dependabot-swift 0.384.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6cf94b34911945b4f8885eff1363488d114f46787eef9d3f3cea702932681a1a
4
- data.tar.gz: 7af4cbf5d88e97539e6ad1faf0bfe137f13b0f2baa79b542d890a230a4a0fc93
3
+ metadata.gz: 8ecfc5e4eb7a1047aeafd3f861b99f949efc398e2d52631443f836cfcee1844c
4
+ data.tar.gz: aa846626e5bd32753a4693312002ae13e64940d1274693c15d8fc5fd042c9db1
5
5
  SHA512:
6
- metadata.gz: 468b122655b44dc0d6a992f70df04b2b3dc4ffaf03f96c97f159fb13a08ae4bf8c6adc12766acdbc86fa10dfea627912b2975031df99880f4dbe5c3bcce9e10a
7
- data.tar.gz: 5a719d8cd8cda56ee0eea34cf7521b5c6b401f8b1e2a96aafbffc462d894798917614d442a7b7a9dde328d452d9b8aca292b396bd8ba782970518d6275a7047a
6
+ metadata.gz: e9240c61398c22267d842a763898623324e8be022605c6c910be0afcea60bd5cd3702df15ae55e9982e177e6b2190cc09306572c7bba699110a6ccdfd244611f
7
+ data.tar.gz: 12fdf67a310d1433d310527eb29c8bbf2b36fa4beff1fa2f2a4767f6bd61120e12e9cc5fabb1136d66070a1c7152c5480ccea74f9057eeb468a5184e7494204b
@@ -18,7 +18,6 @@ module Dependabot
18
18
 
19
19
  require_relative "update_checker/requirements_updater"
20
20
  require_relative "update_checker/version_resolver"
21
- require_relative "update_checker/latest_version_resolver"
22
21
  require_relative "update_checker/xcode_version_resolver"
23
22
 
24
23
  sig { override.returns(T.nilable(Dependabot::Version)) }
@@ -182,14 +181,9 @@ module Dependabot
182
181
  )
183
182
  end
184
183
 
185
- sig { returns(LatestVersionResolver) }
186
- def cooldown_check_version_resolver_for
187
- LatestVersionResolver.new(
188
- dependency: dependency,
189
- credentials: credentials,
190
- cooldown_options: update_cooldown,
191
- git_commit_checker: git_commit_checker
192
- )
184
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
185
+ def latest_version_tag
186
+ git_commit_checker.local_tag_for_latest_version(update_cooldown)
193
187
  end
194
188
 
195
189
  sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
@@ -262,11 +256,6 @@ module Dependabot
262
256
  )
263
257
  end
264
258
 
