From 02f7d230dea373a759de5072ef282a5588121c70 Mon Sep 17 00:00:00 2001 From: Ankit Honey Date: Fri, 16 Aug 2024 17:22:05 -0700 Subject: [PATCH] Revert Changes to updated_files_regex method with latest regex from the API (#10457) * reverted changes to updated_files_regex and match it with latest regex from api --- .../lib/dependabot/bundler/file_updater.rb | 25 +++-------- .../dependabot/bundler/file_updater_spec.rb | 4 +- cargo/lib/dependabot/cargo/file_updater.rb | 6 +-- .../dependabot/cargo/file_updater_spec.rb | 10 +++-- common/lib/dependabot/file_updaters/base.rb | 4 +- .../lib/dependabot/composer/file_updater.rb | 2 +- .../dependabot/composer/file_updater_spec.rb | 4 +- .../dependabot/devcontainers/file_updater.rb | 4 +- .../devcontainers/file_updater_spec.rb | 4 +- docker/lib/dependabot/docker/file_updater.rb | 4 +- .../dependabot/docker/file_updater_spec.rb | 4 +- elm/lib/dependabot/elm/file_updater.rb | 2 +- elm/spec/dependabot/elm/file_updater_spec.rb | 4 +- .../dependabot/git_submodules/file_updater.rb | 17 +++---- .../git_submodules/file_updater_spec.rb | 19 +------- .../dependabot/github_actions/file_updater.rb | 17 +++---- .../github_actions/file_updater_spec.rb | 15 ++++--- .../lib/dependabot/go_modules/file_updater.rb | 22 +++------ .../go_modules/file_updater_spec.rb | 4 +- gradle/lib/dependabot/gradle/file_updater.rb | 23 +++++----- .../dependabot/gradle/file_updater_spec.rb | 12 +++-- hex/lib/dependabot/hex/file_updater.rb | 20 +++------ hex/spec/dependabot/hex/file_updater_spec.rb | 4 +- maven/lib/dependabot/maven/file_updater.rb | 2 +- .../dependabot/maven/file_updater_spec.rb | 3 +- .../dependabot/npm_and_yarn/file_updater.rb | 31 +++++-------- .../npm_and_yarn/file_updater_spec.rb | 10 +++-- nuget/lib/dependabot/nuget/file_updater.rb | 45 +++++++------------ .../dependabot/nuget/file_updater_spec.rb | 15 +++++-- pub/lib/dependabot/pub/file_updater.rb | 8 ++-- pub/spec/dependabot/pub/file_updater_spec.rb | 7 +-- python/lib/dependabot/python/file_updater.rb | 40 ++++++----------- .../dependabot/python/file_updater_spec.rb | 4 +- swift/lib/dependabot/swift/file_updater.rb | 2 +- .../dependabot/swift/file_updater_spec.rb | 3 +- .../lib/dependabot/terraform/file_updater.rb | 2 +- .../dependabot/terraform/file_updater_spec.rb | 3 +- 37 files changed, 160 insertions(+), 245 deletions(-) diff --git a/bundler/lib/dependabot/bundler/file_updater.rb b/bundler/lib/dependabot/bundler/file_updater.rb index 224b179e91..08a9783d3b 100644 --- a/bundler/lib/dependabot/bundler/file_updater.rb +++ b/bundler/lib/dependabot/bundler/file_updater.rb @@ -14,24 +14,13 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/gemspec_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory - %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$}, - # Matches the same files in any subdirectory - %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$} - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - /^Gemfile$/, - /^Gemfile\.lock$/, - /^gems\.rb$/, - /^gems\.locked$/, - /^*\.gemspec$/ - ] - end + def self.updated_files_regex + [ + # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory + %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$}, + # Matches the same files in any subdirectory + %r{^.*/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$} + ] end # rubocop:disable Metrics/PerceivedComplexity diff --git a/bundler/spec/dependabot/bundler/file_updater_spec.rb b/bundler/spec/dependabot/bundler/file_updater_spec.rb index 0bfbac86bb..391866828f 100644 --- a/bundler/spec/dependabot/bundler/file_updater_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater_spec.rb @@ -55,9 +55,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/cargo/lib/dependabot/cargo/file_updater.rb b/cargo/lib/dependabot/cargo/file_updater.rb index 965e68ddf5..5a874057bd 100644 --- a/cargo/lib/dependabot/cargo/file_updater.rb +++ b/cargo/lib/dependabot/cargo/file_updater.rb @@ -13,10 +13,10 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/manifest_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex(_ = false) + def self.updated_files_regex [ - /^Cargo\.toml$/, - /^Cargo\.lock$/ + /Cargo\.toml$/, # Matches Cargo.toml in the root directory or any subdirectory + /Cargo\.lock$/ # Matches Cargo.lock in the root directory or any subdirectory ] end diff --git a/cargo/spec/dependabot/cargo/file_updater_spec.rb b/cargo/spec/dependabot/cargo/file_updater_spec.rb index b9cb615768..d34844c133 100644 --- a/cargo/spec/dependabot/cargo/file_updater_spec.rb +++ b/cargo/spec/dependabot/cargo/file_updater_spec.rb @@ -56,9 +56,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -68,7 +66,11 @@ it "returns true for files that should be updated" do matching_files = [ "Cargo.toml", - "Cargo.lock" + "Cargo.lock", + "some_project/Cargo.toml", + "some_project/Cargo.lock", + "some_project/subdir/Cargo.toml", + "some_project/subdir/Cargo.lock" ] matching_files.each do |file_name| diff --git a/common/lib/dependabot/file_updaters/base.rb b/common/lib/dependabot/file_updaters/base.rb index 5bf5e7958e..1132dc6fd6 100644 --- a/common/lib/dependabot/file_updaters/base.rb +++ b/common/lib/dependabot/file_updaters/base.rb @@ -28,8 +28,8 @@ class Base sig { returns(T::Hash[Symbol, T.untyped]) } attr_reader :options - sig { overridable.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) + sig { overridable.returns(T::Array[Regexp]) } + def self.updated_files_regex raise NotImplementedError end diff --git a/composer/lib/dependabot/composer/file_updater.rb b/composer/lib/dependabot/composer/file_updater.rb index c0675cbafc..62201f533f 100644 --- a/composer/lib/dependabot/composer/file_updater.rb +++ b/composer/lib/dependabot/composer/file_updater.rb @@ -12,7 +12,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/manifest_updater" require_relative "file_updater/lockfile_updater" - def self.updated_files_regex(_ = false) + def self.updated_files_regex [ /^composer\.json$/, /^composer\.lock$/ diff --git a/composer/spec/dependabot/composer/file_updater_spec.rb b/composer/spec/dependabot/composer/file_updater_spec.rb index ed60d05a65..9b7f1441c4 100644 --- a/composer/spec/dependabot/composer/file_updater_spec.rb +++ b/composer/spec/dependabot/composer/file_updater_spec.rb @@ -51,9 +51,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/devcontainers/lib/dependabot/devcontainers/file_updater.rb b/devcontainers/lib/dependabot/devcontainers/file_updater.rb index c841db26de..e792014aec 100644 --- a/devcontainers/lib/dependabot/devcontainers/file_updater.rb +++ b/devcontainers/lib/dependabot/devcontainers/file_updater.rb @@ -12,8 +12,8 @@ module Devcontainers class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(_ = false) + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex [ /^\.?devcontainer\.json$/, /^\.?devcontainer-lock\.json$/ diff --git a/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb b/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb index 63f0c571a0..5c3a345855 100644 --- a/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb +++ b/devcontainers/spec/dependabot/devcontainers/file_updater_spec.rb @@ -28,9 +28,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/docker/lib/dependabot/docker/file_updater.rb b/docker/lib/dependabot/docker/file_updater.rb index be67fcbb5b..c0100cffe9 100644 --- a/docker/lib/dependabot/docker/file_updater.rb +++ b/docker/lib/dependabot/docker/file_updater.rb @@ -17,8 +17,8 @@ class FileUpdater < Dependabot::FileUpdaters::Base YAML_REGEXP = /^[^\.].