RubyGems - dependabot-swift - Versions diffs - 0.309.0 → 0.310.0 - Mend

dependabot-swift 0.309.0 → 0.310.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/lib/dependabot/swift/file_fetcher.rb +7 -6
data/lib/dependabot/swift/file_parser/dependency_parser.rb +36 -2
data/lib/dependabot/swift/file_parser/manifest_parser.rb +1 -1
data/lib/dependabot/swift/file_parser.rb +10 -4
data/lib/dependabot/swift/file_updater/lockfile_updater.rb +25 -1
data/lib/dependabot/swift/file_updater/manifest_updater.rb +18 -2
data/lib/dependabot/swift/file_updater/requirement_replacer.rb +20 -1
data/lib/dependabot/swift/file_updater.rb +32 -14
data/lib/dependabot/swift/native_requirement.rb +45 -8
data/lib/dependabot/swift/requirement.rb +2 -1
data/lib/dependabot/swift/update_checker/requirements_updater.rb +15 -3
data/lib/dependabot/swift/update_checker/version_resolver.rb +38 -5
data/lib/dependabot/swift/update_checker.rb +66 -21
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: def941d448813d13dca186196a3ac7af51f17aa15eb394dd58435bde0ffa1d0c
-  data.tar.gz: 92e7551fa11eb1f2dbf4f2ca4a34bdb97bda5655213fa728a8de299d28d0ea05
+  metadata.gz: 3296c203aea249a1771176e1d51c18009c4dec28e0becc4f45eacb6d35a4a0d9
+  data.tar.gz: 84c8ff4fd0ed2c2808e7c5d76a764c27c78c7b306f973c48d156a3b28ba88de3
 SHA512:
-  metadata.gz: 6ae4f8dd8e6b0ac5c4b5ddd428eb527efc10d44c541561f6d52e70bd295f159cf29ff50e9491d1ebc4c2d9f0b2f9812c0224236049d4cd70104c3cdfcda6e1cb
-  data.tar.gz: 7d9bcc974dd8ec8b7c1af6a25612b08ab239b4163a8f09f03ab9ade594c754dcba5a5db4fd9655efab9988df4c32da50898ef7c8b8250824797338ea704e03d1
+  metadata.gz: e2de9a09b1bc6ee96a7c7e97a9b63ba74930ce9df5929115dd96f065039140ff3f64e69086b01b15e169729716e48fe9e726ea549042994f0f858db90cb03688
+  data.tar.gz: ee379e432ea24ba9ea6c6adb9c5418cdc1f8158b04b9af49bfd88e77339ab24b63273294f9b160f060fbe262273615912800987d18dd5912d9cf334d493b1987

data/lib/dependabot/swift/file_fetcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -9,12 +9,13 @@ module Dependabot
   module Swift
     class FileFetcher < Dependabot::FileFetchers::Base
       extend T::Sig
-      extend T::Helpers
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
         filenames.include?("Package.swift")
       end
+      sig { override.returns(String) }
       def self.required_files_message
         "Repo must contain a Package.swift configuration file."
       end
@@ -29,14 +30,14 @@ module Dependabot
       private
+      sig { returns(Dependabot::DependencyFile) }
       def package_manifest
-        @package_manifest ||= fetch_file_from_host("Package.swift")
+        @package_manifest ||= T.let(fetch_file_from_host("Package.swift"), T.nilable(DependencyFile))
       end
+      sig { returns(T.nilable(DependencyFile)) }
       def package_resolved
-        return @package_resolved if defined?(@package_resolved)
-        @package_resolved = fetch_file_if_present("Package.resolved")
+        @package_resolved = T.let(fetch_file_if_present("Package.resolved"), T.nilable(DependencyFile))
       end
     end
   end

data/lib/dependabot/swift/file_parser/dependency_parser.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/file_parsers/base"
 require "dependabot/shared_helpers"
 require "dependabot/dependency"
@@ -11,14 +12,25 @@ module Dependabot
   module Swift
     class FileParser < Dependabot::FileParsers::Base
       class DependencyParser
+        extend T::Sig
+        sig do
+          params(
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            repo_contents_path: T.nilable(String),
+            credentials: T::Array[Dependabot::Credential]
+          )
+            .void
+        end
         def initialize(dependency_files:, repo_contents_path:, credentials:)
           @dependency_files = dependency_files
           @repo_contents_path = repo_contents_path
           @credentials = credentials
         end
+        sig { returns(T::Array[Dependabot::Dependency]) }
         def parse
-          SharedHelpers.in_a_temporary_repo_directory(dependency_files.first.directory, repo_contents_path) do
+          SharedHelpers.in_a_temporary_repo_directory(T.must(dependency_files.first).directory, repo_contents_path) do
             write_temporary_dependency_files
             SharedHelpers.with_git_configured(credentials: credentials) do
@@ -29,12 +41,14 @@ module Dependabot
         private
+        sig { void }
         def write_temporary_dependency_files
           dependency_files.each do |file|
             File.write(file.name, file.content)
           end
         end
+        sig { returns(T::Hash[String, T.untyped]) }
         def formatted_deps
           deps = SharedHelpers.run_shell_command(
             "swift package show-dependencies --format json",
@@ -44,10 +58,24 @@ module Dependabot
           JSON.parse(deps)
         end
+        sig do
+          params(
+            data: T::Hash[String, T.untyped],
+            level: Integer
+          )
+            .returns(T::Array[Dependabot::Dependency])
+        end
         def subdependencies(data, level: 0)
           data["dependencies"].flat_map { |root| all_dependencies(root, level: level) }
         end
+        sig do
+          params(
+            data: T::Hash[String, T.untyped],
+            level: Integer
+          )
+            .returns(T::Array[Dependabot::Dependency])
+        end
         def all_dependencies(data, level: 0)
           identity = data["identity"]
           url = SharedHelpers.scp_to_standard(data["url"])
@@ -69,14 +97,20 @@ module Dependabot
           [dep, *subdependencies(data, level: level + 1)].compact
         end
+        sig { params(source: String).returns(String) }
         def normalize(source)
           uri = URI.parse(source.downcase)
           "#{uri.host}#{uri.path}".delete_prefix("www.").delete_suffix(".git")
         end
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+        sig { returns(T.nilable(String)) }
         attr_reader :repo_contents_path
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
       end
     end

data/lib/dependabot/swift/file_parser/manifest_parser.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Dependabot
           return [] unless found
           declaration = T.cast(found, T::Array[String]).first
-          requirement = NativeRequirement.new(T.cast(found, T::Array[String]).last)
+          requirement = NativeRequirement.new(T.must(T.cast(found, T::Array[String]).last))
           [
             {

data/lib/dependabot/swift/file_parser.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/dependency"
@@ -12,16 +12,19 @@ require "dependabot/swift/language"
 module Dependabot
   module Swift
     class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
       require "dependabot/file_parsers/base/dependency_set"
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         dependency_set = DependencySet.new
         dependency_parser.parse.map do |dep|
           if dep.top_level?
-            source = dep.requirements.first[:source]
+            source = T.must(dep.requirements.first)[:source]
-            requirements = ManifestParser.new(package_manifest_file, source: source).requirements
+            requirements = ManifestParser.new(T.must(package_manifest_file), source: source).requirements
             dependency_set << Dependency.new(
               name: dep.name,
@@ -51,6 +54,7 @@ module Dependabot
       private
+      sig { returns(Dependabot::Swift::FileParser::DependencyParser) }
       def dependency_parser
         DependencyParser.new(
           dependency_files: dependency_files,
@@ -59,13 +63,15 @@ module Dependabot
         )
       end
+      sig { override.void }
       def check_required_files
         raise "No Package.swift!" unless package_manifest_file
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def package_manifest_file
         # TODO: Select version-specific manifest
-        @package_manifest_file ||= get_original_file("Package.swift")
+        @package_manifest_file ||= T.let(get_original_file("Package.swift"), T.nilable(Dependabot::DependencyFile))
       end
       sig { returns(Ecosystem::VersionManager) }

