RubyGems - dependabot-sbt - Versions diffs - 0.377.0 - Mend

dependabot-sbt 0.377.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +7 -0
data/lib/dependabot/sbt/file_fetcher.rb +121 -0
data/lib/dependabot/sbt/file_parser/property_value_finder.rb +179 -0
data/lib/dependabot/sbt/file_parser/repositories_finder.rb +141 -0
data/lib/dependabot/sbt/file_parser.rb +468 -0
data/lib/dependabot/sbt/file_updater/property_value_updater.rb +28 -0
data/lib/dependabot/sbt/file_updater.rb +240 -0
data/lib/dependabot/sbt/language.rb +24 -0
data/lib/dependabot/sbt/metadata_finder.rb +24 -0
data/lib/dependabot/sbt/native_helpers.rb +28 -0
data/lib/dependabot/sbt/package/package_details_fetcher.rb +175 -0
data/lib/dependabot/sbt/package_manager.rb +39 -0
data/lib/dependabot/sbt/requirement.rb +64 -0
data/lib/dependabot/sbt/update_checker/requirements_updater.rb +98 -0
data/lib/dependabot/sbt/update_checker/version_finder.rb +76 -0
data/lib/dependabot/sbt/update_checker.rb +177 -0
data/lib/dependabot/sbt/version.rb +21 -0
data/lib/dependabot/sbt.rb +19 -0
metadata +298 -0

data/lib/dependabot/sbt/update_checker/version_finder.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/package/package_latest_version_finder"
+require "dependabot/package/release_cooldown_options"
+require "dependabot/update_checkers/version_filters"
+require "dependabot/maven/shared/base_version_finder"
+require "dependabot/sbt/update_checker"
+require "dependabot/sbt/package/package_details_fetcher"
+module Dependabot
+  module Sbt
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      class VersionFinder < Dependabot::Maven::Shared::BaseVersionFinder
+        extend T::Sig
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String],
+            security_advisories: T::Array[Dependabot::SecurityAdvisory],
+            cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
+            raise_on_ignored: T::Boolean
+          ).void
+        end
+        def initialize(
+          dependency:,
+          dependency_files:,
+          credentials:,
+          ignored_versions:,
+          security_advisories:,
+          cooldown_options: nil,
+          raise_on_ignored: false
+        )
+          @package_details_fetcher = T.let(nil, T.nilable(Package::PackageDetailsFetcher))
+          @package_details = T.let(nil, T.nilable(Dependabot::Package::PackageDetails))
+          super(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            security_advisories: security_advisories,
+            cooldown_options: cooldown_options,
+            raise_on_ignored: raise_on_ignored,
+            options: {}
+          )
+        end
+        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
+        def package_details
+          @package_details ||= package_details_fetcher.fetch
+        end
+        private
+        sig { override.params(version: Dependabot::Version).returns(T::Boolean) }
+        def released?(version)
+          package_details_fetcher.released?(version)
+        end
+        sig { returns(Package::PackageDetailsFetcher) }
+        def package_details_fetcher
+          @package_details_fetcher ||= Package::PackageDetailsFetcher.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials
+          )
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/sbt/update_checker.rb ADDED Viewed

