dependabot-common 0.113.15 → 0.113.16

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 772ec9910c644e15b5ec0752b7153c0574283285974a45103aaf782dbbddbccb
4
- data.tar.gz: a25b3ea64d0cf5806a80f5224e19f1ee5b03b706fc9c324f4d14cbdee043b72d
3
+ metadata.gz: e51134b9f6488cdad48fbfff83ec0642a6df80da5f000e782f8ce44bbe973adc
4
+ data.tar.gz: 3fc89575e2b712cc515d73868f41c633ed37df4b8ce15c2cd22d00d7b855c501
5
5
  SHA512:
6
- metadata.gz: 25d69e529183fbf40121cc255fd00003572601480591a2b3a3060d35a8940641320b103ece52bc2b2ae4856f4c20fe390433d01e21e57e5f99e05b73fd4cacb4
7
- data.tar.gz: 4cb11be66b312090c74b2b41c278cf8ddf93ebb86cf98793d499b259549d05546e6c3bfcd64f6852cb67e59084f0c38bcef422732e66e5e789194e6749380a82
6
+ metadata.gz: 6adc93e6d3b9d6d757c8da7bd7103aaa878eeb86878fe45b3a99ac109317fce006bf7958bb0719d50a04ca4cb1ff3f8290cf59ef158138c51ae3ebb009bd7762
7
+ data.tar.gz: a5f5b3c0316cee3dd602a7500f2bedc1abe63d3351cad8f9ba734bd280d6f7380980cda0f82aad1e25cfae8908ae9245b6fcdcb77f38c934482d5336095ddef8
@@ -2,7 +2,7 @@
2
2
 
3
3
  File fetchers are used to fetch the relevant dependency files for a project
4
4
  (e.g., the `Gemfile` and `Gemfile.lock`). They are also responsible for checking
5
- whether a repo has an admissable set of requirement files.
5
+ whether a repo has an admissible set of requirement files.
6
6
 
7
7
  There is a `Dependabot::FileFetchers` class for each language Dependabot
8
8
  supports.
@@ -60,6 +60,6 @@ fetcher.
60
60
  File fetchers tend to get complicated when the file requirements for an update
61
61
  to run are non-trivial - for example, for Ruby we could accept
62
62
  [`Gemfile`, `Gemfile.lock`] or [`Gemfile`, `example.gemspec`],
63
- but not just [`Gemfile.lock`]. When adding a new lanugage, it's normally easiest
63
+ but not just [`Gemfile.lock`]. When adding a new language, it's normally easiest
64
64
  to pick a single case and implement it for all the update steps (parsing, update
65
65
  checking, etc.). You can then return and add other cases later.
@@ -55,7 +55,7 @@ module Dependabot
55
55
  branch_name,
56
56
  source.branch || default_branch,
57
57
  pr_description
58
- # codecommit doesn't support PR lables
58
+ # codecommit doesn't support PR labels
59
59
  )
60
60
  return unless pull_request
61
61
 
@@ -94,7 +94,7 @@ module Dependabot
94
94
  def update_type
95
95
  return unless dependencies.any?(&:previous_version)
96
96
 
97
- precison = dependencies.map do |dep|
97
+ precision = dependencies.map do |dep|
98
98
  new_version_parts = version(dep).split(".")
99
99
  old_version_parts = previous_version(dep)&.split(".") || []
100
100
  all_parts = new_version_parts.first(3) + old_version_parts.first(3)
@@ -105,7 +105,7 @@ module Dependabot
105
105
  3
106
106
  end.min
107
107
 
108
- case precison
108
+ case precision
109
109
  when 0 then "non-semver"
110
110
  when 1 then "major"
111
111
  when 2 then "minor"
@@ -13,7 +13,24 @@ module Dependabot
13
13
  github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
14
14
  (?:issue|pull)s?/(?<number>\d+)
15
15
  }x.freeze
16
- CODEBLOCK_REGEX = /(`+).*?(\1)|~~~.*?~~~/m.freeze
16
+ # rubocop:disable Metrics/LineLength
17
+ # Context:
18
+ # - https://github.github.com/gfm/#fenced-code-block (``` or ~~~)
19
+ # (?<=\n|^) Positive look-behind to ensure we start at a line start
20
+ # (?>`{3,}|~{3,}) Atomic group marking the beginning of the block (3 or more chars)
21
+ # (?>\k<fenceopen>) Atomic group marking the end of the code block (same length as opening)
22
+ # - https://github.github.com/gfm/#code-span
23
+ # (?<codespanopen>`+) Capturing group marking the beginning of the span (1 or more chars)
24
+ # (?![^`]*?\n{2,}) Negative look-ahead to avoid empty lines inside code span
25
+ # (?:.|\n)*? Non-capturing group to consume code span content (non-eager)
26
+ # (?>\k<codespanopen>) Atomic group marking the end of the code span (same length as opening)
27
+ # rubocop:enable Metrics/LineLength
28
+ CODEBLOCK_REGEX = /
29
+ # fenced code block
30
+ (?<=\n|^)(?<fenceopen>(?>`{3,}|~{3,})).*?(?>\k<fenceopen>)|
31
+ # code span
32
+ (?<codespanopen>`+)(?![^`]*?\n{2,})(?:.|\n)*?(?>\k<codespanopen>)
33
+ /xm.freeze
17
34
  # End of string
18
35
  EOS_REGEX = /\z/.freeze
19
36
 
@@ -39,7 +39,7 @@ module Dependabot
39
39
  return false if vulnerable_versions.any?
40
40
 
41
41
  # Finally, if no vulnerable range provided, but a safe range provided,
42
- # and this versions isn't included (checked earler), it's vulnerable
42
+ # and this versions isn't included (checked earlier), it's vulnerable
43
43
  safe_versions.any?
44
44
  end
45
45
 
@@ -170,7 +170,7 @@ module Dependabot
170
170
  def self.configure_git_credentials(credentials)
171
171
  # Then add a file-based credential store that loads a file in this repo.
172
172
  # Under the hood this uses git credential-store, but it's invoked through
173
- # an wrapper binary that only allows non-mutative commands. Without this,
173
+ # a wrapper binary that only allows non-mutating commands. Without this,
174
174
  # whenever the credentials are deemed to be invalid, they're erased.
175
175
  credential_helper_path =
176
176
  File.join(__dir__, "../../bin/git-credential-store-immutable")
@@ -14,7 +14,7 @@ Each `Dependabot::UpdateCheckers` class implements the following methods:
14
14
  |------------------------------|-----------------------------------------------------------------------------------------------|
15
15
  | `#up_to_date?` | Returns a boolean for whether the dependency this instance was created with is currently at the latest version. |
16
16
  | `#can_update?` | Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable. |
17
- | `#updated_dependencies` | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous valuse are stored on the instance as `previous_version` and `previous_requirements`. |
17
+ | `#updated_dependencies` | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous values are stored on the instance as `previous_version` and `previous_requirements`. |
18
18
  | `#latest_version` | See the "Writing an update checker" section. |
19
19
  | `#latest_resolvable_version` | See the "Writing an update checker" section. |
20
20
  | `#updated_requirements` | See the "Writing an update checker" section. |
@@ -208,7 +208,7 @@ module Dependabot
208
208
 
209
209
  # If a lockfile isn't out of date and the package has switched to a git
210
210
  # source then we'll get a numeric version switching to a git SHA. In
211
- # this case we treat the verison as up-to-date so that it's ignored.
211
+ # this case we treat the version as up-to-date so that it's ignored.
212
212
  return true if latest_version.to_s.match?(/^[0-9a-f]{40}$/)
213
213
 
214
214
  latest_version <= version_class.new(dependency.version)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.113.15"
4
+ VERSION = "0.113.16"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.113.15
4
+ version: 0.113.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-18 00:00:00.000000000 Z
11
+ date: 2019-10-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit