dependabot-pub 0.263.0 → 0.265.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/pub/file_fetcher.rb +7 -3
- data/lib/dependabot/pub/requirement.rb +17 -5
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ff67319598cc88610c0f9d8c4fb72ef2e859d974b953b3a4cf44e7f8363865d
|
4
|
+
data.tar.gz: da3645b2454ef5dfd6f592d7dc4c547c97b3fef57681ee87dae7c6f53ee4ff18
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 70330bcd1086311ef806697e46171556592ba39ad1728729c670395dbf2b8c84e6185e573280457778e8eae4a7cbd9710ffc3f3ec19a25b2d4aca6ad72b9cf50
|
7
|
+
data.tar.gz: 3d10cb7afffc04b48a3d1700dfcdcd1ca60d681ecb8b6de173a98a473b4ed55ae9e18d4cd274da8b78aa899c8957f7ab9177f73640321083dcefa6e356efe41f
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
@@ -13,10 +13,12 @@ module Dependabot
|
|
13
13
|
extend T::Sig
|
14
14
|
extend T::Helpers
|
15
15
|
|
16
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
16
17
|
def self.required_files_in?(filenames)
|
17
18
|
filenames.include?("pubspec.yaml")
|
18
19
|
end
|
19
20
|
|
21
|
+
sig { override.returns(String) }
|
20
22
|
def self.required_files_message
|
21
23
|
"Repo must contain a pubspec.yaml."
|
22
24
|
end
|
@@ -38,14 +40,16 @@ module Dependabot
|
|
38
40
|
|
39
41
|
private
|
40
42
|
|
43
|
+
sig { returns(DependencyFile) }
|
41
44
|
def pubspec_yaml
|
42
|
-
@pubspec_yaml ||= fetch_file_from_host("pubspec.yaml")
|
45
|
+
@pubspec_yaml ||= T.let(fetch_file_from_host("pubspec.yaml"), T.nilable(Dependabot::DependencyFile))
|
43
46
|
end
|
44
47
|
|
48
|
+
sig { returns(T.nilable(DependencyFile)) }
|
45
49
|
def pubspec_lock
|
46
50
|
return @pubspec_lock if defined?(@pubspec_lock)
|
47
51
|
|
48
|
-
@pubspec_lock = fetch_file_if_present("pubspec.lock")
|
52
|
+
@pubspec_lock = T.let(fetch_file_if_present("pubspec.lock"), T.nilable(Dependabot::DependencyFile))
|
49
53
|
end
|
50
54
|
end
|
51
55
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
# For details on pub version constraints see:
|
@@ -20,11 +20,16 @@ module Dependabot
|
|
20
20
|
quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
|
21
21
|
version_pattern = Pub::Version::VERSION_PATTERN
|
22
22
|
|
23
|
-
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze
|
23
|
+
PATTERN_RAW = T.let("\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze, String)
|
24
24
|
PATTERN = /\A#{PATTERN_RAW}\z/
|
25
25
|
|
26
26
|
# Use Pub::Version rather than Gem::Version to ensure that
|
27
27
|
# pre-release versions aren't transformed.
|
28
|
+
sig do
|
29
|
+
params(
|
30
|
+
obj: T.any(String, Gem::Version, Pub::Version)
|
31
|
+
).returns(T::Array[T.any(String, Pub::Version)])
|
32
|
+
end
|
28
33
|
def self.parse(obj)
|
29
34
|
return ["=", Pub::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
30
35
|
|
@@ -43,9 +48,10 @@ module Dependabot
|
|
43
48
|
# contains a single element.
|
44
49
|
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
45
50
|
def self.requirements_array(requirement_string)
|
46
|
-
[new(requirement_string)]
|
51
|
+
[new(T.must(requirement_string))]
|
47
52
|
end
|
48
53
|
|
54
|
+
sig { params(requirements: T.any(String, T::Array[String]), raw_constraint: T.nilable(String)).void }
|
49
55
|
def initialize(*requirements, raw_constraint: nil)
|
50
56
|
requirements = requirements.flatten.flat_map do |req_string|
|
51
57
|
req_string.split(",").map(&:strip).map do |r|
|
@@ -57,6 +63,7 @@ module Dependabot
|
|
57
63
|
@raw_constraint = raw_constraint
|
58
64
|
end
|
59
65
|
|
66
|
+
sig { returns(String) }
|
60
67
|
def to_s
|
61
68
|
if @raw_constraint.nil?
|
62
69
|
as_list.join " "
|
@@ -67,6 +74,7 @@ module Dependabot
|
|
67
74
|
|
68
75
|
private
|
69
76
|
|
77
|
+
sig { params(req_string: String).returns(T.any(String, T::Array[T.nilable(String)])) }
|
70
78
|
def convert_dart_constraint_to_ruby_constraint(req_string)
|
71
79
|
if req_string.empty? || req_string == "any" then ">= 0"
|
72
80
|
elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
|
@@ -77,18 +85,21 @@ module Dependabot
|
|
77
85
|
end
|
78
86
|
end
|
79
87
|
|
88
|
+
sig { params(req_string: String).returns(String) }
|
80
89
|
def convert_tilde_req(req_string)
|
81
90
|
version = req_string.gsub(/^~/, "")
|
82
91
|
parts = version.split(".")
|
83
92
|
"~> #{parts.join('.')}"
|
84
93
|
end
|
85
94
|
|
95
|
+
sig { params(req_string: String).returns(T::Array[T.nilable(String)]) }
|
86
96
|
def convert_range_req(req_string)
|
87
97
|
req_string.scan(
|
88
98
|
/((?:>|<|=|<=|>=)\s*#{Pub::Version::VERSION_PATTERN})\s*/o
|
89
|
-
).map { |x| x[0]
|
99
|
+
).map { |x| x[0]&.strip }
|
90
100
|
end
|
91
101
|
|
102
|
+
sig { params(req_string: String).returns(String) }
|
92
103
|
def ruby_range(req_string)
|
93
104
|
parts = req_string.split(".")
|
94
105
|
|
@@ -103,6 +114,7 @@ module Dependabot
|
|
103
114
|
"~> #{parts.join('.')}"
|
104
115
|
end
|
105
116
|
|
117
|
+
sig { params(req_string: String).returns(T::Array[String]) }
|
106
118
|
def convert_caret_req(req_string)
|
107
119
|
# Copied from Cargo::Requirement which allows less than 3 components
|
108
120
|
# so we could be more strict in the parsing here.
|
@@ -112,7 +124,7 @@ module Dependabot
|
|
112
124
|
first_non_zero_index =
|
113
125
|
first_non_zero ? parts.index(first_non_zero) : parts.count - 1
|
114
126
|
upper_bound = parts.map.with_index do |part, i|
|
115
|
-
if i < first_non_zero_index then part
|
127
|
+
if i < T.must(first_non_zero_index) then part
|
116
128
|
elsif i == first_non_zero_index then (part.to_i + 1).to_s
|
117
129
|
else
|
118
130
|
0
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-pub
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.265.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.265.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.265.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -256,7 +256,7 @@ licenses:
|
|
256
256
|
- MIT
|
257
257
|
metadata:
|
258
258
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
259
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
259
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
|
260
260
|
post_install_message:
|
261
261
|
rdoc_options: []
|
262
262
|
require_paths:
|