dependabot-common 0.117.1 → 0.117.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 14cdb8046ea54f46ad93439ad3f67cd803f00b6905ecce3d8edf26fa0857c686
|
|
4
|
+
data.tar.gz: 5b9174ab20e524e54eddb09bc48151ea1a8fea0912bf0b5c47e3a7b50c25762b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0312a8c36d969f3936ec0bd938b310aaa736ee59bb8be3c3200c59f6bf4ec2a9fbf1da60f468143d46ef682ae1a2d7092b4523f26d51e4ba786db7196c6ac1a9
|
|
7
|
+
data.tar.gz: c303d8bc132a106dacbce6a77e9b473c0e3a08cb2f1cdd3b0c967ffa62720f404aa1e54e1e49e627c43e592f3c4971b729dc3c166a989e4cc7beb2f77c9fb932
|
|
@@ -303,6 +303,8 @@ module Dependabot
|
|
|
303
303
|
end
|
|
304
304
|
|
|
305
305
|
def metadata_cascades_for_dep(dep)
|
|
306
|
+
break_tag = source_provider_supports_html? ? "\n<br />" : "\n\n"
|
|
307
|
+
|
|
306
308
|
msg = ""
|
|
307
309
|
msg += vulnerabilities_cascade(dep)
|
|
308
310
|
msg += release_cascade(dep)
|
|
@@ -310,7 +312,7 @@ module Dependabot
|
|
|
310
312
|
msg += upgrade_guide_cascade(dep)
|
|
311
313
|
msg += commits_cascade(dep)
|
|
312
314
|
msg += maintainer_changes_cascade(dep)
|
|
313
|
-
msg +=
|
|
315
|
+
msg += break_tag unless msg == ""
|
|
314
316
|
"\n" + sanitize_links_and_mentions(msg)
|
|
315
317
|
end
|
|
316
318
|
|
|
@@ -432,15 +434,19 @@ module Dependabot
|
|
|
432
434
|
def build_details_tag(summary:, body:)
|
|
433
435
|
# Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
|
|
434
436
|
# CodeCommit does not support the <details> tag (no url available)
|
|
435
|
-
if
|
|
436
|
-
"\n\##{summary}\n\n#{body}"
|
|
437
|
-
else
|
|
437
|
+
if source_provider_supports_html?
|
|
438
438
|
msg = "<details>\n<summary>#{summary}</summary>\n\n"
|
|
439
439
|
msg += body
|
|
440
440
|
msg + "</details>\n"
|
|
441
|
+
else
|
|
442
|
+
"\n\##{summary}\n\n#{body}"
|
|
441
443
|
end
|
|
442
444
|
end
|
|
443
445
|
|
|
446
|
+
def source_provider_supports_html?
|
|
447
|
+
!%w(azure codecommit).include?(source.provider)
|
|
448
|
+
end
|
|
449
|
+
|
|
444
450
|
def serialized_vulnerability_details(details)
|
|
445
451
|
msg = vulnerability_source_line(details)
|
|
446
452
|
|
|
@@ -659,6 +665,8 @@ module Dependabot
|
|
|
659
665
|
end
|
|
660
666
|
|
|
661
667
|
def sanitize_links_and_mentions(text)
|
|
668
|
+
return text unless source.provider == "github"
|
|
669
|
+
|
|
662
670
|
LinkAndMentionSanitizer.
|
|
663
671
|
new(github_redirection_service: github_redirection_service).
|
|
664
672
|
sanitize_links_and_mentions(text: text)
|
|
@@ -243,12 +243,22 @@ module Dependabot
|
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
def requirements_up_to_date?
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
246
|
+
if can_compare_requirements?
|
|
247
|
+
return (version_from_requirements >=
|
|
248
|
+
version_class.new(latest_version.to_s))
|
|
249
|
+
end
|
|
250
|
+
|
|
251
|
+
changed_requirements.none?
|
|
252
|
+
end
|
|
250
253
|
|
|
251
|
-
|
|
254
|
+
def can_compare_requirements?
|
|
255
|
+
version_from_requirements &&
|
|
256
|
+
latest_version &&
|
|
257
|
+
version_class.correct?(latest_version.to_s)
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
def changed_requirements
|
|
261
|
+
(updated_requirements - dependency.requirements)
|
|
252
262
|
end
|
|
253
263
|
|
|
254
264
|
def version_from_requirements
|
|
@@ -262,11 +272,9 @@ module Dependabot
|
|
|
262
272
|
end
|
|
263
273
|
|
|
264
274
|
def requirements_can_update?
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
return false if changed_reqs.none?
|
|
275
|
+
return false if changed_requirements.none?
|
|
268
276
|
|
|
269
|
-
|
|
277
|
+
changed_requirements.none? { |r| r[:requirement] == :unfixable }
|
|
270
278
|
end
|
|
271
279
|
|
|
272
280
|
def ignore_reqs
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-03-
|
|
11
|
+
date: 2020-03-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|