dependabot-swift 0.367.0 → 0.369.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ffba3e2d47abede16d8578f4604ab638a59d08873d56dadb884f2b7a4750714b
|
|
4
|
+
data.tar.gz: d3df9f2a33ebb10871918caa8946d284457760403bc77b772d0d6be6a435820b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2f8b488b086c3d49adff713335088ea164884842d7ab07e592a29231b9a462b41cc46d0c8d314afbc5b4394b0ca8b595fcfda0cc80ee50ad6384e3933ba137d
|
|
7
|
+
data.tar.gz: 94eafc46297bc99402cea427f9d8c9cf8013101912e2edb712dbc406335954a6cec2fd1b0a532857da6820a0edfe9925fcc70ac211f52d3090fbf1b2f9953051
|
|
@@ -34,9 +34,10 @@ module Dependabot
|
|
|
34
34
|
|
|
35
35
|
# Patterns for extracting requirement fields
|
|
36
36
|
KIND_PATTERN = T.let(/kind\s*=\s*(\w+);/, Regexp)
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
VERSION_NUMBER_PATTERN = T.let(/[0-9A-Za-z.+-]+/, Regexp)
|
|
38
|
+
MIN_VERSION_PATTERN = T.let(/minimumVersion\s*=\s*(#{VERSION_NUMBER_PATTERN});/, Regexp)
|
|
39
|
+
MAX_VERSION_PATTERN = T.let(/maximumVersion\s*=\s*(#{VERSION_NUMBER_PATTERN});/, Regexp)
|
|
40
|
+
VERSION_PATTERN = T.let(/version\s*=\s*(#{VERSION_NUMBER_PATTERN});/, Regexp)
|
|
40
41
|
BRANCH_PATTERN = T.let(/branch\s*=\s*"?([^";]+)"?;/, Regexp)
|
|
41
42
|
REVISION_PATTERN = T.let(/revision\s*=\s*"?([^";]+)"?;/, Regexp)
|
|
42
43
|
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/dependency"
|
|
6
|
+
require "dependabot/dependency_file"
|
|
7
|
+
require "dependabot/errors"
|
|
8
|
+
require "dependabot/shared_helpers"
|
|
9
|
+
require "dependabot/file_updaters/base"
|
|
10
|
+
require "dependabot/swift/url_helpers"
|
|
11
|
+
|
|
12
|
+
module Dependabot
|
|
13
|
+
module Swift
|
|
14
|
+
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
15
|
+
# Updates version requirements in project.pbxproj files for
|
|
16
|
+
# XCRemoteSwiftPackageReference entries that match the dependencies
|
|
17
|
+
# being updated. This ensures the Xcode project stays consistent
|
|
18
|
+
# with the updated Package.resolved.
|
|
19
|
+
class PbxprojUpdater
|
|
20
|
+
extend T::Sig
|
|
21
|
+
|
|
22
|
+
PACKAGE_REF_BLOCK = T.let(
|
|
23
|
+
/
|
|
24
|
+
(isa\s*=\s*XCRemoteSwiftPackageReference;\s*
|
|
25
|
+
repositoryURL\s*=\s*")
|
|
26
|
+
([^"]+)
|
|
27
|
+
(";\s*
|
|
28
|
+
requirement\s*=\s*\{)
|
|
29
|
+
([^}]*)
|
|
30
|
+
(\};)
|
|
31
|
+
/mx,
|
|
32
|
+
Regexp
|
|
33
|
+
)
|
|
34
|
+
|
|
35
|
+
KIND_PATTERN = T.let(/kind\s*=\s*(\w+);/, Regexp)
|
|
36
|
+
MIN_VERSION_PATTERN = T.let(/minimumVersion\s*=\s*[0-9A-Za-z.+-]+;/, Regexp)
|
|
37
|
+
VERSION_PATTERN = T.let(/\bversion\s*=\s*[0-9A-Za-z.+-]+;/, Regexp)
|
|
38
|
+
|
|
39
|
+
sig do
|
|
40
|
+
params(
|
|
41
|
+
pbxproj_file: Dependabot::DependencyFile,
|
|
42
|
+
dependencies: T::Array[Dependabot::Dependency]
|
|
43
|
+
).void
|
|
44
|
+
end
|
|
45
|
+
def initialize(pbxproj_file:, dependencies:)
|
|
46
|
+
@pbxproj_file = pbxproj_file
|
|
47
|
+
@dependencies = dependencies
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
sig { returns(String) }
|
|
51
|
+
def updated_pbxproj_content
|
|
52
|
+
content = pbxproj_file.content
|
|
53
|
+
unless content
|
|
54
|
+
raise Dependabot::DependencyFileNotParseable.new(
|
|
55
|
+
pbxproj_file.name,
|
|
56
|
+
"#{pbxproj_file.name} has no content"
|
|
57
|
+
