dependabot-common 0.116.1 → 0.116.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/git_metadata_fetcher.rb +14 -4
  3. data/lib/dependabot/pull_request_creator/branch_namer.rb +24 -8
  4. data/lib/dependabot/update_checkers/base.rb +3 -1
  5. data/lib/dependabot/version.rb +1 -1
  6. metadata +10 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d7cca726367cd7cac7db77b5526207c6e09c4ccbe88369005545fe3d2865d2de
4
- data.tar.gz: cf8374c303913e6ff4e206421d0886468acbc8192cdde75b738ef6578f351d60
3
+ metadata.gz: cd6d1cb619675f1da2656b37b2eb4d27a6ae0c8789b516c51bce122497cb923a
4
+ data.tar.gz: c9eaca28c8869517e55aeb9605b9e2bfdc698505ebf5cc757eaa565678b4294e
5
5
  SHA512:
6
- metadata.gz: e5b4ef63e9ad79240b8ace2f81808b39566f77cf044c3b0968eec44a91412c20280008f22a43fc571f2f437255b25c879403306f1aea90e6bcb73fdccd94109e
7
- data.tar.gz: 00b12b3a70f1091df496a0c986e99dfa8e47840a415eb9e96772dad0b7eb9cc140f77f52807c818a4e106c6c8e7c0f9a735ccdc1489651d6b417100d82b23cdd
6
+ metadata.gz: 618053c87e601c5c5de915b2da255a4e18748fc30ed414894383b2a83fa19526bbab8671e4eeefeefa7f5753977f2569eb43c5086853f049c7ea689354695803
7
+ data.tar.gz: 3fcbdf49ee0f6077fcf33b8bc3ce9895215f4dd9a9d70798f5c84bc73b4913c49d879ab4614a02f751c522366b6d634d5f8df9b1ca336603c8110118782b7a78
data/lib/dependabot/git_metadata_fetcher.rb CHANGED
@@ -156,16 +156,26 @@ module Dependabot
156
156
  cred = credentials.select { |c| c["type"] == "git_source" }.
157
157
  find { |c| bare_uri.start_with?(c["host"]) }
158
158
 
159
+ scheme = scheme_for_uri(uri)
160
+
159
161
  if bare_uri.match?(%r{[^/]+:[^/]+@})
160
162
  # URI already has authentication details
161
- "https://#{bare_uri}"
163
+ "#{scheme}://#{bare_uri}"
162
164
  elsif cred&.fetch("username", nil) && cred&.fetch("password", nil)
163
165
  # URI doesn't have authentication details, but we have credentials
164
166
  auth_string = "#{cred.fetch('username')}:#{cred.fetch('password')}"
165
- "https://#{auth_string}@#{bare_uri}"
167
+ "#{scheme}://#{auth_string}@#{bare_uri}"
168
+ else
169
+ # No credentials, so just return the http(s) URI
170
+ "#{scheme}://#{bare_uri}"
171
+ end
172
+ end
173
+
174
+ def scheme_for_uri(uri)
175
+ if uri.match?(%r{^http://})
176
+ "http"
166
177
  else
167
- # No credentials, so just return the https URI
168
- "https://#{bare_uri}"
178
+ "https"
169
179
  end
170
180
  end
171
181
 
data/lib/dependabot/pull_request_creator/branch_namer.rb CHANGED
@@ -27,7 +27,11 @@ module Dependabot
27
27
  elsif dependencies.count > 1 && updating_a_dependency_set?
28
28
  dependency_set.fetch(:group)
29
29
  else
30
- dependencies.map(&:name).join("-and-").tr(":", "-").tr("@", "")
30
+ dependencies.
31
+ map(&:name).
32
+ join("-and-").
33
+ tr(":[]", "-").
34
+ tr("@", "")
31
35
  end
32
36
 
33
37
  dep = dependencies.first
@@ -41,12 +45,8 @@ module Dependabot
41
45
  end
42
46
  end
43
47
 
44
- branch_name = File.join(prefixes, @name).
45
- gsub(%r{/\.}, "/dot-").
46
- gsub(%r{/\.}, "/dot-")
47
-
48
48
  # Some users need branch names without slashes
49
- branch_name.gsub("/", separator)
49
+ sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
50
50
  end
51
51
 
52
52
  # rubocop:enable Metrics/PerceivedComplexity
@@ -113,8 +113,7 @@ module Dependabot
113
113
  gsub(">", "gt-").
114
114
  gsub("<", "lt-").
115
115
  gsub("*", "star").
116
- gsub(",", "-and-").
117
- sub(/\.$/, "")
116
+ gsub(",", "-and-")
118
117
  end
119
118
 
120
119
  def new_version(dependency)
@@ -169,6 +168,23 @@ module Dependabot
169
168
  def requirements_changed?(dependency)
170
169
  (dependency.requirements - dependency.previous_requirements).any?
171
170
  end
171
+
172
+ def sanitize_ref(ref)
173
+ # This isn't a complete implementation of git's ref validation, but it
174
+ # covers most cases that crop up. Its list of allowed charactersr is a
175
+ # bit stricter than git's, but that's for cosmetic reasons.
176
+ ref.
177
+ # Remove forbidden characters (those not already replaced elsewhere)
178
+ gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
179
+ # Slashes can't be followed by periods
180
+ gsub(%r{/\.}, "/dot-").
181
+ # Two or more sequential periods are forbidden
182
+ gsub(/\.+/, ".").
183
+ # Two or more sequential slashes are forbidden
184
+ gsub(%r{/+}, "/").
185
+ # Trailing periods are forbidden
186
+ sub(/\.$/, "")
187
+ end
172
188
  end
173
189
  end
174
190
  end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -13,13 +13,15 @@ module Dependabot
13
13
 
14
14
  def initialize(dependency:, dependency_files:, credentials:,
15
15
  ignored_versions: [], security_advisories: [],
16
- requirements_update_strategy: nil)
16
+ requirements_update_strategy: nil,
17
+ security_updates_only: false)
17
18
  @dependency = dependency
18
19
  @dependency_files = dependency_files
19
20
  @credentials = credentials
20
21
  @requirements_update_strategy = requirements_update_strategy
21
22
  @ignored_versions = ignored_versions
22
23
  @security_advisories = security_advisories
24
+ @security_updates_only = security_updates_only
23
25
  end
24
26
 
25
27
  def up_to_date?
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.116.1"
4
+ VERSION = "0.116.6"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.116.1
4
+ version: 0.116.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-08 00:00:00.000000000 Z
11
+ date: 2020-02-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -62,16 +62,22 @@ dependencies:
62
62
  name: commonmarker
63
63
  requirement: !ruby/object:Gem::Requirement
64
64
  requirements:
65
- - - "~>"
65
+ - - ">="
66
66
  - !ruby/object:Gem::Version
67
67
  version: 0.20.1
68
+ - - "<"
69
+ - !ruby/object:Gem::Version
70
+ version: 0.22.0
68
71
  type: :runtime
69
72
  prerelease: false
70
73
  version_requirements: !ruby/object:Gem::Requirement
71
74
  requirements:
72
- - - "~>"
75
+ - - ">="
73
76
  - !ruby/object:Gem::Version
74
77
  version: 0.20.1
78
+ - - "<"
79
+ - !ruby/object:Gem::Version
80
+ version: 0.22.0
75
81
  - !ruby/object:Gem::Dependency
76
82
  name: docker_registry2
77
83
  requirement: !ruby/object:Gem::Requirement