*\.ya?ml$/i DOCKER_REGEXP = /dockerfile/i - sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(_ = false) + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex [ DOCKER_REGEXP, YAML_REGEXP diff --git a/docker/spec/dependabot/docker/file_updater_spec.rb b/docker/spec/dependabot/docker/file_updater_spec.rb index 370b6ac88e..2d7b2b66ea 100644 --- a/docker/spec/dependabot/docker/file_updater_spec.rb +++ b/docker/spec/dependabot/docker/file_updater_spec.rb @@ -142,9 +142,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/elm/lib/dependabot/elm/file_updater.rb b/elm/lib/dependabot/elm/file_updater.rb index 26dedea56d..b301225077 100644 --- a/elm/lib/dependabot/elm/file_updater.rb +++ b/elm/lib/dependabot/elm/file_updater.rb @@ -9,7 +9,7 @@ module Elm class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/elm_json_updater" - def self.updated_files_regex(_ = false) + def self.updated_files_regex [ /^elm\.json$/ ] diff --git a/elm/spec/dependabot/elm/file_updater_spec.rb b/elm/spec/dependabot/elm/file_updater_spec.rb index 92ca408cef..94fb6ea068 100644 --- a/elm/spec/dependabot/elm/file_updater_spec.rb +++ b/elm/spec/dependabot/elm/file_updater_spec.rb @@ -59,9 +59,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/git_submodules/lib/dependabot/git_submodules/file_updater.rb b/git_submodules/lib/dependabot/git_submodules/file_updater.rb index 53f08e5b92..7b8b508522 100644 --- a/git_submodules/lib/dependabot/git_submodules/file_updater.rb +++ b/git_submodules/lib/dependabot/git_submodules/file_updater.rb @@ -11,18 +11,11 @@ module GitSubmodules class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - /^\.gitmodules$/, # Matches the .gitmodules file in the root directory - %r{^.+/\.git$}, # Matches the .git file inside any submodule directory - %r{^\.git/modules/.+} # Matches any files under .git/modules directory where submodule data is stored - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + /^.*/ + ] end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb b/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb index 616accf2ff..623341aa28 100644 --- a/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb +++ b/git_submodules/spec/dependabot/git_submodules/file_updater_spec.rb @@ -67,9 +67,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -88,21 +86,6 @@ expect(updated_files_regex).to(be_any { |regex| file_name.match?(regex) }) end end - - it "returns false for files that should not be updated" do - non_matching_files = [ - "README.md", - ".github/workflow/main.yml", - "some_random_file.rb", - "requirements.txt", - "package-lock.json", - "package.json" - ] - - non_matching_files.each do |file_name| - expect(updated_files_regex).not_to(be_any { |regex| file_name.match?(regex) }) - end - end end end diff --git a/github_actions/lib/dependabot/github_actions/file_updater.rb b/github_actions/lib/dependabot/github_actions/file_updater.rb index 4dbdaa7bef..1a06fa0453 100644 --- a/github_actions/lib/dependabot/github_actions/file_updater.rb +++ b/github_actions/lib/dependabot/github_actions/file_updater.rb @@ -12,14 +12,15 @@ module GithubActions class FileUpdater < Dependabot::FileUpdaters::Base extend T::Sig - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [%r{\.github/workflows?/.+\.ya?ml$}] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [%r{\.github/workflows/.+\.ya?ml$}] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + # Matches .yml or .yaml files in the .github/workflows directories + %r{\.github/workflows/.+\.ya?ml$}, + + # Matches .yml or .yaml files in the root directory or any subdirectory + %r{(?:^|/).