dependabot-common 0.106.15 → 0.106.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +9 -10
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 144baf835971a7e5f18ba4b93f83d3a03626a2173c52825f9b39ae6a59f0fa33
|
|
4
|
+
data.tar.gz: 62a946ed6499692203709bce5cfc20e5a5e77da8e34bc492b8912f759ddede00
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0ada47028ee4319c1eaeaf6267784064f28b7261639026a836f68780370f470e9d3b8c90d2d1e023be57663a6fa8257d93481bd89c8081fc1aa50a7e5ed770d
|
|
7
|
+
data.tar.gz: 5ac228997f11270d23041e58af21d976e7961e33e2a3d3cb3fb961bdc043cdb313bc20e0e13a5a0bf6757e3e9b59e9285121ed94d456ff631413ececba8849a3
|
|
@@ -408,7 +408,7 @@ module Dependabot
|
|
|
408
408
|
|
|
409
409
|
msg = ""
|
|
410
410
|
fixed_vulns.each { |v| msg += serialized_vulnerability_details(v) }
|
|
411
|
-
msg =
|
|
411
|
+
msg = sanitize_template_tags(msg)
|
|
412
412
|
|
|
413
413
|
build_details_tag(summary: "Vulnerabilities fixed", body: msg)
|
|
414
414
|
end
|
|
@@ -432,7 +432,7 @@ module Dependabot
|
|
|
432
432
|
text: msg,
|
|
433
433
|
base_url: source_url(dep) + "/blob/HEAD/"
|
|
434
434
|
)
|
|
435
|
-
msg =
|
|
435
|
+
msg = sanitize_template_tags(msg)
|
|
436
436
|
|
|
437
437
|
build_details_tag(summary: "Release notes", body: msg)
|
|
438
438
|
end
|
|
@@ -451,7 +451,7 @@ module Dependabot
|
|
|
451
451
|
end
|
|
452
452
|
msg = link_issues(text: msg, dependency: dep)
|
|
453
453
|
msg = fix_relative_links(text: msg, base_url: changelog_url(dep))
|
|
454
|
-
msg =
|
|
454
|
+
msg = sanitize_template_tags(msg)
|
|
455
455
|
|
|
456
456
|
build_details_tag(summary: "Changelog", body: msg)
|
|
457
457
|
end
|
|
@@ -471,7 +471,7 @@ module Dependabot
|
|
|
471
471
|
end
|
|
472
472
|
msg = link_issues(text: msg, dependency: dep)
|
|
473
473
|
msg = fix_relative_links(text: msg, base_url: upgrade_url(dep))
|
|
474
|
-
msg =
|
|
474
|
+
msg = sanitize_template_tags(msg)
|
|
475
475
|
|
|
476
476
|
build_details_tag(summary: "Upgrade guide", body: msg)
|
|
477
477
|
end
|
|
@@ -488,6 +488,8 @@ module Dependabot
|
|
|
488
488
|
msg += "- [`#{sha}`](#{commit[:html_url]}) #{title}\n"
|
|
489
489
|
end
|
|
490
490
|
|
|
491
|
+
msg = msg.gsub(/\<.*?\>/) { |tag| "\\#{tag}" }
|
|
492
|
+
|
|
491
493
|
msg +=
|
|
492
494
|
if commits(dep).count > 10
|
|
493
495
|
"- Additional commits viewable in "\
|
|
@@ -496,7 +498,6 @@ module Dependabot
|
|
|
496
498
|
"- See full diff in [compare view](#{commits_url(dep)})\n"
|
|
497
499
|
end
|
|
498
500
|
msg = link_issues(text: msg, dependency: dep)
|
|
499
|
-
msg = sanitize_tags(msg)
|
|
500
501
|
|
|
501
502
|
build_details_tag(summary: "Commits", body: msg)
|
|
502
503
|
end
|
|
@@ -758,15 +759,13 @@ module Dependabot
|
|
|
758
759
|
end
|
|
759
760
|
end
|
|
760
761
|
|
|
761
|
-
def
|
|
762
|
-
sanitized_tags = %w(del details ins template)
|
|
763
|
-
|
|
762
|
+
def sanitize_template_tags(text)
|
|
764
763
|
text.gsub(/\<.*?\>/) do |tag|
|
|
765
764
|
tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
|
|
766
765
|
|
|
767
|
-
# Unclosed calls to
|
|
766
|
+
# Unclosed calls to template overflow out of the blockquote block,
|
|
768
767
|
# wrecking the rest of our PRs. Other tags don't share this problem.
|
|
769
|
-
next "\\#{tag}" if tag_contents.start_with?(
|
|
768
|
+
next "\\#{tag}" if tag_contents.start_with?("template")
|
|
770
769
|
|
|
771
770
|
tag
|
|
772
771
|
end
|
data/lib/dependabot/version.rb
CHANGED