dependabot-common 0.116.2 → 0.117.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/git_metadata_fetcher.rb +14 -4
- data/lib/dependabot/pull_request_creator/branch_namer.rb +24 -8
- data/lib/dependabot/pull_request_creator/codecommit.rb +2 -0
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +12 -3
- data/lib/dependabot/version.rb +1 -1
- metadata +14 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7dabb5390c99314c33d5b64e07388e2deaf614dcba3be7eee39806e8b5deaff2
|
|
4
|
+
data.tar.gz: a71cbca736c9455ceb7ba73b6b3051b52b41b0b8c4c3155542f020e6a2211120
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd9cf03127407d8aa28b8d28bf1a926d99d13ecd43b3fe6ea0b172d96b2b33b9b9079be2047fd6508d266e99e322201baae741c2842b35b02326b4fdf5f85ceb
|
|
7
|
+
data.tar.gz: a2a7f212298b0d5eface9267659f15436b2e3291358146ca58ff93cb2f5a15fac664aba338a85f07198e99389231b9eebc5291a56ca2e1ddd6eadcc745e52442
|
|
@@ -156,16 +156,26 @@ module Dependabot
|
|
|
156
156
|
cred = credentials.select { |c| c["type"] == "git_source" }.
|
|
157
157
|
find { |c| bare_uri.start_with?(c["host"]) }
|
|
158
158
|
|
|
159
|
+
scheme = scheme_for_uri(uri)
|
|
160
|
+
|
|
159
161
|
if bare_uri.match?(%r{[^/]+:[^/]+@})
|
|
160
162
|
# URI already has authentication details
|
|
161
|
-
"
|
|
163
|
+
"#{scheme}://#{bare_uri}"
|
|
162
164
|
elsif cred&.fetch("username", nil) && cred&.fetch("password", nil)
|
|
163
165
|
# URI doesn't have authentication details, but we have credentials
|
|
164
166
|
auth_string = "#{cred.fetch('username')}:#{cred.fetch('password')}"
|
|
165
|
-
"
|
|
167
|
+
"#{scheme}://#{auth_string}@#{bare_uri}"
|
|
168
|
+
else
|
|
169
|
+
# No credentials, so just return the http(s) URI
|
|
170
|
+
"#{scheme}://#{bare_uri}"
|
|
171
|
+
end
|
|
172
|
+
end
|
|
173
|
+
|
|
174
|
+
def scheme_for_uri(uri)
|
|
175
|
+
if uri.match?(%r{^http://})
|
|
176
|
+
"http"
|
|
166
177
|
else
|
|
167
|
-
|
|
168
|
-
"https://#{bare_uri}"
|
|
178
|
+
"https"
|
|
169
179
|
end
|
|
170
180
|
end
|
|
171
181
|
|
|
@@ -27,7 +27,11 @@ module Dependabot
|
|
|
27
27
|
elsif dependencies.count > 1 && updating_a_dependency_set?
|
|
28
28
|
dependency_set.fetch(:group)
|
|
29
29
|
else
|
|
30
|
-
dependencies.
|
|
30
|
+
dependencies.
|
|
31
|
+
map(&:name).
|
|
32
|
+
join("-and-").
|
|
33
|
+
tr(":[]", "-").
|
|
34
|
+
tr("@", "")
|
|
31
35
|
end
|
|
32
36
|
|
|
33
37
|
dep = dependencies.first
|
|
@@ -41,12 +45,8 @@ module Dependabot
|
|
|
41
45
|
end
|
|
42
46
|
end
|
|
43
47
|
|
|
44
|
-
branch_name = File.join(prefixes, @name).
|
|
45
|
-
gsub(%r{/\.}, "/dot-").
|
|
46
|
-
gsub(%r{/\.}, "/dot-")
|
|
47
|
-
|
|
48
48
|
# Some users need branch names without slashes
|
|
49
|
-
|
|
49
|
+
sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
@@ -113,8 +113,7 @@ module Dependabot
|
|
|
113
113
|
gsub(">", "gt-").
|
|
114
114
|
gsub("<", "lt-").
|
|
115
115
|
gsub("*", "star").
|
|
116
|
-
gsub(",", "-and-")
|
|
117
|
-
sub(/\.$/, "")
|
|
116
|
+
gsub(",", "-and-")
|
|
118
117
|
end
|
|
119
118
|
|
|
120
119
|
def new_version(dependency)
|
|
@@ -169,6 +168,23 @@ module Dependabot
|
|
|
169
168
|
def requirements_changed?(dependency)
|
|
170
169
|
(dependency.requirements - dependency.previous_requirements).any?
