dependabot-common 0.116.1 → 0.116.6
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cd6d1cb619675f1da2656b37b2eb4d27a6ae0c8789b516c51bce122497cb923a
|
4
|
+
data.tar.gz: c9eaca28c8869517e55aeb9605b9e2bfdc698505ebf5cc757eaa565678b4294e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 618053c87e601c5c5de915b2da255a4e18748fc30ed414894383b2a83fa19526bbab8671e4eeefeefa7f5753977f2569eb43c5086853f049c7ea689354695803
|
7
|
+
data.tar.gz: 3fcbdf49ee0f6077fcf33b8bc3ce9895215f4dd9a9d70798f5c84bc73b4913c49d879ab4614a02f751c522366b6d634d5f8df9b1ca336603c8110118782b7a78
|
@@ -156,16 +156,26 @@ module Dependabot
|
|
156
156
|
cred = credentials.select { |c| c["type"] == "git_source" }.
|
157
157
|
find { |c| bare_uri.start_with?(c["host"]) }
|
158
158
|
|
159
|
+
scheme = scheme_for_uri(uri)
|
160
|
+
|
159
161
|
if bare_uri.match?(%r{[^/]+:[^/]+@})
|
160
162
|
# URI already has authentication details
|
161
|
-
"
|
163
|
+
"#{scheme}://#{bare_uri}"
|
162
164
|
elsif cred&.fetch("username", nil) && cred&.fetch("password", nil)
|
163
165
|
# URI doesn't have authentication details, but we have credentials
|
164
166
|
auth_string = "#{cred.fetch('username')}:#{cred.fetch('password')}"
|
165
|
-
"
|
167
|
+
"#{scheme}://#{auth_string}@#{bare_uri}"
|
168
|
+
else
|
169
|
+
# No credentials, so just return the http(s) URI
|
170
|
+
"#{scheme}://#{bare_uri}"
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
def scheme_for_uri(uri)
|
175
|
+
if uri.match?(%r{^http://})
|
176
|
+
"http"
|
166
177
|
else
|
167
|
-
|
168
|
-
"https://#{bare_uri}"
|
178
|
+
"https"
|
169
179
|
end
|
170
180
|
end
|
171
181
|
|
@@ -27,7 +27,11 @@ module Dependabot
|
|
27
27
|
elsif dependencies.count > 1 && updating_a_dependency_set?
|
28
28
|
dependency_set.fetch(:group)
|
29
29
|
else
|
30
|
-
dependencies.
|
30
|
+
dependencies.
|
31
|
+
map(&:name).
|
32
|
+
join("-and-").
|
33
|
+
tr(":[]", "-").
|
34
|
+
tr("@", "")
|
31
35
|
end
|
32
36
|
|
33
37
|
dep = dependencies.first
|
@@ -41,12 +45,8 @@ module Dependabot
|
|
41
45
|
end
|
42
46
|
end
|
43
47
|
|
44
|
-
branch_name = File.join(prefixes, @name).
|
45
|
-
gsub(%r{/\.}, "/dot-").
|
46
|
-
gsub(%r{/\.}, "/dot-")
|
47
|
-
|
48
48
|
# Some users need branch names without slashes
|
49
|
-
|
49
|
+
sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
|
50
50
|
end
|
51
51
|
|
52
52
|
# rubocop:enable Metrics/PerceivedComplexity
|
@@ -113,8 +113,7 @@ module Dependabot
|
|
113
113
|
gsub(">", "gt-").
|
114
114
|
gsub("<", "lt-").
|
115
115
|
gsub("*", "star").
|
116
|
-
gsub(",", "-and-")
|
117
|
-
sub(/\.$/, "")
|
116
|
+
gsub(",", "-and-")
|
118
117
|
end
|
119
118
|
|
120
119
|
def new_version(dependency)
|
@@ -169,6 +168,23 @@ module Dependabot
|
|
169
168
|
def requirements_changed?(dependency)
|
170
169
|
(dependency.requirements - dependency.previous_requirements).any?
|
171
170
|
end
|
171
|
+
|
172
|
+
def sanitize_ref(ref)
|
173
|
+
# This isn't a complete implementation of git's ref validation, but it
|
174
|
+
# covers most cases that crop up. Its list of allowed charactersr is a
|
175
|
+
# bit stricter than git's, but that's for cosmetic reasons.
|
176
|
+
ref.
|
177
|
+
# Remove forbidden characters (those not already replaced elsewhere)
|
178
|
+
gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
|
179
|
+
# Slashes can't be followed by periods
|
180
|
+
gsub(%r{/\.}, "/dot-").
|
181
|
+
# Two or more sequential periods are forbidden
|
182
|
+
gsub(/\.+/, ".").
|
183
|
+
# Two or more sequential slashes are forbidden
|
184
|
+
gsub(%r{/+}, "/").
|
185
|
+
# Trailing periods are forbidden
|
186
|
+
sub(/\.$/, "")
|
187
|
+
end
|
172
188
|
end
|
173
189
|
end
|
174
190
|
end
|
@@ -13,13 +13,15 @@ module Dependabot
|
|
13
13
|
|
14
14
|
def initialize(dependency:, dependency_files:, credentials:,
|
15
15
|
ignored_versions: [], security_advisories: [],
|
16
|
-
requirements_update_strategy: nil
|
16
|
+
requirements_update_strategy: nil,
|
17
|
+
security_updates_only: false)
|
17
18
|
@dependency = dependency
|
18
19
|
@dependency_files = dependency_files
|
19
20
|
@credentials = credentials
|
20
21
|
@requirements_update_strategy = requirements_update_strategy
|
21
22
|
@ignored_versions = ignored_versions
|
22
23
|
@security_advisories = security_advisories
|
24
|
+
@security_updates_only = security_updates_only
|
23
25
|
end
|
24
26
|
|
25
27
|
def up_to_date?
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.116.
|
4
|
+
version: 0.116.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-02-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -62,16 +62,22 @@ dependencies:
|
|
62
62
|
name: commonmarker
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
64
64
|
requirements:
|
65
|
-
- - "
|
65
|
+
- - ">="
|
66
66
|
- !ruby/object:Gem::Version
|
67
67
|
version: 0.20.1
|
68
|
+
- - "<"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 0.22.0
|
68
71
|
type: :runtime
|
69
72
|
prerelease: false
|
70
73
|
version_requirements: !ruby/object:Gem::Requirement
|
71
74
|
requirements:
|
72
|
-
- - "
|
75
|
+
- - ">="
|
73
76
|
- !ruby/object:Gem::Version
|
74
77
|
version: 0.20.1
|
78
|
+
- - "<"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: 0.22.0
|
75
81
|
- !ruby/object:Gem::Dependency
|
76
82
|
name: docker_registry2
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|