data/lib/dependabot/swift/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -1,14 +1,27 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/file_updaters/base"
 require "dependabot/shared_helpers"
 require "dependabot/logger"
+require "sorbet-runtime"
 module Dependabot
   module Swift
     class FileUpdater < Dependabot::FileUpdaters::Base
       class LockfileUpdater
+        extend T::Sig
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            manifest: Dependabot::DependencyFile,
+            repo_contents_path: String,
+            credentials: T::Array[Dependabot::Credential],
+            target_version: T.nilable(String)
+          )
+            .void
+        end
         def initialize(dependency:, manifest:, repo_contents_path:, credentials:, target_version: nil)
           @dependency = dependency
           @manifest = manifest
@@ -17,6 +30,7 @@ module Dependabot
           @target_version = target_version
         end
+        sig { returns(String) }
         def updated_lockfile_content
           SharedHelpers.in_a_temporary_repo_directory(manifest.directory, repo_contents_path) do
             File.write(manifest.name, manifest.content)
@@ -31,6 +45,7 @@ module Dependabot
         private
+        sig { params(dependency_name: String).void }
         def try_lockfile_update(dependency_name)
           if target_version
             SharedHelpers.run_shell_command(
@@ -51,10 +66,19 @@ module Dependabot
           Dependabot.logger.info("Lockfile failed to be updated due to error:\n#{e.message}")
         end
+        sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :manifest
+        sig { returns(String) }
         attr_reader :repo_contents_path
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+        sig { returns(T.nilable(String)) }
         attr_reader :target_version
       end
     end

data/lib/dependabot/swift/file_updater/manifest_updater.rb CHANGED Viewed

@@ -1,19 +1,30 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/file_updaters/base"
 require "dependabot/swift/file_updater/requirement_replacer"
+require "sorbet-runtime"
 module Dependabot
   module Swift
     class FileUpdater < FileUpdaters::Base
       class ManifestUpdater
+        extend T::Sig
+        sig do
+          params(
+            content: String, old_requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            new_requirements: T::Array[T::Hash[Symbol, T.untyped]]
+          )
+            .void
+        end
         def initialize(content, old_requirements:, new_requirements:)
           @content = content
           @old_requirements = old_requirements
           @new_requirements = new_requirements
         end
+        sig { returns(String) }
         def updated_manifest_content
           updated_content = content
@@ -22,7 +33,7 @@ module Dependabot
               content: updated_content,
               declaration: old[:metadata][:declaration_string],
               old_requirement: old[:metadata][:requirement_string],
-              new_requirement: new[:metadata][:requirement_string]
+              new_requirement: T.must(new)[:metadata][:requirement_string]
             ).updated_content
           end
@@ -31,8 +42,13 @@ module Dependabot
         private
+        sig { returns(String) }
         attr_reader :content
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :old_requirements
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         attr_reader :new_requirements
       end
     end

data/lib/dependabot/swift/file_updater/requirement_replacer.rb CHANGED Viewed

@@ -1,12 +1,23 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/file_updaters/base"
+require "sorbet-runtime"
 module Dependabot
   module Swift
     class FileUpdater < Dependabot::FileUpdaters::Base
       class RequirementReplacer
+        extend T::Sig
+        sig do
+          params(
+            content: String,
+            declaration: String,
+            old_requirement: String,
+            new_requirement: String
+          ).void
+        end
         def initialize(content:, declaration:, old_requirement:, new_requirement:)
           @content         = content
           @declaration     = declaration
@@ -14,6 +25,7 @@ module Dependabot
           @new_requirement = new_requirement
         end
+        sig { returns(String) }
         def updated_content
           content.gsub(declaration) do |match|
             match.to_s.sub(old_requirement, new_requirement)
@@ -22,9 +34,16 @@ module Dependabot
         private
+        sig { returns(String) }
         attr_reader :content
+        sig { returns(String) }
         attr_reader :declaration
+        sig { returns(String) }
         attr_reader :old_requirement
+        sig { returns(String) }
         attr_reader :new_requirement
       end
     end