@@ -0,0 +1,177 @@
+# typed: strict
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/sbt/file_parser"
+require "dependabot/sbt/file_parser/property_value_finder"
+module Dependabot
+  module Sbt
+    class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
+      require_relative "update_checker/requirements_updater"
+      require_relative "update_checker/version_finder"
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def latest_version
+        latest_version_details&.fetch(:version)
+      end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def latest_resolvable_version
+        # SBT has no transitive dependency resolution constraints in manifest files.
+        # Return nil if version comes from a multi-dependency property (needs full unlock).
+        return nil if version_comes_from_multi_dependency_property?
+        latest_version
+      end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def lowest_security_fix_version
+        lowest_security_fix_version_details&.fetch(:version)
+      end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def lowest_resolvable_security_fix_version
+        return nil if version_comes_from_multi_dependency_property?
+        lowest_security_fix_version
+      end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
+      def latest_resolvable_version_with_no_unlock
+        # SBT uses exact versions in build files, so no constraint resolution needed.
+        nil
+      end
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def updated_requirements
+        property_names =
+          declarations_using_a_property
+          .filter_map { |req| req.dig(:metadata, :property_name) }
+        RequirementsUpdater.new(
+          requirements: dependency.requirements,
+          latest_version: preferred_resolvable_version&.to_s,
+          source_url: preferred_version_details&.fetch(:source_url),
+          properties_to_update: property_names
+        ).updated_requirements
+      end
+      sig { override.returns(T::Boolean) }
+      def requirements_unlocked_or_can_be?
+        # If any requirement uses a val we couldn't resolve, we can't update
+        !dependency.version&.include?("${")
+      end
+      private
+      sig { override.returns(T::Boolean) }
+      def latest_version_resolvable_with_full_unlock?
+        return false unless version_comes_from_multi_dependency_property?
+        # Full unlock via property updates can be added later
+        false
+      end
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def updated_dependencies_after_full_unlock
+        []
+      end
+      sig { override.returns(T::Boolean) }
+      def numeric_version_up_to_date?
+        return false unless version_class.correct?(dependency.version)
+        super
+      end
+      sig { override.params(requirements_to_unlock: T.nilable(Symbol)).returns(T::Boolean) }
+      def numeric_version_can_update?(requirements_to_unlock:)
+        return false unless version_class.correct?(dependency.version)
+        super
+      end
+      sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+      def preferred_version_details
+        return lowest_security_fix_version_details if vulnerable?
+        latest_version_details
+      end
+      sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+      def latest_version_details
+        version_finder.latest_version_details
+      end
+      sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+      def lowest_security_fix_version_details
+        version_finder.lowest_security_fix_version_details
+      end
+      sig { returns(VersionFinder) }
+      def version_finder
+        @version_finder ||= T.let(
+          VersionFinder.new(
+            dependency: dependency,
+            dependency_files: dependency_files,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            cooldown_options: update_cooldown,
+            raise_on_ignored: raise_on_ignored,
+            security_advisories: security_advisories
+          ),
+          T.nilable(VersionFinder)
+        )
+      end
+      sig { returns(T::Boolean) }
+      def version_comes_from_multi_dependency_property?
+        declarations_using_a_property.any? do |requirement|
+          property_name = requirement.dig(:metadata, :property_name)
+          property_source = requirement.dig(:metadata, :property_source)
+          next false unless property_name
+          all_property_based_dependencies.any? do |dep|
+            next false if dep.name == dependency.name
+            dep.requirements.any? do |req|
+              next unless req.dig(:metadata, :property_name) == property_name
+              req.dig(:metadata, :property_source) == property_source
+            end
+          end
+        end
+      end
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      def declarations_using_a_property
+        @declarations_using_a_property ||= T.let(
+          dependency.requirements
+                    .select { |req| req.dig(:metadata, :property_name) },
+          T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
+        )
+      end
+      sig { returns(T::Array[Dependabot::Dependency]) }
+      def all_property_based_dependencies
+        @all_property_based_dependencies ||= T.let(
+          Sbt::FileParser.new(
+            dependency_files: dependency_files,
+            source: nil
+          ).parse.select do |dep|
+            dep.requirements.any? { |req| req.dig(:metadata, :property_name) }
+          end,
+          T.nilable(T::Array[Dependabot::Dependency])
+        )
+      end
+    end
+  end
+end
+Dependabot::UpdateCheckers.register("sbt", Dependabot::Sbt::UpdateChecker)

data/lib/dependabot/sbt/version.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+require "dependabot/maven/version"
+require "dependabot/utils"
+module Dependabot
+  module Sbt
+    # SBT resolves artifacts from Maven repositories and uses the same
+    # version ordering specification as Maven.
+    class Version < Dependabot::Maven::Version
+      extend T::Sig
+      VERSION_PATTERN = T.let(Dependabot::Maven::Version::VERSION_PATTERN, String)
+    end
+  end
+end
+Dependabot::Utils.register_version_class("sbt", Dependabot::Sbt::Version)

data/lib/dependabot/sbt.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# typed: strong
+# frozen_string_literal: true
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/sbt/file_fetcher"
+require "dependabot/sbt/file_parser"
+require "dependabot/sbt/update_checker"
+require "dependabot/sbt/file_updater"
+require "dependabot/sbt/metadata_finder"
+require "dependabot/sbt/version"
+require "dependabot/sbt/requirement"
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("sbt", name: "sbt", colour: "000000")
+require "dependabot/dependency"
+Dependabot::Dependency.register_production_check("sbt", ->(_) { true })

metadata ADDED Viewed

@@ -0,0 +1,298 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-sbt
+version: !ruby/object:Gem::Version
+  version: 0.377.0
+platform: ruby
+authors:
+- Dependabot
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.377.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.377.0
+- !ruby/object:Gem::Dependency
+  name: dependabot-maven
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.377.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.377.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.80'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.26'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.5
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.25'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: Dependabot-Sbt provides support for bumping Sbt dependencies via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/sbt.rb
+- lib/dependabot/sbt/file_fetcher.rb
+- lib/dependabot/sbt/file_parser.rb
+- lib/dependabot/sbt/file_parser/property_value_finder.rb
+- lib/dependabot/sbt/file_parser/repositories_finder.rb
+- lib/dependabot/sbt/file_updater.rb
+- lib/dependabot/sbt/file_updater/property_value_updater.rb
+- lib/dependabot/sbt/language.rb
+- lib/dependabot/sbt/metadata_finder.rb
+- lib/dependabot/sbt/native_helpers.rb
+- lib/dependabot/sbt/package/package_details_fetcher.rb
+- lib/dependabot/sbt/package_manager.rb
+- lib/dependabot/sbt/requirement.rb
+- lib/dependabot/sbt/update_checker.rb
+- lib/dependabot/sbt/update_checker/requirements_updater.rb
+- lib/dependabot/sbt/update_checker/version_finder.rb
+- lib/dependabot/sbt/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.377.0
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.0
+requirements: []
+rubygems_version: 3.7.2
+specification_version: 4
+summary: Provides Dependabot support for Sbt
+test_files: []