dependabot-pub 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/pub/file_fetcher.rb +10 -6
  3. data/lib/dependabot/pub/file_parser.rb +6 -3
  4. data/lib/dependabot/pub/helpers.rb +5 -3
  5. data/lib/dependabot/pub/package/package_details_fetcher.rb +12 -5
  6. data/lib/dependabot/pub/update_checker/latest_version_finder.rb +46 -25
  7. data/lib/dependabot/pub/update_checker.rb +13 -11
  8. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 37456497229758cc49d7736920965447abf03f756b710e069ec8e281bf807198
4
- data.tar.gz: 5b9bcf4c7ddd567c03da21decba2aee418b23d2adb7b5f60f0362b4008cebd57
3
+ metadata.gz: 988058eb7eb6c7b67796e9e4b8123ae1225eb8f540746ae2f8ee104c746208e0
4
+ data.tar.gz: 806eb44928dc19044c3fdbb27650032abed64aedbd82b88ae330a19a1f326503
5
5
  SHA512:
6
- metadata.gz: 8e2575d494debb71fcff341d89bba0f0bd9b36e5b891fad46a02d5efcef4a8d705ae405b53efe7c80c4609e606c7e2c3db20b1ea38f6f409c9e50bf619f0d8de
7
- data.tar.gz: 6f72a3ac8507bf2014f100ee3a249fa17405731322a4acdc622e64bad4306c4ada7b3505ce60f206746edc780792f3834e2549ae6decc51e2c24baa9a6e245dd
6
+ metadata.gz: a4b78ca08d2873c6f383df75d7e4bf9dc271f0a195c471407775af65b07918ebcac7dfe5e2d86b2f11d97731f0bda54308aa6be14a17bc93ee2689c0929faff2
7
+ data.tar.gz: c78d569eb0957ef3d26043494e53044fa5af812398236240b20b5bd4852021d6c169ff92409950f8359c1bce4411d4ff7f58c8a51ef7a2ca0ecc1b26d94896ee
data/lib/dependabot/pub/file_fetcher.rb CHANGED
@@ -36,9 +36,11 @@ module Dependabot
36
36
  relative_name = Pathname.new("/#{pubspec}").relative_path_from(directory)
37
37
 
38
38
  # Skip excluded workspace pubspec files
39
- next nil if Dependabot::FileFiltering.should_exclude_path?(relative_name.to_s,
40
- "workspace pubspec file",
41
- @exclude_paths)
39
+ next nil if Dependabot::FileFiltering.should_exclude_path?(
40
+ relative_name.to_s,
41
+ "workspace pubspec file",
42
+ @exclude_paths
43
+ )
42
44
 
43
45
  fetch_file_from_host(relative_name)
44
46
  end
@@ -46,9 +48,11 @@ module Dependabot
46
48
  # Filter excluded files from final collection
47
49
  filtered_files = fetched_files.uniq.reject do |file|
48
50
  file_name = T.cast(file, DependencyFile).name
49
- Dependabot::FileFiltering.should_exclude_path?(file_name,
50
- "file from final collection",
51
- @exclude_paths)
51
+ Dependabot::FileFiltering.should_exclude_path?(
52
+ file_name,
53
+ "file from final collection",
54
+ @exclude_paths
55
+ )
52
56
  end
53
57
 
54
58
  filtered_files
data/lib/dependabot/pub/file_parser.rb CHANGED
@@ -49,9 +49,12 @@ module Dependabot
49
49
 
50
50
  sig { returns(T.nilable(Ecosystem::VersionManager)) }
51
51
  def language
52
- @language ||= T.let(begin
53
- Language.new(T.must(dart_raw_version))
54
- end, T.nilable(Dependabot::Pub::Language))
52
+ @language ||= T.let(
53
+ begin
54
+ Language.new(T.must(dart_raw_version))
55
+ end,
56
+ T.nilable(Dependabot::Pub::Language)
57
+ )
55
58
  end
56
59
 