)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
dep_lookup = build_dependency_lookup
|
|
61
|
+
|
|
62
|
+
content.gsub(PACKAGE_REF_BLOCK) do
|
|
63
|
+
prefix = T.must(Regexp.last_match(1))
|
|
64
|
+
url = T.must(Regexp.last_match(2))
|
|
65
|
+
mid = T.must(Regexp.last_match(3))
|
|
66
|
+
req_block = T.must(Regexp.last_match(4))
|
|
67
|
+
suffix = T.must(Regexp.last_match(5))
|
|
68
|
+
|
|
69
|
+
normalized = normalize_url(url)
|
|
70
|
+
dep = dep_lookup[normalized]
|
|
71
|
+
|
|
72
|
+
if dep&.version
|
|
73
|
+
updated_block = update_requirement_block(req_block, T.must(dep.version))
|
|
74
|
+
"#{prefix}#{url}#{mid}#{updated_block}#{suffix}"
|
|
75
|
+
else
|
|
76
|
+
T.must(Regexp.last_match(0))
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
private
|
|
82
|
+
|
|
83
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
84
|
+
attr_reader :pbxproj_file
|
|
85
|
+
|
|
86
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
87
|
+
attr_reader :dependencies
|
|
88
|
+
|
|
89
|
+
sig { returns(T::Hash[String, Dependabot::Dependency]) }
|
|
90
|
+
def build_dependency_lookup
|
|
91
|
+
dependencies.to_h { |dep| [dep.name, dep] }
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
sig { params(url: String).returns(String) }
|
|
95
|
+
def normalize_url(url)
|
|
96
|
+
UrlHelpers.normalize_name(SharedHelpers.scp_to_standard(url))
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
sig { params(req_block: String, target_version: String).returns(String) }
|
|
100
|
+
def update_requirement_block(req_block, target_version)
|
|
101
|
+
kind = req_block.match(KIND_PATTERN)&.captures&.first
|
|
102
|
+
|
|
103
|
+
case kind
|
|
104
|
+
when "upToNextMajorVersion", "upToNextMinorVersion", "versionRange"
|
|
105
|
+
req_block.sub(MIN_VERSION_PATTERN, "minimumVersion = #{target_version};")
|
|
106
|
+
when "exactVersion"
|
|
107
|
+
if req_block.match?(VERSION_PATTERN)
|
|
108
|
+
req_block.sub(VERSION_PATTERN, "version = #{target_version};")
|
|
109
|
+
else
|
|
110
|
+
req_block.sub(MIN_VERSION_PATTERN, "minimumVersion = #{target_version};")
|
|
111
|
+
end
|
|
112
|
+
else
|
|
113
|
+
# branch, revision, or unknown — no version update needed
|
|
114
|
+
req_block
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
end
|
|
@@ -1,12 +1,9 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/experiments"
|
|
5
5
|
require "dependabot/file_updaters"
|
|
6
6
|
require "dependabot/file_updaters/base"
|
|
7
|
-
require "dependabot/swift/file_updater/lockfile_updater"
|
|
8
|
-
require "dependabot/swift/file_updater/manifest_updater"
|
|
9
|
-
require "dependabot/swift/file_updater/xcode_lockfile_updater"
|
|
10
7
|
require "dependabot/swift/xcode_file_helpers"
|
|
11
8
|
|
|
12
9
|
module Dependabot
|
|
@@ -14,6 +11,11 @@ module Dependabot
|
|
|
14
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
|
15
12
|
extend T::Sig
|
|
16
13
|
|
|
14
|
+
require_relative "file_updater/lockfile_updater"
|
|
15
|
+
require_relative "file_updater/manifest_updater"
|
|
16
|
+
require_relative "file_updater/pbxproj_updater"
|
|
17
|
+
require_relative "file_updater/xcode_lockfile_updater"
|
|
18
|
+
|
|
17
19
|
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
18
20
|
def updated_dependency_files
|
|
19
21
|
if xcode_spm_mode?
