dependabot-silent 0.260.0 → 0.261.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/silent/file_fetcher.rb +6 -1
- data/lib/dependabot/silent/file_parser.rb +12 -4
- data/lib/dependabot/silent/file_updater.rb +18 -11
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd454d4abeedb40cae28ad0e216a0cdb98bd676e3305391f0fdee33f43c16a66
|
|
4
|
+
data.tar.gz: c9374c8d5f8bda9be6651ced6092de0b87977b31a150128bca0e48b3f6d8f4cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc2ccc336fa85f7470acc643a0a319dbd9db7c74c547729feb5533f57681b16a6c843f359b246a33cf7a83658fdfc5a65760d46681082bc3cd432a04a37fdff0
|
|
7
|
+
data.tar.gz: 348f0a6fd8d44b0b2178ee9a4e9199a34dc303090c58a1f028b82438319684c0cf8863f2f3a77343b4c212a9569dd61e26ef6df1247c506617ea2d5c1dc5e67b
|
|
@@ -1,17 +1,22 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/file_fetchers"
|
|
5
5
|
require "dependabot/file_fetchers/base"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
|
|
7
8
|
module SilentPackageManager
|
|
8
9
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
9
13
|
def fetch_files
|
|
10
14
|
[manifest].compact
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
private
|
|
14
18
|
|
|
19
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
15
20
|
def manifest
|
|
16
21
|
fetch_file_if_present("manifest.json")
|
|
17
22
|
end
|
|
@@ -1,14 +1,18 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/dependency"
|
|
5
5
|
require "dependabot/file_parsers"
|
|
6
6
|
require "dependabot/file_parsers/base"
|
|
7
|
+
require "sorbet-runtime"
|
|
7
8
|
|
|
8
9
|
module SilentPackageManager
|
|
9
10
|
class FileParser < Dependabot::FileParsers::Base
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
10
13
|
require "dependabot/file_parsers/base/dependency_set"
|
|
11
14
|
|
|
15
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
12
16
|
def parse
|
|
13
17
|
dependency_set = DependencySet.new
|
|
14
18
|
|
|
@@ -24,6 +28,7 @@ module SilentPackageManager
|
|
|
24
28
|
|
|
25
29
|
private
|
|
26
30
|
|
|
31
|
+
sig { params(name: String, info: String).returns(Dependabot::Dependency) }
|
|
27
32
|
def parse_single_dependency(name, info)
|
|
28
33
|
Dependabot::Dependency.new(
|
|
29
34
|
name: name,
|
|
@@ -40,19 +45,22 @@ module SilentPackageManager
|
|
|
40
45
|
|
|
41
46
|
# To match the behavior of npm_and_yarn, this returns one Dependency but has
|
|
42
47
|
# a metadata field that includes all the versions of the Dependency.
|
|
48
|
+
sig { params(name: String, info: String).returns(Dependabot::Dependency) }
|
|
43
49
|
def parse_multiple_dependency(name, info)
|
|
44
|
-
dependencies = info["versions"].map do |version|
|
|
50
|
+
dependencies = Array(info["versions"]).map do |version|
|
|
45
51
|
info["version"] = version
|
|
46
52
|
parse_single_dependency(name, info)
|
|
47
53
|
end
|
|
48
|
-
dependencies.last.metadata[:all_versions] = dependencies
|
|
49
|
-
dependencies.last
|
|
54
|
+
T.must(dependencies.last).metadata[:all_versions] = dependencies
|
|
55
|
+
T.must(dependencies.last)
|
|
50
56
|
end
|
|
51
57
|
|
|
58
|
+
sig { returns(String) }
|
|
52
59
|
def manifest_content
|
|
53
60
|
T.must(T.must(dependency_files.first).content)
|
|
54
61
|
end
|
|
55
62
|
|
|
63
|
+
sig { override.void }
|
|
56
64
|
def check_required_files
|
|
57
65
|
# Just check if there are any files at all.
|
|
58
66
|
return if dependency_files.any?
