dependabot-pre_commit 0.378.0 → 0.380.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pre_commit/additional_dependency_checkers/base.rb +8 -2
- data/lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb +2 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/go.rb +2 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/node.rb +2 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/python.rb +2 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/ruby.rb +2 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/rust.rb +2 -1
- data/lib/dependabot/pre_commit/metadata_finder.rb +1 -1
- data/lib/dependabot/pre_commit/update_checker/latest_version_finder.rb +110 -64
- data/lib/dependabot/pre_commit/update_checker.rb +2 -1
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8e78048cc01b6cc8337b84479eb4406150f0755fccf0903e49dcbc99a5edd4ea
|
|
4
|
+
data.tar.gz: a8e05e70a8b9e6897d2d2282d6505eb3829a605c8b7a3398121a3481fed22257
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7bfd3900fac1e250950fc46e60af6297b585cb9e29ed7ca5d440d259caf6082c988cc9523b1bcc5fa158996e3f8b567a16ecc4318dfc05e15bd10816d14f3a49
|
|
7
|
+
data.tar.gz: 0bf8f5fa2372328cec0bd516d5d59bff609da33a93dcb4b42f83428af191d46e461928313cca184bd029c03319a571f1c6306a793c0726e0cf286c4219bdb68b
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/package/release_cooldown_options"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module PreCommit
|
|
@@ -43,14 +44,16 @@ module Dependabot
|
|
|
43
44
|
source: T::Hash[Symbol, T.untyped],
|
|
44
45
|
credentials: T::Array[Dependabot::Credential],
|
|
45
46
|
requirements: T::Array[T::Hash[Symbol, T.untyped]],
|
|
46
|
-
current_version: T.nilable(String)
|
|
47
|
+
current_version: T.nilable(String),
|
|
48
|
+
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
47
49
|
).void
|
|
48
50
|
end
|
|
49
|
-
def initialize(source:, credentials:, requirements:, current_version:)
|
|
51
|
+
def initialize(source:, credentials:, requirements:, current_version:, cooldown_options: nil)
|
|
50
52
|
@source = source
|
|
51
53
|
@credentials = credentials
|
|
52
54
|
@requirements = requirements
|
|
53
55
|
@current_version = current_version
|
|
56
|
+
@cooldown_options = cooldown_options
|
|
54
57
|
end
|
|
55
58
|
|
|
56
59
|
# Find the latest available version for this dependency
|
|
@@ -79,6 +82,9 @@ module Dependabot
|
|
|
79
82
|
sig { returns(T.nilable(String)) }
|
|
80
83
|
attr_reader :current_version
|
|
81
84
|
|
|
85
|
+
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
86
|
+
attr_reader :cooldown_options
|
|
87
|
+
|
|
82
88
|
sig { returns(T.nilable(String)) }
|
|
83
89
|
def package_name
|
|
84
90
|
source[:package_name]&.to_s
|
|
@@ -46,6 +46,7 @@ module Dependabot
|
|
|
46
46
|
@raise_on_ignored = raise_on_ignored
|
|
47
47
|
@options = options
|
|
48
48
|
@cooldown_options = cooldown_options
|
|
49
|
+
@cooldown_selected_tag = T.let(nil, T.nilable(T::Hash[Symbol, T.untyped]))
|
|
49
50
|
|
|
50
51
|
@git_helper = T.let(git_helper, Dependabot::PreCommit::Helpers::Githelper)
|
|
51
52
|
super(
|
|
@@ -85,22 +86,35 @@ module Dependabot
|
|
|
85
86
|
|
|
86
87
|
Dependabot.logger.info("Available release version/ref is #{release}")
|
|
87
88
|
|
|
88
|
-
|
|
89
|
-
if release.nil?
|
|
90
|
-
Dependabot.logger.info("Returning current version/ref (no viable filtered release) #{current_version}")
|
|
91
|
-
return current_version
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
release
|
|
89
|
+
filter_release_with_cooldown(release)
|
|
95
90
|
end
|
|
96
91
|
|
|
97
92
|
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
98
93
|
def latest_version_tag
|
|
99
|
-
available_latest_version_tag
|
|
94
|
+
@cooldown_selected_tag || available_latest_version_tag
|
|
100
95
|
end
|
|
101
96
|
|
|
102
97
|
private
|
|
103
98
|
|
|
99
|
+
sig do
|
|
100
|
+
params(release: T.any(Dependabot::Version, String))
|
|
101
|
+
.returns(T.nilable(T.any(Dependabot::Version, String)))
|
|
102
|
+
end
|
|
103
|
+
def filter_release_with_cooldown(release)
|
|
104
|
+
return release unless cooldown_enabled?