+\.ya?ml$} + ] end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb index 6aea7061c0..1b6ff1addb 100644 --- a/github_actions/spec/dependabot/github_actions/file_updater_spec.rb +++ b/github_actions/spec/dependabot/github_actions/file_updater_spec.rb @@ -69,9 +69,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -80,9 +78,16 @@ context "when files match the regex patterns" do it "returns true for files that should be updated" do matching_files = [ - ".github/workflow/main.yml", + "action.yml", + "action.yaml", + "foo/bar/action.yml", + "foo/bar/action.yaml", + ".github/workflows/main.yml", ".github/workflows/ci-test.yaml", - ".github/workflows/workflow.yml" + ".github/workflows/action.yml", + ".github/workflows/123-foo.yml", + "/.github/workflows/workflow.yml", + "/.github/workflows/123-foo-bar.yml" ] matching_files.each do |file_name| diff --git a/go_modules/lib/dependabot/go_modules/file_updater.rb b/go_modules/lib/dependabot/go_modules/file_updater.rb index 55217b2417..93a373914f 100644 --- a/go_modules/lib/dependabot/go_modules/file_updater.rb +++ b/go_modules/lib/dependabot/go_modules/file_updater.rb @@ -33,21 +33,13 @@ def initialize(dependencies:, dependency_files:, credentials:, repo_contents_pat use_repo_contents_stub if repo_contents_path.nil? end - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - /^go\.mod$/, - /^go\.sum$/, - %r{^vendor/.*} - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - /^go\.mod$/, - /^go\.sum$/ - ] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + /^go\.mod$/, + /^go\.sum$/, + %r{^vendor/.*} + ] end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/go_modules/spec/dependabot/go_modules/file_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater_spec.rb index 2fd1a80adb..380d870070 100644 --- a/go_modules/spec/dependabot/go_modules/file_updater_spec.rb +++ b/go_modules/spec/dependabot/go_modules/file_updater_spec.rb @@ -68,9 +68,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/gradle/lib/dependabot/gradle/file_updater.rb b/gradle/lib/dependabot/gradle/file_updater.rb index 736cab96eb..eae34baa60 100644 --- a/gradle/lib/dependabot/gradle/file_updater.rb +++ b/gradle/lib/dependabot/gradle/file_updater.rb @@ -17,18 +17,17 @@ class FileUpdater < Dependabot::FileUpdaters::Base SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - # Matches build.gradle or build.gradle.kts in root directory - %r{(^|.*/)build\.gradle(\.kts)?$}, - # Matches gradle/libs.versions.toml in root or any subdirectory - %r{(^|.*/)?gradle/libs\.versions\.toml$} - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [/^build\.gradle(\.kts)?$/, %r{/build\.gradle(\.kts)?$}, %r{/gradle/libs\.versions\.toml$}] - end + def self.updated_files_regex + [ + # Matches build.gradle or build.gradle.kts in root directory + %r{(^|.*/)build\.gradle(\.kts)?$}, + # Matches gradle/libs.versions.toml in root or any subdirectory + %r{(^|.*/)?gradle/libs\.versions\.toml$}, + # Matches settings.gradle or settings.gradle.kts in root or any subdirectory + %r{(^|.*/)settings\.gradle(\.kts)?$}, + # Matches dependencies.gradle in root or any subdirectory + %r{(^|.*/)dependencies\.gradle$} + ] end def updated_dependency_files diff --git a/gradle/spec/dependabot/gradle/file_updater_spec.rb b/gradle/spec/dependabot/gradle/file_updater_spec.rb index b7ee532022..bd253a1f06 100644 --- a/gradle/spec/dependabot/gradle/file_updater_spec.rb +++ b/gradle/spec/dependabot/gradle/file_updater_spec.rb @@ -54,9 +54,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -67,10 +65,16 @@ matching_files = [ "build.gradle", "build.gradle.kts", + "settings.gradle", + "settings.gradle.kts", "subproject/build.gradle", "subproject/build.gradle.kts", + "subproject/settings.gradle", + "subproject/settings.gradle.kts", "gradle/libs.versions.toml", - "subproject/gradle/libs.versions.toml" + "subproject/gradle/libs.versions.toml", + "dependencies.gradle", + "subproject/dependencies.gradle" ] matching_files.each do |file_name| diff --git a/hex/lib/dependabot/hex/file_updater.rb b/hex/lib/dependabot/hex/file_updater.rb index 45b1c74ef1..33b2ed8c08 100644 --- a/hex/lib/dependabot/hex/file_updater.rb +++ b/hex/lib/dependabot/hex/file_updater.rb @@ -14,20 +14,12 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/mixfile_updater" require_relative "file_updater/lockfile_updater" - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - /^.