|
|
@@ -46,7 +48,7 @@ module Dependabot
|
|
|
46
48
|
updated_files
|
|
47
49
|
end
|
|
48
50
|
|
|
49
|
-
# Xcode SPM update: updates Package.resolved
|
|
51
|
+
# Xcode SPM update: updates Package.resolved and project.pbxproj files
|
|
50
52
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
51
53
|
def updated_xcode_spm_files
|
|
52
54
|
updated_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
@@ -66,6 +68,8 @@ module Dependabot
|
|
|
66
68
|
updated_files << updated_file(file: resolved_file, content: updated_content)
|
|
67
69
|
end
|
|
68
70
|
|
|
71
|
+
update_pbxproj_files(updated_files)
|
|
72
|
+
|
|
69
73
|
if updated_files.empty?
|
|
70
74
|
raise Dependabot::DependencyFileNotFound.new(
|
|
71
75
|
nil,
|
|
@@ -109,6 +113,51 @@ module Dependabot
|
|
|
109
113
|
)
|
|
110
114
|
end
|
|
111
115
|
|
|
116
|
+
sig { params(updated_files: T::Array[Dependabot::DependencyFile]).void }
|
|
117
|
+
def update_pbxproj_files(updated_files)
|
|
118
|
+
pbxproj_files.each do |pbxproj_file|
|
|
119
|
+
scoped_dependencies = dependencies_for_pbxproj(pbxproj_file)
|
|
120
|
+
next if scoped_dependencies.empty?
|
|
121
|
+
|
|
122
|
+
updater = PbxprojUpdater.new(
|
|
123
|
+
pbxproj_file: pbxproj_file,
|
|
124
|
+
dependencies: scoped_dependencies
|
|
125
|
+
)
|
|
126
|
+
updated_content = updater.updated_pbxproj_content
|
|
127
|
+
next if updated_content == pbxproj_file.content
|
|
128
|
+
|
|
129
|
+
updated = updated_file(file: pbxproj_file, content: updated_content)
|
|
130
|
+
updated.support_file = false
|
|
131
|
+
updated_files << updated
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
sig do
|
|
136
|
+
params(pbxproj_file: Dependabot::DependencyFile)
|
|
137
|
+
.returns(T::Array[Dependabot::Dependency])
|
|
138
|
+
end
|
|
139
|
+
def dependencies_for_pbxproj(pbxproj_file)
|
|
140
|
+
dependencies.select do |dep|
|
|
141
|
+
requirement_files_for(dep).include?(pbxproj_file.name)
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
sig { params(dep: Dependabot::Dependency).returns(T::Set[String]) }
|
|
146
|
+
def requirement_files_for(dep)
|
|
147
|
+
files = dep.requirements.map { |req| req[:file] } + (dep.previous_requirements || []).map { |req| req[:file] }
|
|
148
|
+
files.compact.to_set
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
152
|
+
def pbxproj_files
|
|
153
|
+
@pbxproj_files ||= T.let(
|
|
154
|
+
dependency_files.select do |f|
|
|
155
|
+
f.name.end_with?("project.pbxproj") && f.support_file?
