From e26bc2f2267409995f66e14df0a89f548a5f5e5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 02:04:43 +0000 Subject: [PATCH 1/2] Bump dependabot-omnibus from 0.283.0 to 0.285.0 in /updater Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.283.0 to 0.285.0. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](https://github.com/dependabot/dependabot-core/compare/v0.283.0...v0.285.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- updater/Gemfile | 2 +- updater/Gemfile.lock | 137 ++++++++++++++++++++++--------------------- 2 files changed, 71 insertions(+), 68 deletions(-) diff --git a/updater/Gemfile b/updater/Gemfile index 6ded34ee..ec959912 100644 --- a/updater/Gemfile +++ b/updater/Gemfile @@ -8,7 +8,7 @@ source "https://rubygems.org" # They are so many, our reference won't be found for it to be updated. # Hence adding the branch. -gem "dependabot-omnibus", "~>0.283.0" +gem "dependabot-omnibus", "~>0.285.0" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", branch: "main" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", tag: "v0.232.0" # gem "dependabot-omnibus", github: "dependabot/dependabot-core", ref: "ffde6f6" diff --git a/updater/Gemfile.lock b/updater/Gemfile.lock index a4209020..7c19f604 100644 --- a/updater/Gemfile.lock +++ b/updater/Gemfile.lock @@ -5,11 +5,11 @@ GEM public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) aws-eventstream (1.3.0) - aws-partitions (1.1001.0) + aws-partitions (1.1003.0) aws-sdk-codecommit (1.79.0) aws-sdk-core (~> 3, >= 3.210.0) aws-sigv4 (~> 1.5) - aws-sdk-core (3.211.0) + aws-sdk-core (3.212.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.992.0) aws-sigv4 (~> 1.9) @@ -31,17 +31,17 @@ GEM debug (1.9.2) irb (~> 1.10) reline (>= 0.3.8) - dependabot-bundler (0.283.0) - dependabot-common (= 0.283.0) + dependabot-bundler (0.285.0) + dependabot-common (= 0.285.0) parallel (~> 1.24) - dependabot-cargo (0.283.0) - dependabot-common (= 0.283.0) - dependabot-common (0.283.0) + dependabot-cargo (0.285.0) + dependabot-common (= 0.285.0) + dependabot-common (0.285.0) aws-sdk-codecommit (~> 1.28) aws-sdk-ecr (~> 1.5) bundler (>= 1.16, < 3.0.0) commonmarker (>= 0.20.1, < 0.24.0) - docker_registry2 (~> 1.18.0) + docker_registry2 (~> 1.18.2) excon (~> 0.109) faraday (= 2.7.11) faraday-retry (= 2.2.0) @@ -56,61 +56,64 @@ GEM sorbet-runtime (~> 0.5.11577) stackprof (~> 0.2.16) toml-rb (>= 1.1.2, < 4.0) - dependabot-composer (0.283.0) - dependabot-common (= 0.283.0) - dependabot-devcontainers (0.283.0) - dependabot-common (= 0.283.0) - dependabot-docker (0.283.0) - dependabot-common (= 0.283.0) - dependabot-elm (0.283.0) - dependabot-common (= 0.283.0) - dependabot-git_submodules (0.283.0) - dependabot-common (= 0.283.0) + dependabot-composer (0.285.0) + dependabot-common (= 0.285.0) + dependabot-devcontainers (0.285.0) + dependabot-common (= 0.285.0) + dependabot-docker (0.285.0) + dependabot-common (= 0.285.0) + dependabot-dotnet_sdk (0.285.0) + dependabot-common (= 0.285.0) + dependabot-elm (0.285.0) + dependabot-common (= 0.285.0) + dependabot-git_submodules (0.285.0) + dependabot-common (= 0.285.0) parseconfig (~> 1.0, < 1.1.0) - dependabot-github_actions (0.283.0) - dependabot-common (= 0.283.0) - dependabot-go_modules (0.283.0) - dependabot-common (= 0.283.0) - dependabot-gradle (0.283.0) - dependabot-common (= 0.283.0) - dependabot-maven (= 0.283.0) - dependabot-hex (0.283.0) - dependabot-common (= 0.283.0) - dependabot-maven (0.283.0) - dependabot-common (= 0.283.0) - dependabot-npm_and_yarn (0.283.0) - dependabot-common (= 0.283.0) - dependabot-nuget (0.283.0) - dependabot-common (= 0.283.0) + dependabot-github_actions (0.285.0) + dependabot-common (= 0.285.0) + dependabot-go_modules (0.285.0) + dependabot-common (= 0.285.0) + dependabot-gradle (0.285.0) + dependabot-common (= 0.285.0) + dependabot-maven (= 0.285.0) + dependabot-hex (0.285.0) + dependabot-common (= 0.285.0) + dependabot-maven (0.285.0) + dependabot-common (= 0.285.0) + dependabot-npm_and_yarn (0.285.0) + dependabot-common (= 0.285.0) + dependabot-nuget (0.285.0) + dependabot-common (= 0.285.0) rubyzip (>= 2.3.2, < 3.0) - dependabot-omnibus (0.283.0) - dependabot-bundler (= 0.283.0) - dependabot-cargo (= 0.283.0) - dependabot-common (= 0.283.0) - dependabot-composer (= 0.283.0) - dependabot-devcontainers (= 0.283.0) - dependabot-docker (= 0.283.0) - dependabot-elm (= 0.283.0) - dependabot-git_submodules (= 0.283.0) - dependabot-github_actions (= 0.283.0) - dependabot-go_modules (= 0.283.0) - dependabot-gradle (= 0.283.0) - dependabot-hex (= 0.283.0) - dependabot-maven (= 0.283.0) - dependabot-npm_and_yarn (= 0.283.0) - dependabot-nuget (= 0.283.0) - dependabot-pub (= 0.283.0) - dependabot-python (= 0.283.0) - dependabot-swift (= 0.283.0) - dependabot-terraform (= 0.283.0) - dependabot-pub (0.283.0) - dependabot-common (= 0.283.0) - dependabot-python (0.283.0) - dependabot-common (= 0.283.0) - dependabot-swift (0.283.0) - dependabot-common (= 0.283.0) - dependabot-terraform (0.283.0) - dependabot-common (= 0.283.0) + dependabot-omnibus (0.285.0) + dependabot-bundler (= 0.285.0) + dependabot-cargo (= 0.285.0) + dependabot-common (= 0.285.0) + dependabot-composer (= 0.285.0) + dependabot-devcontainers (= 0.285.0) + dependabot-docker (= 0.285.0) + dependabot-dotnet_sdk (= 0.285.0) + dependabot-elm (= 0.285.0) + dependabot-git_submodules (= 0.285.0) + dependabot-github_actions (= 0.285.0) + dependabot-go_modules (= 0.285.0) + dependabot-gradle (= 0.285.0) + dependabot-hex (= 0.285.0) + dependabot-maven (= 0.285.0) + dependabot-npm_and_yarn (= 0.285.0) + dependabot-nuget (= 0.285.0) + dependabot-pub (= 0.285.0) + dependabot-python (= 0.285.0) + dependabot-swift (= 0.285.0) + dependabot-terraform (= 0.285.0) + dependabot-pub (0.285.0) + dependabot-common (= 0.285.0) + dependabot-python (0.285.0) + dependabot-common (= 0.285.0) + dependabot-swift (0.285.0) + dependabot-common (= 0.285.0) + dependabot-terraform (0.285.0) + dependabot-common (= 0.285.0) diff-lcs (1.5.1) docile (1.4.1) docker_registry2 (1.18.2) @@ -193,7 +196,7 @@ GEM mime-types (3.6.0) logger mime-types-data (~> 3.2015) - mime-types-data (3.2024.1001) + mime-types-data (3.2024.1105) mini_mime (1.1.5) mini_portile2 (2.8.7) multi_xml (0.7.1) @@ -271,10 +274,10 @@ GEM parallel_tests (4.7.2) parallel parseconfig (1.0.8) - parser (3.3.5.1) + parser (3.3.6.0) ast (~> 2.4.1) racc - psych (5.1.2) + psych (5.2.0) stringio public_suffix (6.0.1) racc (1.8.1) @@ -355,9 +358,9 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.13.1) simplecov_json_formatter (0.1.4) - sorbet-runtime (0.5.11633) + sorbet-runtime (0.5.11645) stackprof (0.2.26) - stringio (3.1.1) + stringio (3.1.2) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) toml-rb (3.0.1) @@ -394,7 +397,7 @@ PLATFORMS DEPENDENCIES debug (~> 1.9.2) - dependabot-omnibus (~> 0.283.0) + dependabot-omnibus (~> 0.285.0) flamegraph (~> 0.9.5) gpgme (~> 2.0) http (~> 5.2) From 74b3a928d13f8f082bea9a7f5cacc119dc7e3a1f Mon Sep 17 00:00:00 2001 From: Maxwell Weru Date: Sun, 17 Nov 2024 12:22:41 +0200 Subject: [PATCH 2/2] Update files to match the release --- Rakefile | 1 + updater/bin/update_script.rb | 1 + updater/lib/dependabot/dependency_snapshot.rb | 18 ++++++------- updater/lib/dependabot/notices_helpers.rb | 8 +++--- updater/lib/dependabot/setup.rb | 2 ++ .../refresh_security_update_pull_request.rb | 2 +- .../lib/tinglesoftware/dependabot/setup.rb | 1 + updater/spec/support/dummy_pkg_helpers.rb | 25 ++++++++----------- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/Rakefile b/Rakefile index 7bd302a5..1c5491de 100644 --- a/Rakefile +++ b/Rakefile @@ -34,6 +34,7 @@ GEMSPECS = %w( silent/dependabot-silent.gemspec swift/dependabot-swift.gemspec devcontainers/dependabot-devcontainers.gemspec + dotnet_sdk/dependabot-dotnet_sdk.gemspec ).freeze def run_command(command) diff --git a/updater/bin/update_script.rb b/updater/bin/update_script.rb index d69ec67a..c2020fa6 100644 --- a/updater/bin/update_script.rb +++ b/updater/bin/update_script.rb @@ -28,6 +28,7 @@ require "dependabot/cargo" require "dependabot/composer" require "dependabot/docker" +require "dependabot/dotnet_sdk" require "dependabot/elm" require "dependabot/git_submodules" require "dependabot/github_actions" diff --git a/updater/lib/dependabot/dependency_snapshot.rb b/updater/lib/dependabot/dependency_snapshot.rb index 02b03c4e..8c927107 100644 --- a/updater/lib/dependabot/dependency_snapshot.rb +++ b/updater/lib/dependabot/dependency_snapshot.rb @@ -67,9 +67,9 @@ def dependencies T.must(@dependencies[@current_directory]) end - sig { returns(T.nilable(Dependabot::PackageManagerBase)) } - def package_manager - @package_manager[@current_directory] + sig { returns(T.nilable(Dependabot::Ecosystem)) } + def ecosystem + @ecosystem[@current_directory] end sig { returns(T::Array[Dependabot::Notice]) } @@ -181,7 +181,7 @@ def initialize(job:, base_commit_sha:, dependency_files:) # rubocop:disable Metr @current_directory = T.let("", String) @dependencies = T.let({}, T::Hash[String, T::Array[Dependabot::Dependency]]) - @package_manager = T.let({}, T::Hash[String, T.nilable(Dependabot::PackageManagerBase)]) + @ecosystem = T.let({}, T::Hash[String, T.nilable(Dependabot::Ecosystem)]) @notices = T.let({}, T::Hash[String, T::Array[Dependabot::Notice]]) directories.each do |dir| @@ -241,12 +241,12 @@ def dependency_file_parser reject_external_code: job.reject_external_code?, options: job.experiments ) - # Add 'package_manager' to the dependency_snapshot to use it in operations - package_manager = parser.package_manager + # Add 'ecosystem' to the dependency_snapshot to use it in operations + ecosystem = parser.ecosystem # Raise an error if the package manager version is unsupported - package_manager&.raise_if_unsupported! + ecosystem&.raise_if_unsupported! - @package_manager[@current_directory] = package_manager + @ecosystem[@current_directory] = ecosystem # Log deprecation notices if the package manager is deprecated # and add them to the notices array @@ -255,7 +255,7 @@ def dependency_file_parser # add deprecation notices for the package manager add_deprecation_notice( notices: notices_for_current_directory, - package_manager: package_manager + package_manager: ecosystem&.package_manager ) @notices[@current_directory] = notices_for_current_directory diff --git a/updater/lib/dependabot/notices_helpers.rb b/updater/lib/dependabot/notices_helpers.rb index c8f52474..8c89d0da 100644 --- a/updater/lib/dependabot/notices_helpers.rb +++ b/updater/lib/dependabot/notices_helpers.rb @@ -3,7 +3,7 @@ require "sorbet-runtime" require "dependabot/notices" -require "dependabot/package_manager" +require "dependabot/ecosystem" # This module extracts helpers for notice generations that can be used # for showing notices in logs, pr messages and alert ui page. @@ -20,7 +20,7 @@ module NoticesHelpers sig do params( notices: T::Array[Dependabot::Notice], - package_manager: T.nilable(PackageManagerBase) + package_manager: T.nilable(Ecosystem::VersionManager) ) .void end @@ -58,11 +58,11 @@ def log_notice(notice) private - sig { params(package_manager: T.nilable(PackageManagerBase)).returns(T.nilable(Dependabot::Notice)) } + sig { params(package_manager: T.nilable(Ecosystem::VersionManager)).returns(T.nilable(Dependabot::Notice)) } def create_deprecation_notice(package_manager) return unless package_manager - return unless package_manager.is_a?