dependabot-common 0.117.7 → 0.118.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55750d0c35548ebd15327c2f84fddbf0c23af5e8f64da00e9395a4f5fee03f48
4
- data.tar.gz: fe582725de782776eaff4b04e5048ff3085df1623c2239f6f02a615152c0ade5
3
+ metadata.gz: aeba710170f71c12424e8f19659ca2173fbd9c486ac01f6cf15fea03203cb261
4
+ data.tar.gz: 6cd83c10c8de3ecfa1efc9073138af6157a7ffa21d7a3b086f7e295c58447562
5
5
  SHA512:
6
- metadata.gz: 7ade17705d2e2ea39c3b873d0b990939400278b50c49d0b6fb5c05ed73891faf35866a6199daadae1a088ddbb781e90c29e11d08d34d35e5391291c356a2592b
7
- data.tar.gz: b4ae896dee875ccb175c413a25e2d9904e11a5449015d0b7f290d5e1e1b7bdb703b26682615d257fe835af466a689b4d23ad1c524ba3f2211996f249861a292e
6
+ metadata.gz: de9f6d35ee32b93d1c3f3e871744e1efb384b4ad1aec4f970fcfe22fe4158c3e3c47e84b9d8231e19ce2446a8861f419ab62a9e2b87f44ffdb000685211f5e61
7
+ data.tar.gz: c44b1503abfa59ae01298595c2c4a9787a70f4d224c5692179a955e2b0ba75df4d0f5cac450ee12efa6ae3ff9d97e62cdb9339adda81d924f1bfc4aa09aff167
@@ -25,7 +25,7 @@ module Dependabot
25
25
  class OutOfMemory < DependabotError; end
26
26
 
27
27
  #####################
28
- # Repo leval errors #
28
+ # Repo level errors #
29
29
  #####################
30
30
 
31
31
  class BranchNotFound < DependabotError
@@ -191,4 +191,7 @@ module Dependabot
191
191
  super(msg)
192
192
  end
193
193
  end
194
+
195
+ # Raised by UpdateChecker if all candidate updates are ignored
196
+ class AllVersionsIgnored < DependabotError; end
194
197
  end
@@ -21,11 +21,13 @@ module Dependabot
21
21
  )$
22
22
  /ix.freeze
23
23
 
24
- def initialize(dependency:, credentials:, ignored_versions: [],
24
+ def initialize(dependency:, credentials:,
25
+ ignored_versions: [], raise_on_ignored: false,
25
26
  requirement_class: nil, version_class: nil)
26
27
  @dependency = dependency
27
28
  @credentials = credentials
28
29
  @ignored_versions = ignored_versions
30
+ @raise_on_ignored = raise_on_ignored
29
31
  @requirement_class = requirement_class
30
32
  @version_class = version_class
31
33
  end
@@ -85,15 +87,22 @@ module Dependabot
85
87
  end
86
88
 
87
89
  def local_tag_for_latest_version
88
- tag =
90
+ tags =
89
91
  local_tags.
90
- select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }.
91
- reject { |t| tag_included_in_ignore_reqs?(t) }.
92
- reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
93
- max_by do |t|
94
- version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
95
- version_class.new(version)
96
- end
92
+ select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
93
+ filtered = tags.
94
+ reject { |t| tag_included_in_ignore_reqs?(t) }
95
+ if @raise_on_ignored && tags.any? && filtered.empty?
96
+ raise Dependabot::AllVersionsIgnored
97
+ end
98
+
99
+ tag = filtered.
100
+ reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
101
+ max_by do |t|
102
+ version = t.name.match(VERSION_REGEX).named_captures.
103
+ fetch("version")
104
+ version_class.new(version)
105
+ end
97
106
 
98
107
  return unless tag
99
108
 
@@ -6,6 +6,8 @@ module Dependabot
6
6
  class PullRequestCreator
7
7
  class Labeler
8
8
  DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
9
+ DEFAULT_DEPENDENCIES_LABEL = "dependencies"
10
+ DEFAULT_SECURITY_LABEL = "security"
9
11
 
10
12
  @package_manager_labels = {}
11
13
 
@@ -170,12 +172,18 @@ module Dependabot
170
172
  if custom_labels then custom_labels & labels
171
173
  else
172
174
  [
173
- labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) },
175
+ default_dependencies_label,
174
176
  label_language? ? language_label : nil
175
177
  ].compact
176
178
  end
177
179
  end
178
180
 
181
+ # Find the exact match first and then fallback to *dependenc* label
182
+ def default_dependencies_label
183
+ labels.find { |l| l == DEFAULT_DEPENDENCIES_LABEL } ||
184
+ labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
185
+ end
186
+
179
187
  def dependencies_label_exists?
180
188
  labels.any? { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
181
189
  end
@@ -260,7 +268,12 @@ module Dependabot
260
268
  self.class.label_details_for_package_manager(package_manager).
261
269
  fetch(:name)
262
270
 
263
- @labels = [*@labels, "dependencies", "security", langauge_name].uniq
271
+ @labels = [
272
+ *@labels,
273
+ DEFAULT_DEPENDENCIES_LABEL,
274
+ DEFAULT_SECURITY_LABEL,
275
+ langauge_name
276
+ ].uniq
264
277
  end
265
278
 
266
279
  def create_dependencies_label
@@ -292,44 +305,44 @@ module Dependabot
292
305
 
293
306
  def create_github_dependencies_label
294
307
  github_client_for_source.add_label(
295
- source.repo, "dependencies", "0366d6",
308
+ source.repo, DEFAULT_DEPENDENCIES_LABEL, "0366d6",
296
309
  description: "Pull requests that update a dependency file",
297
310
  accept: "application/vnd.github.symmetra-preview+json"
298
311
  )
299
- @labels = [*@labels, "dependencies"].uniq
312
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
300
313
  rescue Octokit::UnprocessableEntity => e
301
314
  raise unless e.errors.first.fetch(:code) == "already_exists"
302
315
 
303
- @labels = [*@labels, "dependencies"].uniq
316
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
304
317
  end
305
318
 
306
319
  def create_gitlab_dependencies_label
307
320
  gitlab_client_for_source.create_label(
308
- source.repo, "dependencies", "#0366d6",
321
+ source.repo, DEFAULT_DEPENDENCIES_LABEL, "#0366d6",
309
322
  description: "Pull requests that update a dependency file"
310
323
  )
311
- @labels = [*@labels, "dependencies"].uniq
324
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
312
325
  end
313
326
 
314
327
  def create_github_security_label
315
328
  github_client_for_source.add_label(
316
- source.repo, "security", "ee0701",
329
+ source.repo, DEFAULT_SECURITY_LABEL, "ee0701",
317
330
  description: "Pull requests that address a security vulnerability",
318
331
  accept: "application/vnd.github.symmetra-preview+json"
319
332
  )
320
- @labels = [*@labels, "security"].uniq
333
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
321
334
  rescue Octokit::UnprocessableEntity => e
322
335
  raise unless e.errors.first.fetch(:code) == "already_exists"
323
336
 
324
- @labels = [*@labels, "security"].uniq
337
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
325
338
  end
326
339
 
327
340
  def create_gitlab_security_label
328
341
  gitlab_client_for_source.create_label(
329
- source.repo, "security", "#ee0701",
342
+ source.repo, DEFAULT_SECURITY_LABEL, "#ee0701",
330
343
  description: "Pull requests that address a security vulnerability"
331
344
  )
332
- @labels = [*@labels, "security"].uniq
345
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
333
346
  end
334
347
 
335
348
  def create_github_language_label
@@ -163,7 +163,8 @@ module Dependabot
163
163
  return nil if e.message.match?(/Reference cannot be updated/i)
164
164
 
165
165
  if e.message.match?(/force\-push to a protected/i) ||
166
- e.message.match?(/not authorized to push/i)
166
+ e.message.match?(/not authorized to push/i) ||
167
+ e.message.match?(/must not contain merge commits/)
167
168
  raise BranchProtected
168
169
  end
169
170
 
@@ -8,17 +8,19 @@ module Dependabot
8
8
  module UpdateCheckers
9
9
  class Base
10
10
  attr_reader :dependency, :dependency_files, :credentials,
11
- :ignored_versions, :security_advisories,
12
- :requirements_update_strategy
11
+ :ignored_versions, :raise_on_ignored,
12
+ :security_advisories, :requirements_update_strategy
13
13
 
14
14
  def initialize(dependency:, dependency_files:, credentials:,
15
- ignored_versions: [], security_advisories: [],
15
+ ignored_versions: [], raise_on_ignored: false,
16
+ security_advisories: [],
16
17
  requirements_update_strategy: nil)
17
18
  @dependency = dependency
18
19
  @dependency_files = dependency_files
19
20
  @credentials = credentials
20
21
  @requirements_update_strategy = requirements_update_strategy
21
22
  @ignored_versions = ignored_versions
23
+ @raise_on_ignored = raise_on_ignored
22
24
  @security_advisories = security_advisories
23
25
  end
24
26
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.117.7"
4
+ VERSION = "0.118.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.7
4
+ version: 0.118.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-20 00:00:00.000000000 Z
11
+ date: 2020-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -306,14 +306,14 @@ dependencies:
306
306
  requirements:
307
307
  - - "~>"
308
308
  - !ruby/object:Gem::Version
309
- version: 0.82.0
309
+ version: 0.83.0
310
310
  type: :development
311
311
  prerelease: false
312
312
  version_requirements: !ruby/object:Gem::Requirement
313
313
  requirements:
314
314
  - - "~>"
315
315
  - !ruby/object:Gem::Version
316
- version: 0.82.0
316
+ version: 0.83.0
317
317
  - !ruby/object:Gem::Dependency
318
318
  name: vcr
319
319
  requirement: !ruby/object:Gem::Requirement