57
60
  sig { returns(T.nilable(String)) }
data/lib/dependabot/pub/helpers.rb CHANGED
@@ -425,9 +425,11 @@ module Dependabot
425
425
  end
426
426
  obj
427
427
  end
428
- JSON.generate({
429
- "dependencyChanges" => deps
430
- })
428
+ JSON.generate(
429
+ {
430
+ "dependencyChanges" => deps
431
+ }
432
+ )
431
433
  end
432
434
  end
433
435
  end
data/lib/dependabot/pub/package/package_details_fetcher.rb CHANGED
@@ -47,9 +47,14 @@ module Dependabot
47
47
  )
48
48
  .void
49
49
  end
50
- def initialize(dependency:, dependency_files:, credentials:,
51
- ignored_versions: [],
52
- security_advisories: [], options: {})
50
+ def initialize(
51
+ dependency:,
52
+ dependency_files:,
53
+ credentials:,
54
+ ignored_versions: [],
55
+ security_advisories: [],
56
+ options: {}
57
+ )
53
58
  @dependency = dependency
54
59
  @dependency_files = dependency_files
55
60
  @credentials = credentials
@@ -80,8 +85,10 @@ module Dependabot
80
85
  package_details_metadata = JSON.parse(response.body)
81
86
 
82
87
  package_details_metadata["versions"].select do |v|
83
- package_releases << package_release(version: v["version"],
84
- publish_date: Time.parse(v["published"]))
88
+ package_releases << package_release(
89
+ version: v["version"],
90
+ publish_date: Time.parse(v["published"])
91
+ )
85
92
  end
86
93
 
87
94
  package_releases
data/lib/dependabot/pub/update_checker/latest_version_finder.rb CHANGED
@@ -30,10 +30,15 @@ module Dependabot
30
30
  cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions)
31
31
  ).void
32
32
  end
33
- def initialize(dependency:, dependency_files:, credentials:,
34
- ignored_versions: [],
35
- security_advisories: [], options: {},
36
- cooldown_options: nil)
33
+ def initialize(
34
+ dependency:,
35
+ dependency_files:,
36
+ credentials:,
37
+ ignored_versions: [],
38
+ security_advisories: [],
39
+ options: {},
40
+ cooldown_options: nil
41
+ )
37
42
  @dependency = dependency
38
43
  @dependency_files = dependency_files
39
44
  @credentials = credentials
@@ -45,14 +50,19 @@ module Dependabot
45
50
 
46
51
  sig { returns(T::Hash[String, T.untyped]) }
47
52
  def current_report
48
- @current_report ||= T.let(T.must(PackageDetailsFetcher.new(
49
- dependency: dependency,
50
- dependency_files: dependency_files,
51
- credentials: credentials,
52
- ignored_versions: ignored_versions,
53
- security_advisories: security_advisories,
54
- options: options
55
- ).report.find { |d| d["name"] == dependency.name }), T.nilable(T::Hash[String, T.untyped]))
53
+ @current_report ||= T.let(
54
+ T.must(
55
+ PackageDetailsFetcher.new(
56
+ dependency: dependency,
57
+ dependency_files: dependency_files,
58
+ credentials: credentials,
59
+ ignored_versions: ignored_versions,
60
+ security_advisories: security_advisories,
61
+ options: options
62
+ ).report.find { |d| d["name"] == dependency.name }
63
+ ),
64
+ T.nilable(T::Hash[String, T.untyped])
65
+ )
56
66
  end
57
67
 
58
68
  sig { returns(T.nilable(String)) }
@@ -108,14 +118,17 @@ module Dependabot
108
118
  return unparsed_version unless cooldown_enabled?
109
119
  return unparsed_version unless cooldown_options
110
120
 
111
- @package_details ||= T.let(PackageDetailsFetcher.new(
112
- dependency: dependency,
113
- dependency_files: dependency_files,
114
- credentials: credentials,
115
- ignored_versions: ignored_versions,
116
- security_advisories: security_advisories,
117
- options: options
118
- ).package_details_metadata, T.nilable(T::Array[Dependabot::Package::PackageRelease]))
121
+ @package_details ||= T.let(
122
+ PackageDetailsFetcher.new(
123
+ dependency: dependency,
124
+ dependency_files: dependency_files,
125
+ credentials: credentials,
126
+ ignored_versions: ignored_versions,
127
+ security_advisories: security_advisories,
128
+ options: options
129
+ ).package_details_metadata,
130
+ T.nilable(T::Array[Dependabot::Package::PackageRelease])
131
+ )
119
132
 
