dependabot-pre_commit 0.385.0 → 0.387.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pre_commit/additional_dependency_checkers/base.rb +12 -6
- data/lib/dependabot/pre_commit/additional_dependency_checkers/dart.rb +2 -2
- data/lib/dependabot/pre_commit/additional_dependency_checkers/go.rb +1 -1
- data/lib/dependabot/pre_commit/additional_dependency_checkers/node.rb +3 -3
- data/lib/dependabot/pre_commit/additional_dependency_checkers/python.rb +3 -3
- data/lib/dependabot/pre_commit/additional_dependency_checkers/ruby.rb +3 -3
- data/lib/dependabot/pre_commit/additional_dependency_checkers/rust.rb +3 -3
- data/lib/dependabot/pre_commit/file_fetcher.rb +1 -1
- data/lib/dependabot/pre_commit/file_parser/hook_language_fetcher.rb +6 -6
- data/lib/dependabot/pre_commit/file_parser.rb +69 -31
- data/lib/dependabot/pre_commit/file_updater.rb +15 -15
- data/lib/dependabot/pre_commit/helpers.rb +3 -3
- data/lib/dependabot/pre_commit/package/package_details_fetcher.rb +21 -9
- data/lib/dependabot/pre_commit/update_checker/latest_version_finder.rb +30 -21
- data/lib/dependabot/pre_commit/update_checker.rb +13 -13
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a2cfb0b6385ba550ad4b96e0f8a67066b88d6b0eeeca6c6bdb8326e416e759b3
|
|
4
|
+
data.tar.gz: d2cf43e22ab7b7e792949243c8ad026c5978e518c31ea9afe0674b03dc699fe5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2ba7d16160da8e821a5b50c277173329e788e09180fc32c4a64d0b2f8c40c454eb4d87b59af578b02d98588979918497b7b0414a5617b71054e98f3c312adfdf
|
|
7
|
+
data.tar.gz: bf2094a249ae2611c42058f176dab2ae835845417016ceb54542b92c7df3bd985af2353350c61ebc883c6f7f7edc1563feee2f67b0d6404a38d14b2a50043868
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -41,9 +41,9 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
sig do
|
|
43
43
|
params(
|
|
44
|
-
source: T::Hash[Symbol,
|
|
44
|
+
source: T::Hash[Symbol, Object],
|
|
45
45
|
credentials: T::Array[Dependabot::Credential],
|
|
46
|
-
requirements: T::Array[T::Hash[Symbol,
|
|
46
|
+
requirements: T::Array[T::Hash[Symbol, Object]],
|
|
47
47
|
current_version: T.nilable(String),
|
|
48
48
|
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
49
49
|
).void
|
|
@@ -65,18 +65,18 @@ module Dependabot
|
|
|
65
65
|
# Generate updated requirements for the new version
|
|
66
66
|
# Should preserve the original version constraint operator (>=, ~=, etc.)
|
|
67
67
|
# and update the source hash with the new original_string
|
|
68
|
-
sig { abstract.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
68
|
+
sig { abstract.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
69
69
|
def updated_requirements(latest_version); end
|
|
70
70
|
|
|
71
71
|
private
|
|
72
72
|
|
|
73
|
-
sig { returns(T::Hash[Symbol,
|
|
73
|
+
sig { returns(T::Hash[Symbol, Object]) }
|
|
74
74
|
attr_reader :source
|
|
75
75
|
|
|
76
76
|
sig { returns(T::Array[Dependabot::Credential]) }
|
|
77
77
|
attr_reader :credentials
|
|
78
78
|
|
|
79
|
-
sig { returns(T::Array[T::Hash[Symbol,
|
|
79
|
+
sig { returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
80
80
|
attr_reader :requirements
|
|
81
81
|
|
|
82
82
|
sig { returns(T.nilable(String)) }
|
|
@@ -89,6 +89,12 @@ module Dependabot
|
|
|
89
89
|
def package_name
|
|
90
90
|
source[:package_name]&.to_s
|
|
91
91
|
end
|
|
92
|
+
|
|
93
|
+
sig { params(requirement: T.nilable(T::Hash[Symbol, Object])).returns(T.nilable(String)) }
|
|
94
|
+
def requirement_string(requirement)
|
|
95
|
+
value = requirement&.dig(:requirement)
|
|
96
|
+
value if value.is_a?(String)
|
|
97
|
+
end
|
|
92
98
|
end
|
|
93
99
|
end
|
|
94
100
|
end
|
|
@@ -24,14 +24,14 @@ module Dependabot
|
|
|
24
24
|
)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
27
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
28
28
|
def updated_requirements(latest_version)
|
|
29
29
|
requirements.map do |original_req|
|
|
30
30
|
original_source = original_req[:source]
|
|
31
31
|
next original_req unless original_source.is_a?(Hash)
|
|
32
32
|
next original_req unless original_source[:type] == "additional_dependency"
|
|
33
33
|
|
|
34
|
-
original_requirement = original_req
|
|
34
|
+
original_requirement = requirement_string(original_req)
|
|
35
35
|
new_requirement = build_updated_requirement(original_requirement, latest_version)
|
|
36
36
|
|
|
37
37
|
new_original_string = build_original_string(
|
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
|
24
24
|
)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
27
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
28
28
|
def updated_requirements(latest_version)
|
|
29
29
|
requirements.map do |original_req|
|
|
30
30
|
original_source = original_req[:source]
|
|
@@ -25,14 +25,14 @@ module Dependabot
|
|
|
25
25
|
)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
28
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
29
29
|
def updated_requirements(latest_version)
|
|
30
30
|
requirements.map do |original_req|