*mix\.exs$/, - /^.*mix\.lock$/ - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - /^mix\.exs$/, - /^mix\.lock$/ - ] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + /^.*mix\.exs$/, + /^.*mix\.lock$/ + ] end sig { override.returns(T::Array[Dependabot::DependencyFile]) } diff --git a/hex/spec/dependabot/hex/file_updater_spec.rb b/hex/spec/dependabot/hex/file_updater_spec.rb index 90dafa1fb6..730ac7532b 100644 --- a/hex/spec/dependabot/hex/file_updater_spec.rb +++ b/hex/spec/dependabot/hex/file_updater_spec.rb @@ -57,9 +57,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/maven/lib/dependabot/maven/file_updater.rb b/maven/lib/dependabot/maven/file_updater.rb index 5e50c30a3f..ac0c12d531 100644 --- a/maven/lib/dependabot/maven/file_updater.rb +++ b/maven/lib/dependabot/maven/file_updater.rb @@ -11,7 +11,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/declaration_finder" require_relative "file_updater/property_value_updater" - def self.updated_files_regex(_ = false) + def self.updated_files_regex [ /^pom\.xml$/, %r{/pom\.xml$}, /.*\.xml$/, %r{/.*\.xml$}, diff --git a/maven/spec/dependabot/maven/file_updater_spec.rb b/maven/spec/dependabot/maven/file_updater_spec.rb index 6f31df0e9f..ebfee97077 100644 --- a/maven/spec/dependabot/maven/file_updater_spec.rb +++ b/maven/spec/dependabot/maven/file_updater_spec.rb @@ -79,8 +79,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb index a87e03a8cf..978a527fc3 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater.rb @@ -30,26 +30,17 @@ def sentry_context end end - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - %r{^(?:.*\/)?package\.json$}, - %r{^(?:.*\/)?package-lock\.json$}, - %r{^(?:.*\/)?npm-shrinkwrap\.json$}, - %r{^(?:.*\/)?yarn\.lock$}, - %r{^(?:.*\/)?pnpm-lock\.yaml$} - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - /^package\.json$/, - /^package-lock\.json$/, - /^npm-shrinkwrap\.json$/, - /^yarn\.lock$/, - /^pnpm-lock\.yaml$/ - ] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + %r{^(?:.*/)?package\.json$}, + %r{^(?:.*/)?package-lock\.json$}, + %r{^(?:.*/)?npm-shrinkwrap\.json$}, + %r{^(?:.*/)?yarn\.lock$}, + %r{^(?:.*/)?pnpm-lock\.yaml$}, + %r{^(?:.*/)?\.yarn/.*}, # Matches any file within the .yarn/ directory + %r{^(?:.*/)?\.pnp\.(?:js|cjs)$} # Matches .pnp.js or .pnp.cjs files + ] end sig { override.returns(T::Array[DependencyFile]) } diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb index 2064dc71d2..fbf9d536f0 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb @@ -64,9 +64,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -87,7 +85,11 @@ "subdirectory/pnpm-lock.yaml", "apps/dependabot_business/package.json", "packages/package1/package.json", - "packages/package2/yarn.lock" + "packages/package2/yarn.lock", + ".yarn/install-state.gz", + ".yarn/cache/@es-test-npm-0.46.0-d544b36047-96010ece49.zip", + ".pnp.js", + ".pnp.cjs" ] matching_files.each do |file_name| diff --git a/nuget/lib/dependabot/nuget/file_updater.rb b/nuget/lib/dependabot/nuget/file_updater.rb index 7a24d9a681..72f41851ab 100644 --- a/nuget/lib/dependabot/nuget/file_updater.rb +++ b/nuget/lib/dependabot/nuget/file_updater.rb @@ -26,35 +26,22 @@ class FileUpdater < Dependabot::FileUpdaters::Base } end - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - /^.*\.([a-z]{2})?proj$/, - /^packages\.config$/i, - /^app\.config$/i, - /^web\.config$/i, - /^global\.json$/i, - /^dotnet-tools\.json$/i, - /^Directory\.Build\.props$/i, - /^Directory\.Build\.targets$/i, - /^Packages\.props$/i - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - %r{^[^/]*\.