dependabot-vcpkg 0.383.0 → 0.384.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: df9224704a4f2c080b3a6c4372aaf4de2a1f724a5462b8abb65ee356356f4c2e
|
|
4
|
+
data.tar.gz: 78ed42e14df7d26603d4cd9f6083ae259d64a799563cf6e4f5307cc1a99504fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fbe1b6dace0ccbb55540a1e799725502e32504ecff58d2ff5a38f91d690c280abf97b98de2a5bafcd67cae89e1c904e261cd41912de90283c22e5c768e4e532d
|
|
7
|
+
data.tar.gz: 9e0d437eb0790fb81054d448bec4270008064595ac0209e9e0dcaefbd3ac972ceb18343a9d906a469c97d0b581b9f6f2d647ae7de7bc6f99d7498c062851adfd
|
|
@@ -21,7 +21,10 @@ module Dependabot
|
|
|
21
21
|
|
|
22
22
|
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
23
23
|
def parse
|
|
24
|
-
dependency_files.flat_map { |file| parse_dependency_file(file) }.compact
|
|
24
|
+
dependencies = dependency_files.flat_map { |file| parse_dependency_file(file) }.compact
|
|
25
|
+
baseline = missing_baseline_dependency
|
|
26
|
+
dependencies << baseline if baseline
|
|
27
|
+
dependencies
|
|
25
28
|
end
|
|
26
29
|
|
|
27
30
|
sig { override.returns(Ecosystem) }
|
|
@@ -236,6 +239,106 @@ module Dependabot
|
|
|
236
239
|
end
|
|
237
240
|
end
|
|
238
241
|
|
|
242
|
+
# A project relying on a global vcpkg install has no baseline to update.
|
|
243
|
+
# Synthesize one so the updater adds it to the manifest; later runs keep it
|
|
244
|
+
# current. See https://github.com/dependabot/dependabot-core/issues/13051
|
|
245
|
+
sig { returns(T.nilable(Dependabot::Dependency)) }
|
|
246
|
+
def missing_baseline_dependency
|
|
247
|
+
manifest = vcpkg_manifest_file
|
|
248
|
+
return nil unless manifest
|
|
249
|
+
return nil unless manifest_declares_dependencies?(manifest)
|
|
250
|
+
return nil if baseline_resolvable?
|
|
251
|
+
|
|
252
|
+
config = vcpkg_configuration_file
|
|
253
|
+
if config.nil?
|
|
254
|
+
synthetic_baseline_dependency(file_name: manifest.name)
|
|
255
|
+
elsif default_registry.nil?
|
|
256
|
+
synthetic_baseline_dependency(
|
|
257
|
+
file_name: config.name,
|
|
258
|
+
metadata: { default: true, create_default_registry: true }
|
|
259
|
+
)
|
|
260
|
+
end
|
|
261
|
+
end
|
|
262
|
+
|
|
263
|
+
sig do
|
|
264
|
+
params(file_name: String, metadata: T::Hash[Symbol, T.untyped]).returns(Dependabot::Dependency)
|
|
265
|
+
end
|
|
266
|
+
def synthetic_baseline_dependency(file_name:, metadata: {})
|
|
267
|
+
Dependabot::Dependency.new(
|
|
268
|
+
name: VCPKG_DEFAULT_BASELINE_DEPENDENCY_NAME,
|
|
269
|
+
version: nil,
|
|
270
|
+
package_manager: "vcpkg",
|
|
271
|
+
requirements: [{
|
|
272
|
+
requirement: nil,
|
|
273
|
+
groups: [],
|
|
274
|
+
source: {
|
|
275
|
+
type: "git",
|
|
276
|
+
url: VCPKG_DEFAULT_BASELINE_URL,
|
|
277
|
+
ref: VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH
|
|
278
|
+
},
|
|
279
|
+
file: file_name
|
|
280
|
+
}],
|
|
281
|
+
metadata: metadata
|
|
282
|
+
)
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
sig { returns(T::Boolean) }
|
|
286
|
+
def baseline_resolvable?
|
|
287
|
+
manifest_baseline_present? || default_registry_baseline_present?
