dependabot-swift 0.224.0 → 0.226.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/swift/file_parser/dependency_parser.rb +12 -3
  3. data/lib/dependabot/swift/file_parser/manifest_parser.rb +6 -6
  4. data/lib/dependabot/swift/file_parser.rb +2 -1
  5. data/lib/dependabot/swift/file_updater/lockfile_updater.rb +17 -11
  6. data/lib/dependabot/swift/file_updater.rb +3 -2
  7. data/lib/dependabot/swift/native_requirement.rb +4 -1
  8. data/lib/dependabot/swift/update_checker/version_resolver.rb +3 -2
  9. data/lib/dependabot/swift/update_checker.rb +2 -1
  10. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: daa823cdb9f7cf8a02a3ae2db25b54b941c87b80c57633c9c2a6e3c09cf2af9d
4
- data.tar.gz: 59a6217a928b15e42b033c987cb7e52572961699cd9b78a6b137e88c21d7ccef
3
+ metadata.gz: db5c53249cce90cbbcc7af6b7caa03dabf0ba5868191bad0bd3715e2f8e38ef3
4
+ data.tar.gz: 8c969168a15ae0d90e3f31a3b11d082fe1951ac08deeb9a15b5d61d84c43fcc3
5
5
  SHA512:
6
- metadata.gz: 4ed7d0edc5cf21554321deb0ef4b5ba1caf36878af28c6a36129d60d016f657706d5dfe516ec6c4082fcc68a3007ed6725e2f18840dc2f72a1bb1dc584043818
7
- data.tar.gz: 929239d17f49f5260cd217deba666429de17e93afb2c4b970496fa4f0656d4ce9fe3515de067995e087ccb4ea97388156b048cb2f1ebe9948b221f062381d132
6
+ metadata.gz: 37668cae90b80db45b2d64c5f1d81387af452ef4938aed47e700ff316185c963aeae248a983d41fe6ec1cea430e1fa1cb3263e53f8fcbf58dfe0256435aaa9ad
7
+ data.tar.gz: 81e0899a0dc2e8ae824ace28d3ffc2a1320dc68e3f495107dcade4c7be57b1eddcaf1ec36e432f4e8a3d6273d4db9a350b0e7870330b00ee8c01f24151201681
data/lib/dependabot/swift/file_parser/dependency_parser.rb CHANGED
@@ -4,6 +4,7 @@ require "dependabot/file_parsers/base"
4
4
  require "dependabot/shared_helpers"
5
5
  require "dependabot/dependency"
6
6
  require "json"
7
+ require "uri"
7
8
 
8
9
  module Dependabot
9
10
  module Swift
@@ -47,12 +48,14 @@ module Dependabot
47
48
  end
48
49
 
49
50
  def all_dependencies(data, level: 0)
50
- name = data["identity"]
51
- url = data["url"]
51
+ identity = data["identity"]
52
+ url = SharedHelpers.scp_to_standard(data["url"])
53
+ name = normalize(url)
52
54
  version = data["version"]
53
55
 
54
56
  source = { type: "git", url: url, ref: version, branch: nil }
55
- args = { name: name, version: version, package_manager: "swift", requirements: [] }
57
+ metadata = { identity: identity }
58
+ args = { name: name, version: version, package_manager: "swift", requirements: [], metadata: metadata }
56
59
 
57
60
  if level.zero?
58
61
  args[:requirements] << { requirement: nil, groups: ["dependencies"], file: nil, source: source }
@@ -65,6 +68,12 @@ module Dependabot
65
68
  [dep, *subdependencies(data, level: level + 1)].compact
66
69
  end
67
70
 
