Merge branch 'main' into jamiemagee/dotnet-sdk

Gemfile

@@ -25,8 +25,8 @@ gem "dependabot-swift", path: "swift"
 gem "dependabot-terraform", path: "terraform"
 
 # Sorbet
-gem "sorbet", "0.5.11577", group: :development
-gem "tapioca", "0.16.2", require: false, group: :development
+gem "sorbet", "0.5.11630", group: :development
+gem "tapioca", "0.16.3", require: false, group: :development
 
 common_gemspec = File.expand_path("common/dependabot-common.gemspec", __dir__)
 

Gemfile.lock

@@ -241,14 +241,14 @@ GEM
     parser (3.3.1.0)
       ast (~> 2.4.1)
       racc
-    prism (1.0.0)
+    prism (1.2.0)
     psych (5.1.2)
       stringio
     public_suffix (5.0.4)
     racc (1.7.3)
     rainbow (3.1.1)
     rake (13.1.0)
-    rbi (0.2.0)
+    rbi (0.2.1)
       prism (~> 1.0)
       sorbet-runtime (>= 0.5.9204)
     rdoc (6.6.3.1)
@@ -321,24 +321,24 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    sorbet (0.5.11577)
-      sorbet-static (= 0.5.11577)
-    sorbet-runtime (0.5.11577)
-    sorbet-static (0.5.11577-aarch64-linux)
-    sorbet-static (0.5.11577-universal-darwin)
-    sorbet-static (0.5.11577-x86_64-linux)
-    sorbet-static-and-runtime (0.5.11577)
-      sorbet (= 0.5.11577)
-      sorbet-runtime (= 0.5.11577)
-    spoom (1.4.2)
+    sorbet (0.5.11630)
+      sorbet-static (= 0.5.11630)
+    sorbet-runtime (0.5.11630)
+    sorbet-static (0.5.11630-aarch64-linux)
+    sorbet-static (0.5.11630-universal-darwin)
+    sorbet-static (0.5.11630-x86_64-linux)
+    sorbet-static-and-runtime (0.5.11630)
+      sorbet (= 0.5.11630)
+      sorbet-runtime (= 0.5.11630)
+    spoom (1.5.0)
       erubi (>= 1.10.0)
       prism (>= 0.28.0)
       sorbet-static-and-runtime (>= 0.5.10187)
       thor (>= 0.19.2)
     stackprof (0.2.25)
     stringio (3.1.0)
     strscan (3.1.0)
-    tapioca (0.16.2)
+    tapioca (0.16.3)
       bundler (>= 2.2.25)
       netrc (>= 0.11.0)
       parallel (>= 1.21.0)
@@ -407,8 +407,8 @@ DEPENDENCIES
   rubocop-rspec (~> 2.29.1)
   rubocop-sorbet (~> 0.8.5)
   simplecov (~> 0.22.0)
-  sorbet (= 0.5.11577)
-  tapioca (= 0.16.2)
+  sorbet (= 0.5.11630)
+  tapioca (= 0.16.3)
   turbo_tests (~> 2.2.0)
   vcr (~> 6.1)
   webmock (~> 3.18)

bundler/lib/dependabot/bundler/file_parser.rb

@@ -32,13 +32,24 @@ def parse
         dependency_set.dependencies
       end
 
-      sig { returns(PackageManagerBase) }
-      def package_manager
-        PackageManager.new(bundler_version)
+      sig { returns(Ecosystem) }
+      def ecosystem
+        @ecosystem ||= T.let(
+          Ecosystem.new(
+            name: ECOSYSTEM,
+            package_manager: package_manager
+          ),
+          T.nilable(Ecosystem)
+        )
       end
 
       private
 
+      sig { returns(Ecosystem::VersionManager) }
+      def package_manager
+        PackageManager.new(bundler_version)
+      end
+
       def check_external_code(dependencies)
         return unless @reject_external_code
         return unless git_source?(dependencies)
@@ -309,12 +320,14 @@ def gemspecs
                       .select { |file| file.name.end_with?(".gemspec") }
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def imported_ruby_files
         dependency_files
           .select { |f| f.name.end_with?(".rb") }
           .reject { |f| f.name == "gems.rb" }
       end
 
+      sig { returns(String) }
       def bundler_version
         @bundler_version ||= Helpers.bundler_version(lockfile)
       end

bundler/lib/dependabot/bundler/package_manager.rb

@@ -3,10 +3,11 @@
 
 require "sorbet-runtime"
 require "dependabot/bundler/version"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 
 module Dependabot
   module Bundler
+    ECOSYSTEM = "bundler"
     PACKAGE_MANAGER = "bundler"
 
     # Keep versions in ascending order
@@ -18,33 +19,17 @@ module Bundler
     # DEPRECATED_BUNDLER_VERSIONS = T.let([Version.new("1")].freeze, T::Array[Dependabot::Version])
     DEPRECATED_BUNDLER_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
 
-    class PackageManager < PackageManagerBase
+    class PackageManager < Dependabot::Ecosystem::VersionManager
       extend T::Sig
 
-      sig { params(version: T.any(String, Dependabot::Version)).void }
-      def initialize(version)
-        @version = T.let(Version.new(version), Dependabot::Version)
-        @name = T.let(PACKAGE_MANAGER, String)
-        @deprecated_versions = T.let(DEPRECATED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
-        @supported_versions = T.let(SUPPORTED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
-      end
-
-      sig { override.returns(String) }
-      attr_reader :name
-
-      sig { override.returns(Dependabot::Version) }
-      attr_reader :version
-
-      sig { override.returns(T::Array[Dependabot::Version]) }
-      attr_reader :deprecated_versions
-
-      sig { override.returns(T::Array[Dependabot::Version]) }
-      attr_reader :supported_versions
-
-      sig { override.returns(T::Boolean) }
-      def unsupported?
-        # Check if the version is not supported
-        supported_versions.all? { |supported| supported > version }
+      sig { params(raw_version: String).void }
+      def initialize(raw_version)
+        super(
+          PACKAGE_MANAGER,
+          Version.new(raw_version),
+          DEPRECATED_BUNDLER_VERSIONS,
+          SUPPORTED_BUNDLER_VERSIONS,
+       )
       end
     end
   end

bundler/spec/dependabot/bundler/file_parser_spec.rb

@@ -734,7 +734,7 @@
 
   describe "#package_manager" do
     it "returns the correct package manager" do
-      expect(parser.package_manager).to be_a(Dependabot::Bundler::PackageManager)
+      expect(parser.ecosystem.package_manager).to be_a(Dependabot::Bundler::PackageManager)
     end
   end
 end

bundler/spec/dependabot/bundler/package_manager_spec.rb

@@ -2,7 +2,7 @@
 # frozen_string_literal: true
 
 require "dependabot/bundler/package_manager"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 require "spec_helper"
 
 RSpec.describe Dependabot::Bundler::PackageManager do
@@ -30,7 +30,7 @@
     end
 
     context "when version is a Dependabot::Bundler::Version" do
-      let(:version) { Dependabot::Bundler::Version.new("2") }
+      let(:version) { "2" }
 
       it "sets the version correctly" do
         expect(package_manager.version).to eq(version)

common/lib/dependabot/ecosystem.rb

@@ -0,0 +1,161 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+
+module Dependabot
+  class Ecosystem
+    extend T::Sig
+
+    class VersionManager
+      extend T::Sig
+      extend T::Helpers
+
+      abstract!
+      # Initialize version information with optional requirement
+      # @param name [String] the name for the package manager (e.g., "bundler", "npm").
+      # @param version [Dependabot::Version] the parsed current version.
+      # @param deprecated_versions [Array<Dependabot::Version>] an array of deprecated versions.
+      # @param supported_versions [Array<Dependabot::Version>] an array of supported versions.
+      # @example
+      #   VersionManager.new("bundler", "2.1.4", Dependabot::Version.new("2.1.4"), nil)
+      sig do
+        params(
+          name: String,
+          version: Dependabot::Version,
+          deprecated_versions: T::Array[Dependabot::Version],
+          supported_versions: T::Array[Dependabot::Version]
+        ).void
+      end
+      def initialize(
+        name,
+        version,
+        deprecated_versions = [],
+        supported_versions = []
+      )
+        @name = T.let(name, String)
+        @version = T.let(version, Dependabot::Version)
+
+        @deprecated_versions = T.let(deprecated_versions, T::Array[Dependabot::Version])
+        @supported_versions = T.let(supported_versions, T::Array[Dependabot::Version])
+      end
+
+      # The name of the package manager (e.g., "bundler", "npm").
+      # @example
+      #   name #=> "bundler"
+      sig { returns(String) }
+      attr_reader :name
+
+      # The current version of the package manager.
+      # @example
+      #   version #=> Dependabot::Version.new("2.1.4")
+      sig { returns(Dependabot::Version) }
+      attr_reader :version
+
+      # Returns an array of deprecated versions of the package manager.
+      # @example
+      #  deprecated_versions #=> [Version.new("1")]
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :deprecated_versions
+
+      # Returns an array of supported versions of the package manager.
+      sig { returns(T::Array[Dependabot::Version]) }
+      attr_reader :supported_versions
+
+      # Checks if the current version is deprecated.
+      # Returns true if the version is in the deprecated_versions array; false otherwise.
+      # @example
+      #   deprecated? #=> true
+      sig { returns(T::Boolean) }
+      def deprecated?
+        return false if unsupported?
+
+        deprecated_versions.include?(version)
+      end
+
+      # Checks if the current version is unsupported.
+      # @example
+      #   unsupported? #=> false
+      sig { returns(T::Boolean) }
+      def unsupported?
+        return false if supported_versions.empty?
+
+        # Check if the version is not supported
+        supported_versions.all? { |supported| supported > version }
+      end
+
+      # Raises an error if the current package manager or language version is unsupported.
+      # If the version is unsupported, it raises a ToolVersionNotSupported error.
+      sig { void }
+      def raise_if_unsupported!
+        return unless unsupported?
+
+        # Example: v2.*, v3.*
+        supported_versions_message = supported_versions.map { |v| "v#{v}.*" }.join(", ")
+
+        raise ToolVersionNotSupported.new(
+          name,
+          version.to_s,
+          supported_versions_message
+        )
+      end
+
+      # Indicates if the package manager supports later versions beyond those listed in supported_versions.
+      # By default, returns false if not overridden in the subclass.
+      # @example
+      #   support_later_versions? #=> true
+      sig { returns(T::Boolean) }
+      def support_later_versions?
+        false
+      end
+    end
+
+    # Initialize with mandatory name and optional language information.
+    # @param name [String] the name of the ecosystem (e.g., "bundler", "npm_and_yarn").
+    # @param package_manager [VersionManager] the package manager.
+    sig do
+      params(
+        name: String,
+        package_manager: VersionManager
+      ).void
+    end
+    def initialize(
+      name:,
+      package_manager:
+    )
+      @name = T.let(name, String)
+      @package_manager = T.let(package_manager, VersionManager)
+    end
+
+    # The name of the ecosystem (mandatory).
+    # @example
+    # name #=> "npm_and_yarn"
+    sig { returns(String) }
+    attr_reader :name
+
+    # The information related to the package manager (mandatory).
+    # @example
+    #  package_manager #=> VersionManager.new("bundler", "2.1.4", Version.new("2.1.4"), nil)
+    sig { returns(VersionManager) }
+    attr_reader :package_manager
+
+    # Checks if the current version is deprecated.
+    # Returns true if the version is in the deprecated_versions array; false otherwise.
+    sig { returns(T::Boolean) }
+    def deprecated?
+      package_manager.deprecated?
+    end
+
+    # Checks if the current version is unsupported.
+    sig { returns(T::Boolean) }
+    def unsupported?
+      package_manager.unsupported?
+    end
+
+    # Delegate to the package manager to raise ToolVersionNotSupported if the version is unsupported.
+    sig { void }
+    def raise_if_unsupported!
+      package_manager.raise_if_unsupported!
+    end
+  end
+end

common/lib/dependabot/file_parsers/base.rb

@@ -3,7 +3,7 @@
 
 require "sorbet-runtime"
 require "dependabot/credential"
-require "dependabot/package_manager"
+require "dependabot/ecosystem"
 
 module Dependabot
   module FileParsers
@@ -54,8 +54,8 @@ def initialize(dependency_files:, source:, repo_contents_path: nil,
       sig { abstract.returns(T::Array[Dependabot::Dependency]) }
       def parse; end
 
-      sig { returns(T.nilable(PackageManagerBase)) }
-      def package_manager
+      sig { returns(T.nilable(Ecosystem)) }
+      def ecosystem
         nil
       end