Merge branch 'main' into cargo-path-dependencies-v2

dependabot · Jan 23, 2025 · 9ebc2e4 · 9ebc2e4
2 parents a44feeb + 1f66768
commit 9ebc2e4
Show file tree

Hide file tree

Showing 49 changed files with 440 additions and 545 deletions.
diff --git a/bin/dry-run.rb b/bin/dry-run.rb
@@ -274,6 +274,10 @@
           "Output pull request information metadata: title, description") do
     $options[:pull_request] = true
   end
+
+  opts.on("--enable-beta-ecosystems", "Enable beta ecosystems") do |_value|
+    Dependabot::Experiments.register(:enable_beta_ecosystems, true)
+  end
 end
 # rubocop:enable Metrics/BlockLength
 

diff --git a/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb b/bundler/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb
@@ -9,12 +9,12 @@ module Dependabot
   module Bundler
     class FileUpdater
       class RubyRequirementSetter
-        class RubyVersionNotFound < StandardError; end
-
         RUBY_VERSIONS = %w(
           1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
         ).freeze
 
+        LANGUAGE = "ruby"
+
         attr_reader :gemspec
 
         def initialize(gemspec:)
@@ -62,7 +62,13 @@ def ruby_version
             .map { |v| Gem::Version.new(v) }.sort
             .find { |v| requirement.satisfied_by?(v) }
 
-          raise RubyVersionNotFound unless ruby_version
+          unless ruby_version
+            raise ToolVersionNotSupported.new(
+              LANGUAGE,
+              requirement.to_s,
+              RUBY_VERSIONS.join(", ")
+            )
+          end
 
           ruby_version
         end

diff --git a/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb b/bundler/spec/dependabot/bundler/file_updater/ruby_requirement_setter_spec.rb
@@ -96,7 +96,7 @@
           bundler_project_dependency_file("gemfile_impossible_ruby", filename: "example.gemspec")
         end
 
-        specify { expect { rewrite }.to raise_error(described_class::RubyVersionNotFound) }
+        specify { expect { rewrite }.to raise_error(Dependabot::ToolVersionNotSupported) }
       end
 
       context "when requiring ruby 3" do

diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb
@@ -220,6 +220,14 @@ def self.updater_error_details(error)
         "error-type": "git_dependencies_not_reachable",
         "error-detail": { "dependency-urls": error.dependency_urls }
       }
+    when Dependabot::DependencyFileNotFound
+      {
+        "error-type": "dependency_file_not_found",
+        "error-detail": {
+          message: error.message,
+          "file-path": error.file_path
+        }
+      }
     when Dependabot::ToolVersionNotSupported
       {
         "error-type": "tool_version_not_supported",

diff --git a/common/lib/dependabot/file_fetchers/base.rb b/common/lib/dependabot/file_fetchers/base.rb
@@ -128,6 +128,11 @@ def target_branch
         source.branch
       end
 
+      sig { returns(T::Boolean) }
+      def allow_beta_ecosystems?
+        Experiments.enabled?(:enable_beta_ecosystems)
+      end
+
       sig { returns(T::Array[DependencyFile]) }
       def files
         return @files if @files.any?

diff --git a/common/lib/dependabot/metadata_finders/base/release_finder.rb b/common/lib/dependabot/metadata_finders/base/release_finder.rb
@@ -302,7 +302,7 @@ def previous_version
 
           # Previous version looks like a git SHA and there's a previous ref, we
           # could be changing to a nil previous ref in which case we want to
-          # fall back to tge sha version
+          # fall back to the sha version
           if T.must(dependency.previous_version).match?(/^[0-9a-f]{40}$/) &&
              ref_changed? && previous_ref
             previous_ref

diff --git a/composer/lib/dependabot/composer/file_updater.rb b/composer/lib/dependabot/composer/file_updater.rb
@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/file_updaters"
@@ -12,27 +12,29 @@ class FileUpdater < Dependabot::FileUpdaters::Base
       require_relative "file_updater/manifest_updater"
       require_relative "file_updater/lockfile_updater"
 
+      sig { override.returns(T::Array[Regexp]) }
       def self.updated_files_regex
         [
           /^composer\.json$/,
           /^composer\.lock$/
         ]
       end
 
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
         updated_files = []
 
-        if file_changed?(composer_json)
+        if file_changed?(T.must(composer_json))
           updated_files <<
             updated_file(
-              file: composer_json,
+              file: T.must(composer_json),
               content: updated_composer_json_content
             )
         end
 
         if lockfile
           updated_files <<
-            updated_file(file: lockfile, content: updated_lockfile_content)
+            updated_file(file: T.must(lockfile), content: updated_lockfile_content)
         end
 
         if updated_files.none? ||
@@ -45,18 +47,22 @@ def updated_dependency_files
 
       private
 
+      sig { override.void }
       def check_required_files
         raise "No #{PackageManager::MANIFEST_FILENAME}!" unless get_original_file(PackageManager::MANIFEST_FILENAME)
       end
 
+      sig { returns(String) }
       def updated_composer_json_content
         ManifestUpdater.new(
           dependencies: dependencies,
           manifest: composer_json
         ).updated_manifest_content
       end
 
+      sig { returns(String) }
       def updated_lockfile_content
+        @updated_lockfile_content = T.let(@updated_lockfile_content, T.nilable(String))
         @updated_lockfile_content ||=
           LockfileUpdater.new(
             dependencies: dependencies,
@@ -65,12 +71,15 @@ def updated_lockfile_content
           ).updated_lockfile_content
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def composer_json
-        @composer_json ||= get_original_file(PackageManager::MANIFEST_FILENAME)
+        @composer_json ||= T.let(get_original_file(PackageManager::MANIFEST_FILENAME),
+                                 T.nilable(Dependabot::DependencyFile))
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def lockfile
-        @lockfile ||= get_original_file(PackageManager::LOCKFILE_FILENAME)
+        @lockfile ||= T.let(get_original_file(PackageManager::LOCKFILE_FILENAME), T.nilable(Dependabot::DependencyFile))
       end
     end
   end

diff --git a/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb b/devcontainers/spec/dependabot/devcontainers/file_parser_spec.rb
@@ -244,7 +244,7 @@
       it "returns the correct language" do
         expect(language.name).to eq "node"
         expect(language.requirement).to be_nil
-        expect(language.version.to_s).to eq "18.20.5"
+        expect(language.version.to_s).to eq "18.20.6"
       end
     end
   end

diff --git a/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb b/elm/lib/dependabot/elm/file_updater/elm_json_updater.rb
@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/elm/file_updater"
@@ -7,11 +7,15 @@ module Dependabot
   module Elm
     class FileUpdater
       class ElmJsonUpdater
+        extend T::Sig
+
+        sig { params(elm_json_file: Dependabot::DependencyFile, dependencies: T::Array[Dependabot::Dependency]).void }
         def initialize(elm_json_file:, dependencies:)
           @elm_json_file = elm_json_file
           @dependencies = dependencies
         end
 
+        sig { returns(T.nilable(String)) }
         def updated_content
           dependencies
             .select { |dep| requirement_changed?(elm_json_file, dep) }
@@ -32,34 +36,33 @@ def updated_content
 
         private
 
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :elm_json_file
+
+        sig { returns(T::Array[Dependabot::Dependency]) }
         attr_reader :dependencies
 
+        sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
         def requirement_changed?(file, dependency)
-          changed_requirements =
-            dependency.requirements - dependency.previous_requirements
+          changed_requirements = dependency.requirements - T.must(dependency.previous_requirements)
 
           changed_requirements.any? { |f| f[:file] == file.name }
         end
 
+        sig { params(content: T.nilable(String), filename: String, dependency: Dependabot::Dependency).returns(String) }
         def update_requirement(content:, filename:, dependency:)
-          updated_req =
-            dependency.requirements
-                      .find { |r| r.fetch(:file) == filename }
-                      .fetch(:requirement)
+          updated_req = dependency.requirements.find { |r| r.fetch(:file) == filename }
+                                  &.fetch(:requirement)
 
-          old_req =
-            dependency.previous_requirements
-                      .find { |r| r.fetch(:file) == filename }
-                      .fetch(:requirement)
+          old_req = dependency.previous_requirements&.find { |r| r.fetch(:file) == filename }
+                              &.fetch(:requirement)
 
-          return content unless old_req
+          return T.must(content) unless old_req
 
           dep = dependency
-          regex =
-            /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/
+          regex = /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/
 
-          content.gsub(regex) do |declaration|
+          T.must(content).gsub(regex) do |declaration|
             declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
           end
         end

diff --git a/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb b/go_modules/spec/dependabot/go_modules/file_updater/go_mod_updater_spec.rb
@@ -562,35 +562,6 @@
       end
     end
 
-    context "when module major version doesn't match (v0)" do
-      let(:project_name) { "module_major_version_mismatch_v0" }
-      let(:dependency_name) do
-        "github.com/jenkins-x/jx-api"
-      end
-      let(:dependency_version) { "v0.0.25" }
-      let(:dependency_previous_version) { "v0.0.24" }
-      let(:requirements) do
-        [{
-          file: "go.mod",
-          requirement: "v0.0.25",
-          groups: [],
-          source: {
-            type: "default",
-            source: "github.com/jenkins-x/jx-api"
-          }
-        }]
-      end
-      let(:previous_requirements) { [] }
-
-      it "raises the correct error" do
-        error_class = Dependabot::DependencyFileNotResolvable
-        expect { updater.updated_go_sum_content }
-          .to raise_error(error_class) do |error|
-          expect(error.message).to include("go.mod has post-v0 module path")
-        end
-      end
-    end
-
     context "when dealing with a invalid pseudo version" do
       let(:project_name) { "invalid_pseudo_version" }
       let(:dependency_name) do

diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.mod
diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.sum b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/go.sum
diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/main.go b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v0/main.go
diff --git a/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod b/go_modules/spec/fixtures/projects/module_major_version_mismatch_v1/go.mod
@@ -1,7 +1,7 @@
-module github.com/dependabot/vgotest
+module github.com/dependabot-fixtures/module_major_version_mismatch_v1
 
 go 1.15
 
 require (
-  github.com/jenkins-x/jx-api v0.0.24
+	github.com/dependabot-fixtures/go-major-mismatch v1.0.1
 )