dependabot-pre_commit 0.361.2

data/lib/dependabot/pre_commit/additional_dependency_checkers/ruby.rb

@@ -0,0 +1,169 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "excon"
+require "json"
+require "sorbet-runtime"
+require "dependabot/dependency"
+require "dependabot/update_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/base"
+
+module Dependabot
+  module PreCommit
+    module AdditionalDependencyCheckers
+      class Ruby < Base
+        extend T::Sig
+
+        sig { override.returns(T.nilable(String)) }
+        def latest_version
+          return nil unless package_name
+
+          @latest_version ||= T.let(
+            fetch_latest_version_via_bundler_checker,
+            T.nilable(String)
+          )
+        end
+
+        sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def updated_requirements(latest_version)
+          requirements.map do |original_req|
+            original_source = original_req[:source]
+            next original_req unless original_source.is_a?(Hash)
+            next original_req unless original_source[:type] == "additional_dependency"
+
+            original_requirement = original_req[:requirement]
+            new_requirement = build_updated_requirement(original_requirement, latest_version)
+
+            new_original_string = build_original_string(
+              package_name: original_source[:original_name] || original_source[:package_name],
+              requirement: new_requirement
+            )
+
+            new_source = original_source.merge(original_string: new_original_string)
+
+            original_req.merge(
+              requirement: new_requirement,
+              source: new_source
+            )
+          end
+        end
+
+        private
+
+        sig { returns(T.nilable(String)) }
+        def fetch_latest_version_via_bundler_checker
+          bundler_checker = bundler_update_checker
+          return nil unless bundler_checker
+
+          latest = bundler_checker.latest_version
+          Dependabot.logger.info("Ruby UpdateChecker found latest version: #{latest || 'none'}")
+
+          latest&.to_s
+        rescue Dependabot::DependabotError, Excon::Error, JSON::ParserError => e
+          Dependabot.logger.debug("Error checking Ruby gem #{package_name}: #{e.message}")
+          nil
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def bundler_update_checker
+          @bundler_update_checker ||= T.let(
+            build_bundler_update_checker,
+            T.nilable(Dependabot::UpdateCheckers::Base)
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def build_bundler_update_checker
+          bundler_dependency = build_bundler_dependency
+          return nil unless bundler_dependency
+
+          Dependabot.logger.info("Delegating to bundler UpdateChecker for gem: #{bundler_dependency.name}")
+
+          Dependabot::UpdateCheckers.for_package_manager("bundler").new(
+            dependency: bundler_dependency,
+            dependency_files: build_bundler_dependency_files,
+            credentials: credentials,
+            ignored_versions: [],
+            security_advisories: [],
+            raise_on_ignored: false
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::Dependency)) }
+        def build_bundler_dependency
+          return nil unless package_name
+
+          version = current_version || extract_version_from_requirement
+
+          Dependabot::Dependency.new(
+            name: T.must(package_name),
+            version: version,
+            requirements: [{
+              requirement: version ? "= #{version}" : nil,
+              groups: [],
+              file: "Gemfile",
+              source: nil
+            }],
+            package_manager: "bundler"
+          )
+        end
+
+        sig { returns(T.nilable(String)) }
+        def extract_version_from_requirement
+          req_string = requirements.first&.dig(:requirement)
+          return nil unless req_string
+
+          version_part = req_string.sub(/\A[~><=!]+\s*/, "").strip
+          return version_part if version_part.match?(/\A\d+(?:\.\d+)*(?:\.\w+)?\z/)
+
+          nil
+        end
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        def build_bundler_dependency_files
+          version = current_version || extract_version_from_requirement
+          version_constraint = version ? ", \"#{version}\"" : ""
+          gemfile_content = "source 'https://rubygems.org'\ngem '#{package_name}'#{version_constraint}\n"
+
+          [
+            Dependabot::DependencyFile.new(
+              name: "Gemfile",
+              content: gemfile_content
+            )
+          ]
+        end
+
+        sig do
+          params(
+            package_name: T.nilable(String),
+            requirement: T.nilable(String)
+          ).returns(String)
+        end
+        def build_original_string(package_name:, requirement:)
+          base = package_name.to_s
+          base = "#{base}:#{requirement}" if requirement
+          base
+        end
+
+        sig { params(original_requirement: T.nilable(String), new_version: String).returns(String) }
+        def build_updated_requirement(original_requirement, new_version)
+          return new_version unless original_requirement
+
+          # Handle Ruby gem version operators: ~>, >=, >, <=, <, =, !=
+          operator_match = original_requirement.match(/\A(?<op>[~><=!]+)\s*/)
+          if operator_match
+            "#{operator_match[:op]} #{new_version}"
+          else
+            new_version
+          end
+        end
+      end
+    end
+  end
+end
+
+Dependabot::PreCommit::AdditionalDependencyCheckers.register(
+  "ruby",
+  Dependabot::PreCommit::AdditionalDependencyCheckers::Ruby
+)