|
|
31
31
|
original_source = original_req[:source]
|
|
32
32
|
next original_req unless original_source.is_a?(Hash)
|
|
33
33
|
next original_req unless original_source[:type] == "additional_dependency"
|
|
34
34
|
|
|
35
|
-
original_requirement = original_req
|
|
35
|
+
original_requirement = requirement_string(original_req)
|
|
36
36
|
new_requirement = build_updated_requirement(original_requirement, latest_version)
|
|
37
37
|
|
|
38
38
|
new_original_string = build_original_string(
|
|
@@ -112,7 +112,7 @@ module Dependabot
|
|
|
112
112
|
|
|
113
113
|
sig { returns(T.nilable(String)) }
|
|
114
114
|
def extract_version_from_requirement
|
|
115
|
-
req_string = requirements.first
|
|
115
|
+
req_string = requirement_string(requirements.first)
|
|
116
116
|
return nil unless req_string
|
|
117
117
|
|
|
118
118
|
version_part = req_string.sub(/\A[~^]|[><=]+\s*/, "")
|
|
@@ -26,14 +26,14 @@ module Dependabot
|
|
|
26
26
|
)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
29
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
30
30
|
def updated_requirements(latest_version)
|
|
31
31
|
requirements.map do |original_req|
|
|
32
32
|
original_source = original_req[:source]
|
|
33
33
|
next original_req unless original_source.is_a?(Hash)
|
|
34
34
|
next original_req unless original_source[:type] == "additional_dependency"
|
|
35
35
|
|
|
36
|
-
original_requirement = original_req
|
|
36
|
+
original_requirement = requirement_string(original_req)
|
|
37
37
|
new_requirement = build_updated_requirement(original_requirement, latest_version)
|
|
38
38
|
|
|
39
39
|
new_original_string = build_original_string(
|
|
@@ -126,7 +126,7 @@ module Dependabot
|
|
|
126
126
|
|
|
127
127
|
sig { returns(T.nilable(String)) }
|
|
128
128
|
def extract_version_from_requirement
|
|
129
|
-
req_string = requirements.first
|
|
129
|
+
req_string = requirement_string(requirements.first)
|
|
130
130
|
return nil unless req_string
|
|
131
131
|
|
|
132
132
|
match = req_string.match(/[\d]+(?:\.[\d]+)*(?:\.?\w+)*/)
|
|
@@ -25,14 +25,14 @@ module Dependabot
|
|
|
25
25
|
)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
28
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
29
29
|
def updated_requirements(latest_version)
|
|
30
30
|
requirements.map do |original_req|
|
|
31
31
|
original_source = original_req[:source]
|
|
32
32
|
next original_req unless original_source.is_a?(Hash)
|
|
33
33
|
next original_req unless original_source[:type] == "additional_dependency"
|
|
34
34
|
|
|
35
|
-
original_requirement = original_req
|
|
35
|
+
original_requirement = requirement_string(original_req)
|
|
36
36
|
new_requirement = build_updated_requirement(original_requirement, latest_version)
|
|
37
37
|
|
|
38
38
|
new_original_string = build_original_string(
|
|
@@ -112,7 +112,7 @@ module Dependabot
|
|
|
112
112
|
|
|
113
113
|
sig { returns(T.nilable(String)) }
|
|
114
114
|
def extract_version_from_requirement
|
|
115
|
-
req_string = requirements.first
|
|
115
|
+
req_string = requirement_string(requirements.first)
|
|
116
116
|
return nil unless req_string
|
|
117
117
|
|
|
118
118
|
version_part = req_string.sub(/\A[~><=!]+\s*/, "").strip
|
|
@@ -25,14 +25,14 @@ module Dependabot
|
|
|
25
25
|
)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol,
|
|
28
|
+
sig { override.params(latest_version: String).returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
29
29
|
def updated_requirements(latest_version)
|
|
30
30
|
requirements.map do |original_req|
|
|
31
31
|
original_source = original_req[:source]
|
|
32
32
|
next original_req unless original_source.is_a?(Hash)
|
|
33
33
|
next original_req unless original_source[:type] == "additional_dependency"
|
|
34
34
|
|
|
35
|
-
original_requirement = original_req
|
|
35
|
+
original_requirement = requirement_string(original_req)
|
|
36
36
|
new_requirement = build_updated_requirement(original_requirement, latest_version)
|
|
37
37
|
|
|
38
38
|
new_original_string = build_original_string(
|
|
@@ -113,7 +113,7 @@ module Dependabot
|
|
|
113
113
|
|
|
114
114
|
sig { returns(T.nilable(String)) }
|
|
115
115
|
def extract_version_from_requirement
|
|
116
|
-
req_string = requirements.first
|
|
116
|
+
req_string = requirement_string(requirements.first)
|
|
117
117
|
return nil unless req_string
|
|
118
118
|
|
|
119
119
|
version_part = req_string.sub(/\A(?:[~^]|[><=]+)\s*/, "")
|
|
@@ -29,7 +29,7 @@ module Dependabot
|
|
|
29
29
|
end
|
|
30
30
|
def initialize(credentials:)
|
|
31
31
|
@credentials = credentials
|
|
32
|
-
@hooks_cache = T.let({}, T::Hash[String, T.nilable(T::Array[T::Hash[String,
|
|
32
|
+
@hooks_cache = T.let({}, T::Hash[String, T.nilable(T::Array[T::Hash[String, Object]])])
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
# Fetches the language for a specific hook from the hook source repository.
|
|
@@ -64,7 +64,7 @@ module Dependabot
|
|
|
64
64
|
params(
|
|
65
65
|
repo_url: String,