data/lib/dependabot/swift/file_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "dependabot/file_updaters"
@@ -9,6 +9,9 @@ require "dependabot/swift/file_updater/manifest_updater"
 module Dependabot
   module Swift
     class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+      sig { override.returns(T::Array[Regexp]) }
       def self.updated_files_regex
         [
           /Package(@swift-\d(\.\d){0,2})?\.swift/,
@@ -16,18 +19,21 @@ module Dependabot
         ]
       end
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
-        updated_files = []
+        updated_files = T.let([], T::Array[Dependabot::DependencyFile])
-        SharedHelpers.in_a_temporary_repo_directory(manifest.directory, repo_contents_path) do
-          updated_manifest = nil
+        SharedHelpers.in_a_temporary_repo_directory(T.must(manifest).directory, repo_contents_path) do
+          updated_manifest = T.let(nil, T.nilable(Dependabot::DependencyFile))
-          if file_changed?(manifest)
-            updated_manifest = updated_file(file: manifest, content: updated_manifest_content)
+          if file_changed?(T.must(manifest))
+            updated_manifest = updated_file(file: T.must(manifest), content: updated_manifest_content)
             updated_files << updated_manifest
           end
-          updated_files << updated_file(file: lockfile, content: updated_lockfile_content(updated_manifest)) if lockfile
+          if lockfile
+            updated_files << updated_file(file: T.must(lockfile), content: updated_lockfile_content(updated_manifest))
+          end
         end
         updated_files
@@ -35,42 +41,54 @@ module Dependabot
       private
+      sig { returns(Dependabot::Dependency) }
       def dependency
         # For now we will be updating a single dependency.
         # TODO: Revisit when/if implementing full unlocks
-        dependencies.first
+        T.must(dependencies.first)
       end
+      sig { override.void }
       def check_required_files
         raise "A Package.swift file must be provided!" unless manifest
       end
+      sig { returns(String) }
       def updated_manifest_content
         ManifestUpdater.new(
-          manifest.content,
-          old_requirements: dependency.previous_requirements,
+          T.must(T.must(manifest).content),
+          old_requirements: T.must(dependency.previous_requirements),
           new_requirements: dependency.requirements
         ).updated_manifest_content
       end
+      sig { params(updated_manifest: T.nilable(Dependabot::DependencyFile)).returns(String) }
       def updated_lockfile_content(updated_manifest)
         LockfileUpdater.new(
           dependency: dependency,
-          manifest: updated_manifest || manifest,
-          repo_contents_path: repo_contents_path,
+          manifest: T.must(updated_manifest || manifest),
+          repo_contents_path: T.must(repo_contents_path),
           credentials: credentials,
           target_version: dependency.version
         ).updated_lockfile_content
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def manifest
-        @manifest ||= get_original_file("Package.swift")
+        @manifest ||= T.let(
+          get_original_file("Package.swift"),
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def lockfile
         return @lockfile if defined?(@lockfile)
-        @lockfile = get_original_file("Package.resolved")
+        @lockfile = T.let(
+          get_original_file("Package.resolved"),
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
     end
   end

data/lib/dependabot/swift/native_requirement.rb CHANGED Viewed

@@ -1,18 +1,30 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/utils"
 require "dependabot/swift/requirement"
+require "sorbet-runtime"
 module Dependabot
   module Swift
     class NativeRequirement
+      extend T::Sig
       # TODO: Support pinning to specific revisions
-      REGEXP = /(from.*|\.upToNextMajor.*|\.upToNextMinor.*|".*"\s*\.\.[\.<]\s*".*"|exact.*|\.exact.*)/
+      REGEXP = T.let(/(from.*|\.upToNextMajor.*|\.upToNextMinor.*|".*"\s*\.\.[\.<]\s*".*"|exact.*|\.exact.*)/, Regexp)
+      sig { returns(String) }
       attr_reader :declaration
-      def self.map_requirements(requirements)
+      sig do
+        type_parameters(:T)
+          .params(
+            requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            _blk: T.proc.params(declaration: NativeRequirement).returns(String)
+          )
+          .returns(T::Array[T::Hash[Symbol, T.untyped]])
+      end
+      def self.map_requirements(requirements, &_blk)
         requirements.map do |requirement|
           declaration = new(requirement[:metadata][:requirement_string])
@@ -26,6 +38,7 @@ module Dependabot
         end
       end
+      sig { params(declaration: String).void }
       def initialize(declaration)
         @declaration = declaration
@@ -39,21 +52,24 @@ module Dependabot
                        [">= #{min}", "< #{max}"]
                      end
-        @min = min
-        @max = max
-        @requirement = Requirement.new(constraint)
+        @min = T.let(min, String)
+        @max = T.let(max, String)
+        @requirement = T.let(Requirement.new(constraint), Requirement)
       end
+      sig { returns(String) }
       def to_s
         requirement.to_s
       end
+      sig { params(version: T.any(String, Gem::Version)).returns(T.nilable(String)) }
       def update_if_needed(version)
         return declaration if requirement.satisfied_by?(version)
         update(version)
       end
+      sig { params(version: T.any(String, Gem::Version)).returns(T.nilable(String)) }
       def update(version)
         if single_version_declaration?
           declaration.sub(min, version.to_s)
@@ -66,6 +82,7 @@ module Dependabot
       private
+      sig { params(declaration: String).returns([String, String]) }
       def parse_declaration(declaration)
         if up_to_next_major?
           min = declaration.gsub(/\Afrom\s*:\s*"(\S+)"\s*\z/, '\1')
@@ -90,24 +107,28 @@ module Dependabot
           raise "Unsupported constraint: #{declaration}"
         end
-        [min, max]
+        [T.must(min), T.must(max)]
       end
+      sig { params(separator: String).returns(T::Array[String]) }
       def parse_range(separator)
         declaration.split(separator).map { |str| unquote(str.strip) }
       end
+      sig { returns(T::Boolean) }
       def single_version_declaration?
         up_to_next_major? || up_to_next_major_deprecated? || up_to_next_minor_deprecated? ||
           exact_version? || exact_version_deprecated?
       end
+      sig { params(str: String).returns(String) }
       def bump_major(str)
         transform_version(str) do |s, i|
           i.zero? ? s.to_i + 1 : 0
         end
       end
+      sig { params(str: String).returns(String) }
       def bump_minor(str)
         transform_version(str) do |s, i|
           if i.zero?
@@ -118,44 +139,60 @@ module Dependabot
         end
       end
+      sig do
+        params(str: String, block: T.proc.params(s: String, i: Integer).returns(T.any(String, Integer))).returns(String)
+      end
       def transform_version(str, &block)
         str.split(".").map.with_index(&block).join(".")
       end
+      sig { returns(T::Boolean) }
       def up_to_next_major?
         declaration.start_with?("from")
       end
+      sig { returns(T::Boolean) }
       def up_to_next_major_deprecated?
         declaration.start_with?(".upToNextMajor")
       end
+      sig { returns(T::Boolean) }
       def up_to_next_minor_deprecated?
         declaration.start_with?(".upToNextMinor")
       end
+      sig { returns(T::Boolean) }
       def exact_version?
         declaration.start_with?("exact")
       end
+      sig { returns(T::Boolean) }
       def exact_version_deprecated?
         declaration.start_with?(".exact")
       end
+      sig { returns(T::Boolean) }
       def closed_range?
         declaration.include?("...")
       end
+      sig { returns(T::Boolean) }
       def range?
         declaration.include?("..<")
       end
+      sig { returns(String) }
       attr_reader :min
+      sig { returns(String) }
       attr_reader :max
+      sig { returns(Requirement) }
       attr_reader :requirement
+      sig { params(declaration: String).returns(String) }
       def unquote(declaration)
-        declaration[1..-2]
+        T.must(declaration[1..-2])
       end
     end
   end

data/lib/dependabot/swift/requirement.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "sorbet-runtime"
@@ -20,6 +20,7 @@ module Dependabot
       # Patches Gem::Requirement to make it accept requirement strings like
       # "~> 4.2.5, >= 4.2.5.1" without first needing to split them.
+      sig { params(requirements: T.untyped).void }
       def initialize(*requirements)
         requirements = requirements.flatten.flat_map do |req_string|
           req_string.split(",").map(&:strip)

data/lib/dependabot/swift/update_checker/requirements_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "dependabot/update_checkers/base"
@@ -9,23 +9,35 @@ module Dependabot
   module Swift
     class UpdateChecker < Dependabot::UpdateCheckers::Base
       class RequirementsUpdater
+        extend T::Sig
+        sig do
+          params(
+            requirements: T::Array[T::Hash[Symbol, T.untyped]],
+            target_version: T.nilable(T.any(String, Gem::Version))
+          ).void
+        end
         def initialize(requirements:, target_version:)
           @requirements = requirements
           return unless target_version && Version.correct?(target_version)
-          @target_version = Version.new(target_version)
+          @target_version = T.let(Version.new(target_version), Dependabot::Version)
         end
+        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
         def updated_requirements
           NativeRequirement.map_requirements(requirements) do |requirement|
-            requirement.update_if_needed(target_version)
+            T.must(requirement.update_if_needed(T.must(target_version)))
           end
         end
         private
+        sig { returns(T::Array[T.untyped]) }
         attr_reader :requirements
+        sig { returns(T.nilable(Gem::Version)) }
         attr_reader :target_version
       end
     end

data/lib/dependabot/swift/update_checker/version_resolver.rb CHANGED Viewed

@@ -1,14 +1,26 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "dependabot/update_checkers/base"
 require "dependabot/swift/file_parser/dependency_parser"
 require "dependabot/swift/file_updater/lockfile_updater"
+require "sorbet-runtime"
 module Dependabot
   module Swift
     class UpdateChecker < Dependabot::UpdateCheckers::Base
       class VersionResolver
+        extend T::Sig
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            manifest: Dependabot::DependencyFile,
+            lockfile: T.nilable(Dependabot::DependencyFile),
+            repo_contents_path: T.nilable(String),
+            credentials: T::Array[Dependabot::Credential]
+          ).void
+        end
         def initialize(dependency:, manifest:, lockfile:, repo_contents_path:, credentials:)
           @dependency         = dependency
           @manifest           = manifest
@@ -17,21 +29,26 @@ module Dependabot
           @repo_contents_path = repo_contents_path
         end
+        sig { returns(T.nilable(String)) }
         def latest_resolvable_version
-          @latest_resolvable_version ||= fetch_latest_resolvable_version
+          @latest_resolvable_version ||= T.let(
+            fetch_latest_resolvable_version,
+            T.nilable(String)
+          )
         end
         private
+        sig { returns(T.nilable(String)) }
         def fetch_latest_resolvable_version
           updated_lockfile_content = FileUpdater::LockfileUpdater.new(
             dependency: dependency,
             manifest: manifest,
-            repo_contents_path: repo_contents_path,
+            repo_contents_path: T.must(repo_contents_path),
             credentials: credentials
           ).updated_lockfile_content
-          return if lockfile && updated_lockfile_content == lockfile.content
+          return if lockfile && updated_lockfile_content == T.must(lockfile).content
           updated_lockfile = DependencyFile.new(
             name: "Package.resolved",
@@ -41,9 +58,16 @@ module Dependabot
           dependency_parser(manifest, updated_lockfile).parse.find do |parsed_dep|
             parsed_dep.name == dependency.name
-          end.version
+          end&.version
         end
+        sig do
+          params(
+            manifest: Dependabot::DependencyFile,
+            lockfile: Dependabot::DependencyFile
+          )
+            .returns(FileParser::DependencyParser)
+        end
         def dependency_parser(manifest, lockfile)
           FileParser::DependencyParser.new(
             dependency_files: [manifest, lockfile].compact,
@@ -52,10 +76,19 @@ module Dependabot
           )
         end
+        sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :manifest
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         attr_reader :lockfile
+        sig { returns(T.nilable(String)) }
         attr_reader :repo_contents_path
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
       end
     end

