dependabot-pub 0.176.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/dependabot/pub/file_fetcher.rb +46 -0
- data/lib/dependabot/pub/file_parser.rb +36 -0
- data/lib/dependabot/pub/file_updater.rb +32 -0
- data/lib/dependabot/pub/helpers.rb +135 -0
- data/lib/dependabot/pub/metadata_finder.rb +35 -0
- data/lib/dependabot/pub/requirement.rb +122 -0
- data/lib/dependabot/pub/update_checker.rb +85 -0
- data/lib/dependabot/pub/version.rb +48 -0
- data/lib/dependabot/pub.rb +21 -0
- metadata +220 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 55f5860d255487229cc4277f0efc5cdc7811ca4e541ec722a9d657d4212b7f3e
|
|
4
|
+
data.tar.gz: a263996e7b0081a8557a20ee97f20fc09635a88733c80c4250ba89611e81bf26
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 3befba7ade7037906a01793ada0cb3736e101c689bb877486d151b8fcac1b6d5c041227b0a1360c9f823026ebcd0e86625d76fd309f15acc616b78cb4dc35b20
|
|
7
|
+
data.tar.gz: 65555682c69b9360e6aa9a3ea82bda54047ebd245545289299aa59348f25796df749e235c6f18f114584139e1f7b2004771a8a3f564a49caaa3b5d9f1842eae3
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/file_fetchers"
|
|
4
|
+
require "dependabot/file_fetchers/base"
|
|
5
|
+
|
|
6
|
+
# For details on pub packages, see:
|
|
7
|
+
# https://dart.dev/tools/pub/package-layout#the-pubspec
|
|
8
|
+
module Dependabot
|
|
9
|
+
module Pub
|
|
10
|
+
class FileFetcher < Dependabot::FileFetchers::Base
|
|
11
|
+
def self.required_files_in?(filenames)
|
|
12
|
+
filenames.include?("pubspec.yaml")
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def self.required_files_message
|
|
16
|
+
"Repo must contain a pubspec.yaml."
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
def fetch_files
|
|
22
|
+
fetched_files = []
|
|
23
|
+
fetched_files << pubspec_yaml
|
|
24
|
+
fetched_files << pubspec_lock if pubspec_lock
|
|
25
|
+
# Fetch any additional pubspec.yamls in the same git repo for resolving
|
|
26
|
+
# local path-dependencies.
|
|
27
|
+
extra_pubspecs = Dir.glob("**/pubspec.yaml", base: clone_repo_contents)
|
|
28
|
+
fetched_files += extra_pubspecs.map do |pubspec|
|
|
29
|
+
relative_name = Pathname.new("/#{pubspec}").relative_path_from(directory)
|
|
30
|
+
fetch_file_from_host(relative_name)
|
|
31
|
+
end
|
|
32
|
+
fetched_files.uniq
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def pubspec_yaml
|
|
36
|
+
@pubspec_yaml ||= fetch_file_from_host("pubspec.yaml")
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def pubspec_lock
|
|
40
|
+
@pubspec_lock ||= fetch_file_if_present("pubspec.lock")
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
Dependabot::FileFetchers.register("pub", Dependabot::Pub::FileFetcher)
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/file_parsers"
|
|
4
|
+
require "dependabot/file_parsers/base"
|
|
5
|
+
require "dependabot/dependency"
|
|
6
|
+
require "dependabot/pub/version"
|
|
7
|
+
require "dependabot/pub/helpers"
|
|
8
|
+
|
|
9
|
+
module Dependabot
|
|
10
|
+
module Pub
|
|
11
|
+
class FileParser < Dependabot::FileParsers::Base
|
|
12
|
+
require "dependabot/file_parsers/base/dependency_set"
|
|
13
|
+
include Dependabot::Pub::Helpers
|
|
14
|
+
|
|
15
|
+
def parse
|
|
16
|
+
dependency_set = DependencySet.new
|
|
17
|
+
list.map do |d|
|
|
18
|
+
dependency_set << to_dependency(d)
|
|
19
|
+
end
|
|
20
|
+
dependency_set.dependencies.sort_by(&:name)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def check_required_files
|
|
26
|
+
raise "No pubspec.yaml!" unless get_original_file("pubspec.yaml")
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def list
|
|
30
|
+
@list ||= dependency_services_list
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
Dependabot::FileParsers.register("pub", Dependabot::Pub::FileParser)
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/file_updaters"
