RubyGems - dependabot-swift - Versions diffs - 0.326.0 → 0.327.0 - Mend

dependabot-swift 0.326.0 → 0.327.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/swift/update_checker/latest_version_resolver.rb +76 -37
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 207a4a2534bd6f937a03b749841f5b83513a50a101b1f327999a91977181220b
-  data.tar.gz: 4c8d5c6f8cfd7506162a5ef8e8ced9cf8ad2346e01113e7ef3917fb0169e82c6
+  metadata.gz: f9fca95a4b9cf055d24dacb7e0e4a8575d84c66faec2c9f97092d8558889ccd6
+  data.tar.gz: f1359a0add51ed5378e7ba0a685ffda9b7a4f43b95e136bbd821282d5b35e599
 SHA512:
-  metadata.gz: 7f9f2f11580c0ac151b6141d638f642b6728a127efcddca5d28cd4be9b1179b97cb70963811f908587f9021c6592de9b5e3a1710e8507e58771735e05362e202
-  data.tar.gz: 3ddcd96a342f75d98b6ca00f03cdc0ce6a1027cc3149d24479b79eddc5c2733bf1b582613d98502ba6af32d0af633b1c12faeda21d3ceea9381095e13a0ad664
+  metadata.gz: 70bd79cc7af1a7546cfc69a3218777be234ccc2e40fe867a95512f9894531116c49c07b8244d73b0f81ac55e09c542deb9e26d9260f8327e8dabdd00ab9c96bb
+  data.tar.gz: d8db379b5685d6f8714c9e9ab6221ffd74d7bc9ffba7f0dc6d2cb94dac09cdd643d142108deeaecf0b8e538d85dd38f52fae6456608134549bba0a03b8cfdb74

data/lib/dependabot/swift/update_checker/latest_version_resolver.rb CHANGED Viewed

@@ -37,28 +37,36 @@ module Dependabot
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
+        sig { returns(T::Array[Dependabot::Credential]) }
+        attr_reader :credentials
+        sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
+        attr_reader :cooldown_options
+        sig { returns(Dependabot::GitCommitChecker) }
+        attr_reader :git_commit_checker
         # Return latest version tag for the dependency, it removes tags that are in cooldown period
-        # and returns the latest version tag that is not in cooldown period. If eexception occurs
-        # it will return the latest version tag from the git_commit_checker. as it was before
+        # and returns the latest version tag that is not in cooldown period. If an exception occurs
+        # and returns the latest version tag that is not in cooldown period. If an exception occurs,
+        # it will return the latest version tag from the git_commit_checker, as before.
         sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         def latest_version_tag
           # step one fetch allowed version tags and
+          return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
           allowed_version_tags = git_commit_checker.allowed_version_tags
-          begin
-            # sort the allowed version tags by name in descending order
-            select_version_tags_in_cooldown_period&.each do |tag_name|
-              # filter out if name is not in cooldown period
-              allowed_version_tags.reject! do |gitref_filtered|
-                true if gitref_filtered.name == tag_name
-              end
+          select_version_tags_in_cooldown_period&.each do |tag_name|
+            # filter out if name is in cooldown period
+            allowed_version_tags.reject! do |gitref_filtered|
+              gitref_filtered.name == tag_name
             end
-            Dependabot.logger.info("Allowed version tags after filtering versions in cooldown:
-              #{allowed_version_tags.map(&:name).join(', ')}")
-            git_commit_checker.max_local_tag(allowed_version_tags)
-          rescue StandardError => e
-            Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
-            git_commit_checker.local_tag_for_latest_version
           end
+          git_commit_checker.max_local_tag(allowed_version_tags)
+        rescue StandardError => e
+          Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
+          git_commit_checker.local_tag_for_latest_version
         end
         sig { returns(T.nilable(T::Array[String])) }
@@ -66,7 +74,7 @@ module Dependabot
           version_tags_in_cooldown_period = T.let([], T::Array[String])
           package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
-            if check_if_version_in_cooldown_period?(T.must(git_tag_with_detail.release_date))
+            if check_if_version_in_cooldown_period?(git_tag_with_detail)
               version_tags_in_cooldown_period << git_tag_with_detail.tag
             end
           end
@@ -76,27 +84,59 @@ module Dependabot
           version_tags_in_cooldown_period
         end
-        sig { params(release_date: String).returns(T::Boolean) }
-        def check_if_version_in_cooldown_period?(release_date)
-          return false unless release_date.length.positive?
+        sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
+        def check_if_version_in_cooldown_period?(tag_with_detail)
+          return false unless tag_with_detail.release_date
-          cooldown = @cooldown_options
-          return false unless cooldown
+          current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
+          days = cooldown_days_for(current_version, version_class.new(tag_with_detail.tag.delete("v")))
-          return false if cooldown.nil?
-          # Get maximum cooldown days based on semver parts
-          days = [cooldown.default_days, cooldown.semver_major_days].max
-          days = cooldown.semver_minor_days unless days > cooldown.semver_minor_days
-          days = cooldown.semver_patch_days unless days > cooldown.semver_patch_days
           # Calculate the number of seconds passed since the release
-          passed_seconds = Time.now.to_i - release_date_to_seconds(release_date)
+          passed_seconds = Time.now.to_i - release_date_to_seconds(tag_with_detail.release_date)
           # Check if the release is within the cooldown period
           passed_seconds < days * DAY_IN_SECONDS
         end
-        sig { params(release_date: String).returns(Integer) }
+        sig do
+          params(
+            current_version: T.nilable(Dependabot::Version),
+            new_version: Dependabot::Version
+          ).returns(Integer)
+        end
+        def cooldown_days_for(current_version, new_version)
+          return 0 unless cooldown_enabled?
+          cooldown = T.must(cooldown_options)
+          return 0 unless cooldown.included?(dependency.name)
+          return cooldown.default_days if current_version.nil?
+          current_version_semver = current_version.semver_parts
+          new_version_semver = new_version.semver_parts
+          # If semver_parts is nil for either, return default cooldown
+          return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
+          # Ensure values are always integers
+          current_major, current_minor, current_patch = current_version_semver
+          new_major, new_minor, new_patch = new_version_semver
+          # Determine cooldown based on version difference
+          return cooldown.semver_major_days if new_major > current_major
+          return cooldown.semver_minor_days if new_minor > current_minor
+          return cooldown.semver_patch_days if new_patch > current_patch
+          cooldown.default_days
+        end
+        sig { returns(T.class_of(Dependabot::Version)) }
+        def version_class
+          dependency.version_class
+        end
+        sig { params(release_date: T.nilable(String)).returns(Integer) }
         def release_date_to_seconds(release_date)
+          return 0 unless release_date
           Time.parse(release_date).to_i
         rescue ArgumentError => e
           Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
@@ -114,17 +154,16 @@ module Dependabot
           )
         end
-        # Since base class is returning false, we need to override it.
         sig { returns(T::Boolean) }
         def cooldown_enabled?
-          true
-        end
-        sig { returns(Dependabot::GitCommitChecker) }
-        attr_reader :git_commit_checker
+          return false if cooldown_options.nil?
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
+          cooldown = T.must(cooldown_options)
+          cooldown.default_days.to_i.positive? ||
+            cooldown.semver_major_days.to_i.positive? ||
+            cooldown.semver_minor_days.to_i.positive? ||
+            cooldown.semver_patch_days.to_i.positive?
+        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-swift
 version: !ruby/object:Gem::Version
-  version: 0.326.0
+  version: 0.327.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.326.0
+        version: 0.327.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.326.0
+        version: 0.327.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.327.0
 rdoc_options: []
 require_paths:
 - lib