|
|
156
|
+
end,
|
|
157
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
|
158
|
+
)
|
|
159
|
+
end
|
|
160
|
+
|
|
112
161
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
113
162
|
def xcode_workspace_files
|
|
114
163
|
@xcode_workspace_files ||= T.let(
|
|
@@ -6,6 +6,7 @@ require "dependabot/git_commit_checker"
|
|
|
6
6
|
require "dependabot/swift/update_checker"
|
|
7
7
|
require "dependabot/swift/requirement"
|
|
8
8
|
require "dependabot/swift/version"
|
|
9
|
+
require "dependabot/swift/xcode_file_helpers"
|
|
9
10
|
require "dependabot/update_checkers/version_filters"
|
|
10
11
|
|
|
11
12
|
module Dependabot
|
|
@@ -145,12 +146,32 @@ module Dependabot
|
|
|
145
146
|
# Only versionRange has an explicit upper bound that should be respected.
|
|
146
147
|
return true if %w(exactVersion upToNextMajorVersion upToNextMinorVersion).include?(kind)
|
|
147
148
|
|
|
149
|
+
# For sub-dependencies that are not declared directly in project.pbxproj
|
|
150
|
+
# (e.g., transitive dependencies of local packages), kind will be nil and
|
|
151
|
+
# the requirement comes from Package.resolved as an equality pin.
|
|
152
|
+
# In this case, we allow updates since the actual constraint lives in
|
|
153
|
+
# the local package's Package.swift, which we don't have access to.
|
|
154
|
+
# This may produce a pin that is not resolvable for the full package graph.
|
|
155
|
+
# In Xcode mode we intentionally defer that validation to downstream
|
|
156
|
+
# SwiftPM/Xcode resolution.
|
|
157
|
+
return true if kind.nil? && package_resolved_requirement?
|
|
158
|
+
|
|
148
159
|
requirement = dependency_requirement
|
|
149
160
|
return true unless requirement
|
|
150
161
|
|
|
151
162
|
requirement.satisfied_by?(version)
|
|
152
163
|
end
|
|
153
164
|
|
|
165
|
+
# Returns true if the dependency's requirement originates from an
|
|
166
|
+
# Xcode-managed Package.resolved file (rather than project.pbxproj).
|
|
167
|
+
sig { returns(T::Boolean) }
|
|
168
|
+
def package_resolved_requirement?
|
|
169
|
+
dependency.requirements.any? do |req|
|
|
170
|
+
file = req[:file]
|
|
171
|
+
file.is_a?(String) && XcodeFileHelpers.xcode_resolved_path?(file)
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
|
|
154
175
|
sig do
|
|
155
176
|
params(
|
|
156
177
|
tags: T::Array[T::Hash[Symbol, T.untyped]]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-swift
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.369.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.369.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.369.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -252,6 +252,7 @@ files:
|
|
|
252
252
|
- lib/dependabot/swift/file_updater.rb
|
|
253
253
|
- lib/dependabot/swift/file_updater/lockfile_updater.rb
|
|
254
254
|
- lib/dependabot/swift/file_updater/manifest_updater.rb
|
|
255
|
+
- lib/dependabot/swift/file_updater/pbxproj_updater.rb
|
|
255
256
|
- lib/dependabot/swift/file_updater/requirement_replacer.rb
|
|
256
257
|
- lib/dependabot/swift/file_updater/xcode_lockfile_updater.rb
|
|
257
258
|
- lib/dependabot/swift/language.rb
|
|
@@ -273,7 +274,7 @@ licenses:
|
|
|
273
274
|
- MIT
|
|
274
275
|
metadata:
|
|
275
276
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
276
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
277
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.369.0
|
|
277
278
|
rdoc_options: []
|
|
278
279
|
require_paths:
|
|
279
280
|
- lib
|