data/lib/dependabot/pre_commit/additional_dependency_checkers/rust.rb

@@ -0,0 +1,179 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "excon"
+require "json"
+require "sorbet-runtime"
+require "dependabot/dependency"
+require "dependabot/update_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers"
+require "dependabot/pre_commit/additional_dependency_checkers/base"
+
+module Dependabot
+  module PreCommit
+    module AdditionalDependencyCheckers
+      class Rust < Base
+        extend T::Sig
+
+        sig { override.returns(T.nilable(String)) }
+        def latest_version
+          return nil unless package_name
+
+          @latest_version ||= T.let(
+            fetch_latest_version_via_cargo_checker,
+            T.nilable(String)
+          )
+        end
+
+        sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+        def updated_requirements(latest_version)
+          requirements.map do |original_req|
+            original_source = original_req[:source]
+            next original_req unless original_source.is_a?(Hash)
+            next original_req unless original_source[:type] == "additional_dependency"
+
+            original_requirement = original_req[:requirement]
+            new_requirement = build_updated_requirement(original_requirement, latest_version)
+
+            new_original_string = build_original_string(
+              package_name: original_source[:original_name] || original_source[:package_name],
+              requirement: new_requirement,
+              cli: original_source[:extras] == "cli"
+            )
+
+            new_source = original_source.merge(original_string: new_original_string)
+
+            original_req.merge(
+              requirement: new_requirement,
+              source: new_source
+            )
+          end
+        end
+
+        private
+
+        sig { returns(T.nilable(String)) }
+        def fetch_latest_version_via_cargo_checker
+          cargo_checker = cargo_update_checker
+          return nil unless cargo_checker
+
+          latest = cargo_checker.latest_version
+          Dependabot.logger.info("Cargo UpdateChecker found latest version: #{latest || 'none'}")
+
+          latest&.to_s
+        rescue Dependabot::DependabotError, Excon::Error, JSON::ParserError => e
+          Dependabot.logger.debug("Error checking Rust package #{package_name}: #{e.message}")
+          nil
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def cargo_update_checker
+          @cargo_update_checker ||= T.let(
+            build_cargo_update_checker,
+            T.nilable(Dependabot::UpdateCheckers::Base)
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::UpdateCheckers::Base)) }
+        def build_cargo_update_checker
+          cargo_dependency = build_cargo_dependency
+          return nil unless cargo_dependency
+
+          Dependabot.logger.info("Delegating to cargo UpdateChecker for package: #{cargo_dependency.name}")
+
+          Dependabot::UpdateCheckers.for_package_manager("cargo").new(
+            dependency: cargo_dependency,
+            dependency_files: build_cargo_dependency_files,
+            credentials: credentials,
+            ignored_versions: [],
+            security_advisories: [],
+            raise_on_ignored: false
+          )
+        end
+
+        sig { returns(T.nilable(Dependabot::Dependency)) }
+        def build_cargo_dependency
+          return nil unless package_name
+
+          version = current_version || extract_version_from_requirement
+
+          Dependabot::Dependency.new(
+            name: T.must(package_name),
+            version: version,
+            requirements: [{
+              requirement: version ? "=#{version}" : nil,
+              groups: ["dependencies"],
+              file: "Cargo.toml",
+              source: nil
+            }],
+            package_manager: "cargo"
+          )
+        end
+
+        sig { returns(T.nilable(String)) }
+        def extract_version_from_requirement
+          req_string = requirements.first&.dig(:requirement)
+          return nil unless req_string
+
+          version_part = req_string.sub(/\A(?:[~^]|[><=]+)\s*/, "")
+          return version_part if version_part.match?(/\A\d+(?:\.\d+)*(?:-[\w.]+)?(?:\+[\w.]+)?\z/)
+
+          nil
+        end
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        def build_cargo_dependency_files
+          version = current_version || extract_version_from_requirement
+          requirement = version ? "=#{version}" : "*"
+
+          toml_content = <<~TOML
+            [package]
+            name = "dependabot-pre-commit-check"
+            version = "0.0.1"
+            edition = "2021"
+
+            [dependencies]
+            #{T.must(package_name)} = "#{requirement}"
+          TOML
+
+          [
+            Dependabot::DependencyFile.new(
+              name: "Cargo.toml",
+              content: toml_content
+            )
+          ]
+        end
+
+        sig do
+          params(
+            package_name: T.nilable(String),
+            requirement: T.nilable(String),
+            cli: T::Boolean
+          ).returns(String)
+        end
+        def build_original_string(package_name:, requirement:, cli:)
+          base = cli ? "cli:#{package_name}" : package_name.to_s
+          base = "#{base}:#{requirement}" if requirement
+          base
+        end
+
+        sig { params(original_requirement: T.nilable(String), new_version: String).returns(String) }
+        def build_updated_requirement(original_requirement, new_version)
+          return new_version unless original_requirement
+
+          operator_match = original_requirement.match(/\A(?<op>[~^]|[><=]+)\s*/)
+          if operator_match
+            "#{operator_match[:op]}#{new_version}"
+          else
+            new_version
+          end
+        end
+      end
+    end
+  end
+end
+
+Dependabot::PreCommit::AdditionalDependencyCheckers.register(
+  "rust",
+  Dependabot::PreCommit::AdditionalDependencyCheckers::Rust
+)