265
- sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
266
- def latest_version_tag
267
- cooldown_check_version_resolver_for.latest_version_tag
268
- end
269
-
270
259
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
271
260
  def lowest_security_fix_version_tag
272
261
  tags = git_commit_checker.local_tags_for_allowed_versions
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-swift
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.384.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.384.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.384.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -258,11 +258,9 @@ files:
258
258
  - lib/dependabot/swift/language.rb
259
259
  - lib/dependabot/swift/metadata_finder.rb
260
260
  - lib/dependabot/swift/native_requirement.rb
261
- - lib/dependabot/swift/package/package_details_fetcher.rb
262
261
  - lib/dependabot/swift/package_manager.rb
263
262
  - lib/dependabot/swift/requirement.rb
264
263
  - lib/dependabot/swift/update_checker.rb
265
- - lib/dependabot/swift/update_checker/latest_version_resolver.rb
266
264
  - lib/dependabot/swift/update_checker/requirements_updater.rb
267
265
  - lib/dependabot/swift/update_checker/version_resolver.rb
268
266
  - lib/dependabot/swift/update_checker/xcode_version_resolver.rb
@@ -274,7 +272,7 @@ licenses:
274
272
  - MIT
275
273
  metadata:
276
274
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
277
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
275
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
278
276
  rdoc_options: []
279
277
  require_paths:
280
278
  - lib
@@ -1,68 +0,0 @@
1
- # typed: strict
2
- # frozen_string_literal: true
3
-
4
- require "json"
5
- require "time"
6
- require "excon"
7
- require "sorbet-runtime"
8
- require "dependabot/swift"
9
-
10
- module Dependabot
11
- module Swift
12
- module Package
13
- class PackageDetailsFetcher
14
- extend T::Sig
15
-
16
- RELEASES_URL = "https://api.github.com/repos/"
17
- APPLICATION_JSON = "JSON"
18
-
19
- sig do
20
- params(
21
- dependency: Dependency,
22
- credentials: T::Array[Dependabot::Credential],
23
- git_commit_checker: Dependabot::GitCommitChecker
24
- ).void
25
- end
26
- def initialize(dependency:, credentials:, git_commit_checker:)
27
- @dependency = dependency
28
- @credentials = credentials
29
- @git_commit_checker = git_commit_checker
30
- end
31
-
32
- sig { returns(Dependabot::GitCommitChecker) }
33
- attr_reader :git_commit_checker
34
-
35
- sig { returns(T::Array[Dependabot::Credential]) }
36
- attr_reader :credentials
37
-
38
- sig { returns(T::Array[GitTagWithDetail]) }
39
- def fetch_tag_and_release_date
40
- truncate_github_url = @dependency.name.gsub("github.com/", "")
41
- url = RELEASES_URL + "#{truncate_github_url}/releases"
42
- result_lines = T.let([], T::Array[GitTagWithDetail])
43
- # Fetch the releases from the GitHub API
44
- response = Excon.get(url, headers: { "Accept" => "application/vnd.github.v3+json" })
45
- Dependabot.logger.error("Failed call details: #{response.body}") unless response.status == 200
46
- return result_lines unless response.status == 200
47
-
48
- # Parse the JSON response
49
- releases = JSON.parse(response.body)
50
-
51
- # Extract version names and release dates into a hash
52
- releases.map do |release|
53
- result_lines << GitTagWithDetail.new(
54
- tag: release["tag_name"],
55
- release_date: release["published_at"]
56
- )
57
- end
58
-
59
- # sort the result lines by tag in descending order
60
- result_lines = result_lines.sort_by(&:tag).reverse
61
- # Log the extracted details for debugging
62
- Dependabot.logger.info("Extracted release details: #{result_lines}")
63
- result_lines
64
- end
65
- end
66
- end
67
- end
68
- end
@@ -1,171 +0,0 @@
1
- # typed: strong
2
- # frozen_string_literal: true
3
-
4
- require "dependabot/update_checkers/base"
5
- require "dependabot/swift/file_parser/dependency_parser"
6
- require "dependabot/swift/file_updater/lockfile_updater"
7
- require "dependabot/swift/package/package_details_fetcher"
8
- require "sorbet-runtime"
9
- require "dependabot/git_commit_checker"
10
-
11
- module Dependabot
12
- module Swift
13
- class UpdateChecker < Dependabot::UpdateCheckers::Base
14
- class LatestVersionResolver
15
- extend T::Sig
16
-
17
- DAY_IN_SECONDS = T.let(24 * 60 * 60, Integer)
18
-
19
- sig do
20
- params(
21
- dependency: Dependabot::Dependency,
22
- credentials: T::Array[Dependabot::Credential],
23
- cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
24
- git_commit_checker: Dependabot::GitCommitChecker
25
- ).void
26
- end
27
- def initialize(dependency:, credentials:, cooldown_options:, git_commit_checker:)
28
- @dependency = dependency
29
- @credentials = credentials
30
- @cooldown_options = cooldown_options
31
- @git_commit_checker = T.let(
32
- git_commit_checker,
33
- Dependabot::GitCommitChecker
34
- )
35
- end
36
-
37
- sig { returns(Dependabot::Dependency) }
38
- attr_reader :dependency
39
-
40
- sig { returns(T::Array[Dependabot::Credential]) }
41
- attr_reader :credentials
42
-
43
- sig { returns(T.nilable(Dependabot::Package::ReleaseCooldownOptions)) }
44
- attr_reader :cooldown_options
45
-
46
- sig { returns(Dependabot::GitCommitChecker) }
47
- attr_reader :git_commit_checker
48
-
49
- # Return latest version tag for the dependency, it removes tags that are in cooldown period
50
- # and returns the latest version tag that is not in cooldown period. If an exception occurs
51
- # and returns the latest version tag that is not in cooldown period. If an exception occurs,
52
- # it will return the latest version tag from the git_commit_checker, as before.
53
- sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
54
- def latest_version_tag
55
- # step one fetch allowed version tags and
56
- return git_commit_checker.local_tag_for_latest_version unless cooldown_enabled?
57
-
58
- allowed_version_tags = git_commit_checker.allowed_version_tags
59
- select_version_tags_in_cooldown_period&.each do |tag_name|
60
- # filter out if name is in cooldown period
61
- allowed_version_tags.reject! do |gitref_filtered|
62
- gitref_filtered.name == tag_name
63
- end
64
- end
65
-
66
- git_commit_checker.max_local_tag(allowed_version_tags)
67
- rescue StandardError => e
68
- Dependabot.logger.error("Error fetching latest version tag: #{e.message}")
69
- git_commit_checker.local_tag_for_latest_version
70
- end
71
-
72
- sig { returns(T.nilable(T::Array[String])) }
73
- def select_version_tags_in_cooldown_period
74
- version_tags_in_cooldown_period = T.let([], T::Array[String])
75
-
76
- package_details_fetcher.fetch_tag_and_release_date.each do |git_tag_with_detail|
77
- if check_if_version_in_cooldown_period?(git_tag_with_detail)
78
- version_tags_in_cooldown_period << git_tag_with_detail.tag
79
- end
80
- end
81
- version_tags_in_cooldown_period
82
- rescue StandardError => e
83
- Dependabot.logger.error("Error checking if version is in cooldown: #{e.message}")
84
- version_tags_in_cooldown_period
85
- end
86
-
87
- sig { params(tag_with_detail: Dependabot::GitTagWithDetail).returns(T::Boolean) }
88
- def check_if_version_in_cooldown_period?(tag_with_detail)
89
- return false unless tag_with_detail.release_date
90
-
91
- current_version = version_class.correct?(dependency.version) ? version_class.new(dependency.version) : nil
92
- days = cooldown_days_for(current_version, version_class.new(tag_with_detail.tag.delete("v")))
93
-
94
- # Calculate the number of seconds passed since the release
95
- passed_seconds = Time.now.to_i - release_date_to_seconds(tag_with_detail.release_date)
96
- # Check if the release is within the cooldown period
97
- passed_seconds < days * DAY_IN_SECONDS
98
- end
99
-
100
- sig do
101
- params(
102
- current_version: T.nilable(Dependabot::Version),
103
- new_version: Dependabot::Version
104
- ).returns(Integer)
105
- end
106
- def cooldown_days_for(current_version, new_version)
107
- return 0 unless cooldown_enabled?
108
-
109
- cooldown = T.must(cooldown_options)
110
- return 0 unless cooldown.included?(dependency.name)
111
- return cooldown.default_days if current_version.nil?
112
-
113
- current_version_semver = current_version.semver_parts
114
- new_version_semver = new_version.semver_parts
115
-
116
- # If semver_parts is nil for either, return default cooldown
117
- return cooldown.default_days if current_version_semver.nil? || new_version_semver.nil?
118
-
119
- # Ensure values are always integers
120
- current_major, current_minor, current_patch = current_version_semver
121
- new_major, new_minor, new_patch = new_version_semver
122
-
123
- # Determine cooldown based on version difference
124
- return cooldown.semver_major_days if new_major > current_major
125
- return cooldown.semver_minor_days if new_minor > current_minor
126
- return cooldown.semver_patch_days if new_patch > current_patch
127
-
128
- cooldown.default_days
129
- end
130
-
131
- sig { returns(T.class_of(Dependabot::Version)) }
132
- def version_class
133
- dependency.version_class
134
- end
135
-
136
- sig { params(release_date: T.nilable(String)).returns(Integer) }
137
- def release_date_to_seconds(release_date)
138
- return 0 unless release_date
139
-
140
- Time.parse(release_date).to_i
141
- rescue ArgumentError => e
142
- Dependabot.logger.error("Invalid release date format: #{release_date} and error: #{e.message}")
143
- 0 # Default to 360 days in seconds if parsing fails, so that it will not be in cooldown
144
- end
145
-
146
- sig { returns(Package::PackageDetailsFetcher) }
147
- def package_details_fetcher
148
- @package_details_fetcher ||= T.let(
149
- Package::PackageDetailsFetcher.new(
150
- dependency: dependency,
151
- credentials: credentials,
152
- git_commit_checker: git_commit_checker
153
- ),
154
- T.nilable(Package::PackageDetailsFetcher)
155
- )
156
- end
157
-
158
- sig { returns(T::Boolean) }
159
- def cooldown_enabled?
160
- return false if cooldown_options.nil?
161
-
162
- cooldown = T.must(cooldown_options)
163
- cooldown.default_days.to_i.positive? ||
164
- cooldown.semver_major_days.to_i.positive? ||
165
- cooldown.semver_minor_days.to_i.positive? ||
166
- cooldown.semver_patch_days.to_i.positive?
167
- end
168
- end
169
- end
170
- end
171
- end