dependabot-silent 0.260.0 → 0.261.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/silent/file_fetcher.rb +6 -1
- data/lib/dependabot/silent/file_parser.rb +12 -4
- data/lib/dependabot/silent/file_updater.rb +18 -11
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 73d77c9c9a5622d91fd9904894a5c2d7868138910b19584d911f092ec013ccc2
|
4
|
+
data.tar.gz: 2d3745c500acd3b2792f6f6114b0f03e3efaeb967e31725ec816f17c837c4bca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f4ae800f9cadd717c8465a3ff781b687b809bf2ca2acd7ba9c82689cbfac990845a3e1148eee382b11f29ff7a9f80e23c0d4d6484c3195b188c5225326d96c3
|
7
|
+
data.tar.gz: 900ac2e5ccf41f0e28037bbd0bc69f063fbcbcffc519cb4dd812f1541460df6ce417f447078b41ed1676fe4ea29dcb163fd5cb4ce2a940fbb4bd9f37535f5a4a
|
@@ -1,17 +1,22 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/file_fetchers"
|
5
5
|
require "dependabot/file_fetchers/base"
|
6
|
+
require "sorbet-runtime"
|
6
7
|
|
7
8
|
module SilentPackageManager
|
8
9
|
class FileFetcher < Dependabot::FileFetchers::Base
|
10
|
+
extend T::Sig
|
11
|
+
|
12
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
9
13
|
def fetch_files
|
10
14
|
[manifest].compact
|
11
15
|
end
|
12
16
|
|
13
17
|
private
|
14
18
|
|
19
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
15
20
|
def manifest
|
16
21
|
fetch_file_if_present("manifest.json")
|
17
22
|
end
|
@@ -1,14 +1,18 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/dependency"
|
5
5
|
require "dependabot/file_parsers"
|
6
6
|
require "dependabot/file_parsers/base"
|
7
|
+
require "sorbet-runtime"
|
7
8
|
|
8
9
|
module SilentPackageManager
|
9
10
|
class FileParser < Dependabot::FileParsers::Base
|
11
|
+
extend T::Sig
|
12
|
+
|
10
13
|
require "dependabot/file_parsers/base/dependency_set"
|
11
14
|
|
15
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
12
16
|
def parse
|
13
17
|
dependency_set = DependencySet.new
|
14
18
|
|
@@ -24,6 +28,7 @@ module SilentPackageManager
|
|
24
28
|
|
25
29
|
private
|
26
30
|
|
31
|
+
sig { params(name: String, info: String).returns(Dependabot::Dependency) }
|
27
32
|
def parse_single_dependency(name, info)
|
28
33
|
Dependabot::Dependency.new(
|
29
34
|
name: name,
|
@@ -40,19 +45,22 @@ module SilentPackageManager
|
|
40
45
|
|
41
46
|
# To match the behavior of npm_and_yarn, this returns one Dependency but has
|
42
47
|
# a metadata field that includes all the versions of the Dependency.
|
48
|
+
sig { params(name: String, info: String).returns(Dependabot::Dependency) }
|
43
49
|
def parse_multiple_dependency(name, info)
|
44
|
-
dependencies = info["versions"].map do |version|
|
50
|
+
dependencies = Array(info["versions"]).map do |version|
|
45
51
|
info["version"] = version
|
46
52
|
parse_single_dependency(name, info)
|
47
53
|
end
|
48
|
-
dependencies.last.metadata[:all_versions] = dependencies
|
49
|
-
dependencies.last
|
54
|
+
T.must(dependencies.last).metadata[:all_versions] = dependencies
|
55
|
+
T.must(dependencies.last)
|
50
56
|
end
|
51
57
|
|
58
|
+
sig { returns(String) }
|
52
59
|
def manifest_content
|
53
60
|
T.must(T.must(dependency_files.first).content)
|
54
61
|
end
|
55
62
|
|
63
|
+
sig { override.void }
|
56
64
|
def check_required_files
|
57
65
|
# Just check if there are any files at all.
|
58
66
|
return if dependency_files.any?
