dependabot-swift 0.384.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8ecfc5e4eb7a1047aeafd3f861b99f949efc398e2d52631443f836cfcee1844c
|
|
4
|
+
data.tar.gz: aa846626e5bd32753a4693312002ae13e64940d1274693c15d8fc5fd042c9db1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9240c61398c22267d842a763898623324e8be022605c6c910be0afcea60bd5cd3702df15ae55e9982e177e6b2190cc09306572c7bba699110a6ccdfd244611f
|
|
7
|
+
data.tar.gz: 12fdf67a310d1433d310527eb29c8bbf2b36fa4beff1fa2f2a4767f6bd61120e12e9cc5fabb1136d66070a1c7152c5480ccea74f9057eeb468a5184e7494204b
|
|
@@ -18,7 +18,6 @@ module Dependabot
|
|
|
18
18
|
|
|
19
19
|
require_relative "update_checker/requirements_updater"
|
|
20
20
|
require_relative "update_checker/version_resolver"
|
|
21
|
-
require_relative "update_checker/latest_version_resolver"
|
|
22
21
|
require_relative "update_checker/xcode_version_resolver"
|
|
23
22
|
|
|
24
23
|
sig { override.returns(T.nilable(Dependabot::Version)) }
|
|
@@ -182,14 +181,9 @@ module Dependabot
|
|
|
182
181
|
)
|
|
183
182
|
end
|
|
184
183
|
|
|
185
|
-
sig { returns(
|
|
186
|
-
def
|
|
187
|
-
|
|
188
|
-
dependency: dependency,
|
|
189
|
-
credentials: credentials,
|
|
190
|
-
cooldown_options: update_cooldown,
|
|
191
|
-
git_commit_checker: git_commit_checker
|
|
192
|
-
)
|
|
184
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
185
|
+
def latest_version_tag
|
|
186
|
+
git_commit_checker.local_tag_for_latest_version(update_cooldown)
|
|
193
187
|
end
|
|
194
188
|
|
|
195
189
|
sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
@@ -262,11 +256,6 @@ module Dependabot
|
|
|
262
256
|
)
|
|
263
257
|
end
|
|
264
258
|
|
|
265
|
-
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
266
|
-
def latest_version_tag
|
|
267
|
-
cooldown_check_version_resolver_for.latest_version_tag
|
|
268
|
-
end
|
|
269
|
-
|
|
270
259
|
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
271
260
|
def lowest_security_fix_version_tag
|
|
272
261
|
tags = git_commit_checker.local_tags_for_allowed_versions
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-swift
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -258,11 +258,9 @@ files:
|
|
|
258
258
|
- lib/dependabot/swift/language.rb
|
|
259
259
|
- lib/dependabot/swift/metadata_finder.rb
|
|
260
260
|
- lib/dependabot/swift/native_requirement.rb
|
|
261
|
-
- lib/dependabot/swift/package/package_details_fetcher.rb
|
|
262
261
|
- lib/dependabot/swift/package_manager.rb
|
|
263
262
|
- lib/dependabot/swift/requirement.rb
|
|
264
263
|
- lib/dependabot/swift/update_checker.rb
|
|
265
|
-
- lib/dependabot/swift/update_checker/latest_version_resolver.rb
|
|
266
264
|
- lib/dependabot/swift/update_checker/requirements_updater.rb
|
|
267
265
|
- lib/dependabot/swift/update_checker/version_resolver.rb
|
|
268
266
|
- lib/dependabot/swift/update_checker/xcode_version_resolver.rb
|
|
@@ -274,7 +272,7 @@ licenses:
|
|
|
274
272
|
- MIT
|
|
275
273
|
metadata:
|
|
276
274
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
275
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
278
276
|
rdoc_options: []
|
|
279
277
|
require_paths:
|
|
280
278
|
- lib
|
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
# typed: strict
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require "json"
|
|
5
|
-
require "time"
|
|
6
|
-
require "excon"
|
|
7
|
-
require "sorbet-runtime"
|
|
8
|
-
require "dependabot/swift"
|
|
9
|
-
|
|
10
|
-
module Dependabot
|
|
11
|
-
module Swift
|
|
12
|
-
module Package
|
|
13
|
-
class PackageDetailsFetcher
|
|
14
|
-
extend T::Sig
|
|
15
|
-
|
|
16
|
-
RELEASES_URL = "https://api.github.com/repos/"
|
|
17
|
-
APPLICATION_JSON = "JSON"
|
|
18
|
-
|
|
19
|
-
sig do
|
|
20
|
-
params(
|
|
21
|
-
dependency: Dependency,
|
|
22
|
-
credentials: T::Array[Dependabot::Credential],
|
|
23
|
-
git_commit_checker: Dependabot::GitCommitChecker
|
|
24
|
-
).void
|
|
25
|
-
end
|
|
26
|
-
def initialize(dependency:, credentials:, git_commit_checker:)
|
|
27
|
-
@dependency = dependency
|
|
28
|
-
@credentials = credentials
|
|
29
|
-
@git_commit_checker = git_commit_checker
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
sig { returns(Dependabot::GitCommitChecker) }
|
|
33
|
-
attr_reader :git_commit_checker
|
|
34
|
-
|
|
35
|
-
sig { returns(T::Array[Dependabot::Credential]) }
|
|
36
|
-
attr_reader :credentials
|
|
37
|
-
|
|
38
|
-
sig { returns(T::Array[GitTagWithDetail]) }
|
|
39
|
-
def fetch_tag_and_release_date
|
|
40
|
-
truncate_github_url = @dependency.name.gsub("github.com/", "")
|
|
41
|
-
url = RELEASES_URL + "#{truncate_github_url}/releases"
|
|
42
|
-
result_lines = T.let([], T::Array[GitTagWithDetail])
|
|
43
|
-
# Fetch the releases from the GitHub API
|
|
44
|
-
response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
|
|
45
|
-
Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
|
|
46
|
-
return result_lines unless response.status == 200
|
|
47
|
-
|
|
48
|
-
# Parse the JSON response
|
|
49
|
-
releases = JSON.parse(response.body)
|
|
50
|
-
|
|
51
|
-
# Extract version names and release dates into a hash
|
|
52
|
-
releases.map do |release|
|
|
53
|
-
result_lines << GitTagWithDetail.new(
|
|
54
|
-
tag: release["tag_name"],
|
|
55
|
-
release_date: release["published_at"]
|
|
56
|
-
)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
# sort the result lines by tag in descending order
|
|
60
|
-
result_lines = result_lines.sort_by(&:tag).reverse
|
|
61
|
-
# Log the extracted details for debugging
|
|
62
|
-
Dependabot.logger.info("Extracted release details: #{result_lines}")
|
|
63
|
-
result_lines
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|
|
@@ -1,171 +0,0 @@
|
|
|
1
|
-
# typed: strong
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require "dependabot/update_checkers/base"
|
|
5
|
-
require "dependabot/swift/file_parser/dependency_parser"
|
|
6
|
-
require "dependabot/swift/file_updater/lockfile_updater"
|
|
7
|
-
require "dependabot/swift/package/package_details_fetcher"
|
|
8
|
-
require "sorbet-runtime"
|
|
9
|
-
require "dependabot/git_commit_checker"
|
|
10
|
-
|
|
11
|
-
module Dependabot
|
|
12
|
-
module Swift
|
|
13
|
-
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
14
|
-
class LatestVersionResolver
|
|
15
|
-
extend T::Sig
|
|
16
|
-
|
|
17
|
-
DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
|
|
18
|
-
|
|
19
|
-
sig do
|
|
20
|
-
params(
|
|
21
|
-
dependency: Dependabot::Dependency,
|
|
22
|
-
credentials: T::Array[Dependabot::Credential],
|
|
23
|
-
cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
|
|
24
|
-
git_commit_checker: Dependabot::GitCommitChecker
|
|
25
|
-
).void
|
|
26
|
-
end
|
|
27
|
-
def initialize(dependency:, credentials:, cooldown_options:, git_commit_checker:)
|
|
28
|
-
@dependency = dependency
|
|
29
|
-
@credentials = credentials
|
|
30
|
-
@cooldown_options = cooldown_options
|
|
31
|
-
@git_commit_checker = T.let(
|
|
32
|
-
git_commit_checker,
|
|
33
|
-
Dependabot::GitCommitChecker
|
|
34
|
-
)
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
sig { returns(Dependabot::Dependency) }
|
|
38
|
-
attr_reader :dependency
|
|
39
|
-
|
|
40
|
-
sig { returns(T::Array[Dependabot::Credential]) }
|
|
41
|
-
attr_reader :credentials
|
|
42
|
-
|
|
43
|
-
sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
|
|
44
|
-
attr_reader :cooldown_options
|
|
45
|
-
|
|
46
|
-
sig { returns(Dependabot::GitCommitChecker) }
|
|
47
|
-
attr_reader :git_commit_checker
|
|
48
|
-
|
|
49
|
-
# Return latest version tag for the dependency, it removes tags that are in cooldown period
|
|
50
|
-
# and returns the latest version tag that is not in cooldown period. If an exception occurs
|
|
51
|
-
# and returns the latest version tag that is not in cooldown period. If an exception occurs,
|
|
52
|
-
# it will return the latest version tag from the git_commit_checker, as before.
|
|
53
|
-
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
54
|
-
def latest_version_tag
|
|
55
|
-
# step one fetch allowed version tags and
|
|
56
|
-
return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
|
|
57
|
-
|
|
58
|
-
allowed_version_tags = git_commit_checker.allowed_version_tags
|
|
59
|
-
select_version_tags_in_cooldown_period&.each do |tag_name|
|
|
60
|
-
# filter out if name is in cooldown period
|
|
61
|
-
allowed_version_tags.reject! do |gitref_filtered|
|
|
62
|
-
gitref_filtered.name == tag_name
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
git_commit_checker.max_local_tag(allowed_version_tags)
|
|
67
|
-
rescue StandardError => e
|
|
68
|
-
Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
|
|
69
|
-
git_commit_checker.local_tag_for_latest_version
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
sig { returns(T.nilable(T::Array[String])) }
|
|
73
|
-
def select_version_tags_in_cooldown_period
|
|
74
|
-
version_tags_in_cooldown_period = T.let([], T::Array[String])
|
|
75
|
-
|
|
76
|
-
package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
|
|
77
|
-
if check_if_version_in_cooldown_period?(git_tag_with_detail)
|
|
78
|
-
version_tags_in_cooldown_period << git_tag_with_detail.tag
|
|
79
|
-
end
|
|
80
|
-
end
|
|
81
|
-
version_tags_in_cooldown_period
|
|
82
|
-
rescue StandardError => e
|
|
83
|
-
Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
|
|
84
|
-
version_tags_in_cooldown_period
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
|
|
88
|
-
def check_if_version_in_cooldown_period?(tag_with_detail)
|
|
89
|
-
return false unless tag_with_detail.release_date
|
|
90
|
-
|
|
91
|
-
current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
|
|
92
|
-
days = cooldown_days_for(current_version, version_class.new(tag_with_detail.tag.delete("v")))
|
|
93
|
-
|
|
94
|
-
# Calculate the number of seconds passed since the release
|
|
95
|
-
passed_seconds = Time.now.to_i - release_date_to_seconds(tag_with_detail.release_date)
|
|
96
|
-
# Check if the release is within the cooldown period
|
|
97
|
-
passed_seconds < days * DAY_IN_SECONDS
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
sig do
|
|
101
|
-
params(
|
|
102
|
-
current_version: T.nilable(Dependabot::Version),
|
|
103
|
-
new_version: Dependabot::Version
|
|
104
|
-
).returns(Integer)
|
|
105
|
-
end
|
|
106
|
-
def cooldown_days_for(current_version, new_version)
|
|
107
|
-
return 0 unless cooldown_enabled?
|
|
108
|
-
|
|
109
|
-
cooldown = T.must(cooldown_options)
|
|
110
|
-
return 0 unless cooldown.included?(dependency.name)
|
|
111
|
-
return cooldown.default_days if current_version.nil?
|
|
112
|
-
|
|
113
|
-
current_version_semver = current_version.semver_parts
|
|
114
|
-
new_version_semver = new_version.semver_parts
|
|
115
|
-
|
|
116
|
-
# If semver_parts is nil for either, return default cooldown
|
|
117
|
-
return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
|
|
118
|
-
|
|
119
|
-
# Ensure values are always integers
|
|
120
|
-
current_major, current_minor, current_patch = current_version_semver
|
|
121
|
-
new_major, new_minor, new_patch = new_version_semver
|
|
122
|
-
|
|
123
|
-
# Determine cooldown based on version difference
|
|
124
|
-
return cooldown.semver_major_days if new_major > current_major
|
|
125
|
-
return cooldown.semver_minor_days if new_minor > current_minor
|
|
126
|
-
return cooldown.semver_patch_days if new_patch > current_patch
|
|
127
|
-
|
|
128
|
-
cooldown.default_days
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
sig { returns(T.class_of(Dependabot::Version)) }
|
|
132
|
-
def version_class
|
|
133
|
-
dependency.version_class
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
sig { params(release_date: T.nilable(String)).returns(Integer) }
|
|
137
|
-
def release_date_to_seconds(release_date)
|
|
138
|
-
return 0 unless release_date
|
|
139
|
-
|
|
140
|
-
Time.parse(release_date).to_i
|
|
141
|
-
rescue ArgumentError => e
|
|
142
|
-
Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
|
|
143
|
-
0 # Default to 360 days in seconds if parsing fails, so that it will not be in cooldown
|
|
144
|
-
end
|
|
145
|
-
|
|
146
|
-
sig { returns(Package::PackageDetailsFetcher) }
|
|
147
|
-
def package_details_fetcher
|
|
148
|
-
@package_details_fetcher ||= T.let(
|
|
149
|
-
Package::PackageDetailsFetcher.new(
|
|
150
|
-
dependency: dependency,
|
|
151
|
-
credentials: credentials,
|
|
152
|
-
git_commit_checker: git_commit_checker
|
|
153
|
-
),
|
|
154
|
-
T.nilable(Package::PackageDetailsFetcher)
|
|
155
|
-
)
|
|
156
|
-
end
|
|
157
|
-
|
|
158
|
-
sig { returns(T::Boolean) }
|
|
159
|
-
def cooldown_enabled?
|
|
160
|
-
return false if cooldown_options.nil?
|
|
161
|
-
|
|
162
|
-
cooldown = T.must(cooldown_options)
|
|
163
|
-
cooldown.default_days.to_i.positive? ||
|
|
164
|
-
cooldown.semver_major_days.to_i.positive? ||
|
|
165
|
-
cooldown.semver_minor_days.to_i.positive? ||
|
|
166
|
-
cooldown.semver_patch_days.to_i.positive?
|
|
167
|
-
end
|
|
168
|
-
end
|
|
169
|
-
end
|
|
170
|
-
end
|
|
171
|
-
end
|