From 6c0c2afe3979af0e15786b4b6a1092037db06bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 13 Oct 2022 23:24:41 +0200 Subject: [PATCH 1/6] Refactor --- common/lib/dependabot/config/ignore_condition.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/common/lib/dependabot/config/ignore_condition.rb b/common/lib/dependabot/config/ignore_condition.rb index 29f9f52d3f..5d4fd3faaf 100644 --- a/common/lib/dependabot/config/ignore_condition.rb +++ b/common/lib/dependabot/config/ignore_condition.rb @@ -32,7 +32,7 @@ def transformed_update_types end def versions_by_type(dependency) - return [] unless dependency.version + return [] unless rubygems_compatible?(dependency.version) transformed_update_types.flat_map do |t| case t @@ -49,8 +49,6 @@ def versions_by_type(dependency) end def ignore_patch(version) - return [] unless rubygems_compatible?(version) - parts = version.split(".") version_parts = parts.fill(0, parts.length...2) upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] @@ -61,8 +59,6 @@ def ignore_patch(version) end def ignore_minor(version) - return [] unless rubygems_compatible?(version) - parts = version.split(".") version_parts = parts.fill(0, parts.length...2) lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"] @@ -74,8 +70,6 @@ def ignore_minor(version) end def ignore_major(version) - return [] unless rubygems_compatible?(version) - version_parts = version.split(".") lower_parts = [version_parts[0].to_i + 1] + ["a"] lower_bound = ">= #{lower_parts.join('.')}" From a16be0f4e15d039fb893909856ac5f05f5ece0e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Sun, 13 Nov 2022 21:44:08 +0100 Subject: [PATCH 2/6] Extract a `Dependabot::Version` class --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/images-latest.yml | 2 +- .github/workflows/images-updater-core.yml | 2 +- Dockerfile.development | 2 +- Rakefile | 2 +- bin/bump-version.rb | 7 +++---- bundler/lib/dependabot/bundler/version.rb | 3 ++- cargo/lib/dependabot/cargo/version.rb | 4 ++-- common/dependabot-common.gemspec | 2 +- common/lib/dependabot.rb | 1 + common/lib/dependabot/dependency.rb | 2 +- common/lib/dependabot/security_advisory.rb | 2 +- common/lib/dependabot/shared_helpers.rb | 2 +- common/lib/dependabot/version.rb | 9 ++++++++- common/lib/rubygems_version_patch.rb | 14 -------------- common/spec/dummy_package_manager/version.rb | 3 ++- composer/lib/dependabot/composer/version.rb | 4 ++-- docker/lib/dependabot/docker/version.rb | 3 ++- elm/lib/dependabot/elm/version.rb | 4 ++-- .../lib/dependabot/git_submodules/version.rb | 3 ++- .../lib/dependabot/github_actions/version.rb | 3 ++- go_modules/lib/dependabot/go_modules/version.rb | 3 ++- gradle/lib/dependabot/gradle/version.rb | 4 ++-- hex/lib/dependabot/hex/version.rb | 4 ++-- maven/lib/dependabot/maven/version.rb | 4 ++-- .../lib/dependabot/npm_and_yarn/version.rb | 4 ++-- nuget/lib/dependabot/nuget/version.rb | 4 ++-- pub/lib/dependabot/pub/version.rb | 4 ++-- python/lib/dependabot/python/version.rb | 4 ++-- terraform/lib/dependabot/terraform/version.rb | 4 +++- 30 files changed, 56 insertions(+), 55 deletions(-) delete mode 100644 common/lib/rubygems_version_patch.rb diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bfa5d46ba3..1b098d056a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,7 +20,7 @@ on: paths-ignore: - '*/spec/fixtures/**' - 'CHANGELOG.md' - - 'common/lib/dependabot/version.rb' + - 'common/lib/dependabot.rb' schedule: - cron: '41 4 * * 3' diff --git a/.github/workflows/images-latest.yml b/.github/workflows/images-latest.yml index 27f5728b17..2cb3a57aa4 100644 --- a/.github/workflows/images-latest.yml +++ b/.github/workflows/images-latest.yml @@ -8,7 +8,7 @@ on: - main paths-ignore: - "CHANGELOG.md" - - "common/lib/dependabot/version.rb" + - "common/lib/dependabot.rb" jobs: date-version: diff --git a/.github/workflows/images-updater-core.yml b/.github/workflows/images-updater-core.yml index 49d6eaf2aa..4f5c859f9a 100644 --- a/.github/workflows/images-updater-core.yml +++ b/.github/workflows/images-updater-core.yml @@ -29,6 +29,6 @@ jobs: - name: Push