|
@@ -1,17 +1,21 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/file_updaters"
|
5
5
|
require "dependabot/file_updaters/base"
|
6
|
+
require "sorbet-runtime"
|
6
7
|
|
7
8
|
module SilentPackageManager
|
8
9
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
10
|
+
extend T::Sig
|
11
|
+
|
12
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
9
13
|
def updated_dependency_files
|
10
|
-
return [] if dependency
|
14
|
+
return [] if dependency&.name == "dont-update-any-files"
|
11
15
|
|
12
16
|
updated_files = []
|
13
17
|
dependency_files.each do |file|
|
14
|
-
next unless requirement_changed?(file, dependency)
|
18
|
+
next unless requirement_changed?(file, T.must(dependency))
|
15
19
|
|
16
20
|
updated_files << updated_file(file: file, content: updated_file_content(file))
|
17
21
|
end
|
@@ -24,11 +28,13 @@ module SilentPackageManager
|
|
24
28
|
|
25
29
|
private
|
26
30
|
|
31
|
+
sig { returns(T.nilable(Dependabot::Dependency)) }
|
27
32
|
def dependency
|
28
33
|
# Dockerfiles will only ever be updating a single dependency
|
29
34
|
dependencies.first
|
30
35
|
end
|
31
36
|
|
37
|
+
sig { override.void }
|
32
38
|
def check_required_files
|
33
39
|
# Just check if there are any files at all.
|
34
40
|
return if dependency_files.any?
|
@@ -36,18 +42,19 @@ module SilentPackageManager
|
|
36
42
|
raise "No dependency files!"
|
37
43
|
end
|
38
44
|
|
45
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
39
46
|
def updated_file_content(file)
|
40
|
-
original_content = JSON.parse(file.content)
|
47
|
+
original_content = JSON.parse(T.must(file.content))
|
41
48
|
original_content.each do |name, info|
|
42
|
-
next unless name == dependency
|
49
|
+
next unless name == dependency&.name
|
43
50
|
|
44
51
|
# If this was a multi-version update, assume we've updated all versions to be the same.
|
45
52
|
info.delete("versions") if info["versions"]
|
46
53
|
|
47
|
-
info["version"] = requirements(file).first
|
54
|
+
info["version"] = requirements(file).first&.fetch(:requirement)
|
48
55
|
if info["depends-on"]
|
49
56
|
# also bump dependants to the same version
|
50
|
-
original_content[info["depends-on"]]["version"] = requirements(file).first
|
57
|
+
original_content[info["depends-on"]]["version"] = requirements(file).first&.fetch(:requirement)
|
51
58
|
end
|
52
59
|
end
|
53
60
|
c = JSON.pretty_generate(original_content)
|
@@ -55,14 +62,14 @@ module SilentPackageManager
|
|
55
62
|
c
|
56
63
|
end
|
57
64
|
|
65
|
+
sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, String]]) }
|
58
66
|
def requirements(file)
|
59
|
-
dependency.
|
60
|
-
.select { |r| r[:file] == file.name }
|
67
|
+
dependency&.requirements&.filter { |r| r[:file] == file.name } || []
|
61
68
|
end
|
62
69
|
|
70
|
+
sig { params(file: T.untyped).returns(T::Array[T::Hash[Symbol, String]]) }
|
63
71
|
def previous_requirements(file)
|
64
|
-
dependency.
|
65
|
-
.select { |r| r[:file] == file.name }
|
72
|
+
dependency&.previous_requirements&.filter { |r| r[:file] == file.name } || []
|
66
73
|
end
|
67
74
|
end
|
68
75
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-silent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.261.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06-
|
11
|
+
date: 2024-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.261.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.261.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -253,7 +253,7 @@ licenses:
|
|
253
253
|
- MIT
|
254
254
|
metadata:
|
255
255
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
256
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
256
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.1
|
257
257
|
post_install_message:
|
258
258
|
rdoc_options: []
|
259
259
|
require_paths:
|