Skip to content

Commit

Permalink
Merge branch 'dependabot:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
danielorbach authored Jul 6, 2024
2 parents 11f0b47 + 0a2cc23 commit 1ee9ae4
Show file tree
Hide file tree
Showing 224 changed files with 8,338 additions and 5,401 deletions.
16 changes: 0 additions & 16 deletions .github/workflows/add-to-core-project.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:
BUNDLE_GEMFILE: updater/Gemfile
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0
- uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
with:
bundler-cache: true
- run: ./bin/lint
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/gems-bump-version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
ref: "main"

# bump-version.rb needs bundler
- uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0
- uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
with:
# Use the version of bundler specified in `updater/Gemfile.lock`.
# Otherwise the generated PR will change `BUNDLED WITH` in
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/gems-release-to-rubygems.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:

steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0
- uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
- run: |
[ -d ~/.gem ] || mkdir ~/.gem
echo "---" > ~/.gem/credentials
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/smoke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ concurrency:

env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SMOKE_TEST_BRANCH: main
jobs:
discover:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -44,7 +45,7 @@ jobs:
cat filtered.json
# Curl the smoke-test tests directory to get a list of tests to run
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests?ref=${{ env.SMOKE_TEST_BRANCH }}
curl $URL > tests.json
# Select the names that match smoke-$test*.yaml, where $test is the .text value from filtered.json
Expand Down Expand Up @@ -84,7 +85,7 @@ jobs:
- name: Download test
if: steps.cache-smoke-test.outputs.cache-hit != 'true'
run: |
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests/${{ matrix.suite.name }}
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests/${{ matrix.suite.name }}?ref=${{ env.SMOKE_TEST_BRANCH }}
curl $(gh api $URL --jq .download_url) -o smoke.yaml
- name: Cache Smoke Test
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sorbet.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

- uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0
- uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1
with:
bundler-cache: true

Expand Down
1 change: 1 addition & 0 deletions .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -341,6 +341,7 @@ Style/SpecialGlobalVars:
Style/SelectByRegexp:
Enabled: false
Sorbet/TrueSigil:
Enabled: true
Exclude:
- "**/spec/**/*"
Sorbet/StrictSigil:
Expand Down
18 changes: 0 additions & 18 deletions .rubocop_todo.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,6 @@ RSpec/AnyInstance:
- 'updater/spec/dependabot/dependency_change_builder_spec.rb'
- 'updater/spec/dependabot/file_fetcher_command_spec.rb'

# Offense count: 7
RSpec/BeforeAfterAll:
Exclude:
- 'nuget/spec/dependabot/nuget/update_checker/dependency_finder_spec.rb'
- 'pub/spec/dependabot/pub/file_updater_spec.rb'
- 'pub/spec/dependabot/pub/infer_sdk_versions_spec.rb'
- 'pub/spec/dependabot/pub/update_checker_spec.rb'

# Offense count: 1286
# Configuration parameters: CountAsOne.
RSpec/ExampleLength:
Expand All @@ -55,12 +47,7 @@ RSpec/FilePath:
# Configuration parameters: AssignmentOnly.
RSpec/InstanceVariable:
Exclude:
- 'bundler/helpers/v2/spec/ruby_version_spec.rb'
- 'common/spec/dependabot/clients/azure_spec.rb'
- 'go_modules/spec/dependabot/go_modules/file_updater_spec.rb'
- 'pub/spec/dependabot/pub/file_updater_spec.rb'
- 'pub/spec/dependabot/pub/infer_sdk_versions_spec.rb'
- 'pub/spec/dependabot/pub/update_checker_spec.rb'

# Offense count: 22
RSpec/IteratedExpectation:
Expand Down Expand Up @@ -94,11 +81,6 @@ RSpec/MessageChain:
RSpec/MessageSpies:
Enabled: false

# Offense count: 1
RSpec/MultipleDescribes:
Exclude:
- 'common/spec/dependabot/errors_spec.rb'

# Offense count: 1380
RSpec/MultipleExpectations:
Max: 17
Expand Down
19 changes: 10 additions & 9 deletions Dockerfile.updater-core
Original file line number Diff line number Diff line change
Expand Up @@ -110,17 +110,18 @@ RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuge

WORKDIR $DEPENDABOT_HOME/dependabot-updater

ARG RUBYGEMS_VERSION=3.5.11
RUN gem update --system $RUBYGEMS_VERSION

# When bumping Bundler, need to also:
# * Regenerate `updater/Gemfile.lock` via `BUNDLE_GEMFILE=updater/Gemfile bundle lock --update --bundler`
# RubyGems & Bundler should be bumped together following these steps:
# * Bump RubyGems version below. That will also automatically update the default Bundler version.
# * Regenerate `updater/Gemfile.lock` via `BUNDLE_GEMFILE=updater/Gemfile bundle lock --update --bundler`.
# * Regenerate `Gemfile.lock` via `bundle lock --update --bundler`.
ARG BUNDLER_V2_VERSION=2.5.11
#
# Note that RubyGems & Bundler versions are currently released in sync, but
# RubyGems version is one major ahead. So when bumping to RubyGems 3.y.z, Bundler
# version will jump to 2.y.z
ARG RUBYGEMS_VERSION=3.5.14
RUN gem update --system $RUBYGEMS_VERSION

RUN gem install bundler -v $BUNDLER_V2_VERSION --no-document && \
rm -rf /var/lib/gems/*/cache/* && \
bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \
RUN bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \
bundle config set --local path 'vendor' && \
bundle config set --local frozen 'true' && \
bundle config set --local without 'development' && \
Expand Down
82 changes: 41 additions & 41 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
PATH
remote: bundler
specs:
dependabot-bundler (0.262.0)
dependabot-common (= 0.262.0)
dependabot-bundler (0.264.0)
dependabot-common (= 0.264.0)
parallel (~> 1.24)

PATH
remote: cargo
specs:
dependabot-cargo (0.262.0)
dependabot-common (= 0.262.0)
dependabot-cargo (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: common
specs:
dependabot-common (0.262.0)
dependabot-common (0.264.0)
aws-sdk-codecommit (~> 1.28)
aws-sdk-ecr (~> 1.5)
bundler (>= 1.16, < 3.0.0)
Expand All @@ -37,107 +37,107 @@ PATH
PATH
remote: composer
specs:
dependabot-composer (0.262.0)
dependabot-common (= 0.262.0)
dependabot-composer (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: devcontainers
specs:
dependabot-devcontainers (0.262.0)
dependabot-common (= 0.262.0)
dependabot-devcontainers (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: docker
specs:
dependabot-docker (0.262.0)
dependabot-common (= 0.262.0)
dependabot-docker (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: elm
specs:
dependabot-elm (0.262.0)
dependabot-common (= 0.262.0)
dependabot-elm (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: git_submodules
specs:
dependabot-git_submodules (0.262.0)
dependabot-common (= 0.262.0)
dependabot-git_submodules (0.264.0)
dependabot-common (= 0.264.0)
parseconfig (~> 1.0, < 1.1.0)

PATH
remote: github_actions
specs:
dependabot-github_actions (0.262.0)
dependabot-common (= 0.262.0)
dependabot-github_actions (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: go_modules
specs:
dependabot-go_modules (0.262.0)
dependabot-common (= 0.262.0)
dependabot-go_modules (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: gradle
specs:
dependabot-gradle (0.262.0)
dependabot-common (= 0.262.0)
dependabot-maven (= 0.262.0)
dependabot-gradle (0.264.0)
dependabot-common (= 0.264.0)
dependabot-maven (= 0.264.0)

PATH
remote: hex
specs:
dependabot-hex (0.262.0)
dependabot-common (= 0.262.0)
dependabot-hex (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: maven
specs:
dependabot-maven (0.262.0)
dependabot-common (= 0.262.0)
dependabot-maven (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: npm_and_yarn
specs:
dependabot-npm_and_yarn (0.262.0)
dependabot-common (= 0.262.0)
dependabot-npm_and_yarn (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: nuget
specs:
dependabot-nuget (0.262.0)
dependabot-common (= 0.262.0)
dependabot-nuget (0.264.0)
dependabot-common (= 0.264.0)
rubyzip (>= 2.3.2, < 3.0)

PATH
remote: pub
specs:
dependabot-pub (0.262.0)
dependabot-common (= 0.262.0)
dependabot-pub (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: python
specs:
dependabot-python (0.262.0)
dependabot-common (= 0.262.0)
dependabot-python (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: silent
specs:
dependabot-silent (0.262.0)
dependabot-common (= 0.262.0)
dependabot-silent (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: swift
specs:
dependabot-swift (0.262.0)
dependabot-common (= 0.262.0)
dependabot-swift (0.264.0)
dependabot-common (= 0.264.0)

PATH
remote: terraform
specs:
dependabot-terraform (0.262.0)
dependabot-common (= 0.262.0)
dependabot-terraform (0.264.0)
dependabot-common (= 0.264.0)

GEM
remote: https://rubygems.org/
Expand Down Expand Up @@ -417,4 +417,4 @@ DEPENDENCIES
webrick (>= 1.7)

BUNDLED WITH
2.5.11
2.5.14
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ It is intended as a starting point for advanced users to run a self-hosted versi
## Dependabot CLI

The [Dependabot CLI](https://github.com/dependabot/cli) is a newer tool that may eventually replace [`dependabot-script`](#dependabot-script) for standalone use cases.
While it creates dependency diffs, it's currently missing the logic to turn those diffs into actual PR's. Nevertheless, it
While it creates dependency diffs, it's currently missing the logic to turn those diffs into actual PRs. Nevertheless, it
may be useful for advanced users looking for examples of how to hack on Dependabot.

## Dependabot on CI
Expand Down
2 changes: 1 addition & 1 deletion bin/bump-version.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env ruby
# typed: false
# typed: true
# frozen_string_literal: true

unless %w(minor patch).include?(ARGV[0])
Expand Down
2 changes: 1 addition & 1 deletion bin/dry-run.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env ruby
# typed: false
# typed: true
# frozen_string_literal: true

# This script executes a full update run for a given repo (optionally for a
Expand Down
1 change: 0 additions & 1 deletion bundler/.rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,5 @@ inherit_mode:
- Exclude

Sorbet/TrueSigil:
Enabled: true
Exclude:
- "helpers/**/monkey_patches/*.rb"
4 changes: 2 additions & 2 deletions bundler/helpers/v2/spec/ruby_version_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
include_context "when stubbing rubygems compact index"

let(:project_name) { "ruby_version_implied" }
let(:ui) { Bundler.ui }

before do
@ui = Bundler.ui
Bundler.ui = Bundler::UI::Silent.new
end

after { Bundler.ui = @ui }
after { Bundler.ui = ui }

it "updates to the most recent version" do
in_tmp_folder do
Expand Down
Loading

0 comments on commit 1ee9ae4

Please sign in to comment.