|
|
4
|
+
require "dependabot/file_updaters/base"
|
|
5
|
+
require "dependabot/pub/helpers"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
module Pub
|
|
9
|
+
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
10
|
+
include Dependabot::Pub::Helpers
|
|
11
|
+
|
|
12
|
+
def self.updated_files_regex
|
|
13
|
+
[
|
|
14
|
+
/^pubspec\.yaml$/,
|
|
15
|
+
/^pubspec\.lock$/
|
|
16
|
+
]
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def updated_dependency_files
|
|
20
|
+
dependency_services_apply(@dependencies)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def check_required_files
|
|
26
|
+
raise "No pubspec.yaml!" unless get_original_file("pubspec.yaml")
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
Dependabot::FileUpdaters.register("pub", Dependabot::Pub::FileUpdater)
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "json"
|
|
4
|
+
require "open3"
|
|
5
|
+
require "digest"
|
|
6
|
+
|
|
7
|
+
require "dependabot/errors"
|
|
8
|
+
require "dependabot/shared_helpers"
|
|
9
|
+
require "dependabot/pub/requirement"
|
|
10
|
+
|
|
11
|
+
module Dependabot
|
|
12
|
+
module Pub
|
|
13
|
+
module Helpers
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def dependency_services_list
|
|
17
|
+
JSON.parse(run_dependency_services("list"))["dependencies"]
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def dependency_services_report
|
|
21
|
+
sha256 = Digest::SHA256.new
|
|
22
|
+
dependency_files.each do |f|
|
|
23
|
+
sha256 << f.path + "\n" + f.content + "\n"
|
|
24
|
+
end
|
|
25
|
+
hash = sha256.hexdigest
|
|
26
|
+
|
|
27
|
+
cache_file = "/tmp/report-#{hash}-pid-#{Process.pid}.json"
|
|
28
|
+
return JSON.parse(File.read(cache_file)) if File.file?(cache_file)
|
|
29
|
+
|
|
30
|
+
report = JSON.parse(run_dependency_services("report"))["dependencies"]
|
|
31
|
+
File.write(cache_file, JSON.generate(report))
|
|
32
|
+
report
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def dependency_services_apply(dependency_changes)
|
|
36
|
+
run_dependency_services("apply", stdin_data: dependencies_to_json(dependency_changes)) do
|
|
37
|
+
dependency_files.map do |f|
|
|
38
|
+
updated_file = f.dup
|
|
39
|
+
updated_file.content = File.read(f.name)
|
|
40
|
+
updated_file
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def run_dependency_services(command, stdin_data: nil)
|
|
46
|
+
SharedHelpers.in_a_temporary_directory do
|
|
47
|
+
dependency_files.each do |f|
|
|
48
|
+
in_path_name = File.join(Dir.pwd, f.directory, f.name)
|
|
49
|
+
FileUtils.mkdir_p File.dirname(in_path_name)
|
|
50
|
+
File.write(in_path_name, f.content)
|
|
51
|
+
end
|
|
52
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
53
|
+
env = {
|
|
54
|
+
"CI" => "true",
|
|
55
|
+
"PUB_ENVIRONMENT" => "dependabot",
|
|
56
|
+
"FLUTTER_ROOT" => "/opt/dart/flutter",
|
|
57
|
+
"PUB_HOSTED_URL" => options[:pub_hosted_url]
|
|
58
|
+
}
|
|
59
|
+
Dir.chdir File.join(Dir.pwd, dependency_files.first.directory) do
|
|
60
|
+
stdout, stderr, status = Open3.capture3(
|
|
61
|
+
env.compact,
|
|
62
|
+
"dart",
|
|
63
|
+
"--no-analytics",
|
|
64
|
+
"pub",
|
|
65
|
+
"global",
|
|
66
|
+
"run",
|
|
67
|
+
"pub:dependency_services",
|
|
68
|
+
command,
|
|
69
|
+
stdin_data: stdin_data
|
|
70
|
+
)
|
|
71
|
+
raise Dependabot::DependabotError, "dart pub failed: #{stderr}" unless status.success?
|
|
72
|
+
return stdout unless block_given?
|
|
73
|
+
|
|
74
|
+
yield
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def to_dependency(json)
|
|
81
|
+
params = {
|
|
82
|
+
name: json["name"],
|
|
83
|
+
version: json["version"],
|
|
84
|
+
package_manager: "pub",
|
|
85
|
+
requirements: []
|
|
86
|
+
}
|
|
87
|
+
if json["kind"] != "transitive" && !json["constraint"].nil?