tagged image if: contains(github.ref, 'refs/tags') run: | - VERSION="$(grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" common/lib/dependabot/version.rb)" + VERSION="$(grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" common/lib/dependabot.rb)" docker tag "$UPDATER_CORE_IMAGE:latest" "$UPDATER_CORE_IMAGE:$VERSION" docker push "$UPDATER_CORE_IMAGE:$VERSION" diff --git a/Dockerfile.development b/Dockerfile.development index 5d94aadc7a..216ad44638 100644 --- a/Dockerfile.development +++ b/Dockerfile.development @@ -22,7 +22,7 @@ ARG HOME=/home/dependabot ARG CODE_DIR=${HOME}/dependabot-core COPY --chown=dependabot:dependabot common/Gemfile common/dependabot-common.gemspec ${CODE_DIR}/common/ -COPY --chown=dependabot:dependabot common/lib/dependabot/version.rb ${CODE_DIR}/common/lib/dependabot/ +COPY --chown=dependabot:dependabot common/lib/dependabot.rb ${CODE_DIR}/common/lib/ COPY --chown=dependabot:dependabot omnibus/Gemfile omnibus/dependabot-omnibus.gemspec ${CODE_DIR}/omnibus/ COPY --chown=dependabot:dependabot bundler/Gemfile bundler/dependabot-bundler.gemspec ${CODE_DIR}/bundler/ diff --git a/Rakefile b/Rakefile index 23e1fab04f..0f00e107bf 100644 --- a/Rakefile +++ b/Rakefile @@ -7,7 +7,7 @@ require "uri" require "json" require "rubygems/package" require "bundler" -require "./common/lib/dependabot/version" +require "./common/lib/dependabot" require "yaml" GEMSPECS = %w( diff --git a/bin/bump-version.rb b/bin/bump-version.rb index 6a2728f88b..0ed554b4fb 100755 --- a/bin/bump-version.rb +++ b/bin/bump-version.rb @@ -53,8 +53,7 @@ def proposed_changes(version, _new_version) end # Update version file -version_path = File.join(__dir__, "..", "common", "lib", "dependabot", - "version.rb") +version_path = File.join(__dir__, "..", "common", "lib", "dependabot.rb") version_contents = File.read(version_path) version = version_contents.scan(/\d+.\d+.\d+/).first @@ -74,7 +73,7 @@ def proposed_changes(version, _new_version) puts new_version_contents else File.write(version_path, new_version_contents) - puts "☑️ common/lib/dependabot/version.rb updated" + puts "☑️ common/lib/dependabot.rb updated" end @@ -101,7 +100,7 @@ def proposed_changes(version, _new_version) puts "commit, tag, and push the release:" puts puts "git checkout -b v#{new_version}-release-notes" - puts "git add CHANGELOG.md common/lib/dependabot/version.rb" + puts "git add CHANGELOG.md common/lib/dependabot.rb" puts "git commit -m 'v#{new_version}'" puts "git push origin HEAD:v#{new_version}-release-notes" puts "# ... create PR, verify, merge, for example:" diff --git a/bundler/lib/dependabot/bundler/version.rb b/bundler/lib/dependabot/bundler/version.rb index 2c83241a46..0d7a221916 100644 --- a/bundler/lib/dependabot/bundler/version.rb +++ b/bundler/lib/dependabot/bundler/version.rb @@ -1,10 +1,11 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" module Dependabot module Bundler - class Version < Gem::Version + class Version < Dependabot::Version end end end diff --git a/cargo/lib/dependabot/cargo/version.rb b/cargo/lib/dependabot/cargo/version.rb index 576695ace0..027826657b 100644 --- a/cargo/lib/dependabot/cargo/version.rb +++ b/cargo/lib/dependabot/cargo/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Rust pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that @@ -9,7 +9,7 @@ module Dependabot module Cargo - class Version < Gem::Version + class Version < Dependabot::Version VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \ '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \ '(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?' diff --git a/common/dependabot-common.gemspec b/common/dependabot-common.gemspec index 3731e2a8f9..82b5fe2332 100644 --- a/common/dependabot-common.gemspec +++ b/common/dependabot-common.gemspec @@ -1,6 +1,6 @@ # frozen_string_literal: true -require "./lib/dependabot/version" +require "./lib/dependabot" Gem::Specification.new do |spec| spec.name = "dependabot-common" diff --git a/common/lib/dependabot.rb b/common/lib/dependabot.rb index fb0269bb85..55b9ed64ee 100644 --- a/common/lib/dependabot.rb +++ b/common/lib/dependabot.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true module Dependabot + VERSION = "0.215.0" end diff --git a/common/lib/dependabot/dependency.rb b/common/lib/dependabot/dependency.rb index 15e474bd20..e7992494a3 100644 --- a/common/lib/dependabot/dependency.rb +++ b/common/lib/dependabot/dependency.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require "rubygems_version_patch" +require "dependabot/version" module Dependabot class Dependency diff --git a/common/lib/dependabot/security_advisory.rb b/common/lib/dependabot/security_advisory.rb index b5e26ad030..e20501c119 100644 --- a/common/lib/dependabot/security_advisory.rb +++ b/common/lib/dependabot/security_advisory.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require "rubygems_version_patch" +require "dependabot/version" module Dependabot class SecurityAdvisory diff --git a/common/lib/dependabot/shared_helpers.rb b/common/lib/dependabot/shared_helpers.rb index d1c027749f..96294e040a 100644 --- a/common/lib/dependabot/shared_helpers.rb +++ b/common/lib/dependabot/shared_helpers.rb @@ -12,7 +12,7 @@ require "dependabot/utils" require "dependabot/errors" -require "dependabot/version" +require "dependabot" module Dependabot module SharedHelpers diff --git a/common/lib/dependabot/version.rb b/common/lib/dependabot/version.rb index 55b9ed64ee..15f3f0bce9 100644 --- a/common/lib/dependabot/version.rb +++ b/common/lib/dependabot/version.rb @@ -1,5 +1,12 @@ # frozen_string_literal: true module Dependabot - VERSION = "0.215.0" + class Version < Gem::Version + # Opt-in to Rubygems 4 behavior + def self.correct?(version) + return false if version.nil? + + version.to_s.match?(ANCHORED_VERSION_PATTERN) + end + end end diff --git a/common/lib/rubygems_version_patch.rb b/common/lib/rubygems_version_patch.rb deleted file mode 100644 index de7e918161..0000000000 --- a/common/lib/rubygems_version_patch.rb +++ /dev/null @@ -1,14 +0,0 @@ -# frozen_string_literal: true - -require "rubygems/version" - -# Opt in to Rubygems 4 behaviour -module Gem - class Version - def self.correct?(version) - return false if version.nil? - - version.to_s.match?(ANCHORED_VERSION_PATTERN) - end - end -end diff --git a/common/spec/dummy_package_manager/version.rb b/common/spec/dummy_package_manager/version.rb index ebda49213a..70ab1a41f7 100644 --- a/common/spec/dummy_package_manager/version.rb +++ b/common/spec/dummy_package_manager/version.rb @@ -1,9 +1,10 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" module DummyPackageManager - class Version < Gem::Version + class Version < Dependabot::Version def initialize(version) version = Version.remove_leading_v(version) super diff --git a/composer/lib/dependabot/composer/version.rb b/composer/lib/dependabot/composer/version.rb index bfa5508612..3e8ccf9578 100644 --- a/composer/lib/dependabot/composer/version.rb +++ b/composer/lib/dependabot/composer/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # PHP pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that @@ -9,7 +9,7 @@ module Dependabot module Composer - class Version < Gem::Version + class Version < Dependabot::Version def initialize(version) @version_string = version.to_s super diff --git a/docker/lib/dependabot/docker/version.rb b/docker/lib/dependabot/docker/version.rb index 70248593a6..829bea27ec 100644 --- a/docker/lib/dependabot/docker/version.rb +++ b/docker/lib/dependabot/docker/version.rb @@ -1,5 +1,6 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" module Dependabot @@ -9,7 +10,7 @@ module Docker # See https://www.oracle.com/java/technologies/javase/versioning-naming.html # for a description of Java versions. # - class Version < Gem::Version + class Version < Dependabot::Version def initialize(version) release_part, update_part = version.split("_", 2) diff --git a/elm/lib/dependabot/elm/version.rb b/elm/lib/dependabot/elm/version.rb index 00a86277d2..4a052265c9 100644 --- a/elm/lib/dependabot/elm/version.rb +++ b/elm/lib/dependabot/elm/version.rb @@ -1,14 +1,14 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Elm versions require major, minor and patch to be present # They don't allow any letters module Dependabot module Elm - class Version < Gem::Version + class Version < Dependabot::Version VERSION_PATTERN = "[0-9]+\\.[0-9]+\\.[0-9]+" VERSION_PATTERN_REGEX = /\A#{VERSION_PATTERN}\Z/ diff --git a/git_submodules/lib/dependabot/git_submodules/version.rb b/git_submodules/lib/dependabot/git_submodules/version.rb index a2c62006fd..e82e43508c 100644 --- a/git_submodules/lib/dependabot/git_submodules/version.rb +++ b/git_submodules/lib/dependabot/git_submodules/version.rb @@ -1,10 +1,11 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" module Dependabot module GitSubmodules - class Version < Gem::Version + class Version < Dependabot::Version end end end diff --git a/github_actions/lib/dependabot/github_actions/version.rb b/github_actions/lib/dependabot/github_actions/version.rb index bfc5b0e944..1d8941acb7 100644 --- a/github_actions/lib/dependabot/github_actions/version.rb +++ b/github_actions/lib/dependabot/github_actions/version.rb @@ -1,10 +1,11 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" module Dependabot module GithubActions - class Version < Gem::Version + class Version < Dependabot::Version def initialize(version) version = Version.remove_leading_v(version) super diff --git a/go_modules/lib/dependabot/go_modules/version.rb b/go_modules/lib/dependabot/go_modules/version.rb index 3a559271da..a162931e62 100644 --- a/go_modules/lib/dependabot/go_modules/version.rb +++ b/go_modules/lib/dependabot/go_modules/version.rb @@ -5,11 +5,12 @@ # alteration. # Best docs are at https://github.com/Masterminds/semver +require "dependabot/version" require "dependabot/utils" module Dependabot module GoModules - class Version < Gem::Version + class Version < Dependabot::Version VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \ '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \ '(\+incompatible)?' diff --git a/gradle/lib/dependabot/gradle/version.rb b/gradle/lib/dependabot/gradle/version.rb index 852a876923..58176e4c0a 100644 --- a/gradle/lib/dependabot/gradle/version.rb +++ b/gradle/lib/dependabot/gradle/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Java versions use dots and dashes when tokenising their versions. # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method. @@ -10,7 +10,7 @@ module Dependabot module Gradle - class Version < Gem::Version + class Version < Dependabot::Version NULL_VALUES = %w(0 final ga).freeze PREFIXED_TOKEN_HIERARCHY = { "." => { qualifier: 1, number: 4 }, diff --git a/hex/lib/dependabot/hex/version.rb b/hex/lib/dependabot/hex/version.rb index 66c23d6341..c67f106952 100644 --- a/hex/lib/dependabot/hex/version.rb +++ b/hex/lib/dependabot/hex/version.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -require "rubygems_version_patch" +require "dependabot/version" require "dependabot/utils" # Elixir versions can include build information, which Ruby can't parse. @@ -9,7 +9,7 @@ module Dependabot module Hex - class Version < Gem::Version + class Version < Dependabot::Version attr_reader :build_info VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' diff --git a/maven/lib/dependabot/maven/version.rb b/maven/lib/dependabot/maven/version.rb index bc5e82f9b3..a7de7fb70c 100644 --- a/maven/lib/dependabot/maven/version.rb +++ b/maven/lib/dependabot/maven/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Java versions use dots and dashes when tokenising their versions. # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method. @@ -10,7 +10,7 @@ module Dependabot module Maven - class Version < Gem::Version + class Version < Dependabot::Version NULL_VALUES = %w(0 final ga).freeze PREFIXED_TOKEN_HIERARCHY = { "." => { qualifier: 1, number: 4 }, diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb index 3f9f325a72..bfd7d66eeb 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # JavaScript pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that @@ -11,7 +11,7 @@ module Dependabot module NpmAndYarn - class Version < Gem::Version + class Version < Dependabot::Version attr_reader :build_info VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' diff --git a/nuget/lib/dependabot/nuget/version.rb b/nuget/lib/dependabot/nuget/version.rb index 82131b78ec..74e93f9601 100644 --- a/nuget/lib/dependabot/nuget/version.rb +++ b/nuget/lib/dependabot/nuget/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Dotnet pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that @@ -9,7 +9,7 @@ # Dotnet also supports build versions, separated with a "+". module Dependabot module Nuget - class Version < Gem::Version + class Version < Dependabot::Version VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ diff --git a/pub/lib/dependabot/pub/version.rb b/pub/lib/dependabot/pub/version.rb index 348ef4c90c..03e5b4934f 100644 --- a/pub/lib/dependabot/pub/version.rb +++ b/pub/lib/dependabot/pub/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Dart pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that @@ -15,7 +15,7 @@ module Dependabot module Pub - class Version < Gem::Version + class Version < Dependabot::Version VERSION_PATTERN = Gem::Version::VERSION_PATTERN + "(\\+[0-9a-zA-Z\\-.]+)?" ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ diff --git a/python/lib/dependabot/python/version.rb b/python/lib/dependabot/python/version.rb index 8aa961920f..f314a96dfc 100644 --- a/python/lib/dependabot/python/version.rb +++ b/python/lib/dependabot/python/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" require "dependabot/utils" -require "rubygems_version_patch" # Python versions can include a local version identifier, which Ruby can't # parse. This class augments Gem::Version with local version identifier info. @@ -9,7 +9,7 @@ module Dependabot module Python - class Version < Gem::Version + class Version < Dependabot::Version attr_reader :epoch attr_reader :local_version attr_reader :post_release_version diff --git a/terraform/lib/dependabot/terraform/version.rb b/terraform/lib/dependabot/terraform/version.rb index 4adf208d35..5e2b2d6754 100644 --- a/terraform/lib/dependabot/terraform/version.rb +++ b/terraform/lib/dependabot/terraform/version.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require "dependabot/version" + # Terraform pre-release versions use 1.0.1-rc1 syntax, which Gem::Version # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that # alteration. @@ -8,7 +10,7 @@ module Dependabot module Terraform - class Version < Gem::Version + class Version < Dependabot::Version def initialize(version) @version_string = version.to_s super From d20a6749d8987040e1f59fbe8a8425b99f8d0851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Mon, 14 Nov 2022 00:10:45 +0100 Subject: [PATCH 3/6] Prefer "dummy" package manager in common specs To keep it package manager agnostic. --- common/spec/dependabot/config/ignore_condition_spec.rb | 2 +- common/spec/dependabot/config/update_config_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/spec/dependabot/config/ignore_condition_spec.rb b/common/spec/dependabot/config/ignore_condition_spec.rb index 7667d7d691..6bc7e22cd3 100644 --- a/common/spec/dependabot/config/ignore_condition_spec.rb +++ b/common/spec/dependabot/config/ignore_condition_spec.rb @@ -16,7 +16,7 @@ Dependabot::Dependency.new( name: dependency_name, requirements: [], - package_manager: "npm_and_yarn", + package_manager: "dummy", version: dependency_version ) end diff --git a/common/spec/dependabot/config/update_config_spec.rb b/common/spec/dependabot/config/update_config_spec.rb index f6495d90d4..a6feab2889 100644 --- a/common/spec/dependabot/config/update_config_spec.rb +++ b/common/spec/dependabot/config/update_config_spec.rb @@ -13,7 +13,7 @@ name: "@types/node", requirements: [], version: "12.12.6", - package_manager: "npm_and_yarn" + package_manager: "dummy" ) end let(:ignore_conditions) { [] } From 0b0acd94f7f525c074e09ac7945552ed3649dede Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Fri, 14 Oct 2022 00:00:30 +0200 Subject: [PATCH 4/6] Support ignore for version schemes not compatible with RubyGems The ecosystem will need to implement `Version.correct?