data/lib/dependabot/swift/update_checker.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/update_checkers"
 require "dependabot/update_checkers/base"
 require "dependabot/update_checkers/version_filters"
@@ -11,58 +12,77 @@ require "dependabot/swift/file_updater/manifest_updater"
 module Dependabot
   module Swift
     class UpdateChecker < Dependabot::UpdateCheckers::Base
+      extend T::Sig
       require_relative "update_checker/requirements_updater"
       require_relative "update_checker/version_resolver"
+      sig { override.returns(T.nilable(Dependabot::Version)) }
       def latest_version
-        @latest_version ||= fetch_latest_version
+        @latest_version ||= T.let(fetch_latest_version, T.nilable(Dependabot::Version))
       end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
       def latest_resolvable_version
-        @latest_resolvable_version ||= fetch_latest_resolvable_version
+        @latest_resolvable_version = T.let(fetch_latest_resolvable_version, T.nilable(Dependabot::Version))
       end
+      sig { override.returns(T.noreturn) }
       def latest_resolvable_version_with_no_unlock
         raise NotImplementedError
       end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
       def lowest_security_fix_version
-        @lowest_security_fix_version ||= fetch_lowest_security_fix_version
+        @lowest_security_fix_version ||= T.let(fetch_lowest_security_fix_version, T.nilable(Dependabot::Version))
       end
+      sig { override.returns(T.nilable(Dependabot::Version)) }
       def lowest_resolvable_security_fix_version
         raise "Dependency not vulnerable!" unless vulnerable?
-        return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
-        @lowest_resolvable_security_fix_version = fetch_lowest_resolvable_security_fix_version
+        @lowest_resolvable_security_fix_version = T.let(
+          fetch_lowest_resolvable_security_fix_version,
+          T.nilable(Dependabot::Version)
+        )
       end
+      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def updated_requirements
         RequirementsUpdater.new(
           requirements: old_requirements,
-          target_version: preferred_resolvable_version
+          target_version: T.must(preferred_resolvable_version)
         ).updated_requirements
       end
       private
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def old_requirements
         dependency.requirements
       end
+      sig { returns(T.nilable(Dependabot::Version)) }
       def fetch_latest_version
         return unless git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
-        latest_version_tag.fetch(:version)
+        tag = latest_version_tag
+        return unless tag
+        tag.fetch(:version)
       end
+      sig { returns(T.nilable(Dependabot::Version)) }
       def fetch_lowest_security_fix_version
         return unless git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag
-        lowest_security_fix_version_tag.fetch(:version)
+        tag = lowest_security_fix_version_tag
+        return unless tag
+        tag.fetch(:version)
       end
+      sig { returns(T.nilable(Dependabot::Version)) }
       def fetch_latest_resolvable_version
         latest_resolvable_version = version_resolver_for(unlocked_requirements).latest_resolvable_version
         return current_version unless latest_resolvable_version
@@ -70,6 +90,7 @@ module Dependabot
         Version.new(latest_resolvable_version)
       end
+      sig { returns(T.nilable(Dependabot::Version)) }
       def fetch_lowest_resolvable_security_fix_version
         lowest_resolvable_security_fix_version = version_resolver_for(
           force_lowest_security_fix_requirements
@@ -79,6 +100,7 @@ module Dependabot
         Version.new(lowest_resolvable_security_fix_version)
       end
+      sig { params(requirements: T::Array[T::Hash[Symbol, T.untyped]]).returns(VersionResolver) }
       def version_resolver_for(requirements)
         VersionResolver.new(
           dependency: dependency,
@@ -89,66 +111,88 @@ module Dependabot
         )
       end
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def unlocked_requirements
         NativeRequirement.map_requirements(old_requirements) do |_old_requirement|
           "\"#{dependency.version}\"...\"#{latest_version}\""