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
sig { returns(T::Boolean) }
|
|
291
|
+
def manifest_baseline_present?
|
|
292
|
+
manifest = vcpkg_manifest_file
|
|
293
|
+
return false unless manifest
|
|
294
|
+
|
|
295
|
+
parsed_json(manifest)&.dig("builtin-baseline").is_a?(String)
|
|
296
|
+
end
|
|
297
|
+
|
|
298
|
+
sig { returns(T::Boolean) }
|
|
299
|
+
def default_registry_baseline_present?
|
|
300
|
+
registry = default_registry
|
|
301
|
+
!!(registry && registry["baseline"].is_a?(String))
|
|
302
|
+
end
|
|
303
|
+
|
|
304
|
+
sig { returns(T.nilable(T::Hash[String, T.untyped])) }
|
|
305
|
+
def default_registry
|
|
306
|
+
config = vcpkg_configuration_file
|
|
307
|
+
return nil unless config
|
|
308
|
+
|
|
309
|
+
registry = parsed_json(config)&.dig("default-registry")
|
|
310
|
+
registry.is_a?(Hash) ? registry : nil
|
|
311
|
+
end
|
|
312
|
+
|
|
313
|
+
sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
|
|
314
|
+
def manifest_declares_dependencies?(file)
|
|
315
|
+
declared = parsed_json(file)&.dig("dependencies")
|
|
316
|
+
return false unless declared.is_a?(Array)
|
|
317
|
+
|
|
318
|
+
!declared.empty?
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
322
|
+
def vcpkg_manifest_file
|
|
323
|
+
dependency_files.find { |file| file.name == VCPKG_JSON_FILENAME }
|
|
324
|
+
end
|
|
325
|
+
|
|
326
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
327
|
+
def vcpkg_configuration_file
|
|
328
|
+
dependency_files.find { |file| file.name == VCPKG_CONFIGURATION_JSON_FILENAME }
|
|
329
|
+
end
|
|
330
|
+
|
|
331
|
+
sig { params(file: Dependabot::DependencyFile).returns(T.nilable(T::Hash[String, T.untyped])) }
|
|
332
|
+
def parsed_json(file)
|
|
333
|
+
content = file.content
|
|
334
|
+
return nil unless content
|
|
335
|
+
|
|
336
|
+
parsed = JSON.parse(content)
|
|
337
|
+
parsed.is_a?(Hash) ? parsed : nil
|
|
338
|
+
rescue JSON::ParserError
|
|
339
|
+
nil
|
|
340
|
+
end
|
|
341
|
+
|
|
239
342
|
sig { returns(Ecosystem::VersionManager) }
|
|
240
343
|
def package_manager = @package_manager ||= T.let(PackageManager.new, T.nilable(Dependabot::Vcpkg::PackageManager))
|
|
241
344
|
|
|
@@ -117,9 +117,32 @@ module Dependabot
|
|
|
117
117
|
sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
|
|
118
118
|
def update_default_registry(content, dependency, filename)
|
|
119
119
|
default_registry = content["default-registry"]
|
|
120
|
-
|
|
120
|
+
if default_registry.is_a?(Hash)
|
|
121
|
+
update_baseline_field(default_registry, dependency, filename, "baseline")
|
|
122
|
+
elsif dependency.metadata[:create_default_registry]
|
|
123
|
+
created_registry = build_default_registry(dependency, filename)
|
|
124
|
+
content["default-registry"] = created_registry if created_registry
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
sig do
|
|
129
|
+
params(dependency: Dependabot::Dependency, filename: String)
|
|
130
|
+
.returns(T.nilable(T::Hash[String, String]))
|
|
131
|
+
end
|
|
132
|
+
def build_default_registry(dependency, filename)
|
|
133
|
+
requirement = dependency.requirements.find { |r| r[:file] == filename }
|
|
134
|
+
return unless requirement
|
|
121
135
|
|
|
122
|
-
|
|
136
|
+
case requirement[:source]
|
|
137
|
+
in { ref: String => baseline }
|
|
138
|
+
{
|
|
139
|
+
"kind" => "git",
|
|
140
|
+
"repository" => VCPKG_DEFAULT_REGISTRY_REPOSITORY,
|
|
141
|
+
"baseline" => baseline
|
|
142
|
+
}
|
|
143
|
+
else
|
|
144
|
+
nil
|
|
145
|
+
end
|
|
123
146
|
end
|
|
124
147
|
|
|
125
148
|
sig { params(content: T::Hash[String, T.untyped], dependency: Dependabot::Dependency, filename: String).void }
|
|
@@ -50,6 +50,15 @@ module Dependabot
|
|
|
50
50
|
)