|
|
88
|
+
constraint = json["constraint"]
|
|
89
|
+
params[:requirements] << {
|
|
90
|
+
requirement: constraint,
|
|
91
|
+
groups: [json["kind"]],
|
|
92
|
+
source: nil, # TODO: Expose some information about the source
|
|
93
|
+
file: "pubspec.yaml"
|
|
94
|
+
}
|
|
95
|
+
end
|
|
96
|
+
if json["previousVersion"]
|
|
97
|
+
params = {
|
|
98
|
+
**params,
|
|
99
|
+
previous_version: json["previousVersion"],
|
|
100
|
+
previous_requirements: []
|
|
101
|
+
}
|
|
102
|
+
if json["kind"] != "transitive" && !json["previousConstraint"].nil?
|
|
103
|
+
constraint = json["previousConstraint"]
|
|
104
|
+
params[:previous_requirements] << {
|
|
105
|
+
requirement: constraint,
|
|
106
|
+
groups: [json["kind"]],
|
|
107
|
+
source: nil, # TODO: Expose some information about the source
|
|
108
|
+
file: "pubspec.yaml"
|
|
109
|
+
}
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
Dependency.new(**params)
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def dependencies_to_json(dependencies)
|
|
116
|
+
if dependencies.nil?
|
|
117
|
+
nil
|
|
118
|
+
else
|
|
119
|
+
deps = dependencies.map do |d|
|
|
120
|
+
obj = {
|
|
121
|
+
"name" => d.name,
|
|
122
|
+
"version" => d.version
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
obj["constraint"] = d.requirements[0][:requirement].to_s unless d.requirements.nil? || d.requirements.empty?
|
|
126
|
+
obj
|
|
127
|
+
end
|
|
128
|
+
JSON.generate({
|
|
129
|
+
"dependencyChanges" => deps
|
|
130
|
+
})
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "excon"
|
|
4
|
+
require "dependabot/metadata_finders"
|
|
5
|
+
require "dependabot/metadata_finders/base"
|
|
6
|
+
require "dependabot/shared_helpers"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module Pub
|
|
10
|
+
class MetadataFinder < Dependabot::MetadataFinders::Base
|
|
11
|
+
private
|
|
12
|
+
|
|
13
|
+
def look_up_source
|
|
14
|
+
repo = pub_listing.dig("latest", "pubspec", "repository")
|
|
15
|
+
return nil unless repo
|
|
16
|
+
|
|
17
|
+
Source.from_url(repo)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def pub_listing
|
|
21
|
+
return @pub_listing unless @pub_listing.nil?
|
|
22
|
+
|
|
23
|
+
response = Excon.get(
|
|
24
|
+
"https://pub.dev/api/packages/#{dependency.name}",
|
|
25
|
+
idempotent: true,
|
|
26
|
+
**SharedHelpers.excon_defaults
|
|
27
|
+
)
|
|
28
|
+
|
|
29
|
+
@pub_listing = JSON.parse(response.body)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
Dependabot::MetadataFinders.register("pub", Dependabot::Pub::MetadataFinder)
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# For details on pub version constraints see:
|
|
4
|
+
# https://github.com/dart-lang/pub_semver
|
|
5
|
+
|
|
6
|
+
###################################################################
|
|
7
|
+
|
|
8
|
+
require "dependabot/utils"
|
|
9
|
+
require "dependabot/pub/version"
|
|
10
|
+
|
|
11
|
+
module Dependabot
|
|
12
|
+
module Pub
|
|
13
|
+
class Requirement < Gem::Requirement
|
|
14
|
+
quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
|
|
15
|
+
version_pattern = Pub::Version::VERSION_PATTERN
|
|
16
|
+
|
|
17
|
+
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
|
|
18
|
+
PATTERN = /\A#{PATTERN_RAW}\z/.freeze
|
|
19
|
+
|
|
20
|
+
# Use Pub::Version rather than Gem::Version to ensure that
|
|
21
|
+
# pre-release versions aren't transformed.
|
|
22
|
+
def self.parse(obj)
|
|
23
|
+
return ["=", Pub::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
24
|
+
|
|
25
|
+
unless (matches = PATTERN.match(obj.to_s))
|
|
26
|
+
msg = "Illformed requirement [#{obj.inspect}]"
|
|
27
|
+
raise BadRequirementError, msg
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
|
|
31
|
+
|
|
32
|
+
[matches[1] || "=", Pub::Version.new(matches[2])]
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# For consistency with other langauges, we define a requirements array.