(PackageManagerBase) + return unless package_manager.is_a?(Ecosystem::VersionManager) Notice.generate_pm_deprecation_notice( package_manager diff --git a/updater/lib/dependabot/setup.rb b/updater/lib/dependabot/setup.rb index 8ef255eb..24367425 100644 --- a/updater/lib/dependabot/setup.rb +++ b/updater/lib/dependabot/setup.rb @@ -30,6 +30,7 @@ terraform| elm| docker| + dotnet_sdk| git_submodules| github_actions| composer| @@ -60,6 +61,7 @@ require "dependabot/terraform" require "dependabot/elm" require "dependabot/docker" +require "dependabot/dotnet_sdk" require "dependabot/git_submodules" require "dependabot/github_actions" require "dependabot/composer" diff --git a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb index 9acbffc8..ab94b2fa 100644 --- a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb +++ b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb @@ -132,7 +132,7 @@ def check_and_update_pull_request(dependencies) # Dependabot::Experiments.register(:lead_security_dependency, true) if Dependabot::Experiments.enabled?(:lead_security_dependency) - lead_dep_name = security_advisory_dependency + lead_dep_name = security_advisory_dependency.downcase # telemetry data collection Dependabot.logger.info( diff --git a/updater/lib/tinglesoftware/dependabot/setup.rb b/updater/lib/tinglesoftware/dependabot/setup.rb index ef2be58c..69ca4dd2 100644 --- a/updater/lib/tinglesoftware/dependabot/setup.rb +++ b/updater/lib/tinglesoftware/dependabot/setup.rb @@ -49,6 +49,7 @@ require "dependabot/terraform" require "dependabot/elm" require "dependabot/docker" +require "dependabot/dotnet_sdk" require "dependabot/git_submodules" require "dependabot/github_actions" require "dependabot/composer" diff --git a/updater/spec/support/dummy_pkg_helpers.rb b/updater/spec/support/dummy_pkg_helpers.rb index 2750b821..2ff6b3ae 100644 --- a/updater/spec/support/dummy_pkg_helpers.rb +++ b/updater/spec/support/dummy_pkg_helpers.rb @@ -1,7 +1,7 @@ # typed: false # frozen_string_literal: true -require "dependabot/package_manager" +require "dependabot/ecosystem" require "dependabot/dependency_file" # This module provides some shortcuts for working with our two mock RubyGems packages: @@ -63,22 +63,17 @@ def updated_bundler_files_hash(fixture: "bundler") updated_bundler_files(fixture: fixture).map(&:to_h) end - # Stub PackageManagerBase - class StubPackageManager < Dependabot::PackageManagerBase - def initialize(name:, version:, deprecated_versions: [], unsupported_versions: [], supported_versions: []) - @name = name - @version = version - @deprecated_versions = deprecated_versions - @unsupported_versions = unsupported_versions - @supported_versions = supported_versions + # Stub Ecosystem::VersionManager + class StubPackageManager < Dependabot::Ecosystem::VersionManager + def initialize(name:, version:, deprecated_versions: [], supported_versions: []) + super( + name, + Dependabot::Version.new(version), + deprecated_versions, + supported_versions + ) end - attr_reader :name - attr_reader :version - attr_reader :deprecated_versions - attr_reader :unsupported_versions - attr_reader :supported_versions - sig { override.returns(T::Boolean) } def deprecated? # If the version is unsupported, the unsupported error is getting raised separately.