dependabot-silent 0.260.0 → 0.261.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58bb254ca97253e0eaafbf3b7858237e084c29f63a0fe80aa89a877bd391ad6a
-  data.tar.gz: d0c1f391350c5d98b0bdcea903d80b70696d601683309026507f4def8206d098
+  metadata.gz: 73d77c9c9a5622d91fd9904894a5c2d7868138910b19584d911f092ec013ccc2
+  data.tar.gz: 2d3745c500acd3b2792f6f6114b0f03e3efaeb967e31725ec816f17c837c4bca
 SHA512:
-  metadata.gz: 33c5e0e7248b9f19c68019dcf5e6b1c1a18feb82b10419ba31f0c677f477c40ee86cfe2cc32b2afcc90100f4558eed0b4d87804c50e14e8cb2828a018bf17700
-  data.tar.gz: 28fcfb89356c9c83ffb1b30a36559b6c80ccb9e8ef6c4ab8ba841c17fa7e15e94dbb0f9c13372a47ca850f1c23615b97b40f655f0912c007296a840549a57004
+  metadata.gz: 7f4ae800f9cadd717c8465a3ff781b687b809bf2ca2acd7ba9c82689cbfac990845a3e1148eee382b11f29ff7a9f80e23c0d4d6484c3195b188c5225326d96c3
+  data.tar.gz: 900ac2e5ccf41f0e28037bbd0bc69f063fbcbcffc519cb4dd812f1541460df6ce417f447078b41ed1676fe4ea29dcb163fd5cb4ce2a940fbb4bd9f37535f5a4a

data/lib/dependabot/silent/file_fetcher.rb

@@ -1,17 +1,22 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileFetcher < Dependabot::FileFetchers::Base
+    extend T::Sig
+
+    sig { override.returns(T::Array[Dependabot::DependencyFile]) }
     def fetch_files
       [manifest].compact
     end
 
     private
 
+    sig { returns(T.nilable(Dependabot::DependencyFile)) }
     def manifest
       fetch_file_if_present("manifest.json")
     end

data/lib/dependabot/silent/file_parser.rb

@@ -1,14 +1,18 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileParser < Dependabot::FileParsers::Base
+    extend T::Sig
+
     require "dependabot/file_parsers/base/dependency_set"
 
+    sig { override.returns(T::Array[Dependabot::Dependency]) }
     def parse
       dependency_set = DependencySet.new
 
@@ -24,6 +28,7 @@ module SilentPackageManager
 
     private
 
+    sig { params(name: String, info: String).returns(Dependabot::Dependency) }
     def parse_single_dependency(name, info)
       Dependabot::Dependency.new(
         name: name,
@@ -40,19 +45,22 @@ module SilentPackageManager
 
     # To match the behavior of npm_and_yarn, this returns one Dependency but has
     # a metadata field that includes all the versions of the Dependency.
+    sig { params(name: String, info: String).returns(Dependabot::Dependency) }
     def parse_multiple_dependency(name, info)
-      dependencies = info["versions"].map do |version|
+      dependencies = Array(info["versions"]).map do |version|
         info["version"] = version
         parse_single_dependency(name, info)
       end
-      dependencies.last.metadata[:all_versions] = dependencies
-      dependencies.last
+      T.must(dependencies.last).metadata[:all_versions] = dependencies
+      T.must(dependencies.last)
     end
 
+    sig { returns(String) }
     def manifest_content
       T.must(T.must(dependency_files.first).content)
     end
 
+    sig { override.void }
     def check_required_files
       # Just check if there are any files at all.
       return if dependency_files.any?

data/lib/dependabot/silent/file_updater.rb

@@ -1,17 +1,21 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
+require "sorbet-runtime"
 
 module SilentPackageManager
   class FileUpdater < Dependabot::FileUpdaters::Base
+    extend T::Sig
+
+    sig { override.returns(T::Array[Dependabot::DependencyFile]) }
     def updated_dependency_files
-      return [] if dependency.name == "dont-update-any-files"
+      return [] if dependency&.name == "dont-update-any-files"
 
       updated_files = []
       dependency_files.each do |file|
-        next unless requirement_changed?(file, dependency)
+        next unless requirement_changed?(file, T.must(dependency))
 
         updated_files << updated_file(file: file, content: updated_file_content(file))
       end
@@ -24,11 +28,13 @@ module SilentPackageManager
 
     private
 
+    sig { returns(T.nilable(Dependabot::Dependency)) }
     def dependency
       # Dockerfiles will only ever be updating a single dependency
       dependencies.first
     end
 
+    sig { override.void }
     def check_required_files
       # Just check if there are any files at all.
       return if dependency_files.any?
@@ -36,18 +42,19 @@ module SilentPackageManager
       raise "No dependency files!"
     end
 
+    sig { params(file: Dependabot::DependencyFile).returns(String) }
     def updated_file_content(file)
-      original_content = JSON.parse(file.content)
+      original_content = JSON.parse(T.must(file.content))
       original_content.each do |name, info|
-        next unless name == dependency.name
+        next unless name == dependency&.name
 
         # If this was a multi-version update, assume we've updated all versions to be the same.
         info.delete("versions") if info["versions"]
 
-        info["version"] = requirements(file).first[:requirement]
+        info["version"] = requirements(file).first&.fetch(:requirement)
         if info["depends-on"]
           # also bump dependants to the same version
-          original_content[info["depends-on"]]["version"] = requirements(file).first[:requirement]
+          original_content[info["depends-on"]]["version"] = requirements(file).first&.fetch(:requirement)
         end
       end
       c = JSON.pretty_generate(original_content)
@@ -55,14 +62,14 @@ module SilentPackageManager
       c
     end
 
+    sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, String]]) }
     def requirements(file)
-      dependency.requirements
-                .select { |r| r[:file] == file.name }
+      dependency&.requirements&.filter { |r| r[:file] == file.name } || []
     end
 
+    sig { params(file: T.untyped).returns(T::Array[T::Hash[Symbol, String]]) }
     def previous_requirements(file)
-      dependency.previous_requirements
-                .select { |r| r[:file] == file.name }
+      dependency&.previous_requirements&.filter { |r| r[:file] == file.name } || []
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-silent
 version: !ruby/object:Gem::Version
-  version: 0.260.0
+  version: 0.261.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-06-06 00:00:00.000000000 Z
+date: 2024-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -253,7 +253,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.1
 post_install_message: 
 rdoc_options: []
 require_paths: