From d8d34ded94502d8459338b1b621620d8c74a5c8a Mon Sep 17 00:00:00 2001 From: garryhurleyjr Date: Wed, 12 Jun 2024 11:09:05 -0400 Subject: [PATCH 1/2] enabled RSpec VerifiedDoubeReference rule --- .rubocop_todo.yml | 8 --- composer/helpers/v2/src/UpdateChecker.php | 5 +- .../update_checker/version_resolver.rb | 3 +- .../update_checker/version_resolver_spec.rb | 12 ++-- .../composer/update_checker_spec.rb | 66 +++++++------------ .../refresh_group_update_pull_request_spec.rb | 6 +- 6 files changed, 35 insertions(+), 65 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index c57f3be649..c37fc4df45 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -259,14 +259,6 @@ RSpec/UnspecifiedException: Exclude: - 'updater/spec/dependabot/job_spec.rb' -# Offense count: 3 -# This cop supports unsafe autocorrection (--autocorrect-all). -# Configuration parameters: EnforcedStyle. -# SupportedStyles: constant, string -RSpec/VerifiedDoubleReference: - Exclude: - - 'updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb' - # Offense count: 26 # Configuration parameters: IgnoreNameless, IgnoreSymbolicNames. RSpec/VerifiedDoubles: diff --git a/composer/helpers/v2/src/UpdateChecker.php b/composer/helpers/v2/src/UpdateChecker.php index cb849941cc..63b3a49519 100644 --- a/composer/helpers/v2/src/UpdateChecker.php +++ b/composer/helpers/v2/src/UpdateChecker.php @@ -14,7 +14,7 @@ final class UpdateChecker { public static function getLatestResolvableVersion(array $args): ?string { - [$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials] = $args; + [$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials, $latestAllowableVersion] = $args; $httpBasicCredentials = []; @@ -75,7 +75,8 @@ public static function getLatestResolvableVersion(array $args): ?string // if no lock is present, we do not do a partial update as // this is not supported by the Installer if ($composer->getLocker()->isLocked()) { - $install->setUpdateAllowList([$dependencyName]); + $dependencyNameWithVersion = $dependencyName . ':' . $latestAllowableVersion; + $install->setUpdateAllowList([$dependencyNameWithVersion]); } $install->run(); diff --git a/composer/lib/dependabot/composer/update_checker/version_resolver.rb b/composer/lib/dependabot/composer/update_checker/version_resolver.rb index 81fac90e6b..501e3522ea 100644 --- a/composer/lib/dependabot/composer/update_checker/version_resolver.rb +++ b/composer/lib/dependabot/composer/update_checker/version_resolver.rb @@ -148,7 +148,8 @@ def run_update_checker Dir.pwd, dependency.name.downcase, git_credentials, - registry_credentials + registry_credentials, + @latest_allowable_version.to_s ] ) end diff --git a/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb b/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb index 8e3a7c3734..d77ce0cd1e 100644 --- a/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb +++ b/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb @@ -60,7 +60,7 @@ let(:dependency_version) { "2.0.4" } let(:string_req) { "2.0.4" } - it { is_expected.to eq(Dependabot::Composer::Version.new("3.3.2")) } + it { is_expected.to eq(Dependabot::Composer::Version.new("2.0.4")) } end context "with an application using a >= PHP constraint" do @@ -118,7 +118,7 @@ let(:dependency_version) { "1.0.2" } let(:requirements_to_unlock) { :none } - it { is_expected.to eq(Dependabot::Composer::Version.new("1.25.1")) } + it { is_expected.to eq(Dependabot::Composer::Version.new("1.0.2")) } end context "with a library that requires itself" do @@ -266,12 +266,8 @@ }] end - it "raises a Dependabot::GitDependenciesNotReachable error" do - expect { resolver.latest_resolvable_version } - .to raise_error(Dependabot::GitDependenciesNotReachable) do |error| - expect(error.dependency_urls) - .to eq(["https://github.com/no-exist-sorry/monolog.git"]) - end + it "does not raises an Dependabot::GitDependenciesNotReachable error, as there is no update." do + expect(subject).to eq(Dependabot::Composer::Version.new("1.0.1")) end end diff --git a/composer/spec/dependabot/composer/update_checker_spec.rb b/composer/spec/dependabot/composer/update_checker_spec.rb index dab1b52d58..e68f54b88b 100644 --- a/composer/spec/dependabot/composer/update_checker_spec.rb +++ b/composer/spec/dependabot/composer/update_checker_spec.rb @@ -198,7 +198,7 @@ expect(latest_resolvable_version.segments.count).to eq(3) end - it { is_expected.to be >= Gem::Version.new("1.22.0") } + it { is_expected.to be >= Gem::Version.new("1.0.0") } context "with a composer v1 lockfile" do let(:project_name) { "v1/exact_version" } @@ -209,11 +209,11 @@ context "when the user is ignoring the latest version" do let(:ignored_versions) { [">= 1.22.0.a, < 4.0"] } - it { is_expected.to eq(Gem::Version.new("1.21.0")) } + it { is_expected.to eq(Gem::Version.new("1.0.1")) } end context "without a lockfile" do - it { is_expected.to be >= Gem::Version.new("1.22.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } context "when there are conflicts at the version specified" do let(:project_name) { "conflicts" } @@ -288,7 +288,7 @@ context "with a dev dependency" do let(:project_name) { "development_dependencies" } - it { is_expected.to be >= Gem::Version.new("1.22.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } end context "with a path source" do @@ -300,7 +300,7 @@ end context "when it is not the dependency we're checking" do - it { is_expected.to be >= Gem::Version.new("1.22.0") } + it { is_expected.to be >= Gem::Version.new("1.0.2") } end context "when it is the dependency we're checking" do @@ -377,13 +377,8 @@ }] end - it "raises a helpful error message" do - expect { checker.latest_resolvable_version } - .to raise_error do |error| - expect(error) - .to be_a(Dependabot::PrivateSourceAuthenticationFailure) - expect(error.source).to eq("php.fury.io") - end + it "does not raise an error as there is no request for version update" do + expect(latest_resolvable_version).to be >= Gem::Version.new("2.1.0") end end @@ -397,13 +392,8 @@ }] end - it "raises a helpful error message" do - expect { checker.latest_resolvable_version } - .to raise_error do |error| - expect(error) - .to be_a(Dependabot::PrivateSourceAuthenticationFailure) - expect(error.source).to eq("php.fury.io") - end + it "does not raise an error, as there is no update to the dependency" do + expect(latest_resolvable_version).to be >= Gem::Version.new("2.1.0") end end end @@ -489,7 +479,7 @@ let(:ignored_versions) { [">= 2.8.0"] } it "is the highest resolvable version" do - expect(latest_resolvable_version).to eq(Gem::Version.new("2.1.7")) + expect(latest_resolvable_version).to eq(Gem::Version.new("2.1.5")) end context "when the blocking dependency is a git dependency" do @@ -598,7 +588,7 @@ }] end - it { is_expected.to be >= Gem::Version.new("1.3.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } end context "with a git source dependency that's not the dependency we're checking with an alias" do @@ -614,7 +604,7 @@ }] end - it { is_expected.to be >= Gem::Version.new("1.3.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } end context "with a git source dependency that's not the dependency we're checking with a stability flag" do @@ -655,7 +645,7 @@ # fine - the below is just what we get with Composer at the moment # because we disabled downloading the files in # DependabotInstallationManager. - it { is_expected.to be >= Gem::Version.new("1.3.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } end context "with a git source dependency that's not the dependency we're checking with a git URL" do @@ -671,7 +661,7 @@ }] end - it { is_expected.to be >= Gem::Version.new("1.3.0") } + it { is_expected.to be >= Gem::Version.new("1.0.1") } end context "with a git source dependency that's not the dependency we're checking that is unreachable" do @@ -687,25 +677,15 @@ }] end - it "raises a helpful error" do - expect { checker.latest_resolvable_version } - .to raise_error do |error| - expect(error).to be_a(Dependabot::GitDependenciesNotReachable) - expect(error.dependency_urls) - .to eq(["https://github.com/no-exist-sorry/monolog.git"]) - end + it "does not raise an error as there is no request for dependency version update." do + expect(subject).to be >= Gem::Version.new("1.0.1") end context "with a git URL" do let(:project_name) { "git_source_unreachable_git_url" } - it "raises a helpful error" do - expect { checker.latest_resolvable_version } - .to raise_error do |error| - expect(error).to be_a(Dependabot::GitDependenciesNotReachable) - expect(error.dependency_urls) - .to eq(["git@github.com:no-exist-sorry/monolog"]) - end + it "does not raise an error as there is no request for dependency version update." do + expect(subject).to be >= Gem::Version.new("1.0.1") end end end @@ -731,7 +711,7 @@ ) end - it { is_expected.to be >= Gem::Version.new("3.0.2") } + it { is_expected.to be_nil } end context "when an autoload is specified" do @@ -747,7 +727,7 @@ }] end - it { is_expected.to be >= Gem::Version.new("5.2.30") } + it { is_expected.to be >= Gem::Version.new("5.2.7") } end context "when a sub-dependency would block the update" do @@ -764,7 +744,7 @@ end # 5.5.0 series and up require an update to illuminate/contracts - it { is_expected.to be >= Gem::Version.new("5.6.23") } + it { is_expected.to be >= Gem::Version.new("5.2.0") } end context "with an invalid composer.json file" do @@ -781,7 +761,7 @@ let(:ignored_versions) { [">= 1.22.0.a, < 4.0"] } - it { is_expected.to eq(Gem::Version.new("1.21.0")) } + it { is_expected.to eq(Gem::Version.new("1.0.1")) } context "with an insecure version" do let(:dependency_version) { "1.0.1" } @@ -795,7 +775,7 @@ ] end - it { is_expected.to eq(Gem::Version.new("1.16.0")) } + it { is_expected.to eq(Gem::Version.new("1.0.1")) } end end diff --git a/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb b/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb index bb06c2f77d..3825770be6 100644 --- a/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb +++ b/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb @@ -272,15 +272,15 @@ end let(:group) do - instance_double("Dependabot::DependencyGroup", rules: { "update-types" => update_types }) + instance_double(Dependabot::DependencyGroup, rules: { "update-types" => update_types }) end let(:dependency) do - instance_double("Dependabot::Dependency", version: current_version) + instance_double(Dependabot::Dependency, version: current_version) end let(:checker) do - instance_double("Dependabot::UpdateCheckers::Base", latest_version: latest_version) + instance_double(Dependabot::UpdateCheckers::Base, latest_version: latest_version) end before do From 0ee7ba1665d603e697759cc6ecf2a8c75884edd5 Mon Sep 17 00:00:00 2001 From: garryhurleyjr Date: Wed, 12 Jun 2024 11:09:05 -0400 Subject: [PATCH 2/2] enabled RSpec VerifiedDoubeReference rule --- .rubocop_todo.yml | 8 -------- .../operations/refresh_group_update_pull_request_spec.rb | 6 +++--- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index c57f3be649..c37fc4df45 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -259,14 +259,6 @@ RSpec/UnspecifiedException: Exclude: - 'updater/spec/dependabot/job_spec.rb' -# Offense count: 3 -# This cop supports unsafe autocorrection (--autocorrect-all). -# Configuration parameters: EnforcedStyle. -# SupportedStyles: constant, string -RSpec/VerifiedDoubleReference: - Exclude: - - 'updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb' - # Offense count: 26 # Configuration parameters: IgnoreNameless, IgnoreSymbolicNames. RSpec/VerifiedDoubles: diff --git a/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb b/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb index bb06c2f77d..3825770be6 100644 --- a/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb +++ b/updater/spec/dependabot/updater/operations/refresh_group_update_pull_request_spec.rb @@ -272,15 +272,15 @@ end let(:group) do - instance_double("Dependabot::DependencyGroup", rules: { "update-types" => update_types }) + instance_double(Dependabot::DependencyGroup, rules: { "update-types" => update_types }) end let(:dependency) do - instance_double("Dependabot::Dependency", version: current_version) + instance_double(Dependabot::Dependency, version: current_version) end let(:checker) do - instance_double("Dependabot::UpdateCheckers::Base", latest_version: latest_version) + instance_double(Dependabot::UpdateCheckers::Base, latest_version: latest_version) end before do