dependabot-silent 0.332.0 → 0.334.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/silent/requirement.rb +9 -2
- data/lib/dependabot/silent/update_checker.rb +29 -6
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ad4555f3fc0aeace8b6b505fe47a04e1e9b4c859c7804a0f880c26dd073a389c
|
|
4
|
+
data.tar.gz: c848eac3bde69d73dfd9dfd0191806e5bd019e0a41793a4e25b5d4a8768e4975
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d330b5413838d9f4f54d8739858bee0104f1b5a4f48fd159a6d9a3fabc9b5c2344fdeed4d975268151591a18420ec5582ad8cced93e1aa48ae40ca5ebc887a09
|
|
7
|
+
data.tar.gz: 055fe8ab5cccff9c4f3177be758c8693b935a8be1439f1760030d1658ec0a6e059cdf925807182ff6e429c7059148fe37f0d8f88ddd38d8b7fc92901117330ab
|
|
@@ -1,17 +1,24 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/requirement"
|
|
5
7
|
require "dependabot/utils"
|
|
6
8
|
|
|
7
9
|
module SilentPackageManager
|
|
8
10
|
class Requirement < Dependabot::Requirement
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
9
13
|
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
|
|
10
14
|
|
|
15
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Dependabot::Requirement]) }
|
|
11
16
|
def self.requirements_array(requirement_string)
|
|
17
|
+
return [] if requirement_string.nil?
|
|
18
|
+
|
|
12
19
|
requirements = requirement_string.split(AND_SEPARATOR).map(&:strip)
|
|
13
20
|
|
|
14
|
-
[new(
|
|
21
|
+
[new(requirements)]
|
|
15
22
|
end
|
|
16
23
|
end
|
|
17
24
|
end
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/update_checkers"
|
|
5
7
|
require "dependabot/update_checkers/base"
|
|
6
8
|
require "dependabot/errors"
|
|
@@ -8,6 +10,15 @@ require "dependabot/update_checkers/version_filters"
|
|
|
8
10
|
|
|
9
11
|
module SilentPackageManager
|
|
10
12
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
15
|
+
sig { params(args: T.untyped, kwargs: T.untyped).void }
|
|
16
|
+
def initialize(*args, **kwargs)
|
|
17
|
+
super
|
|
18
|
+
@available_versions = T.let(nil, T.nilable(T::Array[SilentPackageManager::Version]))
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
sig { override.returns(T.nilable(String)) }
|
|
11
22
|
def latest_version
|
|
12
23
|
return next_git_version if git_dependency?
|
|
13
24
|
|
|
@@ -16,6 +27,7 @@ module SilentPackageManager
|
|
|
16
27
|
versions.max.to_s
|
|
17
28
|
end
|
|
18
29
|
|
|
30
|
+
sig { override.returns(T::Boolean) }
|
|
19
31
|
def latest_version_resolvable_with_full_unlock?
|
|
20
32
|
# For ecosystems that have lockfiles, the updater allows an ecosystem to try progressively
|
|
21
33
|
# more aggressive approaches to dependency unlocking. This method represents the most aggressive
|
|
@@ -24,29 +36,34 @@ module SilentPackageManager
|
|
|
24
36
|
false
|
|
25
37
|
end
|
|
26
38
|
|
|
39
|
+
sig { override.returns(T.nilable(Gem::Version)) }
|
|
27
40
|
def lowest_security_fix_version
|
|
28
41
|
versions = available_versions
|
|
29
42
|
versions = filter_lower_versions(versions)
|
|
30
43
|
Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
|
|
31
44
|
versions,
|
|
32
45
|
security_advisories
|
|
33
|
-
).min
|
|
46
|
+
).min
|
|
34
47
|
end
|
|
35
48
|
|
|
49
|
+
sig { override.returns(T.nilable(Gem::Version)) }
|
|
36
50
|
def lowest_resolvable_security_fix_version
|
|
37
51
|
raise "Dependency not vulnerable!" unless vulnerable?
|
|
38
52
|
|
|
39
53
|
lowest_security_fix_version
|
|
40
54
|
end
|
|
41
55
|
|
|
56
|
+
sig { override.returns(T::Boolean) }
|
|
42
57
|
def up_to_date?
