dependabot-silent 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/silent/requirement.rb +9 -2
  3. data/lib/dependabot/silent/update_checker.rb +32 -6
  4. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f574b13dce9cf6fe21883c08596855b5437af90436c6b7fa8bc2936a443f34c
4
- data.tar.gz: 56705202e916231fafa066a1cb0609b93a07419927f1da683cb5325007feb4ca
3
+ metadata.gz: 2bcb5e6a9e9bbe7a6f0b9f7799e0cdfffcb2ea012b3b7b71583c20fd1dd6cbc7
4
+ data.tar.gz: 65c82c747c4ff3704391e767169195f5ccd3376c6f1193b0af4a3b95f82b18ac
5
5
  SHA512:
6
- metadata.gz: fde59f31b44bbfe6c6916882ec738d81cb804cc916b6346608222fc9a8c378ee35af70c03281b23e3ae546cb6d4552340cbce7ed0d0be928886a22fc2fda07b6
7
- data.tar.gz: bf1412ff42fb796aec14608a3d11dee45292c68f80460eb6678c2e3ddadf942293948ea8969c7dc9e67bb8f7c41cccc994617b0d1d81ca3be04cee525d772781
6
+ metadata.gz: d780f6243f2e6a11f1a840cb538dbb91bc1af0a5c9b932e2730b6cf176f016ac9a658db731f71c362ca52f88beeb09c9ba22bd1a73c0d28f2711369eebc4d2c7
7
+ data.tar.gz: a5ec1adaaa86538d9f9072f5bae0d087d543c3927a36ec07464c87f308d0daeb2a5de850f65f7f580a54b09a2a3b565497434fec7eff8162cae33fd81982690b
data/lib/dependabot/silent/requirement.rb CHANGED
@@ -1,17 +1,24 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/requirement"
5
7
  require "dependabot/utils"
6
8
 
7
9
  module SilentPackageManager
8
10
  class Requirement < Dependabot::Requirement
11
+ extend T::Sig
12
+
9
13
  AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
10
14
 
15
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Dependabot::Requirement]) }
11
16
  def self.requirements_array(requirement_string)
17
+ return [] if requirement_string.nil?
18
+
12
19
  requirements = requirement_string.split(AND_SEPARATOR).map(&:strip)
13
20
 
14
- [new(*requirements)]
21
+ [new(requirements)]
15
22
  end
16
23
  end
17
24
  end
data/lib/dependabot/silent/update_checker.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/update_checkers"
5
7
  require "dependabot/update_checkers/base"
6
8
  require "dependabot/errors"
@@ -8,6 +10,15 @@ require "dependabot/update_checkers/version_filters"
8
10
 
9
11
  module SilentPackageManager
10
12
  class UpdateChecker < Dependabot::UpdateCheckers::Base
13
+ extend T::Sig
14
+
15
+ sig { params(args: T.untyped, kwargs: T.untyped).void }
16
+ def initialize(*args, **kwargs)
17
+ super
18
+ @available_versions = T.let(nil, T.nilable(T::Array[SilentPackageManager::Version]))
19
+ end
20
+
21
+ sig { override.returns(T.nilable(String)) }
11
22
  def latest_version
12
23
  return next_git_version if git_dependency?
13
24
 
@@ -16,6 +27,7 @@ module SilentPackageManager
16
27
  versions.max.to_s
17
28
  end
18
29
 
30
+ sig { override.returns(T::Boolean) }
19
31
  def latest_version_resolvable_with_full_unlock?
20
32
  # For ecosystems that have lockfiles, the updater allows an ecosystem to try progressively
21
33
  # more aggressive approaches to dependency unlocking. This method represents the most aggressive
@@ -24,29 +36,34 @@ module SilentPackageManager
24
36
  false
25
37
  end
26
38
 
39
+ sig { override.returns(T.nilable(Gem::Version)) }
27
40
  def lowest_security_fix_version
28
41
  versions = available_versions
29
42
  versions = filter_lower_versions(versions)
30
43
  Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
31
44
  versions,
32
45
  security_advisories
33
- ).min.to_s
46
+ ).min
34
47
  end
35
48
 
49
+ sig { override.returns(T.nilable(Gem::Version)) }
36
50
  def lowest_resolvable_security_fix_version
37
51
  raise "Dependency not vulnerable!" unless vulnerable?
38
52
 
39
53
  lowest_security_fix_version
40
54
  end
41
55
 
56
+ sig { override.returns(T::Boolean) }
42
57
  def up_to_date?
43
58
  dependency.version == latest_version
44
59
  end
45
60
 
61
+ sig { override.returns(T.nilable(T.any(String, Gem::Version))) }
46
62
  def latest_resolvable_version
47
63
  latest_version
48
64
  end
49
65
 
66
+ sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
50
67
  def updated_requirements
51
68
  dependency.requirements.map do |req|
52
69
  req.merge(requirement: preferred_resolvable_version)
@@ -55,18 +72,22 @@ module SilentPackageManager
55
72
 
56
73
  private
57
74
 
75
+ sig { returns(T::Boolean) }
58
76
  def git_dependency?
59
77
  dependency.version&.length == 40
60
78
  end
61
79
 
80
+ sig { returns(T.untyped) }
62
81
  def next_git_version
63
82
  fetch_dependency_metadata["git"]
64
83
  end
65
84
 
85
+ sig { params(versions: T::Array[SilentPackageManager::Version]).returns(T::Array[SilentPackageManager::Version]) }
66
86
  def filter_lower_versions(versions)
67
87
  versions.reject { |v| v < version_class.new(dependency.version) }
68
88
  end
69
89
 
90
+ sig { params(versions: T::Array[SilentPackageManager::Version]).returns(T::Array[SilentPackageManager::Version]) }
70
91
  def filter_ignored_versions(versions)
71
92
  filtered = versions.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
72
93
  return filtered unless versions.any? && filtered.empty? && raise_on_ignored
@@ -74,6 +95,7 @@ module SilentPackageManager
74
95
  raise Dependabot::AllVersionsIgnored
75
96
  end
76
97
 
98
+ sig { returns(T::Hash[String, T.untyped]) }
77
99
  def fetch_dependency_metadata
78
100
  version_file = File.join(repo_contents_path, dependency.name)
79
101
  return { "versions" => [] } unless File.exist?(version_file)
@@ -85,11 +107,15 @@ module SilentPackageManager
85
107
  raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
86
108
  end
87
109
 
110
+ sig { returns(T::Array[SilentPackageManager::Version]) }
88
111
  def available_versions
89
- return @available_versions if defined? @available_versions
90
-
91
- versions = fetch_dependency_metadata["versions"]
92
- @available_versions = versions.map { |v| SilentPackageManager::Version.new(v) }
112
+ @available_versions ||= T.let(
113
+ begin
114
+ versions = fetch_dependency_metadata["versions"]
115
+ versions.map { |v| SilentPackageManager::Version.new(v) }
116
+ end,
117
+ T.nilable(T::Array[SilentPackageManager::Version])
118
+ )
93
119
  end
94
120
  end
95
121
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-silent
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.333.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.333.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.333.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -253,7 +253,7 @@ licenses:
253
253
  - MIT
254
254
  metadata:
255
255
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
256
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
256
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
257
257
  rdoc_options: []
258
258
  require_paths:
259
259
  - lib