|
|
@@ -1,17 +1,21 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/file_updaters"
|
|
5
5
|
require "dependabot/file_updaters/base"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
|
|
7
8
|
module SilentPackageManager
|
|
8
9
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
9
13
|
def updated_dependency_files
|
|
10
|
-
return [] if dependency
|
|
14
|
+
return [] if dependency&.name == "dont-update-any-files"
|
|
11
15
|
|
|
12
16
|
updated_files = []
|
|
13
17
|
dependency_files.each do |file|
|
|
14
|
-
next unless requirement_changed?(file, dependency)
|
|
18
|
+
next unless requirement_changed?(file, T.must(dependency))
|
|
15
19
|
|
|
16
20
|
updated_files << updated_file(file: file, content: updated_file_content(file))
|
|
17
21
|
end
|
|
@@ -24,11 +28,13 @@ module SilentPackageManager
|
|
|
24
28
|
|
|
25
29
|
private
|
|
26
30
|
|
|
31
|
+
sig { returns(T.nilable(Dependabot::Dependency)) }
|
|
27
32
|
def dependency
|
|
28
33
|
# Dockerfiles will only ever be updating a single dependency
|
|
29
34
|
dependencies.first
|
|
30
35
|
end
|
|
31
36
|
|
|
37
|
+
sig { override.void }
|
|
32
38
|
def check_required_files
|
|
33
39
|
# Just check if there are any files at all.
|
|
34
40
|
return if dependency_files.any?
|
|
@@ -36,18 +42,19 @@ module SilentPackageManager
|
|
|
36
42
|
raise "No dependency files!"
|
|
37
43
|
end
|
|
38
44
|
|
|
45
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
39
46
|
def updated_file_content(file)
|
|
40
|
-
original_content = JSON.parse(file.content)
|
|
47
|
+
original_content = JSON.parse(T.must(file.content))
|
|
41
48
|
original_content.each do |name, info|
|
|
42
|
-
next unless name == dependency
|
|
49
|
+
next unless name == dependency&.name
|
|
43
50
|
|
|
44
51
|
# If this was a multi-version update, assume we've updated all versions to be the same.
|
|
45
52
|
info.delete("versions") if info["versions"]
|
|
46
53
|
|
|
47
|
-
info["version"] = requirements(file).first
|
|
54
|
+
info["version"] = requirements(file).first&.fetch(:requirement)
|
|
48
55
|
if info["depends-on"]
|
|
49
56
|
# also bump dependants to the same version
|
|
50
|
-
original_content[info["depends-on"]]["version"] = requirements(file).first
|
|
57
|
+
original_content[info["depends-on"]]["version"] = requirements(file).first&.fetch(:requirement)
|
|
51
58
|
end
|
|
52
59
|
end
|
|
53
60
|
c = JSON.pretty_generate(original_content)
|
|
@@ -55,14 +62,14 @@ module SilentPackageManager
|
|
|
55
62
|
c
|
|
56
63
|
end
|
|
57
64
|
|
|
65
|
+
sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, String]]) }
|
|
58
66
|
def requirements(file)
|
|
59
|
-
dependency.
|
|
60
|
-
.select { |r| r[:file] == file.name }
|
|
67
|
+
dependency&.requirements&.filter { |r| r[:file] == file.name } || []
|
|
61
68
|
end
|
|
62
69
|
|
|
70
|
+
sig { params(file: T.untyped).returns(T::Array[T::Hash[Symbol, String]]) }
|
|
63
71
|
def previous_requirements(file)
|
|
64
|
-
dependency.
|
|
65
|
-
.select { |r| r[:file] == file.name }
|
|
72
|
+
dependency&.previous_requirements&.filter { |r| r[:file] == file.name } || []
|
|
66
73
|
end
|
|
67
74
|
end
|
|
68
75
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-silent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.261.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-06-
|
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.261.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.261.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -253,7 +253,7 @@ licenses:
|
|
|
253
253
|
- MIT
|
|
254
254
|
metadata:
|
|
255
255
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
256
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
256
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
|
257
257
|
post_install_message:
|
|
258
258
|
rdoc_options: []
|
|
259
259
|
require_paths:
|