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
+
# The release tag for the given commit SHA, if any.
|
|
54
|
+
sig { params(commit_sha: String).returns(T.nilable(String)) }
|
|
55
|
+
def tag_for_commit_sha(commit_sha)
|
|
56
|
+
package_details
|
|
57
|
+
&.releases
|
|
58
|
+
&.find { |release| release.details["commit_sha"] == commit_sha }
|
|
59
|
+
&.tag
|
|
60
|
+
end
|
|
61
|
+
|
|
53
62
|
private
|
|
54
63
|
|
|
55
64
|
sig { returns(T::Boolean) }
|
|
@@ -30,6 +30,16 @@ module Dependabot
|
|
|
30
30
|
sig { override.returns(T.nilable(T.any(String, Dependabot::Version))) }
|
|
31
31
|
def latest_resolvable_version_with_no_unlock = latest_version
|
|
32
32
|
|
|
33
|
+
# The release tag for the current baseline commit SHA (else the SHA), so the
|
|
34
|
+
# PR title's "from" shows the tag, not the "master" ref.
|
|
35
|
+
sig { params(_updated_version: String).returns(T.nilable(String)) }
|
|
36
|
+
def latest_resolvable_previous_version(_updated_version)
|
|
37
|
+
current_version = dependency.version
|
|
38
|
+
return current_version unless registry_dependency? && current_version&.match?(/\A[0-9a-f]{40}\z/)
|
|
39
|
+
|
|
40
|
+
latest_version_finder.tag_for_commit_sha(current_version) || current_version
|
|
41
|
+
end
|
|
42
|
+
|
|
33
43
|
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
34
44
|
def updated_requirements
|
|
35
45
|
return dependency.requirements unless latest_version
|
|
@@ -66,6 +76,18 @@ module Dependabot
|
|
|
66
76
|
!registry_dependency? && dependency.requirements.any? { |req| req[:requirement] }
|
|
67
77
|
end
|
|
68
78
|
|
|
79
|
+
# `latest_version` is a git tag but the baseline is a commit SHA, so the base check never
|
|
80
|
+
# matches and reports an up-to-date baseline as stale. Match the release commit SHA by prefix.
|
|
81
|
+
sig { returns(T::Boolean) }
|
|
82
|
+
def sha1_version_up_to_date?
|
|
83
|
+
return super unless registry_dependency?
|
|
84
|
+
|
|
85
|
+
latest_commit_sha = latest_version_finder.latest_release_info&.details&.dig("commit_sha")
|
|
86
|
+
return super unless latest_commit_sha
|
|
87
|
+
|
|
88
|
+
latest_commit_sha.start_with?(T.must(dependency.version))
|
|
89
|
+
end
|
|
90
|
+
|
|
69
91
|
# Vcpkg doesn't support full unlocking since dependencies are tracked via baselines
|
|
70
92
|
sig { override.returns(T::Boolean) }
|
|
71
93
|
def latest_version_resolvable_with_full_unlock? = false
|
data/lib/dependabot/vcpkg.rb
CHANGED
|
@@ -38,6 +38,9 @@ module Dependabot
|
|
|
38
38
|
|
|
39
39
|
VCPKG_DEFAULT_BASELINE_URL = "https://github.com/microsoft/vcpkg.git"
|
|
40
40
|
|
|
41
|
+
# Repository URL without the `.git` suffix, for generated `default-registry` blocks.
|
|
42
|
+
VCPKG_DEFAULT_REGISTRY_REPOSITORY = "https://github.com/microsoft/vcpkg"
|
|
43
|
+
|
|
41
44
|
VCPKG_DEFAULT_BASELINE_DEFAULT_BRANCH = "master"
|
|
42
45
|
|
|
43
46
|
VCPKG_SUPPORTED_REGISTRY_TYPES = %w(git builtin).freeze
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-vcpkg
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.384.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.384.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.384.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -256,7 +256,7 @@ licenses:
|
|
|
256
256
|
- MIT
|
|
257
257
|
metadata:
|
|
258
258
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
259
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
259
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
|
|
260
260
|
rdoc_options: []
|
|
261
261
|
require_paths:
|
|
262
262
|
- lib
|
|
@@ -271,7 +271,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
271
271
|
- !ruby/object:Gem::Version
|
|
272
272
|
version: 3.3.0
|
|
273
273
|
requirements: []
|
|
274
|
-
rubygems_version:
|
|
274
|
+
rubygems_version: 4.0.14
|
|
275
275
|
specification_version: 4
|
|
276
276
|
summary: Provides Dependabot support for the VCPKG package manager.
|
|
277
277
|
test_files: []
|