` and `Version#to_semver` that will ensure a semver shape that plays nice with ignore conditions. --- .../lib/dependabot/config/ignore_condition.rb | 27 ++++++++++++++----- common/lib/dependabot/version.rb | 10 +++++++ .../config/ignore_condition_spec.rb | 25 ++++++++++++++--- common/spec/dummy_package_manager/version.rb | 4 +++ 4 files changed, 56 insertions(+), 10 deletions(-) diff --git a/common/lib/dependabot/config/ignore_condition.rb b/common/lib/dependabot/config/ignore_condition.rb index 5d4fd3faaf..20c7018e70 100644 --- a/common/lib/dependabot/config/ignore_condition.rb +++ b/common/lib/dependabot/config/ignore_condition.rb @@ -32,16 +32,19 @@ def transformed_update_types end def versions_by_type(dependency) - return [] unless rubygems_compatible?(dependency.version) + version = correct_version_for(dependency) + return [] unless version + + semver = version.to_semver transformed_update_types.flat_map do |t| case t when PATCH_VERSION_TYPE - ignore_patch(dependency.version) + ignore_patch(semver) when MINOR_VERSION_TYPE - ignore_minor(dependency.version) + ignore_minor(semver) when MAJOR_VERSION_TYPE - ignore_major(dependency.version) + ignore_major(semver) else [] end @@ -77,10 +80,20 @@ def ignore_major(version) [lower_bound] end - def rubygems_compatible?(version) - return false if version.nil? || version.empty? + def correct_version_for(dependency) + version = dependency.version + return if version.nil? || version.empty? + + version_class = version_class_for(dependency.package_manager) + return unless version_class.correct?(version) + + version_class.new(version) + end - Gem::Version.correct?(version) + def version_class_for(package_manager) + Utils.version_class_for_package_manager(package_manager) + rescue StandardError + Dependabot::Version end end end diff --git a/common/lib/dependabot/version.rb b/common/lib/dependabot/version.rb index 15f3f0bce9..2213982a97 100644 --- a/common/lib/dependabot/version.rb +++ b/common/lib/dependabot/version.rb @@ -2,11 +2,21 @@ module Dependabot class Version < Gem::Version + def initialize(version) + @original_version = version + + super + end + # Opt-in to Rubygems 4 behavior def self.correct?(version) return false if version.nil? version.to_s.match?(ANCHORED_VERSION_PATTERN) end + + def to_semver + @original_version + end end end diff --git a/common/spec/dependabot/config/ignore_condition_spec.rb b/common/spec/dependabot/config/ignore_condition_spec.rb index 6bc7e22cd3..820a274d17 100644 --- a/common/spec/dependabot/config/ignore_condition_spec.rb +++ b/common/spec/dependabot/config/ignore_condition_spec.rb @@ -9,6 +9,7 @@ let(:dependency_version) { "1.2.3" } let(:ignore_condition) { described_class.new(dependency_name: dependency_name) } let(:security_updates_only) { false } + let(:package_manager) { "dummy" } describe "#ignored_versions" do subject(:ignored_versions) { ignore_condition.ignored_versions(dependency, security_updates_only) } @@ -16,7 +17,7 @@ Dependabot::Dependency.new( name: dependency_name, requirements: [], - package_manager: "dummy", + package_manager: package_manager, version: dependency_version ) end @@ -25,7 +26,7 @@ def expect_allowed(versions) reqs = ignored_versions.map { |v| Gem::Requirement.new(v.split(",").map(&:strip)) } versions.each do |v| - version = Gem::Version.new(v) + version = Dependabot::Utils.version_class_for_package_manager(package_manager).new(v) ignored = reqs.any? { |req| req.satisfied_by?(version) } expect(ignored).to eq(false), "Expected #{v} to be allowed, but was ignored" end @@ -34,7 +35,7 @@ def expect_allowed(versions) def expect_ignored(versions) reqs = ignored_versions.map { |v| Gem::Requirement.new(v.split(",").map(&:strip)) } versions.each do |v| - version = Gem::Version.new(v) + version = Dependabot::Version.new(v) ignored = reqs.any? { |req| req.satisfied_by?