dependabot-common 0.113.4 → 0.113.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15707d4dba894592f3b312a55de7256987b404f43b22c17dc10fb8a31c565df4
4
- data.tar.gz: 838549d08c4138b7c3b1dbfb6a9943f05d8d62d619a950a7a4223ed160521cd2
3
+ metadata.gz: 60e3f6c2910095cf1e21ab00b6d1336c09c21cc90b570726e78c9960247c3967
4
+ data.tar.gz: 455b12c4441a1f7fb9c02cbbb2f09c97ed6062f469a65fef0f3f14cd22c5896f
5
5
  SHA512:
6
- metadata.gz: cfbcdd3fcbc7cdbac36e58d514ee9dabc2ae35fe9601aee9b21758026c0aff5a6d6d08aa0a69f6579970af6d9ab601d4917abb5333bd3c3fbc04c3d5e98628a9
7
- data.tar.gz: ecede854a97878a3f55fd7303ab2b418a5e2441650c7c437e2712d976226d1ae85ef73dbb688a3c6747e81c784c3c6384e43958195bd743e64a234de7c9ad21f
6
+ metadata.gz: cdd202276dd4fd64fde6eefb90cba469cd6664b3fc08980034aff0ee0c6c9e0b9d979ef0e8df321034a818c768b94a03c8dde71762919f062f2a3df2a71d6692
7
+ data.tar.gz: 8948467061cc76c797e9ca2697d26cb143766eee9f54aed8a0e5adefa7e61296148943987ddcbf9f9d01f6d9436aa8392bce189ea52481827fa19ad15fc503c2
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "strscan"
3
4
  require "dependabot/pull_request_creator/message_builder"
4
5
 
5
6
  module Dependabot
@@ -12,18 +13,9 @@ module Dependabot
12
13
  github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
13
14
  (?:issue|pull)s?/(?<number>\d+)
14
15
  }x.freeze
15
-
16
- # Note that we're being deliberately careful about not matching
17
- # different length strings of what look like code block quotes. By
18
- # doing so we err on the side of sanitizing, which is *much* better
19
- # than accidentally not sanitizing.
20
- #
21
- # rubocop:disable Style/RegexpLiteral
22
- CODEBLOCK_REGEX = %r{
23
- (?=[\s]`{3}[^`])|(?=[\s]`{3}\Z)|(?=\A`{3}[^`])|
24
- (?=[\s]~{3}[^~])|(?=[\s]~{3}\Z)|(?=\A~{3}[^~])
25
- }x.freeze
26
- # rubocop:enable Style/RegexpLiteral
16
+ CODEBLOCK_REGEX = /```|~~~/.freeze
17
+ # End of string
18
+ EOS_REGEX = /\z/.freeze
27
19
 
28
20
  attr_reader :github_redirection_service
29
21
 
@@ -33,18 +25,20 @@ module Dependabot
33
25
 
34
26
  def sanitize_links_and_mentions(text:)
35
27
  # We don't want to sanitize any links or mentions that are contained
36
- # within code blocks, so we split the text on "```"
37
- snippets = text.split(CODEBLOCK_REGEX)
38
- if snippets.first&.start_with?(CODEBLOCK_REGEX)
39
- snippets = ["", *snippets]
28
+ # within code blocks, so we split the text on "```" or "~~~"
29
+ lines = []
30
+ scan = StringScanner.new(text)
31
+ until scan.eos?
32
+ line = scan.scan_until(CODEBLOCK_REGEX) ||
33
+ scan.scan_until(EOS_REGEX)
34
+ delimiter = line.match(CODEBLOCK_REGEX)&.to_s
35
+ unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
36
+ line = sanitize_mentions(line)
37
+ line = sanitize_links(line)
38
+ end
39
+ lines << line
40
40
  end
41
-
42
- snippets.map.with_index do |snippet, index|
43
- next snippet if index.odd?
44
-
45
- snippet = sanitize_mentions(snippet)
46
- sanitize_links(snippet)
47
- end.join
41
+ lines.join
48
42
  end
49
43
 
50
44
  private
@@ -84,7 +84,7 @@ module Dependabot
84
84
  raise NotImplementedError
85
85
  end
86
86
 
87
- def latest_resolvable_previous_version
87
+ def latest_resolvable_previous_version(_updated_version)
88
88
  dependency.version
89
89
  end
90
90
 
@@ -128,22 +128,28 @@ module Dependabot
128
128
  end
129
129
 
130
130
  def updated_dependency_without_unlock
131
+ version = latest_resolvable_version_with_no_unlock.to_s
132
+ previous_version = latest_resolvable_previous_version(version)&.to_s
133
+
131
134
  Dependency.new(
132
135
  name: dependency.name,
133
- version: latest_resolvable_version_with_no_unlock.to_s,
136
+ version: version,
134
137
  requirements: dependency.requirements,
135
- previous_version: latest_resolvable_previous_version&.to_s,
138
+ previous_version: previous_version,
136
139
  previous_requirements: dependency.requirements,
137
140
  package_manager: dependency.package_manager
138
141
  )
139
142
  end
140
143
 
141
144
  def updated_dependency_with_own_req_unlock
145
+ version = preferred_resolvable_version.to_s
146
+ previous_version = latest_resolvable_previous_version(version)&.to_s
147
+
142
148
  Dependency.new(
143
149
  name: dependency.name,
144
- version: preferred_resolvable_version.to_s,
150
+ version: version,
145
151
  requirements: updated_requirements,
146
- previous_version: latest_resolvable_previous_version&.to_s,
152
+ previous_version: previous_version,
147
153
  previous_requirements: dependency.requirements,
148
154
  package_manager: dependency.package_manager
149
155
  )
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.113.4"
4
+ VERSION = "0.113.9"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.113.4
4
+ version: 0.113.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-09-27 00:00:00.000000000 Z
11
+ date: 2019-10-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -230,14 +230,14 @@ dependencies:
230
230
  requirements:
231
231
  - - "~>"
232
232
  - !ruby/object:Gem::Version
233
- version: '12'
233
+ version: '13'
234
234
  type: :development
235
235
  prerelease: false
236
236
  version_requirements: !ruby/object:Gem::Requirement
237
237
  requirements:
238
238
  - - "~>"
239
239
  - !ruby/object:Gem::Version
240
- version: '12'
240
+ version: '13'
241
241
  - !ruby/object:Gem::Dependency
242
242
  name: rspec
243
243
  requirement: !ruby/object:Gem::Requirement
@@ -286,14 +286,14 @@ dependencies:
286
286
  requirements:
287
287
  - - "~>"
288
288
  - !ruby/object:Gem::Version
289
- version: 0.74.0
289
+ version: 0.75.0
290
290
  type: :development
291
291
  prerelease: false
292
292
  version_requirements: !ruby/object:Gem::Requirement
293
293
  requirements:
294
294
  - - "~>"
295
295
  - !ruby/object:Gem::Version
296
- version: 0.74.0
296
+ version: 0.75.0
297
297
  - !ruby/object:Gem::Dependency
298
298
  name: vcr
299
299
  requirement: !ruby/object:Gem::Requirement