dependabot-common 0.116.2 → 0.117.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/git_metadata_fetcher.rb +14 -4
- data/lib/dependabot/pull_request_creator/branch_namer.rb +24 -8
- data/lib/dependabot/pull_request_creator/codecommit.rb +2 -0
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +12 -3
- data/lib/dependabot/version.rb +1 -1
- metadata +14 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7dabb5390c99314c33d5b64e07388e2deaf614dcba3be7eee39806e8b5deaff2
|
4
|
+
data.tar.gz: a71cbca736c9455ceb7ba73b6b3051b52b41b0b8c4c3155542f020e6a2211120
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd9cf03127407d8aa28b8d28bf1a926d99d13ecd43b3fe6ea0b172d96b2b33b9b9079be2047fd6508d266e99e322201baae741c2842b35b02326b4fdf5f85ceb
|
7
|
+
data.tar.gz: a2a7f212298b0d5eface9267659f15436b2e3291358146ca58ff93cb2f5a15fac664aba338a85f07198e99389231b9eebc5291a56ca2e1ddd6eadcc745e52442
|
@@ -156,16 +156,26 @@ module Dependabot
|
|
156
156
|
cred = credentials.select { |c| c["type"] == "git_source" }.
|
157
157
|
find { |c| bare_uri.start_with?(c["host"]) }
|
158
158
|
|
159
|
+
scheme = scheme_for_uri(uri)
|
160
|
+
|
159
161
|
if bare_uri.match?(%r{[^/]+:[^/]+@})
|
160
162
|
# URI already has authentication details
|
161
|
-
"
|
163
|
+
"#{scheme}://#{bare_uri}"
|
162
164
|
elsif cred&.fetch("username", nil) && cred&.fetch("password", nil)
|
163
165
|
# URI doesn't have authentication details, but we have credentials
|
164
166
|
auth_string = "#{cred.fetch('username')}:#{cred.fetch('password')}"
|
165
|
-
"
|
167
|
+
"#{scheme}://#{auth_string}@#{bare_uri}"
|
168
|
+
else
|
169
|
+
# No credentials, so just return the http(s) URI
|
170
|
+
"#{scheme}://#{bare_uri}"
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
def scheme_for_uri(uri)
|
175
|
+
if uri.match?(%r{^http://})
|
176
|
+
"http"
|
166
177
|
else
|
167
|
-
|
168
|
-
"https://#{bare_uri}"
|
178
|
+
"https"
|
169
179
|
end
|
170
180
|
end
|
171
181
|
|
@@ -27,7 +27,11 @@ module Dependabot
|
|
27
27
|
elsif dependencies.count > 1 && updating_a_dependency_set?
|
28
28
|
dependency_set.fetch(:group)
|
29
29
|
else
|
30
|
-
dependencies.
|
30
|
+
dependencies.
|
31
|
+
map(&:name).
|
32
|
+
join("-and-").
|
33
|
+
tr(":[]", "-").
|
34
|
+
tr("@", "")
|
31
35
|
end
|
32
36
|
|
33
37
|
dep = dependencies.first
|
@@ -41,12 +45,8 @@ module Dependabot
|
|
41
45
|
end
|
42
46
|
end
|
43
47
|
|
44
|
-
branch_name = File.join(prefixes, @name).
|
45
|
-
gsub(%r{/\.}, "/dot-").
|
46
|
-
gsub(%r{/\.}, "/dot-")
|
47
|
-
|
48
48
|
# Some users need branch names without slashes
|
49
|
-
|
49
|
+
sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
|
50
50
|
end
|
51
51
|
|
52
52
|
# rubocop:enable Metrics/PerceivedComplexity
|
@@ -113,8 +113,7 @@ module Dependabot
|
|
113
113
|
gsub(">", "gt-").
|
114
114
|
gsub("<", "lt-").
|
115
115
|
gsub("*", "star").
|
116
|
-
gsub(",", "-and-")
|
117
|
-
sub(/\.$/, "")
|
116
|
+
gsub(",", "-and-")
|
118
117
|
end
|
119
118
|
|
120
119
|
def new_version(dependency)
|
@@ -169,6 +168,23 @@ module Dependabot
|
|
169
168
|
def requirements_changed?(dependency)
|
170
169
|
(dependency.requirements - dependency.previous_requirements).any?