|
|
66
66
|
revision: String
|
|
67
|
-
).returns(T.nilable(T::Array[T::Hash[String,
|
|
67
|
+
).returns(T.nilable(T::Array[T::Hash[String, Object]]))
|
|
68
68
|
end
|
|
69
69
|
def fetch_hooks_from_repo(repo_url, revision)
|
|
70
70
|
cache_key = "#{repo_url}@#{revision}"
|
|
@@ -79,7 +79,7 @@ module Dependabot
|
|
|
79
79
|
params(
|
|
80
80
|
repo_url: String,
|
|
81
81
|
revision: String
|
|
82
|
-
).returns(T.nilable(T::Array[T::Hash[String,
|
|
82
|
+
).returns(T.nilable(T::Array[T::Hash[String, Object]]))
|
|
83
83
|
end
|
|
84
84
|
def fetch_hooks_internal(repo_url, revision)
|
|
85
85
|
source = Source.from_url(repo_url)
|
|
@@ -96,7 +96,7 @@ module Dependabot
|
|
|
96
96
|
params(
|
|
97
97
|
source: Dependabot::Source,
|
|
98
98
|
revision: String
|
|
99
|
-
).returns(T.nilable(T::Array[T::Hash[String,
|
|
99
|
+
).returns(T.nilable(T::Array[T::Hash[String, Object]]))
|
|
100
100
|
end
|
|
101
101
|
def fetch_from_github(source, revision)
|
|
102
102
|
response = github_client.send(
|
|
@@ -121,7 +121,7 @@ module Dependabot
|
|
|
121
121
|
params(
|
|
122
122
|
repo_url: String,
|
|
123
123
|
revision: String
|
|
124
|
-
).returns(T.nilable(T::Array[T::Hash[String,
|
|
124
|
+
).returns(T.nilable(T::Array[T::Hash[String, Object]]))
|
|
125
125
|
end
|
|
126
126
|
def fetch_via_git_clone(repo_url, revision)
|
|
127
127
|
source = Source.from_url(repo_url)
|
|
@@ -157,7 +157,7 @@ module Dependabot
|
|
|
157
157
|
nil
|
|
158
158
|
end
|
|
159
159
|
|
|
160
|
-
sig { params(content: String).returns(T.nilable(T::Array[T::Hash[String,
|
|
160
|
+
sig { params(content: String).returns(T.nilable(T::Array[T::Hash[String, Object]])) }
|
|
161
161
|
def parse_hooks_yaml(content)
|
|
162
162
|
yaml = YAML.safe_load(content, aliases: true)
|
|
163
163
|
return nil unless yaml.is_a?(Array)
|
|
@@ -37,7 +37,7 @@ module Dependabot
|
|
|
37
37
|
"ruby" => ->(dep_string) { Dependabot::Bundler::Requirement.parse_dep_string(dep_string) },
|
|
38
38
|
"dart" => ->(dep_string) { Dependabot::Pub::Requirement.parse_dep_string(dep_string) }
|
|
39
39
|
}.freeze,
|
|
40
|
-
T::Hash[String, T.proc.params(dep_string: String).returns(T.nilable(T::Hash[Symbol,
|
|
40
|
+
T::Hash[String, T.proc.params(dep_string: String).returns(T.nilable(T::Hash[Symbol, Object]))]
|
|
41
41
|
)
|
|
42
42
|
|
|
43
43
|
sig { override.returns(Ecosystem) }
|
|
@@ -77,6 +77,8 @@ module Dependabot
|
|
|
77
77
|
return dependency_set unless yaml.is_a?(Hash)
|
|
78
78
|
|
|
79
79
|
repos = yaml.fetch("repos", [])
|
|
80
|
+
return dependency_set unless repos.is_a?(Array)
|
|
81
|
+
|
|
80
82
|
repos.each do |repo|
|
|
81
83
|
next unless repo.is_a?(Hash)
|
|
82
84
|
|
|
@@ -94,7 +96,7 @@ module Dependabot
|
|
|
94
96
|
|
|
95
97
|
sig do
|
|
96
98
|
params(
|
|
97
|
-
repo: T::Hash[String,
|
|
99
|
+
repo: T::Hash[String, Object],
|
|
98
100
|
file: Dependabot::DependencyFile
|
|
99
101
|
).returns(T.nilable(Dependency))
|
|
100
102
|
end
|
|
@@ -102,7 +104,7 @@ module Dependabot
|
|
|
102
104
|
repo_url = repo["repo"]
|
|
103
105
|
rev = repo["rev"]
|
|
104
106
|
|
|
105
|
-
return nil
|
|
107
|
+
return nil unless repo_url.is_a?(String) && rev.is_a?(String)
|
|
106
108
|
return nil if %w(local meta).include?(repo_url)
|
|
107
109
|
|
|
108
110
|
comment = rev_line_comment(file, repo_url)
|
|
@@ -128,7 +130,7 @@ module Dependabot
|
|
|
128
130
|
|
|
129
131
|
sig do
|
|
130
132
|
params(
|
|
131
|
-
repo: T::Hash[String,
|
|
133
|
+
repo: T::Hash[String, Object],
|
|
132
134
|
file: Dependabot::DependencyFile
|
|
133
135
|
).returns(T::Array[Dependabot::Dependency])
|
|
134
136
|
end
|
|
@@ -137,9 +139,14 @@ module Dependabot
|
|
|
137
139
|
repo_url = repo["repo"]
|
|
138
140
|
revision = repo["rev"]
|
|
139
141
|
|
|
140
|
-
return dependencies
|
|
142
|
+
return dependencies unless repo_url.is_a?(String)
|
|
143
|
+
return dependencies if %w(local meta).include?(repo_url)
|
|
144
|
+
|
|
145
|
+
revision = nil unless revision.is_a?(String)
|
|
141
146
|
|
|
142
147
|
hooks = repo.fetch("hooks", [])
|
|
148
|
+
return dependencies unless hooks.is_a?(Array)
|
|
149
|
+
|
|
143
150
|
hooks.each do |hook|
|
|
144
151
|
next unless hook.is_a?(Hash)
|
|
145
152
|
|
|
@@ -152,7 +159,7 @@ module Dependabot
|
|
|
152
159
|
|
|
153
160
|
sig do
|
|
154
161
|
params(
|
|
155
|
-
hook: T::Hash[String,
|
|
162
|
+
hook: T::Hash[String, Object],
|
|
156
163
|
repo_url: String,
|
|
157
164
|
revision: T.nilable(String),
|
|
158
165
|
file: Dependabot::DependencyFile
|
|
@@ -162,9 +169,10 @@ module Dependabot
|
|
|
162
169
|
dependencies = []
|
|
163
170
|
hook_id = hook["id"]
|
|
164
171
|
|
|
165
|
-
return dependencies unless hook_id
|
|
172
|
+
return dependencies unless hook_id.is_a?(String)
|
|
166
173
|
|
|
167
174
|
additional_deps = hook.fetch("additional_dependencies", [])
|
|
175
|
+
return dependencies unless additional_deps.is_a?(Array)
|
|
168
176
|
return dependencies if additional_deps.empty?
