dependabot-silent 0.243.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 76ecae4d13c85ee5e3aa51b1b400e6bfdf8f5153ea9ec4e693d52decf365f4cf
+  data.tar.gz: 180c545d1ec400efd13b1bc0c9a2c4590a8beed77cc5ab1f523757388a23317c
+SHA512:
+  metadata.gz: 742a70b1a4f95beef611f3f43a7edd72e3da77ffdb4e62550b49dd8aea46f4c24e21ad613481a665252dd277f1d35a7de7b485ccb33b8b0e2d0b98a3b58e11f9
+  data.tar.gz: f2028652dbfc3e842d2cdae2a9e6d2ae817079b45533bee72fd06bb0a952908db9f6e6f8bff03f2fbd48870529a6fb52648f7cda9f0262037d5088fadfcbe9fb

data/lib/dependabot/silent/file_fetcher.rb

@@ -0,0 +1,22 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+
+module SilentPackageManager
+  class FileFetcher < Dependabot::FileFetchers::Base
+    def fetch_files
+      [manifest].compact
+    end
+
+    private
+
+    def manifest
+      fetch_file_if_present("manifest.json")
+    end
+  end
+end
+
+Dependabot::FileFetchers
+  .register("silent", SilentPackageManager::FileFetcher)

data/lib/dependabot/silent/file_parser.rb

@@ -0,0 +1,49 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/dependency"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+
+module SilentPackageManager
+  class FileParser < Dependabot::FileParsers::Base
+    require "dependabot/file_parsers/base/dependency_set"
+
+    def parse
+      dependency_set = DependencySet.new
+
+      JSON.parse(manifest_content).each do |name, info|
+        dependency_set << Dependabot::Dependency.new(
+          name: name,
+          version: info["version"],
+          package_manager: "silent",
+          requirements: [{
+            requirement: info["version"],
+            file: T.must(dependency_files.first).name,
+            groups: [info["group"]].compact,
+            source: nil
+          }]
+        )
+      end
+
+      dependency_set.dependencies
+    rescue JSON::ParserError
+      raise Dependabot::DependencyFileNotParseable, T.must(dependency_files.first).path
+    end
+
+    private
+
+    def manifest_content
+      T.must(T.must(dependency_files.first).content)
+    end
+
+    def check_required_files
+      # Just check if there are any files at all.
+      return if dependency_files.any?
+
+      raise "No dependency files!"
+    end
+  end
+end
+
+Dependabot::FileParsers.register("silent", SilentPackageManager::FileParser)

data/lib/dependabot/silent/file_updater.rb

@@ -0,0 +1,67 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+
+module SilentPackageManager
+  class FileUpdater < Dependabot::FileUpdaters::Base
+    def updated_dependency_files
+      return [] if dependency.name == "dont-update-any-files"
+
+      updated_files = []
+      dependency_files.each do |file|
+        next unless requirement_changed?(file, dependency)
+
+        updated_files << updated_file(file: file, content: updated_file_content(file))
+      end
+
+      updated_files.reject! { |f| dependency_files.include?(f) }
+      raise "No files changed!" if updated_files.none?
+
+      updated_files
+    end
+
+    private
+
+    def dependency
+      # Dockerfiles will only ever be updating a single dependency
+      dependencies.first
+    end
+
+    def check_required_files
+      # Just check if there are any files at all.
+      return if dependency_files.any?
+
+      raise "No dependency files!"
+    end
+
+    def updated_file_content(file)
+      original_content = JSON.parse(file.content)
+      original_content.each do |name, info|
+        next unless name == dependency.name
+
+        info["version"] = requirements(file).first[:requirement]
+        if info["depends-on"]
+          # also bump dependants to the same version
+          original_content[info["depends-on"]]["version"] = requirements(file).first[:requirement]
+        end
+      end
+      c = JSON.pretty_generate(original_content)
+      puts c
+      c
+    end
+
+    def requirements(file)
+      dependency.requirements
+                .select { |r| r[:file] == file.name }
+    end
+
+    def previous_requirements(file)
+      dependency.previous_requirements
+                .select { |r| r[:file] == file.name }
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("silent", SilentPackageManager::FileUpdater)

data/lib/dependabot/silent/requirement.rb

@@ -0,0 +1,20 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/requirement"
+require "dependabot/utils"
+
+module SilentPackageManager
+  class Requirement < Dependabot::Requirement
+    AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/
+
+    def self.requirements_array(requirement_string)
+      requirements = requirement_string.split(AND_SEPARATOR).map(&:strip)
+
+      [new(*requirements)]
+    end
+  end
+end
+
+Dependabot::Utils
+  .register_requirement_class("silent", SilentPackageManager::Requirement)