|
171
170
|
end
|
171
|
+
|
172
|
+
def sanitize_ref(ref)
|
173
|
+
# This isn't a complete implementation of git's ref validation, but it
|
174
|
+
# covers most cases that crop up. Its list of allowed charactersr is a
|
175
|
+
# bit stricter than git's, but that's for cosmetic reasons.
|
176
|
+
ref.
|
177
|
+
# Remove forbidden characters (those not already replaced elsewhere)
|
178
|
+
gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
|
179
|
+
# Slashes can't be followed by periods
|
180
|
+
gsub(%r{/\.}, "/dot-").
|
181
|
+
# Two or more sequential periods are forbidden
|
182
|
+
gsub(/\.+/, ".").
|
183
|
+
# Two or more sequential slashes are forbidden
|
184
|
+
gsub(%r{/+}, "/").
|
185
|
+
# Trailing periods are forbidden
|
186
|
+
sub(/\.$/, "")
|
187
|
+
end
|
172
188
|
end
|
173
189
|
end
|
174
190
|
end
|
@@ -58,6 +58,7 @@ module Dependabot
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
61
62
|
def sanitize_links(doc)
|
62
63
|
doc.walk do |node|
|
63
64
|
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
@@ -73,12 +74,20 @@ module Dependabot
|
|
73
74
|
subnode.string_content = "#{repo}##{number}"
|
74
75
|
end
|
75
76
|
|
76
|
-
node.url = node.url
|
77
|
-
|
78
|
-
|
77
|
+
node.url = replace_github_host(node.url)
|
78
|
+
elsif node.type == :text &&
|
79
|
+
node.string_content.match?(GITHUB_REF_REGEX)
|
80
|
+
node.string_content = replace_github_host(node.string_content)
|
79
81
|
end
|
80
82
|
end
|
81
83
|
end
|
84
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
85
|
+
|
86
|
+
def replace_github_host(text)
|
87
|
+
text.gsub(
|
88
|
+
"github.com", github_redirection_service || "github.com"
|
89
|
+
)
|
90
|
+
end
|
82
91
|
|
83
92
|
def build_mention_nodes(text)
|
84
93
|
nodes = []
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.117.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-03-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -62,16 +62,22 @@ dependencies:
|
|
62
62
|
name: commonmarker
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
64
64
|
requirements:
|
65
|
-
- - "
|
65
|
+
- - ">="
|
66
66
|
- !ruby/object:Gem::Version
|
67
67
|
version: 0.20.1
|
68
|
+
- - "<"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 0.22.0
|
68
71
|
type: :runtime
|
69
72
|
prerelease: false
|
70
73
|
version_requirements: !ruby/object:Gem::Requirement
|
71
74
|
requirements:
|
72
|
-
- - "
|
75
|
+
- - ">="
|
73
76
|
- !ruby/object:Gem::Version
|
74
77
|
version: 0.20.1
|
78
|
+
- - "<"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: 0.22.0
|
75
81
|
- !ruby/object:Gem::Dependency
|
76
82
|
name: docker_registry2
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|
@@ -300,26 +306,26 @@ dependencies:
|
|
300
306
|
requirements:
|
301
307
|
- - "~>"
|
302
308
|
- !ruby/object:Gem::Version
|
303
|
-
version: 0.
|
309
|
+
version: 0.80.1
|
304
310
|
type: :development
|
305
311
|
prerelease: false
|
306
312
|
version_requirements: !ruby/object:Gem::Requirement
|
307
313
|
requirements:
|
308
314
|
- - "~>"
|
309
315
|
- !ruby/object:Gem::Version
|
310
|
-
version: 0.
|
316
|
+
version: 0.80.1
|
311
317
|
- !ruby/object:Gem::Dependency
|
312
318
|
name: vcr
|
313
319
|
requirement: !ruby/object:Gem::Requirement
|
314
320
|
requirements:
|
315
|
-
- -
|
321
|
+
- - '='
|
316
322
|
- !ruby/object:Gem::Version
|
317
323
|
version: '5.0'
|
318
324
|
type: :development
|
319
325
|
prerelease: false
|
320
326
|
version_requirements: !ruby/object:Gem::Requirement
|
321
327
|
requirements:
|
322
|
-
- -
|
328
|
+
- - '='
|
323
329
|
- !ruby/object:Gem::Version
|
324
330
|
version: '5.0'
|
325
331
|
- !ruby/object:Gem::Dependency
|