dependabot-swift 0.224.0 → 0.226.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/swift/file_parser/dependency_parser.rb +12 -3
- data/lib/dependabot/swift/file_parser/manifest_parser.rb +6 -6
- data/lib/dependabot/swift/file_parser.rb +2 -1
- data/lib/dependabot/swift/file_updater/lockfile_updater.rb +17 -11
- data/lib/dependabot/swift/file_updater.rb +3 -2
- data/lib/dependabot/swift/native_requirement.rb +4 -1
- data/lib/dependabot/swift/update_checker/version_resolver.rb +3 -2
- data/lib/dependabot/swift/update_checker.rb +2 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: db5c53249cce90cbbcc7af6b7caa03dabf0ba5868191bad0bd3715e2f8e38ef3
|
|
4
|
+
data.tar.gz: 8c969168a15ae0d90e3f31a3b11d082fe1951ac08deeb9a15b5d61d84c43fcc3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 37668cae90b80db45b2d64c5f1d81387af452ef4938aed47e700ff316185c963aeae248a983d41fe6ec1cea430e1fa1cb3263e53f8fcbf58dfe0256435aaa9ad
|
|
7
|
+
data.tar.gz: 81e0899a0dc2e8ae824ace28d3ffc2a1320dc68e3f495107dcade4c7be57b1eddcaf1ec36e432f4e8a3d6273d4db9a350b0e7870330b00ee8c01f24151201681
|
|
@@ -4,6 +4,7 @@ require "dependabot/file_parsers/base"
|
|
|
4
4
|
require "dependabot/shared_helpers"
|
|
5
5
|
require "dependabot/dependency"
|
|
6
6
|
require "json"
|
|
7
|
+
require "uri"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Swift
|
|
@@ -47,12 +48,14 @@ module Dependabot
|
|
|
47
48
|
end
|
|
48
49
|
|
|
49
50
|
def all_dependencies(data, level: 0)
|
|
50
|
-
|
|
51
|
-
url = data["url"]
|
|
51
|
+
identity = data["identity"]
|
|
52
|
+
url = SharedHelpers.scp_to_standard(data["url"])
|
|
53
|
+
name = normalize(url)
|
|
52
54
|
version = data["version"]
|
|
53
55
|
|
|
54
56
|
source = { type: "git", url: url, ref: version, branch: nil }
|
|
55
|
-
|
|
57
|
+
metadata = { identity: identity }
|
|
58
|
+
args = { name: name, version: version, package_manager: "swift", requirements: [], metadata: metadata }
|
|
56
59
|
|
|
57
60
|
if level.zero?
|
|
58
61
|
args[:requirements] << { requirement: nil, groups: ["dependencies"], file: nil, source: source }
|
|
@@ -65,6 +68,12 @@ module Dependabot
|
|
|
65
68
|
[dep, *subdependencies(data, level: level + 1)].compact
|
|
66
69
|
end
|
|
67
70
|
|
|
71
|
+
def normalize(source)
|
|
72
|
+
uri = URI.parse(source.downcase)
|
|
73
|
+
|
|
74
|
+
"#{uri.host}#{uri.path}".delete_prefix("www.").delete_suffix(".git")
|
|
75
|
+
end
|
|
76
|
+
|
|
68
77
|
attr_reader :dependency_files, :repo_contents_path, :credentials
|
|
69
78
|
end
|
|
70
79
|
end
|
|
@@ -7,7 +7,10 @@ module Dependabot
|
|
|
7
7
|
module Swift
|
|
8
8
|
class FileParser < Dependabot::FileParsers::Base
|
|
9
9
|
class ManifestParser
|
|
10
|
-
DEPENDENCY =
|
|
10
|
+
DEPENDENCY =
|
|
11
|
+
/(?<declaration>\.package\(\s*
|
|
12
|
+
(?:name:\s+"[^"]+",\s*)?url:\s+"(?<url>[^"]+)",\s*(?<requirement>#{NativeRequirement::REGEXP})\s*
|
|
13
|
+
\))/x
|
|
11
14
|
|
|
12
15
|
def initialize(manifest, source:)
|
|
13
16
|
@manifest = manifest
|
|
@@ -15,11 +18,8 @@ module Dependabot
|
|
|
15
18
|
end
|
|
16
19
|
|
|
17
20
|
def requirements
|
|
18
|
-
found = manifest.content.scan(DEPENDENCY).find do |_declaration, url,
|
|
19
|
-
|
|
20
|
-
next if requirement.start_with?("branch:", ".branch(", "revision:", ".revision(")
|
|
21
|
-
|
|
22
|
-
url == source[:url]
|
|
21
|
+
found = manifest.content.scan(DEPENDENCY).find do |_declaration, url, _requirement|
|
|
22
|
+
SharedHelpers.scp_to_standard(url) == source[:url]
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
return [] unless found
|
|
@@ -8,21 +8,20 @@ module Dependabot
|
|
|
8
8
|
module Swift
|
|
9
9
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
10
10
|
class LockfileUpdater
|
|
11
|
-
def initialize(
|
|
12
|
-
@
|
|
11
|
+
def initialize(dependency:, manifest:, repo_contents_path:, credentials:, target_version: nil)
|
|
12
|
+
@dependency = dependency
|
|
13
13
|
@manifest = manifest
|
|
14
14
|
@repo_contents_path = repo_contents_path
|
|
15
15
|
@credentials = credentials
|
|
16
|
+
@target_version = target_version
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def updated_lockfile_content
|
|
19
20
|
SharedHelpers.in_a_temporary_repo_directory(manifest.directory, repo_contents_path) do
|
|
20
21
|
File.write(manifest.name, manifest.content)
|
|
21
22
|
|
|
22
|
-
dependency_names = dependencies.map(&:name).join(" ")
|
|
23
|
-
|