|
|
105
|
+
return release unless cooldown_options
|
|
106
|
+
# Commit SHA releases have no version ordering to fall back through
|
|
107
|
+
return release if release_type_sha?
|
|
108
|
+
|
|
109
|
+
Dependabot.logger.info("Applying cooldown filter for #{dependency.name}")
|
|
110
|
+
|
|
111
|
+
result = find_latest_version_outside_cooldown
|
|
112
|
+
return result if result
|
|
113
|
+
|
|
114
|
+
Dependabot.logger.info("All candidate versions are in cooldown, keeping current version #{current_version}")
|
|
115
|
+
current_version
|
|
116
|
+
end
|
|
117
|
+
|
|
104
118
|
sig { returns(T.nilable(Dependabot::PreCommit::Package::PackageDetailsFetcher)) }
|
|
105
119
|
def package_details_fetcher
|
|
106
120
|
@package_details_fetcher ||= T.let(
|
|
@@ -136,58 +150,89 @@ module Dependabot
|
|
|
136
150
|
true
|
|
137
151
|
end
|
|
138
152
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
def
|
|
144
|
-
|
|
145
|
-
return
|
|
153
|
+
# Checks versions from latest downward (among versions > current_version)
|
|
154
|
+
# in a single bare clone. Returns the newest version outside cooldown,
|
|
155
|
+
# or nil if all candidates are within cooldown.
|
|
156
|
+
sig { returns(T.nilable(Dependabot::Version)) }
|
|
157
|
+
def find_latest_version_outside_cooldown
|
|
158
|
+
candidates = version_candidates_descending
|
|
159
|
+
return nil if candidates.empty?
|
|
146
160
|
|
|
147
|
-
|
|
148
|
-
|
|
161
|
+
url = @git_helper.git_commit_checker.dependency_source_details&.fetch(:url)
|
|
162
|
+
source = T.must(Source.from_url(url))
|
|
149
163
|
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
164
|
+
SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
|
|
165
|
+
repo_contents_path = File.join(temp_dir, File.basename(source.repo))
|
|
166
|
+
SharedHelpers.run_shell_command("git clone --bare --no-recurse-submodules #{url} #{repo_contents_path}")
|
|
167
|
+
|
|
168
|
+
Dir.chdir(repo_contents_path) do
|
|
169
|
+
return check_candidates_cooldown(candidates)
|
|
170
|
+
end
|
|
153
171
|
end
|
|
172
|
+
rescue StandardError => e
|
|
173
|
+
Dependabot.logger.error("Error checking cooldown for #{dependency.name}: #{e.message}")
|
|
174
|
+
nil
|
|
175
|
+
end
|
|
154
176
|
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
177
|
+
# Iterates candidate tags inside a bare clone directory, returning the first
|
|
178
|
+
# version whose release date falls outside the cooldown window.
|
|
179
|
+
sig do
|
|
180
|
+
params(candidates: T::Array[T::Hash[Symbol, T.untyped]])
|
|
181
|
+
.returns(T.nilable(Dependabot::Version))
|
|
182
|
+
end
|
|
183
|
+
def check_candidates_cooldown(candidates)
|
|
184
|
+
filtered_count = 0
|
|
185
|
+
|
|
186
|
+
candidates.each do |tag|
|
|
187
|
+
commit_sha = tag[:commit_sha]
|
|
188
|
+
next unless commit_sha
|
|
189
|
+
|
|
190
|
+
date_str = SharedHelpers.run_shell_command(
|
|
191
|
+
"git show --no-patch --format=\"%cd\" --date=iso #{commit_sha}",
|
|
192
|
+
fingerprint: "git show --no-patch --format=\"%cd\" --date=iso <commit_sha>"
|
|
193
|
+
)
|
|
194
|
+
release_date = Time.parse(date_str)
|
|
195
|
+
|
|
196
|
+
if release_in_cooldown_period?(release_date)
|
|
197
|
+
filtered_count += 1
|
|
198
|
+
else
|
|
199
|
+
log_cooldown_result(filtered_count, tag[:version], release_date)
|
|
200
|
+
@cooldown_selected_tag = tag
|
|
201
|
+
return T.cast(tag[:version], Dependabot::Version)
|
|
202
|
+
end
|
|
158
203
|
end
|
|
159
204
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
sig { returns(T.nilable(String)) }
|