|
|
169
177
|
|
|
170
178
|
# Get language from local config first, then try fetching from hook source repo
|
|
@@ -178,28 +186,9 @@ module Dependabot
|
|
|
178
186
|
next unless dep_string.is_a?(String)
|
|
179
187
|
|
|
180
188
|
parsed = parser.call(dep_string)
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
dependencies <<
|
|
184
|
-
name: parsed[:normalised_name],
|
|
185
|
-
version: parsed[:version],
|
|
186
|
-
requirements: [{
|
|
187
|
-
requirement: parsed[:requirement],
|
|
188
|
-
groups: ["additional_dependencies"],
|
|
189
|
-
file: file.name,
|
|
190
|
-
source: {
|
|
191
|
-
type: "additional_dependency",
|
|
192
|
-
language: language,
|
|
193
|
-
package_name: parsed[:normalised_name],
|
|
194
|
-
original_name: parsed[:name],
|
|
195
|
-
hook_id: hook_id,
|
|
196
|
-
hook_repo: repo_url,
|
|
197
|
-
extras: parsed[:extras],
|
|
198
|
-
original_string: dep_string
|
|
199
|
-
}
|
|
200
|
-
}],
|
|
201
|
-
package_manager: ECOSYSTEM
|
|
202
|
-
)
|
|
189
|
+
source_details = { language: language, hook_id: hook_id, repo_url: repo_url }
|
|
190
|
+
dependency = parsed && build_additional_dependency(parsed, dep_string, source_details, file)
|
|
191
|
+
dependencies << dependency if dependency
|
|
203
192
|
end
|
|
204
193
|
|
|
205
194
|
dependencies
|
|
@@ -207,7 +196,56 @@ module Dependabot
|
|
|
207
196
|
|
|
208
197
|
sig do
|
|
209
198
|
params(
|
|
210
|
-
|
|
199
|
+
parsed: T::Hash[Symbol, Object],
|
|
200
|
+
dep_string: String,
|
|
201
|
+
source_details: T::Hash[Symbol, String],
|
|
202
|
+
file: Dependabot::DependencyFile
|
|
203
|
+
).returns(T.nilable(Dependabot::Dependency))
|
|
204
|
+
end
|
|
205
|
+
def build_additional_dependency(parsed, dep_string, source_details, file)
|
|
206
|
+
normalised_name = parsed[:normalised_name]
|
|
207
|
+
return unless normalised_name.is_a?(String)
|
|
208
|
+
|
|
209
|
+
version = parsed[:version]
|
|
210
|
+
return unless version.nil? || version.is_a?(String) || version.is_a?(Dependabot::Version)
|
|
211
|
+
|
|
212
|
+
Dependabot::Dependency.new(
|
|
213
|
+
name: normalised_name,
|
|
214
|
+
version: version,
|
|
215
|
+
requirements: [additional_dependency_requirement(parsed, dep_string, source_details, file)],
|
|
216
|
+
package_manager: ECOSYSTEM
|
|
217
|
+
)
|
|
218
|
+
end
|
|
219
|
+
|
|
220
|
+
sig do
|
|
221
|
+
params(
|
|
222
|
+
parsed: T::Hash[Symbol, Object],
|
|
223
|
+
dep_string: String,
|
|
224
|
+
source_details: T::Hash[Symbol, String],
|
|
225
|
+
file: Dependabot::DependencyFile
|
|
226
|
+
).returns(T::Hash[Symbol, Object])
|
|
227
|
+
end
|
|
228
|
+
def additional_dependency_requirement(parsed, dep_string, source_details, file)
|
|
229
|
+
{
|
|
230
|
+
requirement: parsed[:requirement],
|
|
231
|
+
groups: ["additional_dependencies"],
|
|
232
|
+
file: file.name,
|
|
233
|
+
source: {
|
|
234
|
+
type: "additional_dependency",
|
|
235
|
+
language: source_details.fetch(:language),
|
|
236
|
+
package_name: parsed[:normalised_name],
|
|
237
|
+
original_name: parsed[:name],
|
|
238
|
+
hook_id: source_details.fetch(:hook_id),
|
|
239
|
+
hook_repo: source_details.fetch(:repo_url),
|
|
240
|
+
extras: parsed[:extras],
|
|
241
|
+
original_string: dep_string
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
end
|
|
245
|
+
|
|
246
|
+
sig do
|
|
247
|
+
params(
|
|
248
|
+
hook: T::Hash[String, Object],
|
|
211
249
|
repo_url: String,
|
|
212
250
|
revision: T.nilable(String),
|
|
213
251
|
hook_id: String
|
|
@@ -216,7 +254,7 @@ module Dependabot
|
|
|
216
254
|
def resolve_hook_language(hook, repo_url, revision, hook_id)
|
|
217
255
|
# Use local language if explicitly specified
|
|
218
256
|
local_language = hook["language"]
|
|
219
|
-
return local_language if local_language
|
|
257
|
+
return local_language if local_language.is_a?(String)
|
|
220
258
|
|
|
221
259
|
# Otherwise fetch from the hook source repository
|
|
222
260
|
return nil unless revision
|
|
@@ -60,7 +60,7 @@ module Dependabot
|
|
|
60
60
|
|
|
61
61
|
sig do
|
|
62
62
|
params(file: Dependabot::DependencyFile)
|
|
63
|
-
.returns(T::Array[[T::Hash[Symbol,
|
|
63
|
+
.returns(T::Array[[T::Hash[Symbol, Object], T::Hash[Symbol, Object]]])
|
|
64
64
|
end
|
|
65
65
|
def requirement_pairs_for_file(file)
|
|
66
66
|
pairs = dependency.requirements.zip(T.must(dependency.previous_requirements))
|
|
@@ -70,8 +70,8 @@ module Dependabot
|
|
|
70
70
|
file_name = T.cast(new_req[:file], T.nilable(String))
|
|
71
71
|
next true if file_name != file.name
|
|
72
72
|
|
|
73
|
-
new_source = T.cast(new_req[:source], T.nilable(T::Hash[Symbol,
|
|
74
|
-
old_source = T.cast(old_req[:source], T.nilable(T::Hash[Symbol,
|
|
73
|
+
new_source = T.cast(new_req[:source], T.nilable(T::Hash[Symbol, Object]))
|
|
74
|
+
old_source = T.cast(old_req[:source], T.nilable(T::Hash[Symbol, Object]))
|
|
75
75
|
new_source == old_source
|
|
76
76
|
end
|
|
77
77
|
|
|
@@ -81,12 +81,12 @@ module Dependabot
|
|
|
81
81
|
sig do
|
|
82
82
|
params(
|
|
83
83
|
content: String,
|
|
84
|
-
new_req: T::Hash[Symbol,
|
|
85
|
-
old_req: T::Hash[Symbol,
|
|
84
|
+
new_req: T::Hash[Symbol, Object],
|
|
85
|
+
old_req: T::Hash[Symbol, Object]
|
|
86
86
|
).returns(String)
|
|
87
87
|
end
|
|
88
88
|
def apply_requirement_update(content, new_req, old_req)
|
|
89
|
-
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol,
|
|
89
|
+
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, Object])
|
|
90
90
|
source_type = T.cast(new_source.fetch(:type), String)
|
|
91
91
|
|
|
92
92
|
case source_type
|
|
@@ -102,18 +102,18 @@ module Dependabot
|
|
|
102
102
|
sig do
|
|
103
103
|
params(
|
|
104
104
|
content: String,
|
|
105
|
-
new_req: T::Hash[Symbol,
|
|
106
|
-
old_req: T::Hash[Symbol,
|
|
105
|
+
