dependabot-swift 0.366.0 → 0.367.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 050e1345f17613759ae61ddba5a92e93f52dd13ddaab6c168678bb558566fb0a
|
|
4
|
+
data.tar.gz: 7dc63505a26854e22ff196a2aaf7563faac7a95d09ae60a25bdfa7f3106e5f31
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 912293297d96e6dbfa87f62c95ec5dc26fbb6586f0827718be860c82fd6032a389ed452104e3c0480644cdfbdfce8b3af410385040780d00badade55915d1b57
|
|
7
|
+
data.tar.gz: 37905ccb716a12d384c91d4178a3280107f7714968bd1a4ab0f54a19b1176595ba732e5b0aa0d8f50060c5cb9e8e14f8ea1c484f1fe3516375af99824c1edbe1
|
|
@@ -15,12 +15,14 @@ module Dependabot
|
|
|
15
15
|
params(
|
|
16
16
|
requirements: T::Array[T::Hash[Symbol, T.untyped]],
|
|
17
17
|
target_version: T.nilable(T.any(String, Gem::Version)),
|
|
18
|
-
xcode_mode: T::Boolean
|
|
18
|
+
xcode_mode: T::Boolean,
|
|
19
|
+
target_commit_sha: T.nilable(String)
|
|
19
20
|
).void
|
|
20
21
|
end
|
|
21
|
-
def initialize(requirements:, target_version:, xcode_mode: false)
|
|
22
|
+
def initialize(requirements:, target_version:, xcode_mode: false, target_commit_sha: nil)
|
|
22
23
|
@requirements = requirements
|
|
23
24
|
@xcode_mode = xcode_mode
|
|
25
|
+
@target_commit_sha = T.let(target_commit_sha, T.nilable(String))
|
|
24
26
|
|
|
25
27
|
return unless target_version && Version.correct?(target_version)
|
|
26
28
|
|
|
@@ -47,6 +49,9 @@ module Dependabot
|
|
|
47
49
|
sig { returns(T::Boolean) }
|
|
48
50
|
attr_reader :xcode_mode
|
|
49
51
|
|
|
52
|
+
sig { returns(T.nilable(String)) }
|
|
53
|
+
attr_reader :target_commit_sha
|
|
54
|
+
|
|
50
55
|
# For Xcode projects, we update the version in the requirement while preserving the kind.
|
|
51
56
|
sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
52
57
|
def updated_xcode_requirements
|
|
@@ -67,14 +72,36 @@ module Dependabot
|
|
|
67
72
|
new_requirement_string = build_xcode_requirement_string(requirement_string, kind)
|
|
68
73
|
new_requirement = build_xcode_requirement(requirement_string, kind)
|
|
69
74
|
|
|
75
|
+
# Update source ref to target version
|
|
76
|
+
updated_source = update_source_ref(requirement[:source])
|
|
77
|
+
|
|
70
78
|
requirement.merge(
|
|
71
79
|
requirement: new_requirement,
|
|
80
|
+
source: updated_source,
|
|
72
81
|
metadata: metadata.merge(
|
|
73
82
|
requirement_string: new_requirement_string
|
|
74
83
|
).compact
|
|
75
84
|
)
|
|
76
85
|
end
|
|
77
86
|
|
|
87
|
+
sig do
|
|
88
|
+
params(
|
|
89
|
+
source: T.nilable(T::Hash[T.any(String, Symbol), T.untyped])
|
|
90
|
+
).returns(T.nilable(T::Hash[T.any(String, Symbol), T.untyped]))
|
|
91
|
+
end
|
|
92
|
+
def update_source_ref(source)
|
|
93
|
+
return source unless source && target_version
|
|
94
|
+
|
|
95
|
+
# Use commit SHA if available (for revision field in Package.resolved),
|
|
96
|
+
# otherwise fall back to version string
|
|
97
|
+
ref = target_commit_sha || target_version.to_s
|
|
98
|
+
|
|
99
|
+
updated_source = source.dup
|
|
100
|
+
updated_source[:ref] = ref
|
|
101
|
+
updated_source["ref"] = ref
|
|
102
|
+
updated_source
|
|
103
|
+
end
|
|
104
|
+
|
|
78
105
|
sig do
|
|
79
106
|
params(
|
|
80
107
|
requirement_string: T.nilable(String),
|
|
@@ -34,15 +34,20 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
sig { returns(T.nilable(Dependabot::Version)) }
|
|
36
36
|
def latest_resolvable_version
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
tag = git_commit_checker.local_tag_for_latest_version
|
|
37
|
+
tag = latest_resolvable_version_tag
|
|
40
38
|
return nil unless tag
|
|
41
39
|
|
|
42
|
-
|
|
43
|
-
|
|
40
|
+
Version.new(tag.fetch(:version))
|
|
41
|
+
end
|
|
44
42
|
|
|
45
|
-
|
|
43
|
+
# Returns the full tag info including commit_sha for the latest resolvable version
|
|
44
|
+
# Memoized to avoid redundant computation when called from UpdateChecker
|
|
45
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
46
|
+
def latest_resolvable_version_tag
|
|
47
|
+
@latest_resolvable_version_tag ||= T.let(
|
|
48
|
+
compute_latest_resolvable_version_tag,
|
|
49
|
+
T.nilable(T::Hash[Symbol, T.untyped])
|
|
50
|
+
)
|
|
46
51
|
end
|
|
47
52
|
|
|
48
53
|
sig { returns(T.nilable(Dependabot::Version)) }
|
|
@@ -80,6 +85,37 @@ module Dependabot
|
|
|
80
85
|
sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
|
|
81
86
|
attr_reader :security_advisories
|
|
82
87
|
|
|
88
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
89
|
+
def compute_latest_resolvable_version_tag
|
|
90
|
+
return nil unless version_pinned?