|
164
|
-
def commit_metadata_details
|
|
165
|
-
@commit_metadata_details ||= T.let(
|
|
166
|
-
begin
|
|
167
|
-
url = @git_helper.git_commit_checker.dependency_source_details&.fetch(:url)
|
|
168
|
-
source = T.must(Source.from_url(url))
|
|
169
|
-
|
|
170
|
-
SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
|
|
171
|
-
repo_contents_path = File.join(temp_dir, File.basename(source.repo))
|
|
172
|
-
|
|
173
|
-
SharedHelpers.run_shell_command("git clone --bare --no-recurse-submodules #{url} #{repo_contents_path}")
|
|
174
|
-
Dir.chdir(repo_contents_path) do
|
|
175
|
-
date = SharedHelpers.run_shell_command(
|
|
176
|
-
"git show --no-patch --format=\"%cd\" " \
|
|
177
|
-
"--date=iso #{commit_ref}"
|
|
178
|
-
)
|
|
179
|
-
Dependabot.logger.info("Found release date : #{Time.parse(date)}")
|
|
180
|
-
return date
|
|
181
|
-
end
|
|
182
|
-
end
|
|
183
|
-
rescue StandardError => e
|
|
184
|
-
Dependabot.logger.error("Error (pre_commit) while checking release date for #{dependency.name}")
|
|
185
|
-
Dependabot.logger.error(e.message)
|
|
186
|
-
|
|
187
|
-
nil
|
|
188
|
-
end,
|
|
189
|
-
T.nilable(String)
|
|
205
|
+
Dependabot.logger.info(
|
|
206
|
+
"Filtered #{filtered_count} version(s) due to cooldown for #{dependency.name}, " \
|
|
207
|
+
"no eligible version found"
|
|
190
208
|
)
|
|
209
|
+
nil
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
sig do
|
|
213
|
+
params(filtered_count: Integer, version: T.untyped, release_date: Time).void
|
|
214
|
+
end
|
|
215
|
+
def log_cooldown_result(filtered_count, version, release_date)
|
|
216
|
+
if filtered_count.positive?
|
|
217
|
+
Dependabot.logger.info(
|
|
218
|
+
"Filtered #{filtered_count} version(s) due to cooldown for #{dependency.name}"
|
|
219
|
+
)
|
|
220
|
+
end
|
|
221
|
+
Dependabot.logger.info("Selected version #{version} (released #{release_date})")
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
# Returns all version tags > current_version, sorted descending (latest first).
|
|
225
|
+
# This ensures we evaluate from the newest candidate downward.
|
|
226
|
+
sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
227
|
+
def version_candidates_descending
|
|
228
|
+
all_tags = @git_helper.git_commit_checker.local_tags_for_allowed_versions_matching_existing_precision
|
|
229
|
+
cur_version = current_version
|
|
230
|
+
|
|
231
|
+
all_tags
|
|
232
|
+
.select { |tag| tag[:version].is_a?(Gem::Version) }
|
|
233
|
+
.select { |tag| cur_version.nil? || tag[:version] > cur_version }
|
|
234
|
+
.sort_by { |tag| tag[:version] }
|
|
235
|
+
.reverse
|
|
191
236
|
end
|
|
192
237
|
|
|
193
238
|
sig { params(release_date: Time).returns(T::Boolean) }
|
|
@@ -198,25 +243,26 @@ module Dependabot
|
|
|
198
243
|
|
|
199
244
|
days = T.must(cooldown).default_days
|
|
200
245
|
|
|
201
|
-
Dependabot.logger.info(
|
|
202
|
-
"Days since release : #{(Time.now.to_i - release_date.to_i) / (24 * 60 * 60)} " \
|
|
203
|
-
"(cooldown days #{days})"
|
|
204
|
-
)
|
|
205
|
-
|
|
206
246
|
Dependabot::UpdateCheckers::CooldownCalculation
|
|
207
247
|
.within_cooldown_window?(release_date, days)
|
|
208
248
|
end
|
|
209
249
|
|
|
210
|
-
sig { returns(String) }
|
|
211
|
-
def commit_ref
|
|
212
|
-
T.cast(latest_version_tag&.fetch(:commit_sha), String)
|
|
213
|
-
end
|
|
214
|
-
|
|
215
250
|
sig { returns(T.nilable(T.any(Dependabot::Version, String))) }
|
|
216
251
|
def current_version
|
|
217
252
|
return dependency.source_details(allowed_types: ["git"])&.fetch(:ref) if release_type_sha?