data/lib/dependabot/pre_commit/additional_dependency_checkers.rb

@@ -0,0 +1,46 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/pre_commit/additional_dependency_checkers/base"
+
+module Dependabot
+  module PreCommit
+    # Registry for additional_dependency update checkers by language.
+    # Similar pattern to Dependabot::UpdateCheckers but for pre-commit hook languages.
+    #
+    # Usage:
+    #   checker_class = AdditionalDependencyCheckers.for_language("python")
+    #   checker = checker_class.new(source: source, credentials: credentials, ...)
+    #   latest_version = checker.latest_version
+    #
+    module AdditionalDependencyCheckers
+      extend T::Sig
+
+      @checkers = T.let({}, T::Hash[String, T.class_of(Base)])
+
+      sig { params(language: String).returns(T.class_of(Base)) }
+      def self.for_language(language)
+        checker = @checkers[language.downcase]
+        return checker if checker
+
+        raise "Unsupported language for additional_dependencies: #{language}"
+      end
+
+      sig { params(language: String, checker: T.class_of(Base)).void }
+      def self.register(language, checker)
+        @checkers[language.downcase] = checker
+      end
+
+      sig { params(language: String).returns(T::Boolean) }
+      def self.supported?(language)
+        @checkers.key?(language.downcase)
+      end
+
+      sig { returns(T::Array[String]) }
+      def self.supported_languages
+        @checkers.keys
+      end
+    end
+  end
+end

data/lib/dependabot/pre_commit/file_fetcher.rb

@@ -0,0 +1,70 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+require "dependabot/file_filtering"
+
+module Dependabot
+  module PreCommit
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      CONFIG_FILE_PATTERN = /\.pre-commit(-config)?\.ya?ml$/i
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain a .pre-commit-config.yaml, .pre-commit-config.yml, " \
+          ".pre-commit.yaml, or .pre-commit.yml file."
+      end
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any? { |f| f.match?(CONFIG_FILE_PATTERN) }
+      end
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        unless allow_beta_ecosystems?
+          raise Dependabot::DependencyFileNotFound.new(
+            nil,
+            "PreCommit support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
+          )
+        end
+
+        fetched_files = []
+        fetched_files << pre_commit_config
+
+        fetched_files.reject do |file|
+          Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
+        end
+      end
+
+      sig { override.returns(T.nilable(T::Hash[Symbol, T.untyped])) }
+      def ecosystem_versions
+        nil
+      end
+
+      private
+
+      sig { returns(Dependabot::DependencyFile) }
+      def pre_commit_config
+        @pre_commit_config ||= T.let(
+          fetch_file_from_host(config_file_name),
+          T.nilable(Dependabot::DependencyFile)
+        )
+      end
+
+      sig { returns(String) }
+      def config_file_name
+        @config_file_name ||= T.let(
+          repo_contents.find { |f| f.name.match?(CONFIG_FILE_PATTERN) }&.name ||
+            ".pre-commit-config.yaml",
+          T.nilable(String)
+        )
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("pre_commit", Dependabot::PreCommit::FileFetcher)