new_req: T::Hash[Symbol, Object],
|
|
106
|
+
old_req: T::Hash[Symbol, Object]
|
|
107
107
|
).returns(String)
|
|
108
108
|
end
|
|
109
109
|
def apply_git_requirement_update(content, new_req, old_req)
|
|
110
|
-
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol,
|
|
111
|
-
old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol,
|
|
110
|
+
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, Object])
|
|
111
|
+
old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol, Object])
|
|
112
112
|
repo_url = T.cast(old_source.fetch(:url), String)
|
|
113
113
|
old_ref = T.cast(old_source.fetch(:ref), String)
|
|
114
114
|
new_ref = T.cast(new_source.fetch(:ref), String)
|
|
115
115
|
|
|
116
|
-
new_metadata = T.cast(new_req.fetch(:metadata, {}), T::Hash[Symbol,
|
|
116
|
+
new_metadata = T.cast(new_req.fetch(:metadata, {}), T::Hash[Symbol, Object])
|
|
117
117
|
old_version = T.cast(new_metadata[:comment_version], T.nilable(String))
|
|
118
118
|
new_version = T.cast(new_metadata[:new_comment_version], T.nilable(String))
|
|
119
119
|
|
|
@@ -130,13 +130,13 @@ module Dependabot
|
|
|
130
130
|
sig do
|
|
131
131
|
params(
|
|
132
132
|
content: String,
|
|
133
|
-
new_req: T::Hash[Symbol,
|
|
134
|
-
old_req: T::Hash[Symbol,
|
|
133
|
+
new_req: T::Hash[Symbol, Object],
|
|
134
|
+
old_req: T::Hash[Symbol, Object]
|
|
135
135
|
).returns(String)
|
|
136
136
|
end
|
|
137
137
|
def apply_additional_dependency_update(content, new_req, old_req)
|
|
138
|
-
old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol,
|
|
139
|
-
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol,
|
|
138
|
+
old_source = T.cast(old_req.fetch(:source), T::Hash[Symbol, Object])
|
|
139
|
+
new_source = T.cast(new_req.fetch(:source), T::Hash[Symbol, Object])
|
|
140
140
|
|
|
141
141
|
old_string = T.cast(old_source.fetch(:original_string), String)
|
|
142
142
|
new_string = T.cast(new_source.fetch(:original_string), String)
|
|
@@ -20,7 +20,7 @@ module Dependabot
|
|
|
20
20
|
ignored_versions: T::Array[String],
|
|
21
21
|
raise_on_ignored: T::Boolean,
|
|
22
22
|
consider_version_branches_pinned: T::Boolean,
|
|
23
|
-
dependency_source_details: T.nilable(T::Hash[Symbol,
|
|
23
|
+
dependency_source_details: T.nilable(T::Hash[Symbol, Object])
|
|
24
24
|
)
|
|
25
25
|
.void
|
|
26
26
|
end
|
|
@@ -60,11 +60,11 @@ module Dependabot
|
|
|
60
60
|
)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
-
sig { params(source: T.nilable(T::Hash[Symbol,
|
|
63
|
+
sig { params(source: T.nilable(T::Hash[Symbol, Object])).returns(Dependabot::GitCommitChecker) }
|
|
64
64
|
def git_commit_checker_for(source)
|
|
65
65
|
@git_commit_checkers ||= T.let(
|
|
66
66
|
{},
|
|
67
|
-
T.nilable(T::Hash[T.nilable(T::Hash[Symbol,
|
|
67
|
+
T.nilable(T::Hash[T.nilable(T::Hash[Symbol, Object]), Dependabot::GitCommitChecker])
|
|
68
68
|
)
|
|
69
69
|
|
|
70
70
|
@git_commit_checkers[source] ||= Dependabot::GitCommitChecker.new(
|
|
@@ -62,7 +62,9 @@ module Dependabot
|
|
|
62
62
|
def version_tag_release
|
|
63
63
|
return unless git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
|
|
64
64
|
|
|
65
|
-
latest_version = latest_version_tag&.fetch(:version)
|
|
65
|
+
latest_version = pre_commit_version(latest_version_tag&.fetch(:version))
|
|
66
|
+
return unless latest_version
|
|
67
|
+
|
|
66
68
|
return current_version if shortened_semver_eq?(dependency.version, latest_version.to_s)
|
|
67
69
|
|
|
68
70
|
latest_version
|
|
@@ -74,7 +76,7 @@ module Dependabot
|
|
|
74
76
|
|
|
75
77
|
if latest_version_tag
|
|
76
78
|
if git_commit_checker.local_tag_for_pinned_sha || version_comment?
|
|
77
|
-
return T.must(latest_version_tag).fetch(:version)
|
|
79
|
+
return pre_commit_version(T.must(latest_version_tag).fetch(:version))
|
|
78
80
|
end
|
|
79
81
|
|
|
80
82
|
return latest_commit_for_pinned_ref
|
|
@@ -83,7 +85,7 @@ module Dependabot
|
|
|
83
85
|
latest_commit_for_pinned_ref
|
|
84
86
|
end
|
|
85
87
|
|
|
86
|
-
sig { returns(T.nilable(T::Hash[Symbol,
|
|
88
|
+
sig { returns(T.nilable(T::Hash[Symbol, Object])) }
|
|
87
89
|
def latest_version_tag
|
|
88
90
|
@latest_version_tag ||= T.let(
|
|
89
91
|
begin
|
|
@@ -96,13 +98,20 @@ module Dependabot
|
|
|
96
98
|
|
|
97
99
|
git_commit_checker.local_ref_for_latest_version_lower_precision
|
|
98
100
|
end,
|
|
99
|
-
T.nilable(T::Hash[Symbol,
|
|
101
|
+
T.nilable(T::Hash[Symbol, Object])
|
|
100
102
|
)
|
|
101
103
|
end
|
|
102
104
|
|
|
103
105
|
private
|
|
104
106
|
|
|
105
|
-
sig { returns(T.nilable(
|
|
107
|
+
sig { params(version: Object).returns(T.nilable(Dependabot::Version)) }
|
|
108
|
+
def pre_commit_version(version)
|
|
109
|
+
return unless version.is_a?(String) || version.is_a?(Gem::Version)
|
|
110
|
+
|
|
111
|
+
Dependabot::PreCommit::Version.new(version.to_s)
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
sig { returns(T.nilable(T::Hash[Symbol, Object])) }
|
|
106
115
|
def constrained_latest_version_tag
|
|
107
116
|
frozen_ref = frozen_comment_ref
|
|
108
117
|
return nil unless frozen_ref
|
|
@@ -199,7 +208,7 @@ module Dependabot
|
|
|
199
208
|
if head_commit_for_ref_sha
|
|
200
209
|
head_commit_for_ref_sha
|
|
201
210
|
else
|
|
202
|
-
url = git_commit_checker.dependency_source_details&.
|
|
211
|
+
url = git_commit_checker.dependency_source_details&.url
|
|
203
212
|
source = T.must(Source.from_url(url))
|
|
204
213
|
|
|
205
214
|
SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
|
|
@@ -208,7 +217,7 @@ module Dependabot
|
|
|
208
217
|
SharedHelpers.run_shell_command("git clone --no-recurse-submodules #{url} #{repo_contents_path}")
|
|
209
218
|
|
|
210
219
|
Dir.chdir(repo_contents_path) do
|
|
211
|
-
ref_branch = find_container_branch(git_commit_checker.dependency_source_details&.