|
|
218
253
|
|
|
219
|
-
|
|
254
|
+
# numeric_version handles plain versions like "4.4.0"
|
|
255
|
+
numeric = dependency.numeric_version
|
|
256
|
+
return numeric if numeric
|
|
257
|
+
|
|
258
|
+
# Handle v-prefixed tags like "v4.4.0" common in pre-commit
|
|
259
|
+
version_str = dependency.version
|
|
260
|
+
return nil unless version_str
|
|
261
|
+
|
|
262
|
+
stripped = version_str.sub(/\Av/i, "")
|
|
263
|
+
return nil unless Dependabot::PreCommit::Version.correct?(stripped)
|
|
264
|
+
|
|
265
|
+
Dependabot::PreCommit::Version.new(stripped)
|
|
220
266
|
end
|
|
221
267
|
|
|
222
268
|
sig { returns(T::Boolean) }
|
|
@@ -349,7 +349,8 @@ module Dependabot
|
|
|
349
349
|
source: source,
|
|
350
350
|
credentials: credentials,
|
|
351
351
|
requirements: dependency.requirements,
|
|
352
|
-
current_version: dependency.version
|
|
352
|
+
current_version: dependency.version,
|
|
353
|
+
cooldown_options: update_cooldown
|
|
353
354
|
)
|
|
354
355
|
rescue StandardError => e
|
|
355
356
|
Dependabot.logger.error("Error creating checker for #{language}: #{e.message}")
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-pre_commit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.380.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,84 +15,84 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.380.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.380.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-cargo
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.380.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.380.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: dependabot-common
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
44
|
- - '='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 0.
|
|
46
|
+
version: 0.380.0
|
|
47
47
|
type: :runtime
|
|
48
48
|
prerelease: false
|
|
49
49
|
version_requirements: !ruby/object:Gem::Requirement
|
|
50
50
|
requirements:
|
|
51
51
|
- - '='
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: 0.
|
|
53
|
+
version: 0.380.0
|
|
54
54
|
- !ruby/object:Gem::Dependency
|
|
55
55
|
name: dependabot-go_modules
|
|
56
56
|
requirement: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
58
|
- - '='
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.
|
|
60
|
+
version: 0.380.0
|
|
61
61
|
type: :runtime
|
|
62
62
|
prerelease: false
|
|
63
63
|
version_requirements: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
65
|
- - '='
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: 0.
|
|
67
|
+
version: 0.380.0
|
|
68
68
|
- !ruby/object:Gem::Dependency
|
|
69
69
|
name: dependabot-npm_and_yarn
|
|
70
70
|
requirement: !ruby/object:Gem::Requirement
|
|
71
71
|
requirements:
|
|
72
72
|
- - '='
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: 0.
|
|
74
|
+
version: 0.380.0
|
|
75
75
|
type: :runtime
|
|
76
76
|
prerelease: false
|
|
77
77
|
version_requirements: !ruby/object:Gem::Requirement
|
|
78
78
|
requirements:
|
|
79
79
|
- - '='
|
|
80
80
|
- !ruby/object:Gem::Version
|
|
81
|
-
version: 0.
|
|
81
|
+
version: 0.380.0
|
|
82
82
|
- !ruby/object:Gem::Dependency
|
|
83
83
|
name: dependabot-python
|
|
84
84
|
requirement: !ruby/object:Gem::Requirement
|
|
85
85
|
requirements:
|
|
86
86
|
- - '='
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
|
-
version: 0.
|
|
88
|
+
version: 0.380.0
|
|
89
89
|
type: :runtime
|
|
90
90
|
prerelease: false
|
|
91
91
|
version_requirements: !ruby/object:Gem::Requirement
|
|
92
92
|
requirements:
|
|
93
93
|
- - '='
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 0.
|
|
95
|
+
version: 0.380.0
|
|
96
96
|
- !ruby/object:Gem::Dependency
|
|
97
97
|
name: debug
|
|
98
98
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -338,7 +338,7 @@ licenses:
|
|
|
338
338
|
- MIT
|
|
339
339
|
metadata:
|
|
340
340
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
341
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
341
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
|
|
342
342
|
rdoc_options: []
|
|
343
343
|
require_paths:
|
|
344
344
|
- lib
|