|
|
43
58
|
dependency.version == latest_version
|
|
44
59
|
end
|
|
45
60
|
|
|
61
|
+
sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
|
|
46
62
|
def latest_resolvable_version
|
|
47
63
|
latest_version
|
|
48
64
|
end
|
|
49
65
|
|
|
66
|
+
sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
50
67
|
def updated_requirements
|
|
51
68
|
dependency.requirements.map do |req|
|
|
52
69
|
req.merge(requirement: preferred_resolvable_version)
|
|
@@ -55,18 +72,22 @@ module SilentPackageManager
|
|
|
55
72
|
|
|
56
73
|
private
|
|
57
74
|
|
|
75
|
+
sig { returns(T::Boolean) }
|
|
58
76
|
def git_dependency?
|
|
59
77
|
dependency.version&.length == 40
|
|
60
78
|
end
|
|
61
79
|
|
|
80
|
+
sig { returns(T.untyped) }
|
|
62
81
|
def next_git_version
|
|
63
82
|
fetch_dependency_metadata["git"]
|
|
64
83
|
end
|
|
65
84
|
|
|
85
|
+
sig { params(versions: T::Array[SilentPackageManager::Version]).returns(T::Array[SilentPackageManager::Version]) }
|
|
66
86
|
def filter_lower_versions(versions)
|
|
67
87
|
versions.reject { |v| v < version_class.new(dependency.version) }
|
|
68
88
|
end
|
|
69
89
|
|
|
90
|
+
sig { params(versions: T::Array[SilentPackageManager::Version]).returns(T::Array[SilentPackageManager::Version]) }
|
|
70
91
|
def filter_ignored_versions(versions)
|
|
71
92
|
filtered = versions.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
72
93
|
return filtered unless versions.any? && filtered.empty? && raise_on_ignored
|
|
@@ -74,6 +95,7 @@ module SilentPackageManager
|
|
|
74
95
|
raise Dependabot::AllVersionsIgnored
|
|
75
96
|
end
|
|
76
97
|
|
|
98
|
+
sig { returns(T::Hash[String, T.untyped]) }
|
|
77
99
|
def fetch_dependency_metadata
|
|
78
100
|
version_file = File.join(repo_contents_path, dependency.name)
|
|
79
101
|
return { "versions" => [] } unless File.exist?(version_file)
|
|
@@ -85,11 +107,12 @@ module SilentPackageManager
|
|
|
85
107
|
raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
|
|
86
108
|
end
|
|
87
109
|
|
|
110
|
+
sig { returns(T::Array[SilentPackageManager::Version]) }
|
|
88
111
|
def available_versions
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
112
|
+
@available_versions ||= T.let(begin
|
|
113
|
+
versions = fetch_dependency_metadata["versions"]
|
|
114
|
+
versions.map { |v| SilentPackageManager::Version.new(v) }
|
|
115
|
+
end, T.nilable(T::Array[SilentPackageManager::Version]))
|
|
93
116
|
end
|
|
94
117
|
end
|
|
95
118
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-silent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.334.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.334.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.334.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -211,14 +211,14 @@ dependencies:
|
|
|
211
211
|
requirements:
|
|
212
212
|
- - "~>"
|
|
213
213
|
- !ruby/object:Gem::Version
|
|
214
|
-
version: '3.
|
|
214
|
+
version: '3.25'
|
|
215
215
|
type: :development
|
|
216
216
|
prerelease: false
|
|
217
217
|
version_requirements: !ruby/object:Gem::Requirement
|
|
218
218
|
requirements:
|
|
219
219
|
- - "~>"
|
|
220
220
|
- !ruby/object:Gem::Version
|
|
221
|
-
version: '3.
|
|
221
|
+
version: '3.25'
|
|
222
222
|
- !ruby/object:Gem::Dependency
|
|
223
223
|
name: webrick
|
|
224
224
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -253,7 +253,7 @@ licenses:
|
|
|
253
253
|
- MIT
|
|
254
254
|
metadata:
|
|
255
255
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
256
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
256
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
|
|
257
257
|
rdoc_options: []
|
|
258
258
|
require_paths:
|
|
259
259
|
- lib
|