data/lib/dependabot/pre_commit/file_parser.rb

@@ -0,0 +1,210 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "yaml"
+require "sorbet-runtime"
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/errors"
+require "dependabot/pre_commit/package_manager"
+require "dependabot/pre_commit/version"
+require "dependabot/pre_commit/requirement"
+require "dependabot/cargo/requirement"
+require "dependabot/npm_and_yarn/requirement"
+require "dependabot/python/requirement_parser"
+require "dependabot/bundler/requirement"
+require "dependabot/go_modules/requirement_parser"
+
+module Dependabot
+  module PreCommit
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      require "dependabot/file_parsers/base/dependency_set"
+
+      CONFIG_FILE_PATTERN = /\.pre-commit(-config)?\.ya?ml$/i
+      ECOSYSTEM = "pre_commit"
+
+      LANGUAGE_PARSERS = T.let(
+        {
+          "python" => ->(dep_string) { Dependabot::Python::RequirementParser.parse(dep_string) },
+          "node" => ->(dep_string) { Dependabot::NpmAndYarn::Requirement.parse_dep_string(dep_string) },
+          "rust" => ->(dep_string) { Dependabot::Cargo::Requirement.parse_dep_string(dep_string) },
+          "golang" => ->(dep_string) { Dependabot::GoModules::RequirementParser.parse(dep_string) },
+          "ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) }
+        }.freeze,
+        T::Hash[String, T.proc.params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.untyped]))]
+      )
+
+      sig { override.returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager
+          ),
+          T.nilable(Ecosystem)
+        )
+      end
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        dependency_set = DependencySet.new
+
+        pre_commit_config_files.each do |file|
+          dependency_set += parse_config_file(file)
+        end
+
+        dependency_set.dependencies
+      end
+
+      private
+
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        @package_manager ||= T.let(PackageManager.new, T.nilable(Dependabot::PreCommit::PackageManager))
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(DependencySet) }
+      def parse_config_file(file)
+        dependency_set = DependencySet.new
+
+        yaml = YAML.safe_load(T.must(file.content), aliases: true)
+        return dependency_set unless yaml.is_a?(Hash)
+
+        repos = yaml.fetch("repos", [])
+        repos.each do |repo|
+          next unless repo.is_a?(Hash)
+
+          dependency = parse_repo(repo, file)
+          dependency_set << dependency if dependency
+
+          additional_deps = parse_additional_dependencies(repo, file)
+          additional_deps.each { |dep| dependency_set << dep }
+        end
+
+        dependency_set
+      rescue Psych::SyntaxError, Psych::DisallowedClass, Psych::BadAlias => e
+        raise Dependabot::DependencyFileNotParseable.new(file.path, e.message)
+      end
+
+      sig do
+        params(
+          repo: T::Hash[String, T.untyped],
+          file: Dependabot::DependencyFile
+        ).returns(T.nilable(Dependency))
+      end
+      def parse_repo(repo, file)
+        repo_url = repo["repo"]
+        rev = repo["rev"]
+
+        return nil if repo_url.nil? || rev.nil?
+        return nil if %w(local meta).include?(repo_url)
+
+        Dependency.new(
+          name: repo_url,
+          version: rev,
+          requirements: [{
+            requirement: nil,
+            groups: [],
+            file: file.name,
+            source: {
+              type: "git",
+              url: repo_url,
+              ref: rev,
+              branch: nil
+            }
+          }],
+          package_manager: ECOSYSTEM
+        )
+      end
+
+      sig do
+        params(
+          repo: T::Hash[String, T.untyped],
+          file: Dependabot::DependencyFile
+        ).returns(T::Array[Dependabot::Dependency])
+      end
+      def parse_additional_dependencies(repo, file)
+        dependencies = []
+        repo_url = repo["repo"]
+
+        return dependencies if repo_url.nil? || %w(local meta).include?(repo_url)
+
+        hooks = repo.fetch("hooks", [])
+        hooks.each do |hook|
+          next unless hook.is_a?(Hash)
+
+          hook_deps = parse_hook_additional_dependencies(hook, repo_url, file)
+          dependencies.concat(hook_deps)
+        end
+
+        dependencies
+      end
+
+      sig do
+        params(
+          hook: T::Hash[String, T.untyped],
+          repo_url: String,
+          file: Dependabot::DependencyFile
+        ).returns(T::Array[Dependabot::Dependency])
+      end
+      def parse_hook_additional_dependencies(hook, repo_url, file)
+        dependencies = []
+
+        return dependencies unless hook["id"]
+
+        additional_deps = hook.fetch("additional_dependencies", [])
+        return dependencies if additional_deps.empty?
+
+        parser = LANGUAGE_PARSERS[hook["language"]]
+        return dependencies unless parser
+
+        additional_deps.each do |dep_string|
+          next unless dep_string.is_a?(String)
+
+          parsed = parser.call(dep_string)
+          next unless parsed
+
+          dependencies << Dependabot::Dependency.new(
+            name: parsed[:normalised_name],
+            version: parsed[:version],
+            requirements: [{
+              requirement: parsed[:requirement],
+              groups: ["additional_dependencies"],
+              file: file.name,
+              source: {
+                type: "additional_dependency",
+                language: hook["language"],
+                package_name: parsed[:normalised_name],
+                original_name: parsed[:name],
+                hook_id: hook["id"],
+                hook_repo: repo_url,
+                extras: parsed[:extras],
+                original_string: dep_string
+              }
+            }],
+            package_manager: ECOSYSTEM
+          )
+        end
+
+        dependencies
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def pre_commit_config_files
+        dependency_files.select { |f| f.name.match?(CONFIG_FILE_PATTERN) }
+      end
+
+      sig { override.void }
+      def check_required_files
+        return if pre_commit_config_files.any?
+
+        raise "No pre-commit configuration file found!"
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("pre_commit", Dependabot::PreCommit::FileParser)