data/lib/dependabot/silent/update_checker.rb

@@ -0,0 +1,97 @@
+# typed: true
+# frozen_string_literal: true
+
+require "dependabot/update_checkers"
+require "dependabot/update_checkers/base"
+require "dependabot/errors"
+require "dependabot/update_checkers/version_filters"
+
+module SilentPackageManager
+  class UpdateChecker < Dependabot::UpdateCheckers::Base
+    def latest_version
+      return next_git_version if git_dependency?
+
+      versions = available_versions
+      versions = filter_ignored_versions(versions)
+      versions.max.to_s
+    end
+
+    def latest_version_resolvable_with_full_unlock?
+      # For ecosystems that have lockfiles, the updater allows an ecosystem to try progressively
+      # more aggressive approaches to dependency unlocking. This method represents the most aggressive
+      # approach that allows for updating all dependencies to try to get the target dependency to update.
+      # We're going to let the specs handle testing that logic, returning false here.
+      false
+    end
+
+    def lowest_security_fix_version
+      versions = available_versions
+      versions = filter_lower_versions(versions)
+      Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
+        versions,
+        security_advisories
+      ).min.to_s
+    end
+
+    def lowest_resolvable_security_fix_version
+      raise "Dependency not vulnerable!" unless vulnerable?
+
+      lowest_security_fix_version
+    end
+
+    def up_to_date?
+      dependency.version == latest_version
+    end
+
+    def latest_resolvable_version
+      latest_version
+    end
+
+    def updated_requirements
+      dependency.requirements.map do |req|
+        req.merge(requirement: preferred_resolvable_version)
+      end
+    end
+
+    private
+
+    def git_dependency?
+      dependency.version&.length == 40
+    end
+
+    def next_git_version
+      fetch_dependency_metadata["git"]
+    end
+
+    def filter_lower_versions(versions)
+      versions.reject { |v| v < version_class.new(dependency.version) }
+    end
+
+    def filter_ignored_versions(versions)
+      filtered = versions.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
+      return filtered unless versions.any? && filtered.empty? && raise_on_ignored
+
+      raise Dependabot::AllVersionsIgnored
+    end
+
+    def fetch_dependency_metadata
+      version_file = File.join(repo_contents_path, dependency.name)
+      return { "versions" => [] } unless File.exist?(version_file)
+
+      # the available versions are stored in a file in the repo
+      # that's why this package manager is silent, makes no requests
+      JSON.parse(File.read(version_file))
+    rescue JSON::ParserError
+      raise Dependabot::DependencyFileNotParseable, dependency_files.first.path
+    end
+
+    def available_versions
+      return @available_versions if defined? @available_versions
+
+      versions = fetch_dependency_metadata["versions"]
+      @available_versions = versions.map { |v| SilentPackageManager::Version.new(v) }
+    end
+  end
+end
+
+Dependabot::UpdateCheckers.register("silent", SilentPackageManager::UpdateChecker)

data/lib/dependabot/silent/version.rb

@@ -0,0 +1,13 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "dependabot/version"
+require "dependabot/utils"
+
+module SilentPackageManager
+  class Version < Dependabot::Version
+  end
+end
+
+Dependabot::Utils
+  .register_version_class("silent", SilentPackageManager::Version)

data/lib/dependabot/silent.rb

@@ -0,0 +1,20 @@
+# typed: strict
+# frozen_string_literal: true
+
+# These all need to be required so the various classes can be registered in a
+# lookup table of package manager names to concrete classes.
+require "dependabot/silent/file_fetcher"
+require "dependabot/silent/file_parser"
+require "dependabot/silent/update_checker"
+require "dependabot/silent/file_updater"
+# require "dependabot/silent/metadata_finder" TODO
+require "dependabot/silent/requirement"
+require "dependabot/silent/version"
+
+require "dependabot/pull_request_creator/labeler"
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("silent", name: "silent_package_manager", colour: "000000")
+
+require "dependabot/dependency"
+Dependabot::Dependency
+  .register_production_check("silent", ->(groups) { groups.empty? || groups.include?("prod") })

metadata

@@ -0,0 +1,261 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-silent
+version: !ruby/object:Gem::Version
+  version: 0.243.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-02-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.243.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.243.0
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.58.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.58.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.19.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-sorbet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.3
+- !ruby/object:Gem::Dependency
+  name: stackprof
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.16
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.16
+- !ruby/object:Gem::Dependency
+  name: turbo_tests
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: Silent ecosystem
+email: opensource@github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/silent.rb
+- lib/dependabot/silent/file_fetcher.rb
+- lib/dependabot/silent/file_parser.rb
+- lib/dependabot/silent/file_updater.rb
+- lib/dependabot/silent/requirement.rb
+- lib/dependabot/silent/update_checker.rb
+- lib/dependabot/silent/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- Nonstandard
+metadata:
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+requirements: []
+rubygems_version: 3.3.26
+signing_key: 
+specification_version: 4
+summary: Silent ecosystem
+test_files: []