dependabot-common 0.117.7 → 0.118.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/errors.rb +4 -1
- data/lib/dependabot/git_commit_checker.rb +18 -9
- data/lib/dependabot/pull_request_creator/labeler.rb +25 -12
- data/lib/dependabot/pull_request_updater/github.rb +2 -1
- data/lib/dependabot/update_checkers/base.rb +5 -3
- data/lib/dependabot/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aeba710170f71c12424e8f19659ca2173fbd9c486ac01f6cf15fea03203cb261
|
4
|
+
data.tar.gz: 6cd83c10c8de3ecfa1efc9073138af6157a7ffa21d7a3b086f7e295c58447562
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: de9f6d35ee32b93d1c3f3e871744e1efb384b4ad1aec4f970fcfe22fe4158c3e3c47e84b9d8231e19ce2446a8861f419ab62a9e2b87f44ffdb000685211f5e61
|
7
|
+
data.tar.gz: c44b1503abfa59ae01298595c2c4a9787a70f4d224c5692179a955e2b0ba75df4d0f5cac450ee12efa6ae3ff9d97e62cdb9339adda81d924f1bfc4aa09aff167
|
data/lib/dependabot/errors.rb
CHANGED
@@ -25,7 +25,7 @@ module Dependabot
|
|
25
25
|
class OutOfMemory < DependabotError; end
|
26
26
|
|
27
27
|
#####################
|
28
|
-
# Repo
|
28
|
+
# Repo level errors #
|
29
29
|
#####################
|
30
30
|
|
31
31
|
class BranchNotFound < DependabotError
|
@@ -191,4 +191,7 @@ module Dependabot
|
|
191
191
|
super(msg)
|
192
192
|
end
|
193
193
|
end
|
194
|
+
|
195
|
+
# Raised by UpdateChecker if all candidate updates are ignored
|
196
|
+
class AllVersionsIgnored < DependabotError; end
|
194
197
|
end
|
@@ -21,11 +21,13 @@ module Dependabot
|
|
21
21
|
)$
|
22
22
|
/ix.freeze
|
23
23
|
|
24
|
-
def initialize(dependency:, credentials:,
|
24
|
+
def initialize(dependency:, credentials:,
|
25
|
+
ignored_versions: [], raise_on_ignored: false,
|
25
26
|
requirement_class: nil, version_class: nil)
|
26
27
|
@dependency = dependency
|
27
28
|
@credentials = credentials
|
28
29
|
@ignored_versions = ignored_versions
|
30
|
+
@raise_on_ignored = raise_on_ignored
|
29
31
|
@requirement_class = requirement_class
|
30
32
|
@version_class = version_class
|
31
33
|
end
|
@@ -85,15 +87,22 @@ module Dependabot
|
|
85
87
|
end
|
86
88
|
|
87
89
|
def local_tag_for_latest_version
|
88
|
-
|
90
|
+
tags =
|
89
91
|
local_tags.
|
90
|
-
select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
92
|
+
select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
93
|
+
filtered = tags.
|
94
|
+
reject { |t| tag_included_in_ignore_reqs?(t) }
|
95
|
+
if @raise_on_ignored && tags.any? && filtered.empty?
|
96
|
+
raise Dependabot::AllVersionsIgnored
|
97
|
+
end
|
98
|
+
|
99
|
+
tag = filtered.
|
100
|
+
reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
|
101
|
+
max_by do |t|
|
102
|
+
version = t.name.match(VERSION_REGEX).named_captures.
|
103
|
+
fetch("version")
|
104
|
+
version_class.new(version)
|
105
|
+
end
|
97
106
|
|
98
107
|
return unless tag
|
99
108
|
|
@@ -6,6 +6,8 @@ module Dependabot
|
|
6
6
|
class PullRequestCreator
|
7
7
|
class Labeler
|
8
8
|
DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
|
9
|
+
DEFAULT_DEPENDENCIES_LABEL = "dependencies"
|
10
|
+
DEFAULT_SECURITY_LABEL = "security"
|
9
11
|
|
10
12
|
@package_manager_labels = {}
|
11
13
|
|
@@ -170,12 +172,18 @@ module Dependabot
|
|
170
172
|
if custom_labels then custom_labels & labels
|
171
173
|
else
|
172
174
|
[
|
173
|
-
|
175
|
+
default_dependencies_label,
|
174
176
|
label_language? ? language_label : nil
|
175
177
|
].compact
|
176
178
|
end
|
177
179
|
end
|
178
180
|
|
181
|
+
# Find the exact match first and then fallback to *dependenc* label
|
182
|
+
def default_dependencies_label
|
183
|
+
labels.find { |l| l == DEFAULT_DEPENDENCIES_LABEL } ||
|
184
|
+
labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
|
185
|
+
end
|
186
|
+
|
179
187
|
def dependencies_label_exists?
|
180
188
|
labels.any? { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
|
181
189
|
end
|
@@ -260,7 +268,12 @@ module Dependabot
|
|
260
268
|
self.class.label_details_for_package_manager(package_manager).