|
|
220
|
+
ref_branch = find_container_branch(T.must(git_commit_checker.dependency_source_details&.ref))
|
|
212
221
|
git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
|
|
213
222
|
end
|
|
214
223
|
end
|
|
@@ -238,12 +247,15 @@ module Dependabot
|
|
|
238
247
|
end
|
|
239
248
|
|
|
240
249
|
sig do
|
|
241
|
-
params(tags_array: T::Array[T::Hash[Symbol,
|
|
250
|
+
params(tags_array: T::Array[T::Hash[Symbol, Object]]).returns(T::Array[T::Hash[Symbol, Object]])
|
|
242
251
|
end
|
|
243
252
|
def filter_lower_tags(tags_array)
|
|
244
253
|
return tags_array unless current_version
|
|
245
254
|
|
|
246
|
-
tags_array.select
|
|
255
|
+
tags_array.select do |tag|
|
|
256
|
+
version = tag.fetch(:version)
|
|
257
|
+
version.is_a?(Gem::Version) && version > current_version
|
|
258
|
+
end
|
|
247
259
|
end
|
|
248
260
|
|
|
249
261
|
sig { returns(T::Boolean) }
|
|
@@ -30,7 +30,7 @@ module Dependabot
|
|
|
30
30
|
credentials: T::Array[Dependabot::Credential],
|
|
31
31
|
ignored_versions: T::Array[String],
|
|
32
32
|
raise_on_ignored: T::Boolean,
|
|
33
|
-
options: T::Hash[Symbol,
|
|
33
|
+
options: T::Hash[Symbol, Object],
|
|
34
34
|
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
|
|
35
35
|
).void
|
|
36
36
|
end
|
|
@@ -50,7 +50,7 @@ module Dependabot
|
|
|
50
50
|
@raise_on_ignored = raise_on_ignored
|
|
51
51
|
@options = options
|
|
52
52
|
@cooldown_options = cooldown_options
|
|
53
|
-
@cooldown_selected_tag = T.let(nil, T.nilable(T::Hash[Symbol,
|
|
53
|
+
@cooldown_selected_tag = T.let(nil, T.nilable(T::Hash[Symbol, Object]))
|
|
54
54
|
@cooldown_rejected_all = T.let(false, T::Boolean)
|
|
55
55
|
|
|
56
56
|
@git_helper = T.let(git_helper, Dependabot::PreCommit::Helpers::Githelper)
|
|
@@ -94,7 +94,7 @@ module Dependabot
|
|
|
94
94
|
filter_release_with_cooldown(release)
|
|
95
95
|
end
|
|
96
96
|
|
|
97
|
-
sig { returns(T.nilable(T::Hash[Symbol,
|
|
97
|
+
sig { returns(T.nilable(T::Hash[Symbol, Object])) }
|
|
98
98
|
def latest_version_tag
|
|
99
99
|
return nil if @cooldown_rejected_all
|
|
100
100
|
|
|
@@ -103,7 +103,7 @@ module Dependabot
|
|
|
103
103
|
|
|
104
104
|
sig { override.returns(T.nilable(String)) }
|
|
105
105
|
def cooldown_source_url
|
|
106
|
-
@git_helper.git_commit_checker.dependency_source_details&.
|
|
106
|
+
@git_helper.git_commit_checker.dependency_source_details&.url
|
|
107
107
|
end
|
|
108
108
|
|
|
109
109
|
sig { override.returns(T::Array[Dependabot::Credential]) }
|
|
@@ -155,11 +155,11 @@ module Dependabot
|
|
|
155
155
|
)
|
|
156
156
|
end
|
|
157
157
|
|
|
158
|
-
sig { returns(T.nilable(T::Hash[Symbol,
|
|
158
|
+
sig { returns(T.nilable(T::Hash[Symbol, Object])) }
|
|
159
159
|
def available_latest_version_tag
|
|
160
160
|
@latest_version_tag = T.let(
|
|
161
161
|
T.must(package_details_fetcher).latest_version_tag,
|
|
162
|
-
T.nilable(T::Hash[Symbol,
|
|
162
|
+
T.nilable(T::Hash[Symbol, Object])
|
|
163
163
|
)
|
|
164
164
|
end
|
|
165
165
|
|
|
@@ -193,7 +193,7 @@ module Dependabot
|
|
|
193
193
|
# - current_version when ALL candidates have releases and all are in cooldown
|
|
194
194
|
# - nil when no releases exist or some candidates lack releases (triggers git fallback)
|
|
195
195
|
sig do
|
|
196
|
-
params(candidates: T::Array[T::Hash[Symbol,
|
|
196
|
+
params(candidates: T::Array[T::Hash[Symbol, Object]])
|
|
197
197
|
.returns(T.nilable(Dependabot::Version))
|
|
198
198
|
end
|
|
199
199
|
def check_candidates_via_github_releases(candidates)
|
|
@@ -204,7 +204,7 @@ module Dependabot
|
|
|
204
204
|
all_have_releases = T.let(true, T::Boolean)
|
|
205
205
|
|
|
206
206
|
candidates.each do |tag|
|
|
207
|
-
tag_name = normalize_tag_name(tag[:tag] || "v#{tag[:version]}")
|
|
207
|
+
tag_name = normalize_tag_name((tag[:tag] || "v#{tag[:version]}").to_s)
|
|
208
208
|
release = releases.find { |r| r.tag_name == tag_name }
|
|
209
209
|
|
|
210
210
|
unless release&.published_at
|
|
@@ -215,7 +215,7 @@ module Dependabot
|
|
|
215
215
|
unless release_in_cooldown_period?(release.published_at)
|
|
216
216
|
log_cooldown_result(filtered_count, tag[:version], release.published_at)
|
|
217
217
|
@cooldown_selected_tag = tag
|
|
218
|
-
return
|
|
218
|
+
return version_from_tag(tag)
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
filtered_count += 1
|
|
@@ -238,7 +238,7 @@ module Dependabot
|
|
|
238
238
|
# Checks candidate tags inside a bare clone directory, returning the first
|
|
239
239
|
# version whose tag creation date falls outside the cooldown window.
|
|
240
240
|
sig do
|
|
241
|
-
params(candidates: T::Array[T::Hash[Symbol,
|
|
241
|
+
params(candidates: T::Array[T::Hash[Symbol, Object]])
|
|
242
242
|
.returns(T.nilable(Dependabot::Version))
|
|
243
243
|
end
|
|
244
244
|
def check_candidates_via_git_clone(candidates)