(version) } expect(ignored).to eq(true), "Expected #{v} to be ignored, but was allowed" end @@ -287,6 +288,24 @@ def expect_ignored(versions) end end + context "with a semver dependency, but according to another package manager" do + let(:dependency_version) { "v11.0.14" } + + context "with ignore_major_versions" do + let(:update_types) { ["version-update:semver-major"] } + + it "ignores expected versions" do + expect_allowed(["11"]) + expect_ignored(["17"]) + expect_allowed([dependency_version]) + end + + it "returns the expected range" do + expect(ignored_versions).to eq([">= 12.a"]) + end + end + end + context "when the dependency version isn't known" do let(:dependency_version) { nil } diff --git a/common/spec/dummy_package_manager/version.rb b/common/spec/dummy_package_manager/version.rb index 70ab1a41f7..ff024f3723 100644 --- a/common/spec/dummy_package_manager/version.rb +++ b/common/spec/dummy_package_manager/version.rb @@ -20,6 +20,10 @@ def self.correct?(version) version = Version.remove_leading_v(version) super end + + def to_semver + @original_version + end end end From 4dc97e41a4ec75808876249b0786d648627df0c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Sun, 13 Nov 2022 22:43:53 +0100 Subject: [PATCH 5/6] Make docker version specs more clear Currently only the numeric part of tags is instantiated as a version. Make that more clear by feeding version specs "real life" versions. --- docker/spec/dependabot/docker/version_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/spec/dependabot/docker/version_spec.rb b/docker/spec/dependabot/docker/version_spec.rb index db93884099..53ff799385 100644 --- a/docker/spec/dependabot/docker/version_spec.rb +++ b/docker/spec/dependabot/docker/version_spec.rb @@ -11,8 +11,8 @@ end it "sorts properly when it uses underscores" do - expect(described_class.new("11.0.16_8-jdk")).to be < described_class.new("11.0.16.1-jdk") - expect(described_class.new("17.0.2_8-jdk")).to be > described_class.new("17.0.1_12-jdk") + expect(described_class.new("11.0.16_8")).to be < described_class.new("11.0.16.1") + expect(described_class.new("17.0.2_8")).to be > described_class.new("17.0.1_12") end end end From abd11c4e6481e569eb28370c25444448d6d587c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Sun, 13 Nov 2022 22:45:16 +0100 Subject: [PATCH 6/6] Implement `Version.correct?` and `Version#to_semver` in Docker --- docker/lib/dependabot/docker/version.rb | 12 ++++++++-- docker/spec/dependabot/docker/version_spec.rb | 22 +++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/docker/lib/dependabot/docker/version.rb b/docker/lib/dependabot/docker/version.rb index 829bea27ec..613b03dc22 100644 --- a/docker/lib/dependabot/docker/version.rb +++ b/docker/lib/dependabot/docker/version.rb @@ -14,9 +14,17 @@ class Version < Dependabot::Version def initialize(version) release_part, update_part = version.split("_", 2) - @release_part = Gem::Version.new(release_part.tr("-", ".")) + @release_part = Dependabot::Version.new(release_part.tr("-", ".")) - @update_part = Gem::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0) + @update_part = Dependabot::Version.new(update_part&.start_with?(/[0-9]/) ? update_part : 0) + end + + def self.correct?(version) + super(new(version).to_semver) + end + + def to_semver + @release_part.to_semver end attr_reader :release_part diff --git a/docker/spec/dependabot/docker/version_spec.rb b/docker/spec/dependabot/docker/version_spec.rb index 53ff799385..1a1bd78736 100644 --- a/docker/spec/dependabot/docker/version_spec.rb +++ b/docker/spec/dependabot/docker/version_spec.rb @@ -15,4 +15,26 @@ expect(described_class.new("17.0.2_8")).to be > described_class.new("17.0.1_12") end end + + describe ".correct?" do + it "classifies standard versions as correct" do + expect(described_class.correct?("2.4.2")).to be true + end + + it "classifies java versions as correct" do + expect(described_class.correct?("11.0.16_8")).to be true + expect(described_class.correct?("11.0.16.1")).to be true + end + end + + describe "#to_semver" do + it "returns a semver compatible string for standard versions" do + expect(described_class.new("2.4.2").to_semver).to eq("2.4.2") + end + + it "classifies java versions as correct" do + expect(described_class.new("11.0.16_8").to_semver).to eq("11.0.16") + expect(described_class.new("11.0.16.1").to_semver).to eq("11.0.16.1") + end + end end