120
133
  return unparsed_version unless @package_details.any?
121
134
 
@@ -126,9 +139,9 @@ module Dependabot
126
139
  return unparsed_version unless in_cooldown_period?(version_release)
127
140
 
128
141
  dependency.version
129
- rescue StandardError => e
130
- Dependabot.logger.error("Failed to filter cooldown versions for \"#{dependency.name}\": #{e.backtrace}")
131
- unparsed_version
142
+ rescue StandardError => e
143
+ Dependabot.logger.error("Failed to filter cooldown versions for \"#{dependency.name}\": #{e.backtrace}")
144
+ unparsed_version
132
145
  end
133
146
 
134
147
  sig { params(release: Dependabot::Package::PackageRelease).returns(T::Boolean) }
@@ -146,8 +159,10 @@ module Dependabot
146
159
  passed_days = passed_seconds / DAY_IN_SECONDS
147
160
 
148
161
  if passed_days < days
149
- Dependabot.logger.info("Version #{release.version}, Release date: #{release.released_at}." \
150
- " Days since release: #{passed_days} (cooldown days: #{days})")
162
+ Dependabot.logger.info(
163
+ "Version #{release.version}, Release date: #{release.released_at}." \
164
+ " Days since release: #{passed_days} (cooldown days: #{days})"
165
+ )
151
166
  end
152
167
 
153
168
  # Check if the release is within the cooldown period
@@ -197,16 +212,22 @@ module Dependabot
197
212
 
198
213
  sig { returns(Dependabot::Dependency) }
199
214
  attr_reader :dependency
215
+
200
216
  sig { returns(T::Array[Dependabot::DependencyFile]) }
201
217
  attr_reader :dependency_files
218
+
202
219
  sig { returns(T::Array[Dependabot::Credential]) }
203
220
  attr_reader :credentials
221
+
204
222
  sig { returns(T::Array[String]) }
205
223
  attr_reader :ignored_versions
224
+
206
225
  sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
207
226
  attr_reader :security_advisories
227
+
208
228
  sig { returns(T::Hash[Symbol, T.untyped]) }
209
229
  attr_reader :options
230
+
210
231
  sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
211
232
  attr_reader :cooldown_options
212
233
  end
data/lib/dependabot/pub/update_checker.rb CHANGED
@@ -85,7 +85,7 @@ module Dependabot
85
85
  # This security update would require unlocking other packages, which is not currently supported.
86
86
  # Because of that, return original requirements, so that no requirements are actually updated and
87
87
  # the error bubbles up as security_update_not_possible to the user.
88
- return dependency.requirements if breaking_changes&.size&. > 1
88
+ return dependency.requirements if breaking_changes&.size&.> 1
89
89
 
90
90
  updates&.find { |u| u["name"] == dependency.name }
91
91
  else
@@ -198,16 +198,18 @@ module Dependabot
198
198
  sig { returns(Dependabot::Pub::UpdateChecker::LatestVersionFinder) }
199
199
  def version_report
200
200
  @version_report ||=
201
- T.let(LatestVersionFinder.new(
202
- dependency: dependency,
203
- dependency_files: dependency_files,
204
- credentials: credentials,
205
- ignored_versions: ignored_versions,
206
- security_advisories: security_advisories,
207
- options: options,
208
- cooldown_options: update_cooldown
209
- ),
210
- T.nilable(Dependabot::Pub::UpdateChecker::LatestVersionFinder))
201
+ T.let(
202
+ LatestVersionFinder.new(
203
+ dependency: dependency,
204
+ dependency_files: dependency_files,
205
+ credentials: credentials,
206
+ ignored_versions: ignored_versions,
207
+ security_advisories: security_advisories,
208
+ options: options,
209
+ cooldown_options: update_cooldown
210
+ ),
211
+ T.nilable(Dependabot::Pub::UpdateChecker::LatestVersionFinder)
212
+ )
211
213
  end
212
214
 
213
215
  sig { returns(Dependabot::RequirementsUpdateStrategy) }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-pub
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.333.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.333.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.333.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -259,7 +259,7 @@ licenses:
259
259
  - MIT
260
260
  metadata:
261
261
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
262
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
262
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
263
263
  rdoc_options: []
264
264
  require_paths:
265
265
  - lib