|
261
269
|
fetch(:name)
|
262
270
|
|
263
|
-
@labels = [
|
271
|
+
@labels = [
|
272
|
+
*@labels,
|
273
|
+
DEFAULT_DEPENDENCIES_LABEL,
|
274
|
+
DEFAULT_SECURITY_LABEL,
|
275
|
+
langauge_name
|
276
|
+
].uniq
|
264
277
|
end
|
265
278
|
|
266
279
|
def create_dependencies_label
|
@@ -292,44 +305,44 @@ module Dependabot
|
|
292
305
|
|
293
306
|
def create_github_dependencies_label
|
294
307
|
github_client_for_source.add_label(
|
295
|
-
source.repo,
|
308
|
+
source.repo, DEFAULT_DEPENDENCIES_LABEL, "0366d6",
|
296
309
|
description: "Pull requests that update a dependency file",
|
297
310
|
accept: "application/vnd.github.symmetra-preview+json"
|
298
311
|
)
|
299
|
-
@labels = [*@labels,
|
312
|
+
@labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
|
300
313
|
rescue Octokit::UnprocessableEntity => e
|
301
314
|
raise unless e.errors.first.fetch(:code) == "already_exists"
|
302
315
|
|
303
|
-
@labels = [*@labels,
|
316
|
+
@labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
|
304
317
|
end
|
305
318
|
|
306
319
|
def create_gitlab_dependencies_label
|
307
320
|
gitlab_client_for_source.create_label(
|
308
|
-
source.repo,
|
321
|
+
source.repo, DEFAULT_DEPENDENCIES_LABEL, "#0366d6",
|
309
322
|
description: "Pull requests that update a dependency file"
|
310
323
|
)
|
311
|
-
@labels = [*@labels,
|
324
|
+
@labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
|
312
325
|
end
|
313
326
|
|
314
327
|
def create_github_security_label
|
315
328
|
github_client_for_source.add_label(
|
316
|
-
source.repo,
|
329
|
+
source.repo, DEFAULT_SECURITY_LABEL, "ee0701",
|
317
330
|
description: "Pull requests that address a security vulnerability",
|
318
331
|
accept: "application/vnd.github.symmetra-preview+json"
|
319
332
|
)
|
320
|
-
@labels = [*@labels,
|
333
|
+
@labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
|
321
334
|
rescue Octokit::UnprocessableEntity => e
|
322
335
|
raise unless e.errors.first.fetch(:code) == "already_exists"
|
323
336
|
|
324
|
-
@labels = [*@labels,
|
337
|
+
@labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
|
325
338
|
end
|
326
339
|
|
327
340
|
def create_gitlab_security_label
|
328
341
|
gitlab_client_for_source.create_label(
|
329
|
-
source.repo,
|
342
|
+
source.repo, DEFAULT_SECURITY_LABEL, "#ee0701",
|
330
343
|
description: "Pull requests that address a security vulnerability"
|
331
344
|
)
|
332
|
-
@labels = [*@labels,
|
345
|
+
@labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
|
333
346
|
end
|
334
347
|
|
335
348
|
def create_github_language_label
|
@@ -163,7 +163,8 @@ module Dependabot
|
|
163
163
|
return nil if e.message.match?(/Reference cannot be updated/i)
|
164
164
|
|
165
165
|
if e.message.match?(/force\-push to a protected/i) ||
|
166
|
-
e.message.match?(/not authorized to push/i)
|
166
|
+
e.message.match?(/not authorized to push/i) ||
|
167
|
+
e.message.match?(/must not contain merge commits/)
|
167
168
|
raise BranchProtected
|
168
169
|
end
|
169
170
|
|
@@ -8,17 +8,19 @@ module Dependabot
|
|
8
8
|
module UpdateCheckers
|
9
9
|
class Base
|
10
10
|
attr_reader :dependency, :dependency_files, :credentials,
|
11
|
-
:ignored_versions, :
|
12
|
-
:requirements_update_strategy
|
11
|
+
:ignored_versions, :raise_on_ignored,
|
12
|
+
:security_advisories, :requirements_update_strategy
|
13
13
|
|
14
14
|
def initialize(dependency:, dependency_files:, credentials:,
|
15
|
-
ignored_versions: [],
|
15
|
+
ignored_versions: [], raise_on_ignored: false,
|
16
|
+
security_advisories: [],
|
16
17
|
requirements_update_strategy: nil)
|
17
18
|
@dependency = dependency
|
18
19
|
@dependency_files = dependency_files
|
19
20
|
@credentials = credentials
|
20
21
|
@requirements_update_strategy = requirements_update_strategy
|
21
22
|
@ignored_versions = ignored_versions
|
23
|
+
@raise_on_ignored = raise_on_ignored
|
22
24
|
@security_advisories = security_advisories
|
23
25
|
end
|
24
26
|
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.118.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-05-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -306,14 +306,14 @@ dependencies:
|
|
306
306
|
requirements:
|
307
307
|
- - "~>"
|
308
308
|
- !ruby/object:Gem::Version
|
309
|
-
version: 0.
|
309
|
+
version: 0.83.0
|
310
310
|
type: :development
|
311
311
|
prerelease: false
|
312
312
|
version_requirements: !ruby/object:Gem::Requirement
|
313
313
|
requirements:
|
314
314
|
- - "~>"
|
315
315
|
- !ruby/object:Gem::Version
|
316
|
-
version: 0.
|
316
|
+
version: 0.83.0
|
317
317
|
- !ruby/object:Gem::Dependency
|
318
318
|
name: vcr
|
319
319
|
requirement: !ruby/object:Gem::Requirement
|