From 2fdc6c1ca83e876b537986337cd3677394166717 Mon Sep 17 00:00:00 2001 From: "dependabot-core-action-automation[bot]" <98560086+dependabot-core-action-automation[bot]@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:51:57 -0400 Subject: [PATCH 1/3] v0.282.0 (#10839) Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Gemfile.lock | 80 ++++++++++++++++++++-------------------- common/lib/dependabot.rb | 2 +- updater/Gemfile.lock | 80 ++++++++++++++++++++-------------------- 3 files changed, 81 insertions(+), 81 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 09addd43e4c..13c3823c33b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,20 +1,20 @@ PATH remote: bundler specs: - dependabot-bundler (0.281.0) - dependabot-common (= 0.281.0) + dependabot-bundler (0.282.0) + dependabot-common (= 0.282.0) parallel (~> 1.24) PATH remote: cargo specs: - dependabot-cargo (0.281.0) - dependabot-common (= 0.281.0) + dependabot-cargo (0.282.0) + dependabot-common (= 0.282.0) PATH remote: common specs: - dependabot-common (0.281.0) + dependabot-common (0.282.0) aws-sdk-codecommit (~> 1.28) aws-sdk-ecr (~> 1.5) bundler (>= 1.16, < 3.0.0) @@ -38,107 +38,107 @@ PATH PATH remote: composer specs: - dependabot-composer (0.281.0) - dependabot-common (= 0.281.0) + dependabot-composer (0.282.0) + dependabot-common (= 0.282.0) PATH remote: devcontainers specs: - dependabot-devcontainers (0.281.0) - dependabot-common (= 0.281.0) + dependabot-devcontainers (0.282.0) + dependabot-common (= 0.282.0) PATH remote: docker specs: - dependabot-docker (0.281.0) - dependabot-common (= 0.281.0) + dependabot-docker (0.282.0) + dependabot-common (= 0.282.0) PATH remote: elm specs: - dependabot-elm (0.281.0) - dependabot-common (= 0.281.0) + dependabot-elm (0.282.0) + dependabot-common (= 0.282.0) PATH remote: git_submodules specs: - dependabot-git_submodules (0.281.0) - dependabot-common (= 0.281.0) + dependabot-git_submodules (0.282.0) + dependabot-common (= 0.282.0) parseconfig (~> 1.0, < 1.1.0) PATH remote: github_actions specs: - dependabot-github_actions (0.281.0) - dependabot-common (= 0.281.0) + dependabot-github_actions (0.282.0) + dependabot-common (= 0.282.0) PATH remote: go_modules specs: - dependabot-go_modules (0.281.0) - dependabot-common (= 0.281.0) + dependabot-go_modules (0.282.0) + dependabot-common (= 0.282.0) PATH remote: gradle specs: - dependabot-gradle (0.281.0) - dependabot-common (= 0.281.0) - dependabot-maven (= 0.281.0) + dependabot-gradle (0.282.0) + dependabot-common (= 0.282.0) + dependabot-maven (= 0.282.0) PATH remote: hex specs: - dependabot-hex (0.281.0) - dependabot-common (= 0.281.0) + dependabot-hex (0.282.0) + dependabot-common (= 0.282.0) PATH remote: maven specs: - dependabot-maven (0.281.0) - dependabot-common (= 0.281.0) + dependabot-maven (0.282.0) + dependabot-common (= 0.282.0) PATH remote: npm_and_yarn specs: - dependabot-npm_and_yarn (0.281.0) - dependabot-common (= 0.281.0) + dependabot-npm_and_yarn (0.282.0) + dependabot-common (= 0.282.0) PATH remote: nuget specs: - dependabot-nuget (0.281.0) - dependabot-common (= 0.281.0) + dependabot-nuget (0.282.0) + dependabot-common (= 0.282.0) rubyzip (>= 2.3.2, < 3.0) PATH remote: pub specs: - dependabot-pub (0.281.0) - dependabot-common (= 0.281.0) + dependabot-pub (0.282.0) + dependabot-common (= 0.282.0) PATH remote: python specs: - dependabot-python (0.281.0) - dependabot-common (= 0.281.0) + dependabot-python (0.282.0) + dependabot-common (= 0.282.0) PATH remote: silent specs: - dependabot-silent (0.281.0) - dependabot-common (= 0.281.0) + dependabot-silent (0.282.0) + dependabot-common (= 0.282.0) PATH remote: swift specs: - dependabot-swift (0.281.0) - dependabot-common (= 0.281.0) + dependabot-swift (0.282.0) + dependabot-common (= 0.282.0) PATH remote: terraform specs: - dependabot-terraform (0.281.0) - dependabot-common (= 0.281.0) + dependabot-terraform (0.282.0) + dependabot-common (= 0.282.0) GEM remote: https://rubygems.org/ diff --git a/common/lib/dependabot.rb b/common/lib/dependabot.rb index b056f04a493..d1339e58c5f 100644 --- a/common/lib/dependabot.rb +++ b/common/lib/dependabot.rb @@ -2,5 +2,5 @@ # frozen_string_literal: true module Dependabot - VERSION = "0.281.0" + VERSION = "0.282.0" end diff --git a/updater/Gemfile.lock b/updater/Gemfile.lock index dbef9e3f44b..c082aa1140b 100644 --- a/updater/Gemfile.lock +++ b/updater/Gemfile.lock @@ -1,20 +1,20 @@ PATH remote: ../bundler specs: - dependabot-bundler (0.281.0) - dependabot-common (= 0.281.0) + dependabot-bundler (0.282.0) + dependabot-common (= 0.282.0) parallel (~> 1.24) PATH remote: ../cargo specs: - dependabot-cargo (0.281.0) - dependabot-common (= 0.281.0) + dependabot-cargo (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../common specs: - dependabot-common (0.281.0) + dependabot-common (0.282.0) aws-sdk-codecommit (~> 1.28) aws-sdk-ecr (~> 1.5) bundler (>= 1.16, < 3.0.0) @@ -38,107 +38,107 @@ PATH PATH remote: ../composer specs: - dependabot-composer (0.281.0) - dependabot-common (= 0.281.0) + dependabot-composer (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../devcontainers specs: - dependabot-devcontainers (0.281.0) - dependabot-common (= 0.281.0) + dependabot-devcontainers (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../docker specs: - dependabot-docker (0.281.0) - dependabot-common (= 0.281.0) + dependabot-docker (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../elm specs: - dependabot-elm (0.281.0) - dependabot-common (= 0.281.0) + dependabot-elm (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../git_submodules specs: - dependabot-git_submodules (0.281.0) - dependabot-common (= 0.281.0) + dependabot-git_submodules (0.282.0) + dependabot-common (= 0.282.0) parseconfig (~> 1.0, < 1.1.0) PATH remote: ../github_actions specs: - dependabot-github_actions (0.281.0) - dependabot-common (= 0.281.0) + dependabot-github_actions (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../go_modules specs: - dependabot-go_modules (0.281.0) - dependabot-common (= 0.281.0) + dependabot-go_modules (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../gradle specs: - dependabot-gradle (0.281.0) - dependabot-common (= 0.281.0) - dependabot-maven (= 0.281.0) + dependabot-gradle (0.282.0) + dependabot-common (= 0.282.0) + dependabot-maven (= 0.282.0) PATH remote: ../hex specs: - dependabot-hex (0.281.0) - dependabot-common (= 0.281.0) + dependabot-hex (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../maven specs: - dependabot-maven (0.281.0) - dependabot-common (= 0.281.0) + dependabot-maven (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../npm_and_yarn specs: - dependabot-npm_and_yarn (0.281.0) - dependabot-common (= 0.281.0) + dependabot-npm_and_yarn (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../nuget specs: - dependabot-nuget (0.281.0) - dependabot-common (= 0.281.0) + dependabot-nuget (0.282.0) + dependabot-common (= 0.282.0) rubyzip (>= 2.3.2, < 3.0) PATH remote: ../pub specs: - dependabot-pub (0.281.0) - dependabot-common (= 0.281.0) + dependabot-pub (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../python specs: - dependabot-python (0.281.0) - dependabot-common (= 0.281.0) + dependabot-python (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../silent specs: - dependabot-silent (0.281.0) - dependabot-common (= 0.281.0) + dependabot-silent (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../swift specs: - dependabot-swift (0.281.0) - dependabot-common (= 0.281.0) + dependabot-swift (0.282.0) + dependabot-common (= 0.282.0) PATH remote: ../terraform specs: - dependabot-terraform (0.281.0) - dependabot-common (= 0.281.0) + dependabot-terraform (0.282.0) + dependabot-common (= 0.282.0) GEM remote: https://rubygems.org/ From 478aa9a9bf8939d97e40efdd92d9299c3bda6c93 Mon Sep 17 00:00:00 2001 From: Alfred Mazimbe Date: Fri, 25 Oct 2024 16:05:21 +0100 Subject: [PATCH 2/3] Add semver ignore-condition range code into python version --- .../lib/dependabot/python/update_checker.rb | 4 +-- python/lib/dependabot/python/version.rb | 32 +++++++++++++++++++ python/spec/dependabot/python/version_spec.rb | 28 +++++++++++++--- 3 files changed, 58 insertions(+), 6 deletions(-) diff --git a/python/lib/dependabot/python/update_checker.rb b/python/lib/dependabot/python/update_checker.rb index 0d1f1b43922..0113a8b7153 100644 --- a/python/lib/dependabot/python/update_checker.rb +++ b/python/lib/dependabot/python/update_checker.rb @@ -234,8 +234,8 @@ def updated_version_req_lower_bound .reject { |req_string| req_string.start_with?("<") } .select { |req_string| req_string.match?(VERSION_REGEX) } .map { |req_string| req_string.match(VERSION_REGEX) } - .select { |version| Gem::Version.correct?(version) } - .max_by { |version| Gem::Version.new(version) } + .select { |version| Python::Version.correct?(version) } + .max_by { |version| Python::Version.new(version) } ">=#{version_for_requirement || 0}" end diff --git a/python/lib/dependabot/python/version.rb b/python/lib/dependabot/python/version.rb index 3eaaba4190a..1dbb88b1544 100644 --- a/python/lib/dependabot/python/version.rb +++ b/python/lib/dependabot/python/version.rb @@ -214,6 +214,38 @@ def lowest_prerelease_suffix "dev0" end + sig { override.returns(T::Array[String]) } + def ignored_patch_versions + parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3 + version_parts = parts.fill(0, parts.length...2) + upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix] + lower_bound = "> #{self}" + upper_bound = "< #{upper_parts.join('.')}" + + ["#{lower_bound}, #{upper_bound}"] + end + + sig { override.returns(T::Array[String]) } + def ignored_minor_versions + parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3 + version_parts = parts.fill(0, parts.length...2) + lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + [lowest_prerelease_suffix] + upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] + [lowest_prerelease_suffix] + lower_bound = ">= #{lower_parts.join('.')}" + upper_bound = "< #{upper_parts.join('.')}" + + ["#{lower_bound}, #{upper_bound}"] + end + + sig { override.returns(T::Array[String]) } + def ignored_major_versions + version_parts = release_segment # e.g [1,2,3] if version is 1.2.3-alpha3 + lower_parts = [version_parts[0].to_i + 1] + [lowest_prerelease_suffix] # earliest next major version prerelease + lower_bound = ">= #{lower_parts.join('.')}" + + [lower_bound] + end + private sig { params(other: Dependabot::Python::Version).returns(Integer) } diff --git a/python/spec/dependabot/python/version_spec.rb b/python/spec/dependabot/python/version_spec.rb index a05d6ec5762..759816a760e 100644 --- a/python/spec/dependabot/python/version_spec.rb +++ b/python/spec/dependabot/python/version_spec.rb @@ -77,10 +77,6 @@ describe ".new" do subject(:version) { described_class.new(version_string) } - before do - Dependabot::Experiments.register(:python_new_version, true) - end - context "with an empty string" do let(:version_string) { "" } let(:error_msg) { "Malformed version string - string is empty" } @@ -342,6 +338,30 @@ it { is_expected.to eq "dev0" } end + describe "#ignored_major_versions" do + subject(:ignored_versions) { version.ignored_major_versions } + + let(:version_string) { "1.2.3-alpha.1" } + + it { is_expected.to eq([">= 2.dev0"]) } + end + + describe "#ignored_minor_versions" do + subject(:ignored_versions) { version.ignored_minor_versions } + + let(:version_string) { "1.2.3-alpha.1" } + + it { is_expected.to eq([">= 1.3.dev0, < 2.dev0"]) } + end + + describe "#ignored_patch_versions" do + subject(:ignored_versions) { version.ignored_patch_versions } + + let(:version_string) { "1.2.3-alpha.1" } + + it { is_expected.to eq(["> #{version_string}, < 1.3.dev0"]) } + end + describe "compatibility with Gem::Requirement" do subject { requirement.satisfied_by?(version) } From 78d42a4932e7c11d239271db7b2d345aec5253f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Oct 2024 19:58:44 +0000 Subject: [PATCH 3/3] Bump eslint in /npm_and_yarn/helpers in the dev-dependencies group Bumps the dev-dependencies group in /npm_and_yarn/helpers with 1 update: [eslint](https://github.com/eslint/eslint). Updates `eslint` from 9.12.0 to 9.13.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.12.0...v9.13.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] --- npm_and_yarn/helpers/package-lock.json | 46 +++++++++++++------------- npm_and_yarn/helpers/package.json | 2 +- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/npm_and_yarn/helpers/package-lock.json b/npm_and_yarn/helpers/package-lock.json index cdc0a1e8f5e..274e9e2bb02 100644 --- a/npm_and_yarn/helpers/package-lock.json +++ b/npm_and_yarn/helpers/package-lock.json @@ -21,7 +21,7 @@ "helper": "run.js" }, "devDependencies": { - "eslint": "^9.12.0", + "eslint": "^9.13.0", "eslint-config-prettier": "^9.1.0", "jest": "^29.7.0", "prettier": "^3.3.3" @@ -763,9 +763,9 @@ } }, "node_modules/@eslint/core": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.6.0.tgz", - "integrity": "sha512-8I2Q8ykA4J0x0o7cg67FPVnehcqWTBehu/lmY+bolPFHGjh49YzGBMXTvpqVgEbBdvNCSxj6iFgiIyHzf03lzg==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.7.0.tgz", + "integrity": "sha512-xp5Jirz5DyPYlPiKat8jaq0EmYvDXKKpzTbxXMpT9eqlRJkRKIz9AGMdlvYjih+im+QlhWrpvVjl8IPC/lHlUw==", "dev": true, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -836,9 +836,9 @@ "dev": true }, "node_modules/@eslint/js": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.12.0.tgz", - "integrity": "sha512-eohesHH8WFRUprDNyEREgqP6beG6htMeUYeCpkEgBCieCMme5r9zFWjzAJp//9S+Kub4rqE+jXe9Cp1a7IYIIA==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.13.0.tgz", + "integrity": "sha512-IFLyoY4d72Z5y/6o/BazFBezupzI/taV8sGumxTAVw3lXG9A6md1Dc34T9s1FoD/an9pJH8RHbAxsaEbBed9lA==", "dev": true, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -4579,17 +4579,17 @@ } }, "node_modules/eslint": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.12.0.tgz", - "integrity": "sha512-UVIOlTEWxwIopRL1wgSQYdnVDcEvs2wyaO6DGo5mXqe3r16IoCNWkR29iHhyaP4cICWjbgbmFUGAhh0GJRuGZw==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.13.0.tgz", + "integrity": "sha512-EYZK6SX6zjFHST/HRytOdA/zE72Cq/bfw45LSyuwrdvcclb/gqV8RRQxywOBEWO2+WDpva6UZa4CcDeJKzUCFA==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.11.0", "@eslint/config-array": "^0.18.0", - "@eslint/core": "^0.6.0", + "@eslint/core": "^0.7.0", "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.12.0", + "@eslint/js": "9.13.0", "@eslint/plugin-kit": "^0.2.0", "@humanfs/node": "^0.16.5", "@humanwhocodes/module-importer": "^1.0.1", @@ -16904,9 +16904,9 @@ } }, "@eslint/core": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.6.0.tgz", - "integrity": "sha512-8I2Q8ykA4J0x0o7cg67FPVnehcqWTBehu/lmY+bolPFHGjh49YzGBMXTvpqVgEbBdvNCSxj6iFgiIyHzf03lzg==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.7.0.tgz", + "integrity": "sha512-xp5Jirz5DyPYlPiKat8jaq0EmYvDXKKpzTbxXMpT9eqlRJkRKIz9AGMdlvYjih+im+QlhWrpvVjl8IPC/lHlUw==", "dev": true }, "@eslint/eslintrc": { @@ -16959,9 +16959,9 @@ } }, "@eslint/js": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.12.0.tgz", - "integrity": "sha512-eohesHH8WFRUprDNyEREgqP6beG6htMeUYeCpkEgBCieCMme5r9zFWjzAJp//9S+Kub4rqE+jXe9Cp1a7IYIIA==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.13.0.tgz", + "integrity": "sha512-IFLyoY4d72Z5y/6o/BazFBezupzI/taV8sGumxTAVw3lXG9A6md1Dc34T9s1FoD/an9pJH8RHbAxsaEbBed9lA==", "dev": true }, "@eslint/object-schema": { @@ -19759,17 +19759,17 @@ "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" }, "eslint": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.12.0.tgz", - "integrity": "sha512-UVIOlTEWxwIopRL1wgSQYdnVDcEvs2wyaO6DGo5mXqe3r16IoCNWkR29iHhyaP4cICWjbgbmFUGAhh0GJRuGZw==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.13.0.tgz", + "integrity": "sha512-EYZK6SX6zjFHST/HRytOdA/zE72Cq/bfw45LSyuwrdvcclb/gqV8RRQxywOBEWO2+WDpva6UZa4CcDeJKzUCFA==", "dev": true, "requires": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.11.0", "@eslint/config-array": "^0.18.0", - "@eslint/core": "^0.6.0", + "@eslint/core": "^0.7.0", "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.12.0", + "@eslint/js": "9.13.0", "@eslint/plugin-kit": "^0.2.0", "@humanfs/node": "^0.16.5", "@humanwhocodes/module-importer": "^1.0.1", diff --git a/npm_and_yarn/helpers/package.json b/npm_and_yarn/helpers/package.json index bc28cc17cf6..ada07fc2160 100644 --- a/npm_and_yarn/helpers/package.json +++ b/npm_and_yarn/helpers/package.json @@ -21,7 +21,7 @@ "patch-package": "^8.0.0" }, "devDependencies": { - "eslint": "^9.12.0", + "eslint": "^9.13.0", "eslint-config-prettier": "^9.1.0", "jest": "^29.7.0", "prettier": "^3.3.3"