|
|
@@ -260,7 +260,7 @@ module Dependabot
|
|
|
260
260
|
# Prefers GitHub Release published_at when available for a candidate,
|
|
261
261
|
# falling back to tag creation date from the cloned repo.
|
|
262
262
|
sig do
|
|
263
|
-
params(candidates: T::Array[T::Hash[Symbol,
|
|
263
|
+
params(candidates: T::Array[T::Hash[Symbol, Object]])
|
|
264
264
|
.returns(T.nilable(Dependabot::Version))
|
|
265
265
|
end
|
|
266
266
|
def check_candidates_cooldown(candidates)
|
|
@@ -268,9 +268,9 @@ module Dependabot
|
|
|
268
268
|
|
|
269
269
|
candidates.each do |tag|
|
|
270
270
|
commit_sha = tag[:commit_sha]
|
|
271
|
-
next unless commit_sha
|
|
271
|
+
next unless commit_sha.is_a?(String)
|
|
272
272
|
|
|
273
|
-
tag_name = normalize_tag_name(tag[:tag] || "v#{tag[:version]}")
|
|
273
|
+
tag_name = normalize_tag_name((tag[:tag] || "v#{tag[:version]}").to_s)
|
|
274
274
|
release_date = resolve_candidate_date(tag_name, commit_sha)
|
|
275
275
|
|
|
276
276
|
if release_in_cooldown_period?(release_date)
|
|
@@ -278,7 +278,7 @@ module Dependabot
|
|
|
278
278
|
else
|
|
279
279
|
log_cooldown_result(filtered_count, tag[:version], release_date)
|
|
280
280
|
@cooldown_selected_tag = tag
|
|
281
|
-
return
|
|
281
|
+
return version_from_tag(tag)
|
|
282
282
|
end
|
|
283
283
|
end
|
|
284
284
|
|
|
@@ -290,7 +290,7 @@ module Dependabot
|
|
|
290
290
|
end
|
|
291
291
|
|
|
292
292
|
sig do
|
|
293
|
-
params(filtered_count: Integer, version:
|
|
293
|
+
params(filtered_count: Integer, version: Object, release_date: Time).void
|
|
294
294
|
end
|
|
295
295
|
def log_cooldown_result(filtered_count, version, release_date)
|
|
296
296
|
if filtered_count.positive?
|
|
@@ -301,9 +301,17 @@ module Dependabot
|
|
|
301
301
|
Dependabot.logger.info("Selected version #{version} (released #{release_date})")
|
|
302
302
|
end
|
|
303
303
|
|
|
304
|
+
sig { params(tag: T::Hash[Symbol, Object]).returns(T.nilable(Dependabot::Version)) }
|
|
305
|
+
def version_from_tag(tag)
|
|
306
|
+
version = tag[:version]
|
|
307
|
+
return unless version.is_a?(String) || version.is_a?(Gem::Version)
|
|
308
|
+
|
|
309
|
+
Dependabot::PreCommit::Version.new(version.to_s)
|
|
310
|
+
end
|
|
311
|
+
|
|
304
312
|
# Returns all version tags > current_version, sorted descending (latest first).
|
|
305
313
|
# This ensures we evaluate from the newest candidate downward.
|
|
306
|
-
sig { returns(T::Array[T::Hash[Symbol,
|
|
314
|
+
sig { returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
307
315
|
def version_candidates_descending
|
|
308
316
|
# When pinned to a SHA, precision matching against the SHA is meaningless
|
|
309
317
|
# (a SHA has no dots, so precision=1 matches nothing useful).
|
|
@@ -315,11 +323,12 @@ module Dependabot
|
|
|
315
323
|
end
|
|
316
324
|
cur_version = current_version
|
|
317
325
|
|
|
318
|
-
all_tags
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
326
|
+
candidates = all_tags.select do |tag|
|
|
327
|
+
version = version_from_tag(tag)
|
|
328
|
+
version && (cur_version.nil? || version > cur_version)
|
|
329
|
+
end
|
|
330
|
+
|
|
331
|
+
candidates.sort_by { |tag| T.must(version_from_tag(tag)) }.reverse
|
|
323
332
|
end
|
|
324
333
|
|
|
325
334
|
sig { params(release_date: Time).returns(T::Boolean) }
|
|
@@ -50,7 +50,7 @@ module Dependabot
|
|
|
50
50
|
return wrap_requirements(additional_dependency_updated_requirements) if additional_dependency?
|
|
51
51
|
|
|
52
52
|
updated_reqs = dependency.requirements.map do |req|
|
|
53
|
-
source = T.cast(req[:source], T.nilable(T::Hash[Symbol,
|
|
53
|
+
source = T.cast(req[:source], T.nilable(T::Hash[Symbol, Object]))
|
|
54
54
|
updated = updated_ref(source)
|
|
55
55
|
next req unless updated
|
|
56
56
|
|
|
@@ -146,7 +146,7 @@ module Dependabot
|
|
|
146
146
|
if head_commit_for_ref_sha
|
|
147
147
|
head_commit_for_ref_sha
|
|
148
148
|
else
|
|
149
|
-
url =
|
|
149
|
+
url = git_commit_checker.dependency_source_details&.url
|
|
150
150
|
source = T.must(Source.from_url(T.must(url)))
|
|
151
151
|
|
|
152
152
|
SharedHelpers.in_a_temporary_directory(File.dirname(source.repo)) do |temp_dir|
|
|
@@ -155,7 +155,7 @@ module Dependabot
|
|
|
155
155
|
SharedHelpers.run_shell_command("git clone --no-recurse-submodules #{url} #{repo_contents_path}")
|
|
156
156
|
|
|
157
157
|
Dir.chdir(repo_contents_path) do
|
|
158
|
-
ref =
|
|
158
|
+
ref = git_commit_checker.dependency_source_details&.ref
|
|
159
159
|
ref_branch = find_container_branch(T.must(ref))
|
|
160
160
|
git_commit_checker.head_commit_for_local_branch(ref_branch) if ref_branch
|
|
161
161
|
end
|
|
@@ -166,7 +166,7 @@ module Dependabot
|
|
|
166
166
|
)
|
|
167
167
|
end
|
|
168
168
|
|
|
169
|
-
sig { params(source: T.nilable(T::Hash[Symbol,
|
|
169
|
+
sig { params(source: T.nilable(T::Hash[Symbol, Object])).returns(T.nilable(String)) }
|
|
170
170
|
def updated_ref(source)
|
|
171
171
|
return unless git_commit_checker.git_dependency?