71
+ def normalize(source)
72
+ uri = URI.parse(source.downcase)
73
+
74
+ "#{uri.host}#{uri.path}".delete_prefix("www.").delete_suffix(".git")
75
+ end
76
+
68
77
  attr_reader :dependency_files, :repo_contents_path, :credentials
69
78
  end
70
79
  end
data/lib/dependabot/swift/file_parser/manifest_parser.rb CHANGED
@@ -7,7 +7,10 @@ module Dependabot
7
7
  module Swift
8
8
  class FileParser < Dependabot::FileParsers::Base
9
9
  class ManifestParser
10
- DEPENDENCY = /(?<declaration>\.package\(\s*(?:name: "[^"]+",\s*)?url: "(?<url>[^"]+)",\s*(?<requirement>.*)\))/
10
+ DEPENDENCY =
11
+ /(?<declaration>\.package\(\s*
12
+ (?:name:\s+"[^"]+",\s*)?url:\s+"(?<url>[^"]+)",\s*(?<requirement>#{NativeRequirement::REGEXP})\s*
13
+ \))/x
11
14
 
12
15
  def initialize(manifest, source:)
13
16
  @manifest = manifest
@@ -15,11 +18,8 @@ module Dependabot
15
18
  end
16
19
 
17
20
  def requirements
18
- found = manifest.content.scan(DEPENDENCY).find do |_declaration, url, requirement|
19
- # TODO: Support pinning to specific revisions
20
- next if requirement.start_with?("branch:", ".branch(", "revision:", ".revision(")
21
-
22
- url == source[:url]
21
+ found = manifest.content.scan(DEPENDENCY).find do |_declaration, url, _requirement|
22
+ SharedHelpers.scp_to_standard(url) == source[:url]
23
23
  end
24
24
 
25
25
  return [] unless found
data/lib/dependabot/swift/file_parser.rb CHANGED
@@ -24,7 +24,8 @@ module Dependabot
24
24
  name: dep.name,
25
25
  version: dep.version,
26
26
  package_manager: dep.package_manager,
27
- requirements: requirements
27
+ requirements: requirements,
28
+ metadata: dep.metadata
28
29
  )
29
30
  else
30
31
  dependency_set << dep
data/lib/dependabot/swift/file_updater/lockfile_updater.rb CHANGED
@@ -8,21 +8,20 @@ module Dependabot
8
8
  module Swift
9
9
  class FileUpdater < Dependabot::FileUpdaters::Base
10
10
  class LockfileUpdater
11
- def initialize(dependencies:, manifest:, repo_contents_path:, credentials:)
12
- @dependencies = dependencies
11
+ def initialize(dependency:, manifest:, repo_contents_path:, credentials:, target_version: nil)
12
+ @dependency = dependency
13
13
  @manifest = manifest
14
14
  @repo_contents_path = repo_contents_path
15
15
  @credentials = credentials
16
+ @target_version = target_version
16
17
  end
17
18
 
18
19
  def updated_lockfile_content
19
20
  SharedHelpers.in_a_temporary_repo_directory(manifest.directory, repo_contents_path) do
20
21
  File.write(manifest.name, manifest.content)
21
22
 
22
- dependency_names = dependencies.map(&:name).join(" ")
23
-
24
23
  SharedHelpers.with_git_configured(credentials: credentials) do
25
- try_lockfile_update(dependency_names)
24
+ try_lockfile_update(dependency.metadata[:identity])
26
25
 
27
26
  File.read("Package.resolved")
28
27
  end
@@ -31,11 +30,18 @@ module Dependabot
31
30
 
32
31
  private
33
32
 
34
- def try_lockfile_update(dependency_names)
35
- SharedHelpers.run_shell_command(
36
- "swift package update #{dependency_names}",
37
- fingerprint: "swift package update <dependency_names>"
38
- )
33
+ def try_lockfile_update(dependency_name)
34
+ if target_version
35
+ SharedHelpers.run_shell_command(
36
+ "swift package resolve #{dependency_name} --version #{target_version}",
37
+ fingerprint: "swift package resolve <dependency_name> --version <target_version>"
38
+ )
39
+ else
40
+ SharedHelpers.run_shell_command(
41
+ "swift package update #{dependency_name}",
42
+ fingerprint: "swift package update <dependency_name>"
43
+ )
44
+ end
39
45
  rescue SharedHelpers::HelperSubprocessFailed => e
40
46
  # This class is not only used for final lockfile updates, but for
41
47
  # checking resolvability. So resolvability errors here are expected in
@@ -44,7 +50,7 @@ module Dependabot
44
50
  Dependabot.logger.info("Lockfile failed to be updated due to error:\n#{e.message}")
45
51
  end
46
52
 
