dependabot-silent 0.260.0 → 0.261.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58bb254ca97253e0eaafbf3b7858237e084c29f63a0fe80aa89a877bd391ad6a
-  data.tar.gz: d0c1f391350c5d98b0bdcea903d80b70696d601683309026507f4def8206d098
+  metadata.gz: bd454d4abeedb40cae28ad0e216a0cdb98bd676e3305391f0fdee33f43c16a66
+  data.tar.gz: c9374c8d5f8bda9be6651ced6092de0b87977b31a150128bca0e48b3f6d8f4cc
 SHA512:
-  metadata.gz: 33c5e0e7248b9f19c68019dcf5e6b1c1a18feb82b10419ba31f0c677f477c40ee86cfe2cc32b2afcc90100f4558eed0b4d87804c50e14e8cb2828a018bf17700
-  data.tar.gz: 28fcfb89356c9c83ffb1b30a36559b6c80ccb9e8ef6c4ab8ba841c17fa7e15e94dbb0f9c13372a47ca850f1c23615b97b40f655f0912c007296a840549a57004
+  metadata.gz: fc2ccc336fa85f7470acc643a0a319dbd9db7c74c547729feb5533f57681b16a6c843f359b246a33cf7a83658fdfc5a65760d46681082bc3cd432a04a37fdff0
+  data.tar.gz: 348f0a6fd8d44b0b2178ee9a4e9199a34dc303090c58a1f028b82438319684c0cf8863f2f3a77343b4c212a9569dd61e26ef6df1247c506617ea2d5c1dc5e67b

data/lib/dependabot/silent/file_fetcher.rb

@@ -1,17 +1,22 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileFetcher < Dependabot::FileFetchers::Base
+    extend T::Sig
+
+    sig { override.returns(T::Array[Dependabot::DependencyFile]) }
     def fetch_files
       [manifest].compact
     end
 
     private
 
+    sig { returns(T.nilable(Dependabot::DependencyFile)) }
     def manifest
       fetch_file_if_present("manifest.json")
     end

data/lib/dependabot/silent/file_parser.rb

@@ -1,14 +1,18 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileParser < Dependabot::FileParsers::Base
+    extend T::Sig
+
     require "dependabot/file_parsers/base/dependency_set"
 
+    sig { override.returns(T::Array[Dependabot::Dependency]) }
     def parse
       dependency_set = DependencySet.new
 
@@ -24,6 +28,7 @@ module SilentPackageManager
 
     private
 
+    sig { params(name: String, info: String).returns(Dependabot::Dependency) }
     def parse_single_dependency(name, info)
       Dependabot::Dependency.new(
         name: name,
@@ -40,19 +45,22 @@ module SilentPackageManager
 
     # To match the behavior of npm_and_yarn, this returns one Dependency but has
     # a metadata field that includes all the versions of the Dependency.
+    sig { params(name: String, info: String).returns(Dependabot::Dependency) }
     def parse_multiple_dependency(name, info)
-      dependencies = info["versions"].map do |version|
+      dependencies = Array(info["versions"]).map do |version|
         info["version"] = version
         parse_single_dependency(name, info)
       end
-      dependencies.last.metadata[:all_versions] = dependencies
-      dependencies.last
+      T.must(dependencies.last).metadata[:all_versions] = dependencies
+      T.must(dependencies.last)
     end
 
+    sig { returns(String) }
     def manifest_content
       T.must(T.must(dependency_files.first).content)
     end
 
+    sig { override.void }
     def check_required_files
       # Just check if there are any files at all.
       return if dependency_files.any?

data/lib/dependabot/silent/file_updater.rb

@@ -1,17 +1,21 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileUpdater < Dependabot::FileUpdaters::Base
+    extend T::Sig
+
+    sig { override.returns(T::Array[Dependabot::DependencyFile]) }
     def updated_dependency_files
-      return [] if dependency.name == "dont-update-any-files"
+      return [] if dependency&.name == "dont-update-any-files"
 
       updated_files = []
       dependency_files.each do |file|
-        next unless requirement_changed?(file, dependency)
+        next unless requirement_changed?(file, T.must(dependency))
 
         updated_files << updated_file(file: file, content: updated_file_content(file))
       end
@@ -24,11 +28,13 @@ module SilentPackageManager
 
     private
 
+    sig { returns(T.nilable(Dependabot::Dependency)) }
     def dependency
       # Dockerfiles will only ever be updating a single dependency
       dependencies.first
     end
 
+    sig { override.void }
     def check_required_files
       # Just check if there are any files at all.
       return if dependency_files.any?
@@ -36,18 +42,19 @@ module SilentPackageManager
       raise "No dependency files!"
     end
 
+    sig { params(file: Dependabot::DependencyFile).returns(String) }
     def updated_file_content(file)
-      original_content = JSON.parse(file.content)
+      original_content = JSON.parse(T.must(file.content))
       original_content.each do |name, info|
-        next unless name == dependency.name
+        next unless name == dependency&.name
 
         # If this was a multi-version update, assume we've updated all versions to be the same.
         info.delete("versions") if info["versions"]
 
-        info["version"] = requirements(file).first[:requirement]
+        info["version"] = requirements(file).first&.fetch(:requirement)
         if info["depends-on"]
           # also bump dependants to the same version
-          original_content[info["depends-on"]]["version"] = requirements(file).first[:requirement]
+          original_content[info["depends-on"]]["version"] = requirements(file).first&.fetch(:requirement)
         end
       end
       c = JSON.pretty_generate(original_content)
@@ -55,14 +62,14 @@ module SilentPackageManager
       c
     end
 
+    sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, String]]) }
     def requirements(file)
-      dependency.requirements
-                .select { |r| r[:file] == file.name }
+      dependency&.requirements&.filter { |r| r[:file] == file.name } || []
     end
 
+    sig { params(file: T.untyped).returns(T::Array[T::Hash[Symbol, String]]) }
     def previous_requirements(file)
-      dependency.previous_requirements
-                .select { |r| r[:file] == file.name }
+      dependency&.previous_requirements&.filter { |r| r[:file] == file.name } || []
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-silent
 version: !ruby/object:Gem::Version
-  version: 0.260.0
+  version: 0.261.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-06-06 00:00:00.000000000 Z
+date: 2024-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -253,7 +253,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
 post_install_message: 
 rdoc_options: []
 require_paths: