+          if releases.count > filtered.count
+            Dependabot.logger.info("Filtered out #{releases.count - filtered.count} versions due to cooldown")
+          end
+          if filtered.empty? && !releases.empty? && dependency.version
+            Dependabot.logger.info(
+              "All versions filtered by cooldown for #{dependency.name}, " \
+              "falling back to current version #{dependency.version}"
+            )
+            return [current_dependency_release]
+          end
+          filtered
+        end
+        private
         sig do
           override.params(releases: T::Array[Dependabot::Package::PackageRelease])
                   .returns(T::Array[Dependabot::Package::PackageRelease])
@@ -25,22 +62,11 @@ module Dependabot
           end
           # Fallback so the current version is always in the candidate set
-          releases << Dependabot::Package::PackageRelease.new(
-            version: Nix::Version.new("0.0.0-0.0"),
-            tag: dependency.version
-          )
+          current_release = current_dependency_release
+          releases << current_release unless releases.any? { |r| r.version == current_release.version }
           releases
         end
-        # All Nix versions are pseudo-versions with prerelease segments (0.0.0-0.N),
-        # so we must always include prereleases to avoid filtering everything out.
-        sig { override.returns(T::Boolean) }
-        def wants_prerelease?
-          true
-        end
-        private
         sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
         def package_details
           @package_details ||= T.let(
@@ -54,6 +80,14 @@ module Dependabot
             T.nilable(Dependabot::Package::PackageDetails)
           )
         end
+        sig { returns(Dependabot::Package::PackageRelease) }
+        def current_dependency_release
+          Dependabot::Package::PackageRelease.new(
+            version: Nix::Version.new("0.0.0-0.0"),
+            tag: dependency.version
+          )
+        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nix
 version: !ruby/object:Gem::Version
-  version: 0.372.0
+  version: 0.373.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.372.0
+        version: 0.373.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.372.0
+        version: 0.373.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.372.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.373.0
 rdoc_options: []
 require_paths:
 - lib