([a-z]{2})?proj$}, - /^.*\.([a-z]{2})?proj$/, - /^packages\.config$/i, - /^app\.config$/i, - /^web\.config$/i, - /^global\.json$/i, - /^dotnet-tools\.json$/i, - /^Directory\.Build\.props$/i, - /^Directory\.Build\.targets$/i, - /^Packages\.props$/i - ] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + /.*\.([a-z]{2})?proj$/, # Matches files with any extension like .csproj, .vbproj, etc., in any directory + /packages\.config$/i, # Matches packages.config in any directory + /app\.config$/i, # Matches app.config in any directory + /web\.config$/i, # Matches web.config in any directory + /global\.json$/i, # Matches global.json in any directory + /dotnet-tools\.json$/i, # Matches dotnet-tools.json in any directory + /Directory\.Build\.props$/i, # Matches Directory.Build.props in any directory + /Directory\.Build\.targets$/i, # Matches Directory.Build.targets in any directory + /Directory\.targets$/i, # Matches Directory.targets in any directory or root directory + /Packages\.props$/i, # Matches Packages.props in any directory + /.*\.nuspec$/, # Matches any .nuspec files in any directory + %r{^\.config/dotnet-tools\.json$} # Matches .config/dotnet-tools.json in only root directory + ] end sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) } diff --git a/nuget/spec/dependabot/nuget/file_updater_spec.rb b/nuget/spec/dependabot/nuget/file_updater_spec.rb index 864ba942fb..7547fb5a1b 100644 --- a/nuget/spec/dependabot/nuget/file_updater_spec.rb +++ b/nuget/spec/dependabot/nuget/file_updater_spec.rb @@ -103,9 +103,7 @@ def intercept_native_tools(discovery_content_hash:) end describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -123,9 +121,18 @@ def intercept_native_tools(discovery_content_hash:) "global.json", "dotnet-tools.json", "Directory.Build.props", + "Source/Directory.Build.props", + "Directory.targets", + "src/Directory.targets", "Directory.Build.targets", + "Directory.Packages.props", + "Source/Directory.Packages.props", "Packages.props", - "Proj1/Proj1/Proj1.csproj" + "Proj1/Proj1/Proj1.csproj", + ".config/dotnet-tools.json", + ".nuspec", + "subdirectory/.nuspec", + "Service/Contract/packages.config" ] matching_files.each do |file_name| diff --git a/pub/lib/dependabot/pub/file_updater.rb b/pub/lib/dependabot/pub/file_updater.rb index 2e1ae18ea7..3e661c6395 100644 --- a/pub/lib/dependabot/pub/file_updater.rb +++ b/pub/lib/dependabot/pub/file_updater.rb @@ -13,11 +13,11 @@ class FileUpdater < Dependabot::FileUpdaters::Base include Dependabot::Pub::Helpers - sig { override.params(_: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(_ = false) + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex [ - /^pubspec\.yaml$/, - /^pubspec\.lock$/ + %r{^(.*/)?pubspec\.yaml$}, + %r{^(.*/)?pubspec\.lock$} ] end diff --git a/pub/spec/dependabot/pub/file_updater_spec.rb b/pub/spec/dependabot/pub/file_updater_spec.rb index 6597193dc5..0373c793fe 100644 --- a/pub/spec/dependabot/pub/file_updater_spec.rb +++ b/pub/spec/dependabot/pub/file_updater_spec.rb @@ -73,8 +73,7 @@ def lockfile(files) end describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty @@ -84,7 +83,9 @@ def lockfile(files) it "returns true for files that should be updated" do matching_files = [ "pubspec.yaml", - "pubspec.lock" + "pubspec.lock", + "packages/foo_bar/pubspec.yaml", + "packages/foo_bar/pubspec.lock" ] matching_files.each do |file_name| diff --git a/python/lib/dependabot/python/file_updater.rb b/python/lib/dependabot/python/file_updater.rb index d597bec6af..88fed4e593 100644 --- a/python/lib/dependabot/python/file_updater.rb +++ b/python/lib/dependabot/python/file_updater.rb @@ -17,33 +17,19 @@ class FileUpdater < Dependabot::FileUpdaters::Base require_relative "file_updater/poetry_file_updater" require_relative "file_updater/requirement_file_updater" - sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) } - def self.updated_files_regex(allowlist_enabled = false) - if allowlist_enabled - [ - /^.