|
|
36
|
+
# Dart doesn't have an `OR` separator for requirements, so it always
|
|
37
|
+
# contains a single element.
|
|
38
|
+
def self.requirements_array(requirement_string)
|
|
39
|
+
[new(requirement_string)]
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def initialize(*requirements, raw_constraint: nil)
|
|
43
|
+
requirements = requirements.flatten.flat_map do |req_string|
|
|
44
|
+
req_string.split(",").map(&:strip).map do |r|
|
|
45
|
+
convert_dart_constraint_to_ruby_constraint(r.strip)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
super(requirements)
|
|
49
|
+
|
|
50
|
+
@raw_constraint = raw_constraint
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def to_s
|
|
54
|
+
if @raw_constraint.nil?
|
|
55
|
+
as_list.join ", "
|
|
56
|
+
else
|
|
57
|
+
@raw_constraint
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
private
|
|
62
|
+
|
|
63
|
+
def convert_dart_constraint_to_ruby_constraint(req_string)
|
|
64
|
+
if req_string.empty? || req_string == "any" then ">= 0"
|
|
65
|
+
elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
|
|
66
|
+
elsif req_string.match?(/^\^/) then convert_caret_req(req_string)
|
|
67
|
+
elsif req_string.match?(/[<=>]/) then convert_range_req(req_string)
|
|
68
|
+
else
|
|
69
|
+
ruby_range(req_string)
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def convert_tilde_req(req_string)
|
|
74
|
+
version = req_string.gsub(/^~/, "")
|
|
75
|
+
parts = version.split(".")
|
|
76
|
+
"~> #{parts.join('.')}"
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def convert_range_req(req_string)
|
|
80
|
+
req_string.scan(
|
|
81
|
+
/((?:>|<|=|<=|>=)\s*#{Pub::Version::VERSION_PATTERN})\s*/
|
|
82
|
+
).map { |x| x[0].strip }
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def ruby_range(req_string)
|
|
86
|
+
parts = req_string.split(".")
|
|
87
|
+
|
|
88
|
+
# If we have three or more parts then this is an exact match
|
|
89
|
+
return req_string if parts.count >= 3
|
|
90
|
+
|
|
91
|
+
# If we have no parts then the version is completely unlocked
|
|
92
|
+
return ">= 0" if parts.count.zero?
|
|
93
|
+
|
|
94
|
+
# If we have fewer than three parts we do a partial match
|
|
95
|
+
parts << "0"
|
|
96
|
+
"~> #{parts.join('.')}"
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
def convert_caret_req(req_string)
|
|
100
|
+
# Copied from Cargo::Requirement which allows less than 3 components
|
|
101
|
+
# so we could be more strict in the parsing here.
|
|
102
|
+
version = req_string.gsub(/^\^/, "")
|
|
103
|
+
parts = version.split(".")
|
|
104
|
+
first_non_zero = parts.find { |d| d != "0" }
|
|
105
|
+
first_non_zero_index =
|
|
106
|
+
first_non_zero ? parts.index(first_non_zero) : parts.count - 1
|
|
107
|
+
upper_bound = parts.map.with_index do |part, i|
|
|
108
|
+
if i < first_non_zero_index then part
|
|
109
|
+
elsif i == first_non_zero_index then (part.to_i + 1).to_s
|
|
110
|
+
else
|
|
111
|
+
0
|
|
112
|
+
end
|
|
113
|
+
end.join(".")
|
|
114
|
+
|
|
115
|
+
[">= #{version}", "< #{upper_bound}"]
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
Dependabot::Utils.
|
|
122
|
+
register_requirement_class("pub", Dependabot::Pub::Requirement)
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/update_checkers"
|
|
4
|
+
require "dependabot/update_checkers/base"
|
|
5
|
+
require "dependabot/pub/helpers"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
module Pub
|
|
9
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
10
|
+
include Dependabot::Pub::Helpers
|
|
11
|
+
|
|
12
|
+
def latest_version
|
|
13
|
+
Dependabot::Pub::Version.new(current_report["latest"])
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def latest_resolvable_version_with_no_unlock
|
|
17
|
+
# Version we can get if we're not allowed to change pubspec.yaml, but we
|
|
18
|
+
# allow changes in the pubspec.lock file.
|
|
19
|
+
entry = current_report["compatible"].find { |d| d["name"] == dependency.name }
|
|
20
|
+
return nil unless entry
|
|
21
|
+
|
|
22
|
+
new_version = Dependabot::Pub::Version.new(entry["version"])