|
24
23
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
25
|
-
try_lockfile_update(
|
|
24
|
+
try_lockfile_update(dependency.metadata[:identity])
|
|
26
25
|
|
|
27
26
|
File.read("Package.resolved")
|
|
28
27
|
end
|
|
@@ -31,11 +30,18 @@ module Dependabot
|
|
|
31
30
|
|
|
32
31
|
private
|
|
33
32
|
|
|
34
|
-
def try_lockfile_update(
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
33
|
+
def try_lockfile_update(dependency_name)
|
|
34
|
+
if target_version
|
|
35
|
+
SharedHelpers.run_shell_command(
|
|
36
|
+
"swift package resolve #{dependency_name} --version #{target_version}",
|
|
37
|
+
fingerprint: "swift package resolve <dependency_name> --version <target_version>"
|
|
38
|
+
)
|
|
39
|
+
else
|
|
40
|
+
SharedHelpers.run_shell_command(
|
|
41
|
+
"swift package update #{dependency_name}",
|
|
42
|
+
fingerprint: "swift package update <dependency_name>"
|
|
43
|
+
)
|
|
44
|
+
end
|
|
39
45
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
40
46
|
# This class is not only used for final lockfile updates, but for
|
|
41
47
|
# checking resolvability. So resolvability errors here are expected in
|
|
@@ -44,7 +50,7 @@ module Dependabot
|
|
|
44
50
|
Dependabot.logger.info("Lockfile failed to be updated due to error:\n#{e.message}")
|
|
45
51
|
end
|
|
46
52
|
|
|
47
|
-
attr_reader :
|
|
53
|
+
attr_reader :dependency, :manifest, :repo_contents_path, :credentials, :target_version
|
|
48
54
|
end
|
|
49
55
|
end
|
|
50
56
|
end
|
|
@@ -54,10 +54,11 @@ module Dependabot
|
|
|
54
54
|
|
|
55
55
|
def updated_lockfile_content(updated_manifest)
|
|
56
56
|
LockfileUpdater.new(
|
|
57
|
-
|
|
57
|
+
dependency: dependency,
|
|
58
58
|
manifest: updated_manifest || manifest,
|
|
59
59
|
repo_contents_path: repo_contents_path,
|
|
60
|
-
credentials: credentials
|
|
60
|
+
credentials: credentials,
|
|
61
|
+
target_version: dependency.version
|
|
61
62
|
).updated_lockfile_content
|
|
62
63
|
end
|
|
63
64
|
|
|
@@ -6,6 +6,9 @@ require "dependabot/swift/requirement"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Swift
|
|
8
8
|
class NativeRequirement
|
|
9
|
+
# TODO: Support pinning to specific revisions
|
|
10
|
+
REGEXP = /(from.*|\.upToNextMajor.*|\.upToNextMinor.*|".*"\s*\.\.[\.<]\s*".*"|exact.*|\.exact.*)/
|
|
11
|
+
|
|
9
12
|
attr_reader :declaration
|
|
10
13
|
|
|
11
14
|
def self.map_requirements(requirements)
|
|
@@ -94,7 +97,7 @@ module Dependabot
|
|
|
94
97
|
end
|
|
95
98
|
|
|
96
99
|
def single_version_declaration?
|
|
97
|
-
up_to_next_major? || up_to_next_major_deprecated? ||
|
|
100
|
+
up_to_next_major? || up_to_next_major_deprecated? || up_to_next_minor_deprecated? ||
|
|
98
101
|
exact_version? || exact_version_deprecated?
|
|
99
102
|
end
|
|
100
103
|
|
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
|
24
24
|
|
|
25
25
|
def fetch_latest_resolvable_version
|
|
26
26
|
updated_lockfile_content = FileUpdater::LockfileUpdater.new(
|
|
27
|
-
|
|
27
|
+
dependency: dependency,
|
|
28
28
|
manifest: manifest,
|
|
29
29
|
repo_contents_path: repo_contents_path,
|
|
30
30
|
credentials: credentials
|
|
@@ -34,7 +34,8 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
updated_lockfile = DependencyFile.new(
|
|
36
36
|
name: "Package.resolved",
|
|
37
|
-
content: updated_lockfile_content
|
|
37
|
+
content: updated_lockfile_content,
|
|
38
|
+
directory: manifest.directory
|
|
38
39
|
)
|
|
39
40
|
|
|
40
41
|
dependency_parser(manifest, updated_lockfile).parse.find do |parsed_dep|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-swift
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.226.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.226.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.226.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 1.
|
|
131
|
+
version: 1.18.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 1.
|
|
138
|
+
version: 1.18.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: stackprof
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -207,7 +207,7 @@ licenses:
|
|
|
207
207
|
- Nonstandard
|
|
208
208
|
metadata:
|
|
209
209
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
210
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
210
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
|
|
211
211
|
post_install_message:
|
|
212
212
|
rdoc_options: []
|
|
213
213
|
require_paths:
|