dependaboat 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependaboat/cli.rb +50 -9
  3. data/lib/version.rb +1 -1
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 14a88024f9d6d27f1365bfbfe5575ffaf2d8f0b4e84b04eccbe1ae70489da90b
4
- data.tar.gz: a5b7200f42a6658de3e5903c6f408097588bd486b1c09452b2762936f34ca691
3
+ metadata.gz: 9714b2d0607519e378ec45e1337ca20bd14ee3f97936c501c66f73858d9d8406
4
+ data.tar.gz: 9b89bc28d3a87b36b28baa72dd77e293e4bf3c131c3be9c472560c436cf638e3
5
5
  SHA512:
6
- metadata.gz: edaddab17c68a16780fd21f7a5318fea7c23d09aad516bcc5bd5b957249ce7d78e344ba9ad12d6bfff6e1d45e2340ed835a890c32e437927c1b380b2bd255e03
7
- data.tar.gz: 416daac0c5e9d9e125649c193022c8f7eef01843f3d42013a408c8bb729bc5810ba75e6273ae8226948fee8dd4a35447454fc7aef6a3e96a4be67099964106fc
6
+ metadata.gz: 97c404d2b04a913c3280f6c75c6a71be891bdef6472d53b5e843c29779ff4698f7403a313108c75531aa625c6411434d43cffed2af8518d6cc4b02052753c98f
7
+ data.tar.gz: 1bf78d048339cca37ddb97c3e0f77c3ff9b40e54cd8999bc9aa36d949e7e7548036d272c740febbd5dde5ff3cfd38f2adb02b998bb478110bbfccf423b841744
data/lib/dependaboat/cli.rb CHANGED
@@ -50,17 +50,29 @@ module Dependaboat
50
50
 
51
51
  @alerts.each do |alert|
52
52
  process_alert(alert)
53
- sleep 1 # Rate limiting
53
+ sleep 2 # Rate limiting
54
54
  end
55
55
  end
56
56
 
57
57
  def process_alert(alert)
58
- return if issue_exists?(alert)
59
-
60
- alert_details = extract_alert_details(alert)
61
- create_github_issue(alert, alert_details)
62
- rescue StandardError => e
63
- logger.error "Error processing alert ##{alert.number}: #{e.message}"
58
+ retry_count = 0
59
+ begin
60
+ return if issue_exists?(alert)
61
+ alert_details = extract_alert_details(alert)
62
+ create_github_issue(alert, alert_details)
63
+ rescue GHX::RateLimitExceededError => e
64
+ logger.error "Rate limit exceeded!"
65
+ retry_count += 1
66
+ if retry_count < 4
67
+ logger.info "Slowing down and retrying..."
68
+ sleep 15 * retry_count
69
+ retry
70
+ else
71
+ logger.error "3 Retries failed. Moving on."
72
+ end
73
+ rescue => e
74
+ logger.error "Error processing alert ##{alert.number}: #{e.message}"
75
+ end
64
76
  end
65
77
 
66
78
  def issue_exists?(alert)
@@ -76,7 +88,11 @@ module Dependaboat
76
88
  alert_severity = alert.security_vulnerability.severity.capitalize
77
89
  alert_package_name = alert.security_vulnerability.package.name
78
90
  alert_package_ecosystem = alert.security_vulnerability.package.ecosystem
79
- alert_created_at = alert.created_at.to_date rescue Date.today
91
+ alert_created_at = begin
92
+ alert.created_at.to_date
93
+ rescue
94
+ Date.today
95
+ end
80
96
 
81
97
  remediation_deadline = alert_created_at + config.dig("remediation_sla", alert_severity.downcase)
82
98
 
@@ -198,6 +214,29 @@ module Dependaboat
198
214
  load_config(config_file)
199
215
  end
200
216
 
217
+ # Option to pass an access token to use for GitHub API requests
218
+ opts.on("-tACCESS_TOKEN", "--gh-token=ACCESS_TOKEN", "The GitHub access token to use for API requests. Used for _all_ GH requests.") do |access_token|
219
+ GHX.octokit_token = access_token
220
+ GHX.graphql_token = access_token
221
+ GHX.rest_client_token = access_token
222
+ end
223
+
224
+ # Option to pass an access token to use for Octokit API requests
225
+ opts.on("--octokit-token=ACCESS_TOKEN", "The GitHub access token to use for Octokit API requests") do |access_token|
226
+ GHX.octokit_token = access_token
227
+ end
228
+
229
+ # Option to pass an access token to use for GraphQL API requests
230
+ opts.on("--graphql-token=ACCESS_TOKEN", "The GitHub access token to use for GraphQL API requests") do |access_token|
231
+ GHX.graphql_token = access_token
232
+ end
233
+
234
+ # Option to pass an access token to use for REST client API requests
235
+ opts.on("--rest-client-token=ACCESS_TOKEN", "The GitHub access token to use for REST client API requests") do |access_token|
236
+ GHX.rest_client_token = access_token
237
+ end
238
+
239
+ # Dry run option
201
240
  opts.on("-d", "--dry-run", "Run in dry-run mode") do
202
241
  @dry_run = true
203
242
  end
@@ -210,7 +249,9 @@ module Dependaboat
210
249
  end
211
250
 
212
251
  def process_templateable_string(s, map)
213
- map.reduce(s.dup) { |str, (key, value)| str.gsub!("{{#{key}}}", value.to_s); str }
252
+ map.each_with_object(s.dup) { |(key, value), str|
253
+ str.gsub!("{{#{key}}}", value.to_s)
254
+ }
214
255
  end
215
256
 
216
257
  def dry_run?
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dependaboat
2
- VERSION = "0.2.0"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependaboat
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - CompanyCam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-21 00:00:00.000000000 Z
11
+ date: 2024-06-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ghx
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.2.0
19
+ version: 0.4.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.2.0
26
+ version: 0.4.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dotenv
29
29
  requirement: !ruby/object:Gem::Requirement