|
|
23
|
+
# We ignore this solution, if any of the requirements in
|
|
24
|
+
# ignored_versions satisfy the version we're proposing as an upgrade
|
|
25
|
+
# target.
|
|
26
|
+
return nil if ignore_requirements.any? { |r| r.satisfied_by?(new_version) }
|
|
27
|
+
|
|
28
|
+
new_version
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def latest_resolvable_version
|
|
32
|
+
# Latest version we can get if we're allowed to unlock the current
|
|
33
|
+
# package in pubspec.yaml
|
|
34
|
+
entry = current_report["singleBreaking"].find { |d| d["name"] == dependency.name }
|
|
35
|
+
return nil unless entry
|
|
36
|
+
|
|
37
|
+
new_version = Dependabot::Pub::Version.new(entry["version"])
|
|
38
|
+
# We ignore this solution, if any of the requirements in
|
|
39
|
+
# ignored_versions satisfy the version we're proposing as an upgrade
|
|
40
|
+
# target.
|
|
41
|
+
return nil if ignore_requirements.any? { |r| r.satisfied_by?(new_version) }
|
|
42
|
+
|
|
43
|
+
new_version
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def updated_requirements
|
|
47
|
+
# Requirements that need to be changed, if obtain:
|
|
48
|
+
# latest_resolvable_version
|
|
49
|
+
entry = current_report["singleBreaking"].find { |d| d["name"] == dependency.name }
|
|
50
|
+
return unless entry
|
|
51
|
+
|
|
52
|
+
to_dependency(entry).requirements
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
private
|
|
56
|
+
|
|
57
|
+
def latest_version_resolvable_with_full_unlock?
|
|
58
|
+
entry = current_report["multiBreaking"].find { |d| d["name"] == dependency.name }
|
|
59
|
+
# This a bit dumb, but full-unlock is only considered if we can get the
|
|
60
|
+
# latest version!
|
|
61
|
+
entry && latest_version == Dependabot::Pub::Version.new(entry["version"])
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def updated_dependencies_after_full_unlock
|
|
65
|
+
# We only expose non-transitive dependencies here...
|
|
66
|
+
direct_deps = current_report["multiBreaking"].reject do |d|
|
|
67
|
+
d["kind"] == "transitive"
|
|
68
|
+
end
|
|
69
|
+
direct_deps.map do |d|
|
|
70
|
+
to_dependency(d)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def report
|
|
75
|
+
@report ||= dependency_services_report
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def current_report
|
|
79
|
+
report.find { |d| d["name"] == dependency.name }
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
Dependabot::UpdateCheckers.register("pub", Dependabot::Pub::UpdateChecker)
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/utils"
|
|
4
|
+
require "rubygems_version_patch"
|
|
5
|
+
|
|
6
|
+
# Dart pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
|
|
7
|
+
# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
|
|
8
|
+
# alteration.
|
|
9
|
+
#
|
|
10
|
+
# For details on versions syntax supported by pub, see:
|
|
11
|
+
# https://semver.org/spec/v2.0.0-rc.1.html
|
|
12
|
+
#
|
|
13
|
+
# For details on semantics of version ranges as understood by pub, see:
|
|
14
|
+
# https://github.com/dart-lang/pub_semver
|
|
15
|
+
|
|
16
|
+
module Dependabot
|
|
17
|
+
module Pub
|
|
18
|
+
class Version < Gem::Version
|
|
19
|
+
VERSION_PATTERN = Gem::Version::VERSION_PATTERN + "(\\+[0-9a-zA-Z\\-.]+)?"
|
|
20
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
|
|
21
|
+
|
|
22
|
+
attr_reader :build_info
|
|
23
|
+
|
|
24
|
+
def initialize(version)
|
|
25
|
+
@version_string = version.to_s
|
|
26
|
+
version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
|
|
27
|
+
|
|
28
|
+
super
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def to_s
|
|
32
|
+
@version_string
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def inspect # :nodoc:
|
|
36
|
+
"#<#{self.class} #{@version_string}>"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.correct?(version)
|
|
40
|
+
return false if version.nil?
|
|
41
|
+
|
|
42
|
+
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
Dependabot::Utils.register_version_class("pub", Dependabot::Pub::Version)
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# These all need to be required so the various classes can be registered in a
|
|
4
|
+
# lookup table of package manager names to concrete classes.
|
|
5
|
+
require "dependabot/pub/file_fetcher"
|
|
6
|
+
require "dependabot/pub/file_parser"
|
|
7
|
+
require "dependabot/pub/update_checker"
|
|
8
|
+
require "dependabot/pub/file_updater"
|
|
9
|
+
require "dependabot/pub/metadata_finder"
|
|
10
|
+
require "dependabot/pub/requirement"
|
|
11
|
+
require "dependabot/pub/version"
|
|
12
|
+
|
|
13
|
+
require "dependabot/pull_request_creator/labeler"
|
|
14
|
+
Dependabot::PullRequestCreator::Labeler.
|
|
15
|
+
register_label_details("pub", name: "dart", colour: "000000")
|
|
16
|
+
|
|
17
|
+
require "dependabot/dependency"
|
|
18
|
+
Dependabot::Dependency.register_production_check("pub", ->(_) { true })
|
|
19
|
+
|
|
20
|
+
require "dependabot/utils"
|
|
21
|
+
Dependabot::Utils.register_always_clone("pub")
|
metadata
ADDED
|
@@ -0,0 +1,220 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: dependabot-pub
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.176.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Dependabot
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2022-02-28 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: dependabot-common
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - '='
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 0.176.0
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - '='
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 0.176.0
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: debug
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 1.0.0
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 1.0.0
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: gpgme
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '2.0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '2.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: rake
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '13'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '13'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: rspec
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '3.8'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '3.8'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: rspec-its
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '1.2'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '1.2'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: rubocop
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: 1.23.0
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: 1.23.0
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: simplecov
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: 0.21.0
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 0.21.0
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: simplecov-console
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: 0.9.1
|
|
132
|
+
type: :development
|
|
133
|
+
prerelease: false
|
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
+
requirements:
|
|
136
|
+
- - "~>"
|
|
137
|
+
- !ruby/object:Gem::Version
|
|
138
|
+
version: 0.9.1
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: stackprof
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 0.2.16
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 0.2.16
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: vcr
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - '='
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 6.0.0
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - '='
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 6.0.0
|
|
167
|
+
- !ruby/object:Gem::Dependency
|
|
168
|
+
name: webmock
|
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
|
170
|
+
requirements:
|
|
171
|
+
- - "~>"
|
|
172
|
+
- !ruby/object:Gem::Version
|
|
173
|
+
version: '3.4'
|
|
174
|
+
type: :development
|
|
175
|
+
prerelease: false
|
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
+
requirements:
|
|
178
|
+
- - "~>"
|
|
179
|
+
- !ruby/object:Gem::Version
|
|
180
|
+
version: '3.4'
|
|
181
|
+
description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
|
|
182
|
+
Rust, Java, .NET, Elm and Go
|
|
183
|
+
email: support@dependabot.com
|
|
184
|
+
executables: []
|
|
185
|
+
extensions: []
|
|
186
|
+
extra_rdoc_files: []
|
|
187
|
+
files:
|
|
188
|
+
- lib/dependabot/pub.rb
|
|
189
|
+
- lib/dependabot/pub/file_fetcher.rb
|
|
190
|
+
- lib/dependabot/pub/file_parser.rb
|
|
191
|
+
- lib/dependabot/pub/file_updater.rb
|
|
192
|
+
- lib/dependabot/pub/helpers.rb
|
|
193
|
+
- lib/dependabot/pub/metadata_finder.rb
|
|
194
|
+
- lib/dependabot/pub/requirement.rb
|
|
195
|
+
- lib/dependabot/pub/update_checker.rb
|
|
196
|
+
- lib/dependabot/pub/version.rb
|
|
197
|
+
homepage: https://github.com/dependabot/dependabot-core
|
|
198
|
+
licenses:
|
|
199
|
+
- Nonstandard
|
|
200
|
+
metadata: {}
|
|
201
|
+
post_install_message:
|
|
202
|
+
rdoc_options: []
|
|
203
|
+
require_paths:
|
|
204
|
+
- lib
|
|
205
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
206
|
+
requirements:
|
|
207
|
+
- - ">="
|
|
208
|
+
- !ruby/object:Gem::Version
|
|
209
|
+
version: 2.5.0
|
|
210
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
211
|
+
requirements:
|
|
212
|
+
- - ">="
|
|
213
|
+
- !ruby/object:Gem::Version
|
|
214
|
+
version: 2.5.0
|
|
215
|
+
requirements: []
|
|
216
|
+
rubygems_version: 3.1.4
|
|
217
|
+
signing_key:
|
|
218
|
+
specification_version: 4
|
|
219
|
+
summary: Dart (pub) support for dependabot
|
|
220
|
+
test_files: []
|