         end
       end
+      sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def force_lowest_security_fix_requirements
         NativeRequirement.map_requirements(old_requirements) do |_old_requirement|
           "\"#{lowest_security_fix_version}\"...\"#{lowest_security_fix_version}\""
         end
       end
+      sig { params(new_requirements: T::Array[T::Hash[Symbol, T.untyped]]).returns(Dependabot::DependencyFile) }
       def prepare_manifest_for(new_requirements)
+        manifest_file = T.must(manifest)
         DependencyFile.new(
-          name: manifest.name,
+          name: manifest_file.name,
           content: FileUpdater::ManifestUpdater.new(
-            manifest.content,
+            T.must(manifest_file.content),
             old_requirements: old_requirements,
             new_requirements: new_requirements
           ).updated_manifest_content,
-          directory: manifest.directory
+          directory: manifest_file.directory
         )
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def manifest
-        @manifest ||= dependency_files.find { |file| file.name == "Package.swift" }
+        @manifest ||= T.let(
+          dependency_files.find { |file| file.name == "Package.swift" },
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def lockfile
-        @lockfile ||= dependency_files.find { |file| file.name == "Package.resolved" }
+        @lockfile ||= T.let(
+          dependency_files.find { |file| file.name == "Package.resolved" },
+          T.nilable(Dependabot::DependencyFile)
+        )
       end
+      sig { override.returns(T::Boolean) }
       def latest_version_resolvable_with_full_unlock?
         # Full unlock checks aren't implemented for Swift (yet)
         false
       end
+      sig { override.returns(T.noreturn) }
       def updated_dependencies_after_full_unlock
         raise NotImplementedError
       end
+      sig { returns(Dependabot::GitCommitChecker) }
       def git_commit_checker
-        @git_commit_checker ||= Dependabot::GitCommitChecker.new(
-          dependency: dependency,
-          credentials: credentials,
-          ignored_versions: ignored_versions,
-          raise_on_ignored: raise_on_ignored,
-          consider_version_branches_pinned: true
+        @git_commit_checker ||= T.let(
+          Dependabot::GitCommitChecker.new(
+            dependency: dependency,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored,
+            consider_version_branches_pinned: true
+          ),
+          T.nilable(Dependabot::GitCommitChecker)
         )
       end
+      sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
       def latest_version_tag
         git_commit_checker.local_tag_for_latest_version
       end
+      sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
       def lowest_security_fix_version_tag
         tags = git_commit_checker.local_tags_for_allowed_versions
         find_lowest_secure_version(tags)
       end
+      sig { params(tags: T::Array[T::Hash[Symbol, T.untyped]]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
       def find_lowest_secure_version(tags)
         relevant_tags = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(tags, security_advisories)
         relevant_tags = filter_lower_tags(relevant_tags)
@@ -156,6 +200,7 @@ module Dependabot
         relevant_tags.min_by { |tag| tag.fetch(:version) }
       end
+      sig { params(tags_array: T::Array[T::Hash[Symbol, T.untyped]]).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
       def filter_lower_tags(tags_array)
         return tags_array unless current_version

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-swift
 version: !ruby/object:Gem::Version
-  version: 0.309.0
+  version: 0.310.0
 platform: ruby
 authors:
 - Dependabot
 bindir: bin
 cert_chain: []
-date: 2025-04-17 00:00:00.000000000 Z
+date: 2025-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.309.0
+        version: 0.310.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.309.0
+        version: 0.310.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -264,7 +264,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.309.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.310.0
 rdoc_options: []
 require_paths:
 - lib