|
|
171
170
|
end
|
|
171
|
+
|
|
172
|
+
def sanitize_ref(ref)
|
|
173
|
+
# This isn't a complete implementation of git's ref validation, but it
|
|
174
|
+
# covers most cases that crop up. Its list of allowed charactersr is a
|
|
175
|
+
# bit stricter than git's, but that's for cosmetic reasons.
|
|
176
|
+
ref.
|
|
177
|
+
# Remove forbidden characters (those not already replaced elsewhere)
|
|
178
|
+
gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
|
|
179
|
+
# Slashes can't be followed by periods
|
|
180
|
+
gsub(%r{/\.}, "/dot-").
|
|
181
|
+
# Two or more sequential periods are forbidden
|
|
182
|
+
gsub(/\.+/, ".").
|
|
183
|
+
# Two or more sequential slashes are forbidden
|
|
184
|
+
gsub(%r{/+}, "/").
|
|
185
|
+
# Trailing periods are forbidden
|
|
186
|
+
sub(/\.$/, "")
|
|
187
|
+
end
|
|
172
188
|
end
|
|
173
189
|
end
|
|
174
190
|
end
|
|
@@ -58,6 +58,7 @@ module Dependabot
|
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
61
62
|
def sanitize_links(doc)
|
|
62
63
|
doc.walk do |node|
|
|
63
64
|
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
|
@@ -73,12 +74,20 @@ module Dependabot
|
|
|
73
74
|
subnode.string_content = "#{repo}##{number}"
|
|
74
75
|
end
|
|
75
76
|
|
|
76
|
-
node.url = node.url
|
|
77
|
-
|
|
78
|
-
|
|
77
|
+
node.url = replace_github_host(node.url)
|
|
78
|
+
elsif node.type == :text &&
|
|
79
|
+
node.string_content.match?(GITHUB_REF_REGEX)
|
|
80
|
+
node.string_content = replace_github_host(node.string_content)
|
|
79
81
|
end
|
|
80
82
|
end
|
|
81
83
|
end
|
|
84
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
85
|
+
|
|
86
|
+
def replace_github_host(text)
|
|
87
|
+
text.gsub(
|
|
88
|
+
"github.com", github_redirection_service || "github.com"
|
|
89
|
+
)
|
|
90
|
+
end
|
|
82
91
|
|
|
83
92
|
def build_mention_nodes(text)
|
|
84
93
|
nodes = []
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.117.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-03-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -62,16 +62,22 @@ dependencies:
|
|
|
62
62
|
name: commonmarker
|
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
|
64
64
|
requirements:
|
|
65
|
-
- - "
|
|
65
|
+
- - ">="
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
67
|
version: 0.20.1
|
|
68
|
+
- - "<"
|
|
69
|
+
- !ruby/object:Gem::Version
|
|
70
|
+
version: 0.22.0
|
|
68
71
|
type: :runtime
|
|
69
72
|
prerelease: false
|
|
70
73
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
74
|
requirements:
|
|
72
|
-
- - "
|
|
75
|
+
- - ">="
|
|
73
76
|
- !ruby/object:Gem::Version
|
|
74
77
|
version: 0.20.1
|
|
78
|
+
- - "<"
|
|
79
|
+
- !ruby/object:Gem::Version
|
|
80
|
+
version: 0.22.0
|
|
75
81
|
- !ruby/object:Gem::Dependency
|
|
76
82
|
name: docker_registry2
|
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -300,26 +306,26 @@ dependencies:
|
|
|
300
306
|
requirements:
|
|
301
307
|
- - "~>"
|
|
302
308
|
- !ruby/object:Gem::Version
|
|
303
|
-
version: 0.
|
|
309
|
+
version: 0.80.1
|
|
304
310
|
type: :development
|
|
305
311
|
prerelease: false
|
|
306
312
|
version_requirements: !ruby/object:Gem::Requirement
|
|
307
313
|
requirements:
|
|
308
314
|
- - "~>"
|
|
309
315
|
- !ruby/object:Gem::Version
|
|
310
|
-
version: 0.
|
|
316
|
+
version: 0.80.1
|
|
311
317
|
- !ruby/object:Gem::Dependency
|
|
312
318
|
name: vcr
|
|
313
319
|
requirement: !ruby/object:Gem::Requirement
|
|
314
320
|
requirements:
|
|
315
|
-
- -
|
|
321
|
+
- - '='
|
|
316
322
|
- !ruby/object:Gem::Version
|
|
317
323
|
version: '5.0'
|
|
318
324
|
type: :development
|
|
319
325
|
prerelease: false
|
|
320
326
|
version_requirements: !ruby/object:Gem::Requirement
|
|
321
327
|
requirements:
|
|
322
|
-
- -
|
|
328
|
+
- - '='
|
|
323
329
|
- !ruby/object:Gem::Version
|
|
324
330
|
version: '5.0'
|
|
325
331
|
- !ruby/object:Gem::Dependency
|