47
- attr_reader :dependencies, :manifest, :repo_contents_path, :credentials
53
+ attr_reader :dependency, :manifest, :repo_contents_path, :credentials, :target_version
48
54
  end
49
55
  end
50
56
  end
data/lib/dependabot/swift/file_updater.rb CHANGED
@@ -54,10 +54,11 @@ module Dependabot
54
54
 
55
55
  def updated_lockfile_content(updated_manifest)
56
56
  LockfileUpdater.new(
57
- dependencies: dependencies,
57
+ dependency: dependency,
58
58
  manifest: updated_manifest || manifest,
59
59
  repo_contents_path: repo_contents_path,
60
- credentials: credentials
60
+ credentials: credentials,
61
+ target_version: dependency.version
61
62
  ).updated_lockfile_content
62
63
  end
63
64
 
data/lib/dependabot/swift/native_requirement.rb CHANGED
@@ -6,6 +6,9 @@ require "dependabot/swift/requirement"
6
6
  module Dependabot
7
7
  module Swift
8
8
  class NativeRequirement
9
+ # TODO: Support pinning to specific revisions
10
+ REGEXP = /(from.*|\.upToNextMajor.*|\.upToNextMinor.*|".*"\s*\.\.[\.<]\s*".*"|exact.*|\.exact.*)/
11
+
9
12
  attr_reader :declaration
10
13
 
11
14
  def self.map_requirements(requirements)
@@ -94,7 +97,7 @@ module Dependabot
94
97
  end
95
98
 
96
99
  def single_version_declaration?
97
- up_to_next_major? || up_to_next_major_deprecated? || up_to_next_minor? ||
100
+ up_to_next_major? || up_to_next_major_deprecated? || up_to_next_minor_deprecated? ||
98
101
  exact_version? || exact_version_deprecated?
99
102
  end
100
103
 
data/lib/dependabot/swift/update_checker/version_resolver.rb CHANGED
@@ -24,7 +24,7 @@ module Dependabot
24
24
 
25
25
  def fetch_latest_resolvable_version
26
26
  updated_lockfile_content = FileUpdater::LockfileUpdater.new(
27
- dependencies: [dependency],
27
+ dependency: dependency,
28
28
  manifest: manifest,
29
29
  repo_contents_path: repo_contents_path,
30
30
  credentials: credentials
@@ -34,7 +34,8 @@ module Dependabot
34
34
 
35
35
  updated_lockfile = DependencyFile.new(
36
36
  name: "Package.resolved",
37
- content: updated_lockfile_content
37
+ content: updated_lockfile_content,
38
+ directory: manifest.directory
38
39
  )
39
40
 
40
41
  dependency_parser(manifest, updated_lockfile).parse.find do |parsed_dep|
data/lib/dependabot/swift/update_checker.rb CHANGED
@@ -107,7 +107,8 @@ module Dependabot
107
107
  manifest.content,
108
108
  old_requirements: old_requirements,
109
109
  new_requirements: new_requirements
110
- ).updated_manifest_content
110
+ ).updated_manifest_content,
111
+ directory: manifest.directory
111
112
  )
112
113
  end
113
114
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-swift
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.224.0
4
+ version: 0.226.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-27 00:00:00.000000000 Z
11
+ date: 2023-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.224.0
19
+ version: 0.226.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.224.0
26
+ version: 0.226.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.18.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.18.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -207,7 +207,7 @@ licenses:
207
207
  - Nonstandard
208
208
  metadata:
209
209
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
210
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
210
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
211
211
  post_install_message:
212
212
  rdoc_options: []
213
213
  require_paths: