dependabot-common 0.107.47 → 0.107.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 54c9c985c6d3b8e7d52eef7ca828a527eed5e8e61e1cc6c6d1d53a6cae193fe2
|
|
4
|
+
data.tar.gz: 54f9b314a4890e35bc75d1e6dcef46f9fbab99ec20be22fbf0948981eb9e9efc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7494d793513c280fa792209948ab4cc32e6e95460b1198fe13c5c24a31640069a7f26ccf0753d0bf1bc63fe480c9fcf60ce85a69f948daabaaca9e4e19d0bf53
|
|
7
|
+
data.tar.gz: fd8a90f63b6fadc2e1efd0d43069fd5d8685da655261db17d8b95f9270a56eb7c72d7b4f4e5e57acb41cd80970208285ef1899c66c9708f1024053b7ca3fa3a5
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/pull_request_creator/message_builder"
|
|
4
|
+
|
|
5
|
+
module Dependabot
|
|
6
|
+
class PullRequestCreator
|
|
7
|
+
class MessageBuilder
|
|
8
|
+
class LinkAndMentionSanitizer
|
|
9
|
+
GITHUB_REF_REGEX = %r{
|
|
10
|
+
(?:https?://)?
|
|
11
|
+
github\.com/[^/\s]+/[^/\s]+/
|
|
12
|
+
(?:issue|pull)s?/(?<number>\d+)
|
|
13
|
+
}x.freeze
|
|
14
|
+
|
|
15
|
+
# Note that we're being deliberately careful about not matching
|
|
16
|
+
# different length strings of what look like code block quotes. By
|
|
17
|
+
# doing so we err on the side of sanitizing, which is *much* better
|
|
18
|
+
# than accidentally not sanitizing.
|
|
19
|
+
#
|
|
20
|
+
# rubocop:disable Style/RegexpLiteral
|
|
21
|
+
CODEBLOCK_REGEX = %r{
|
|
22
|
+
(?=[\s]`{3}[^`])|(?=[\s]`{3}\Z)|(?=\A`{3}[^`])|
|
|
23
|
+
(?=[\s]~{3}[^~])|(?=[\s]~{3}\Z)|(?=\A~{3}[^~])
|
|
24
|
+
}x.freeze
|
|
25
|
+
# rubocop:enable Style/RegexpLiteral
|
|
26
|
+
|
|
27
|
+
attr_reader :github_redirection_service
|
|
28
|
+
|
|
29
|
+
def initialize(github_redirection_service:)
|
|
30
|
+
@github_redirection_service = github_redirection_service
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def sanitize_links_and_mentions(text:)
|
|
34
|
+
# We don't want to sanitize any links or mentions that are contained
|
|
35
|
+
# within code blocks, so we split the text on "```"
|
|
36
|
+
snippets = text.split(CODEBLOCK_REGEX)
|
|
37
|
+
if snippets.first&.start_with?(CODEBLOCK_REGEX)
|
|
38
|
+
snippets = ["", *snippets]
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
snippets.map.with_index do |snippet, index|
|
|
42
|
+
next snippet if index.odd?
|
|
43
|
+
|
|
44
|
+
snippet = sanitize_mentions(snippet)
|
|
45
|
+
sanitize_links(snippet)
|
|
46
|
+
end.join
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
def sanitize_mentions(text)
|
|
52
|
+
text.gsub(%r{(?<![A-Za-z0-9`~])@[\w][\w.-/]*}) do |mention|
|
|
53
|
+
next mention if mention.include?("/")
|
|
54
|
+
|
|
55
|
+
last_match = Regexp.last_match
|
|
56
|
+
|
|
57
|
+
sanitized_mention = mention.gsub("@", "@​")
|
|
58
|
+
if last_match.pre_match.chars.last == "[" &&
|
|
59
|
+
last_match.post_match.chars.first == "]"
|
|
60
|
+
sanitized_mention
|
|
61
|
+
else
|
|
62
|
+
"[#{sanitized_mention}]"\
|
|
63
|
+
"(https://github.com/#{mention.tr('@', '')})"
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def sanitize_links(text)
|
|
69
|
+
text.gsub(GITHUB_REF_REGEX) do |ref|
|
|
70
|
+
last_match = Regexp.last_match
|
|
71
|
+
previous_char = last_match.pre_match.chars.last
|
|
72
|
+
next_char = last_match.post_match.chars.first
|
|
73
|
+
|
|
74
|
+
sanitized_url =
|
|
75
|
+
ref.gsub("github.com", github_redirection_service || "github.com")
|
|
76
|
+
if (previous_char.nil? || previous_char.match?(/\s/)) &&
|
|
77
|
+
(next_char.nil? || next_char.match?(/\s/))
|
|
78
|
+
"[##{last_match.named_captures.fetch('number')}]"\
|
|
79
|
+
"(#{sanitized_url})"
|
|
80
|
+
else
|
|
81
|
+
sanitized_url
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|
|
@@ -11,6 +11,7 @@ module Dependabot
|
|
|
11
11
|
class PullRequestCreator
|
|
12
12
|
class MessageBuilder
|
|
13
13
|
require_relative "message_builder/issue_linker"
|
|
14
|
+
require_relative "message_builder/link_and_mention_sanitizer"
|
|
14
15
|
|
|
15
16
|
ANGULAR_PREFIXES = %w(build chore ci docs feat fix perf refactor style
|
|
16
17
|
test).freeze
|
|
@@ -29,11 +30,6 @@ module Dependabot
|
|
|
29
30
|
see_no_evil sparkles speech_balloon tada truck
|
|
30
31
|
twisted_rightwards_arrows whale wheelchair
|
|
31
32
|
white_check_mark wrench zap).freeze
|
|
32
|
-
GITHUB_REF_REGEX = %r{
|
|
33
|
-
(?:https?://)?
|
|
34
|
-
github\.com/[^/\s]+/[^/\s]+/
|
|
35
|
-
(?:issue|pull)s?/(?<number>\d+)
|
|
36
|
-
}x.freeze
|
|
37
33
|
|
|
38
34
|
attr_reader :source, :dependencies, :files, :credentials,
|
|
39
35
|
:pr_message_footer, :author_details, :vulnerabilities_fixed,
|
|
@@ -716,41 +712,9 @@ module Dependabot
|
|
|
716
712
|
end
|
|
717
713
|
|
|
718
714
|
def sanitize_links_and_mentions(text)
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
def sanitize_mentions(text)
|
|
724
|
-
text.gsub(%r{(?<![A-Za-z0-9`])@[\w][\w.-/]*}) do |mention|
|
|
725
|
-
next mention if mention.include?("/")
|
|
726
|
-
|
|
727
|
-
last_match = Regexp.last_match
|
|
728
|
-
|
|
729
|
-
sanitized_mention = mention.gsub("@", "@​")
|
|
730
|
-
if last_match.pre_match.chars.last == "[" &&
|
|
731
|
-
last_match.post_match.chars.first == "]"
|
|
732
|
-
sanitized_mention
|
|
733
|
-
else
|
|
734
|
-
"[#{sanitized_mention}](https://github.com/#{mention.tr('@', '')})"
|
|
735
|
-
end
|
|
736
|
-
end
|
|
737
|
-
end
|
|
738
|
-
|
|
739
|
-
def sanitize_links(text)
|
|
740
|
-
text.gsub(GITHUB_REF_REGEX) do |ref|
|
|
741
|
-
last_match = Regexp.last_match
|
|
742
|
-
previous_char = last_match.pre_match.chars.last
|
|
743
|
-
next_char = last_match.post_match.chars.first
|
|
744
|
-
|
|
745
|
-
sanitized_url =
|
|
746
|
-
ref.gsub("github.com", github_redirection_service || "github.com")
|
|
747
|
-
if (previous_char.nil? || previous_char.match?(/\s/)) &&
|
|
748
|
-
(next_char.nil? || next_char.match?(/\s/))
|
|
749
|
-
"[##{last_match.named_captures.fetch('number')}](#{sanitized_url})"
|
|
750
|
-
else
|
|
751
|
-
sanitized_url
|
|
752
|
-
end
|
|
753
|
-
end
|
|
715
|
+
LinkAndMentionSanitizer.
|
|
716
|
+
new(github_redirection_service: github_redirection_service).
|
|
717
|
+
sanitize_links_and_mentions(text: text)
|
|
754
718
|
end
|
|
755
719
|
|
|
756
720
|
def sanitize_template_tags(text)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.107.
|
|
4
|
+
version: 0.107.48
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -345,6 +345,7 @@ files:
|
|
|
345
345
|
- lib/dependabot/pull_request_creator/labeler.rb
|
|
346
346
|
- lib/dependabot/pull_request_creator/message_builder.rb
|
|
347
347
|
- lib/dependabot/pull_request_creator/message_builder/issue_linker.rb
|
|
348
|
+
- lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb
|
|
348
349
|
- lib/dependabot/pull_request_updater.rb
|
|
349
350
|
- lib/dependabot/pull_request_updater/github.rb
|
|
350
351
|
- lib/dependabot/security_advisory.rb
|