*Pipfile$/, # Match Pipfile at any level - /^.*Pipfile\.lock$/, # Match Pipfile.lock at any level - /^.*\.txt$/, # Match any .txt files (e.g., requirements.txt) at any level - /^.*\.in$/, # Match any .in files at any level - /^.*setup\.py$/, # Match setup.py at any level - /^.*setup\.cfg$/, # Match setup.cfg at any level - /^.*pyproject\.toml$/, # Match pyproject.toml at any level - /^.*pyproject\.lock$/, # Match pyproject.lock at any level - /^.*poetry\.lock$/ # Match poetry.lock at any level - ] - else - # Old regex. After 100% rollout of the allowlist, this will be removed. - [ - /^Pipfile$/, - /^Pipfile\.lock$/, - /.*\.txt$/, - /.*\.in$/, - /^setup\.py$/, - /^setup\.cfg$/, - /^pyproject\.toml$/, - /^pyproject\.lock$/ - ] - end + sig { override.returns(T::Array[Regexp]) } + def self.updated_files_regex + [ + /^.*Pipfile$/, # Match Pipfile at any level + /^.*Pipfile\.lock$/, # Match Pipfile.lock at any level + /^.*\.txt$/, # Match any .txt files (e.g., requirements.txt) at any level + /^.*\.in$/, # Match any .in files at any level + /^.*setup\.py$/, # Match setup.py at any level + /^.*setup\.cfg$/, # Match setup.cfg at any level + /^.*pyproject\.toml$/, # Match pyproject.toml at any level + /^.*pyproject\.lock$/, # Match pyproject.lock at any level + /^.*poetry\.lock$/ # Match poetry.lock at any level + ] end sig { override.returns(T::Array[DependencyFile]) } diff --git a/python/spec/dependabot/python/file_updater_spec.rb b/python/spec/dependabot/python/file_updater_spec.rb index 2254fe6411..04f1ae10e8 100644 --- a/python/spec/dependabot/python/file_updater_spec.rb +++ b/python/spec/dependabot/python/file_updater_spec.rb @@ -58,9 +58,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - - let(:allowlist_enabled) { true } + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/swift/lib/dependabot/swift/file_updater.rb b/swift/lib/dependabot/swift/file_updater.rb index 92ece7fe17..fc5e7fd72d 100644 --- a/swift/lib/dependabot/swift/file_updater.rb +++ b/swift/lib/dependabot/swift/file_updater.rb @@ -9,7 +9,7 @@ module Dependabot module Swift class FileUpdater < Dependabot::FileUpdaters::Base - def self.updated_files_regex(_ = false) + def self.updated_files_regex [ /Package(@swift-\d(\.\d){0,2})?\.swift/, /^Package\.resolved$/ diff --git a/swift/spec/dependabot/swift/file_updater_spec.rb b/swift/spec/dependabot/swift/file_updater_spec.rb index 86ddfa2499..154fec3455 100644 --- a/swift/spec/dependabot/swift/file_updater_spec.rb +++ b/swift/spec/dependabot/swift/file_updater_spec.rb @@ -28,8 +28,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb index 4874affcd4..3515a6aae5 100644 --- a/terraform/lib/dependabot/terraform/file_updater.rb +++ b/terraform/lib/dependabot/terraform/file_updater.rb @@ -20,7 +20,7 @@ class FileUpdater < Dependabot::FileUpdaters::Base MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?\S+)\"/m GIT_HTTPS_PREFIX = %r{^git::https://} - def self.updated_files_regex(_ = false) + def self.updated_files_regex [/\.tf$/, /\.hcl$/] end diff --git a/terraform/spec/dependabot/terraform/file_updater_spec.rb b/terraform/spec/dependabot/terraform/file_updater_spec.rb index c4ed9f1297..83e1ef8f9f 100644 --- a/terraform/spec/dependabot/terraform/file_updater_spec.rb +++ b/terraform/spec/dependabot/terraform/file_updater_spec.rb @@ -28,8 +28,7 @@ it_behaves_like "a dependency file updater" describe "#updated_files_regex" do - subject(:updated_files_regex) { described_class.updated_files_regex(allowlist_enabled) } - let(:allowlist_enabled) { false } # default value + subject(:updated_files_regex) { described_class.updated_files_regex } it "is not empty" do expect(updated_files_regex).not_to be_empty