|
|
172
172
|
|
|
@@ -213,12 +213,12 @@ module Dependabot
|
|
|
213
213
|
|
|
214
214
|
sig do
|
|
215
215
|
params(
|
|
216
|
-
req: T::Hash[Symbol,
|
|
216
|
+
req: T::Hash[Symbol, Object],
|
|
217
217
|
new_ref: String
|
|
218
|
-
).returns(T::Hash[Symbol,
|
|
218
|
+
).returns(T::Hash[Symbol, Object])
|
|
219
219
|
end
|
|
220
220
|
def updated_comment_version_metadata(req, new_ref)
|
|
221
|
-
existing_metadata = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol,
|
|
221
|
+
existing_metadata = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol, Object])
|
|
222
222
|
comment = T.cast(existing_metadata[:comment], T.nilable(String))
|
|
223
223
|
return existing_metadata unless comment
|
|
224
224
|
|
|
@@ -244,7 +244,7 @@ module Dependabot
|
|
|
244
244
|
comment = T.let(
|
|
245
245
|
@dependency.requirements
|
|
246
246
|
.filter_map do |req|
|
|
247
|
-
val = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol,
|
|
247
|
+
val = T.cast(req.fetch(:metadata, {}), T::Hash[Symbol, Object])[:comment]
|
|
248
248
|
T.cast(val, T.nilable(String))
|
|
249
249
|
end
|
|
250
250
|
.first,
|
|
@@ -310,7 +310,7 @@ module Dependabot
|
|
|
310
310
|
requirement = dependency.requirements.first
|
|
311
311
|
return false unless requirement
|
|
312
312
|
|
|
313
|
-
source = T.cast(requirement[:source], T.nilable(T::Hash[Symbol,
|
|
313
|
+
source = T.cast(requirement[:source], T.nilable(T::Hash[Symbol, Object]))
|
|
314
314
|
return false unless source
|
|
315
315
|
|
|
316
316
|
T.cast(source[:type], T.nilable(String)) == "additional_dependency"
|
|
@@ -318,7 +318,7 @@ module Dependabot
|
|
|
318
318
|
|
|
319
319
|
sig { returns(T.nilable(T.any(String, Gem::Version))) }
|
|
320
320
|
def additional_dependency_latest_version
|
|
321
|
-
source = T.cast(dependency.requirements.first&.dig(:source), T::Hash[Symbol,
|
|
321
|
+
source = T.cast(dependency.requirements.first&.dig(:source), T::Hash[Symbol, Object])
|
|
322
322
|
language = T.cast(source[:language], T.nilable(String))
|
|
323
323
|
return nil unless language && AdditionalDependencyCheckers.supported?(language)
|
|
324
324
|
|
|
@@ -331,9 +331,9 @@ module Dependabot
|
|
|
331
331
|
latest
|
|
332
332
|
end
|
|
333
333
|
|
|
334
|
-
sig { returns(T::Array[T::Hash[Symbol,
|
|
334
|
+
sig { returns(T::Array[T::Hash[Symbol, Object]]) }
|
|
335
335
|
def additional_dependency_updated_requirements
|
|
336
|
-
source = T.cast(dependency.requirements.first&.dig(:source), T::Hash[Symbol,
|
|
336
|
+
source = T.cast(dependency.requirements.first&.dig(:source), T::Hash[Symbol, Object])
|
|
337
337
|
language = T.cast(source[:language], T.nilable(String))
|
|
338
338
|
return dependency.requirements unless language && AdditionalDependencyCheckers.supported?(language)
|
|
339
339
|
|
|
@@ -349,7 +349,7 @@ module Dependabot
|
|
|
349
349
|
sig do
|
|
350
350
|
params(
|
|
351
351
|
language: String,
|
|
352
|
-
source: T::Hash[Symbol,
|
|
352
|
+
source: T::Hash[Symbol, Object]
|
|
353
353
|
).returns(T.nilable(Dependabot::PreCommit::AdditionalDependencyCheckers::Base))
|
|
354
354
|
end
|
|
355
355
|
def additional_dependency_checker(language, source)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-pre_commit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.387.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,84 +15,84 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.387.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.387.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-cargo
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.387.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.387.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: dependabot-common
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
44
|
- - '='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 0.
|
|
46
|
+
version: 0.387.0
|
|
47
47
|
type: :runtime
|
|
48
48
|
prerelease: false
|
|
49
49
|
version_requirements: !ruby/object:Gem::Requirement
|
|
50
50
|
requirements:
|
|
51
51
|
- - '='
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: 0.
|
|
53
|
+
version: 0.387.0
|
|
54
54
|
- !ruby/object:Gem::Dependency
|
|
55
55
|
name: dependabot-go_modules
|
|
56
56
|
requirement: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
58
|
- - '='
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.
|
|
60
|
+
version: 0.387.0
|
|
61
61
|
type: :runtime
|
|
62
62
|
prerelease: false
|
|
63
63
|
version_requirements: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
65
|
- - '='
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: 0.
|
|
67
|
+
version: 0.387.0
|
|
68
68
|
- !ruby/object:Gem::Dependency
|
|
69
69
|
name: dependabot-npm_and_yarn
|
|
70
70
|
requirement: !ruby/object:Gem::Requirement
|
|
71
71
|
requirements:
|
|
72
72
|
- - '='
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: 0.
|
|
74
|
+
version: 0.387.0
|
|
75
75
|
type: :runtime
|
|
76
76
|
prerelease: false
|
|
77
77
|
version_requirements: !ruby/object:Gem::Requirement
|
|
78
78
|
requirements:
|
|
79
79
|
- - '='
|
|
80
80
|
- !ruby/object:Gem::Version
|
|
81
|
-
version: 0.
|
|
81
|
+
version: 0.387.0
|
|
82
82
|
- !ruby/object:Gem::Dependency
|
|
83
83
|
name: dependabot-python
|
|
84
84
|
requirement: !ruby/object:Gem::Requirement
|
|
85
85
|
requirements:
|
|
86
86
|
- - '='
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
|
-
version: 0.
|
|
88
|
+
version: 0.387.0
|
|
89
89
|
type: :runtime
|
|
90
90
|
prerelease: false
|
|
91
91
|
version_requirements: !ruby/object:Gem::Requirement
|
|
92
92
|
requirements:
|
|
93
93
|
- - '='
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 0.
|
|
95
|
+
version: 0.387.0
|
|
96
96
|
- !ruby/object:Gem::Dependency
|
|
97
97
|
name: debug
|
|
98
98
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -338,7 +338,7 @@ licenses:
|
|
|
338
338
|
- MIT
|
|
339
339
|
metadata:
|
|
340
340
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
341
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
341
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.387.0
|
|
342
342
|
rdoc_options: []
|
|
343
343
|
require_paths:
|
|
344
344
|
- lib
|