|
|
91
|
+
|
|
92
|
+
# For versionRange, we need to find the highest version within the range,
|
|
93
|
+
# not just check if the absolute latest satisfies it
|
|
94
|
+
return compute_latest_version_in_range if requirement_kind == "versionRange"
|
|
95
|
+
|
|
96
|
+
tag = git_commit_checker.local_tag_for_latest_version
|
|
97
|
+
return nil unless tag
|
|
98
|
+
|
|
99
|
+
version = tag.fetch(:version)
|
|
100
|
+
return nil unless version_meets_requirements?(version)
|
|
101
|
+
|
|
102
|
+
tag
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
# For versionRange requirements, find the highest version that satisfies
|
|
106
|
+
# the explicit upper bound constraint. We don't filter out lower versions here
|
|
107
|
+
# because `can_update?` will decide whether an update is actually needed.
|
|
108
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
109
|
+
def compute_latest_version_in_range
|
|
110
|
+
requirement = dependency_requirement
|
|
111
|
+
return nil unless requirement
|
|
112
|
+
|
|
113
|
+
tags = git_commit_checker.local_tags_for_allowed_versions
|
|
114
|
+
matching_tags = tags.select { |tag| requirement.satisfied_by?(tag.fetch(:version)) }
|
|
115
|
+
|
|
116
|
+
matching_tags.max_by { |tag| tag.fetch(:version) }
|
|
117
|
+
end
|
|
118
|
+
|
|
83
119
|
sig { returns(T.nilable(Dependabot::Swift::Requirement)) }
|
|
84
120
|
def dependency_requirement
|
|
85
121
|
req_string = dependency.requirements.first&.dig(:requirement)
|
|
@@ -90,8 +126,25 @@ module Dependabot
|
|
|
90
126
|
nil
|
|
91
127
|
end
|
|
92
128
|
|
|
129
|
+
sig { returns(T.nilable(String)) }
|
|
130
|
+
def requirement_kind
|
|
131
|
+
dependency.requirements.first&.dig(:metadata, :kind)
|
|
132
|
+
end
|
|
133
|
+
|
|
93
134
|
sig { params(version: T.untyped).returns(T::Boolean) }
|
|
94
135
|
def version_meets_requirements?(version)
|
|
136
|
+
kind = requirement_kind
|
|
137
|
+
|
|
138
|
+
# For most Xcode requirement kinds, we update the requirement itself to match
|
|
139
|
+
# the new version, so we don't need to check if the new version satisfies
|
|
140
|
+
# the current requirement:
|
|
141
|
+
# - exactVersion: requirement changes to exact new version
|
|
142
|
+
# - upToNextMajorVersion: requirement updates to new version's major range
|
|
143
|
+
# - upToNextMinorVersion: requirement updates to new version's minor range
|
|
144
|
+
#
|
|
145
|
+
# Only versionRange has an explicit upper bound that should be respected.
|
|
146
|
+
return true if %w(exactVersion upToNextMajorVersion upToNextMinorVersion).include?(kind)
|
|
147
|
+
|
|
95
148
|
requirement = dependency_requirement
|
|
96
149
|
return true unless requirement
|
|
97
150
|
|
|
@@ -74,10 +74,22 @@ module Dependabot
|
|
|
74
74
|
target = preferred_resolvable_version
|
|
75
75
|
return old_requirements unless target
|
|
76
76
|
|
|
77
|
+
# Only use the "latest" tag's commit SHA when the chosen target version
|
|
78
|
+
# is actually the latest resolvable version. This avoids attaching a
|
|
79
|
+
# mismatched SHA when preferred_resolvable_version selects a different
|
|
80
|
+
# version (for example, the lowest resolvable security-fix version).
|
|
81
|
+
commit_sha = nil
|
|
82
|
+
latest = latest_resolvable_version
|
|
83
|
+
if latest && target == latest
|
|
84
|
+
tag = xcode_version_resolver.latest_resolvable_version_tag
|
|
85
|
+
commit_sha = tag&.fetch(:commit_sha, nil)
|
|
86
|
+
end
|
|
87
|
+
|
|
77
88
|
RequirementsUpdater.new(
|
|
78
89
|
requirements: old_requirements,
|
|
79
90
|
target_version: target,
|
|
80
|
-
xcode_mode: true
|
|
91
|
+
xcode_mode: true,
|
|
92
|
+
target_commit_sha: commit_sha
|
|
81
93
|
).updated_requirements
|
|
82
94
|
end
|
|
83
95
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-swift
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.367.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.367.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.367.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -273,7 +273,7 @@ licenses:
|
|
|
273
273
|
- MIT
|
|
274
274
|
metadata:
|
|
275
275
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
276
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
276
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.367.0
|
|
277
277
|
rdoc_options: []
|
|
278
278
|
require_paths:
|
|
279
279
|
- lib
|