dependabot-common 0.117.8 → 0.118.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4fbd102209797a40f329caabbac70c2304764967b3987c9c16a46ee3b57a968e
4
- data.tar.gz: f552a0108387314d04b952286eda9bf16bc0607cb3f6381d025558969457ae5d
3
+ metadata.gz: e5508a2fb0bd77cff97062f9dc172973b650958b6f0b2f2ae9e35f2b11185eb6
4
+ data.tar.gz: 873df8dae15041c881b82ae1b7ca6e25c4044563acd2b883a2a7b04093ffc392
5
5
  SHA512:
6
- metadata.gz: 7fc52b3476181eb0a2a75530e9cee3a7fcac1ba9a44daf74a3e58e736c84beae577b54e13aed28b817e25c63bc0ff6adbaeef8bb8c88f43fde4dfb6e3a798ea5
7
- data.tar.gz: c9d7eb57e0a72505c0b591d0f9484d222fef47776f2f19404a5d7753d243515101e9c23373bf65f26cbfec36c7724e99ec2e79c7a0f001477c100cafa2997374
6
+ metadata.gz: 922fda6863fefe18f76385e2f56b60609fad004ceff52fbc47056a6908b83a1fab69139741312980ed62e4fd5b4ea172766ba458f9e8216867990dcc10d81a33
7
+ data.tar.gz: 70afe1040d4fa6f4787e2eb339f4b380b10142e184706342d05ad2b140c1f79673c5b00be353fb58eee640d48cabc4866df524fe4fbbf3810757366405707537
@@ -25,7 +25,7 @@ module Dependabot
25
25
  class OutOfMemory < DependabotError; end
26
26
 
27
27
  #####################
28
- # Repo leval errors #
28
+ # Repo level errors #
29
29
  #####################
30
30
 
31
31
  class BranchNotFound < DependabotError
@@ -191,4 +191,7 @@ module Dependabot
191
191
  super(msg)
192
192
  end
193
193
  end
194
+
195
+ # Raised by UpdateChecker if all candidate updates are ignored
196
+ class AllVersionsIgnored < DependabotError; end
194
197
  end
@@ -21,11 +21,13 @@ module Dependabot
21
21
  )$
22
22
  /ix.freeze
23
23
 
24
- def initialize(dependency:, credentials:, ignored_versions: [],
24
+ def initialize(dependency:, credentials:,
25
+ ignored_versions: [], raise_on_ignored: false,
25
26
  requirement_class: nil, version_class: nil)
26
27
  @dependency = dependency
27
28
  @credentials = credentials
28
29
  @ignored_versions = ignored_versions
30
+ @raise_on_ignored = raise_on_ignored
29
31
  @requirement_class = requirement_class
30
32
  @version_class = version_class
31
33
  end
@@ -85,15 +87,22 @@ module Dependabot
85
87
  end
86
88
 
87
89
  def local_tag_for_latest_version
88
- tag =
90
+ tags =
89
91
  local_tags.
90
- select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }.
91
- reject { |t| tag_included_in_ignore_reqs?(t) }.
92
- reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
93
- max_by do |t|
94
- version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
95
- version_class.new(version)
96
- end
92
+ select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
93
+ filtered = tags.
94
+ reject { |t| tag_included_in_ignore_reqs?(t) }
95
+ if @raise_on_ignored && tags.any? && filtered.empty?
96
+ raise Dependabot::AllVersionsIgnored
97
+ end
98
+
99
+ tag = filtered.
100
+ reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
101
+ max_by do |t|
102
+ version = t.name.match(VERSION_REGEX).named_captures.
103
+ fetch("version")
104
+ version_class.new(version)
105
+ end
97
106
 
98
107
  return unless tag
99
108
 
@@ -6,6 +6,8 @@ module Dependabot
6
6
  class PullRequestCreator
7
7
  class Labeler
8
8
  DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
9
+ DEFAULT_DEPENDENCIES_LABEL = "dependencies"
10
+ DEFAULT_SECURITY_LABEL = "security"
9
11
 
10
12
  @package_manager_labels = {}
11
13
 
@@ -170,12 +172,18 @@ module Dependabot
170
172
  if custom_labels then custom_labels & labels
171
173
  else
172
174
  [
173
- labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) },
175
+ default_dependencies_label,
174
176
  label_language? ? language_label : nil
175
177
  ].compact
176
178
  end
177
179
  end
178
180
 
181
+ # Find the exact match first and then fallback to *dependenc* label
182
+ def default_dependencies_label
183
+ labels.find { |l| l == DEFAULT_DEPENDENCIES_LABEL } ||
184
+ labels.find { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
185
+ end
186
+
179
187
  def dependencies_label_exists?
180
188
  labels.any? { |l| l.match?(DEPENDENCIES_LABEL_REGEX) }
181
189
  end
@@ -260,7 +268,12 @@ module Dependabot
260
268
  self.class.label_details_for_package_manager(package_manager).
261
269
  fetch(:name)
262
270
 
263
- @labels = [*@labels, "dependencies", "security", langauge_name].uniq
271
+ @labels = [
272
+ *@labels,
273
+ DEFAULT_DEPENDENCIES_LABEL,
274
+ DEFAULT_SECURITY_LABEL,
275
+ langauge_name
276
+ ].uniq
264
277
  end
265
278
 
266
279
  def create_dependencies_label
@@ -292,44 +305,44 @@ module Dependabot
292
305
 
293
306
  def create_github_dependencies_label
294
307
  github_client_for_source.add_label(
295
- source.repo, "dependencies", "0366d6",
308
+ source.repo, DEFAULT_DEPENDENCIES_LABEL, "0366d6",
296
309
  description: "Pull requests that update a dependency file",
297
310
  accept: "application/vnd.github.symmetra-preview+json"
298
311
  )
299
- @labels = [*@labels, "dependencies"].uniq
312
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
300
313
  rescue Octokit::UnprocessableEntity => e
301
314
  raise unless e.errors.first.fetch(:code) == "already_exists"
302
315
 
303
- @labels = [*@labels, "dependencies"].uniq
316
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
304
317
  end
305
318
 
306
319
  def create_gitlab_dependencies_label
307
320
  gitlab_client_for_source.create_label(
308
- source.repo, "dependencies", "#0366d6",
321
+ source.repo, DEFAULT_DEPENDENCIES_LABEL, "#0366d6",
309
322
  description: "Pull requests that update a dependency file"
310
323
  )
311
- @labels = [*@labels, "dependencies"].uniq
324
+ @labels = [*@labels, DEFAULT_DEPENDENCIES_LABEL].uniq
312
325
  end
313
326
 
314
327
  def create_github_security_label
315
328
  github_client_for_source.add_label(
316
- source.repo, "security", "ee0701",
329
+ source.repo, DEFAULT_SECURITY_LABEL, "ee0701",
317
330
  description: "Pull requests that address a security vulnerability",
318
331
  accept: "application/vnd.github.symmetra-preview+json"
319
332
  )
320
- @labels = [*@labels, "security"].uniq
333
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
321
334
  rescue Octokit::UnprocessableEntity => e
322
335
  raise unless e.errors.first.fetch(:code) == "already_exists"
323
336
 
324
- @labels = [*@labels, "security"].uniq
337
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
325
338
  end
326
339
 
327
340
  def create_gitlab_security_label
328
341
  gitlab_client_for_source.create_label(
329
- source.repo, "security", "#ee0701",
342
+ source.repo, DEFAULT_SECURITY_LABEL, "#ee0701",
330
343
  description: "Pull requests that address a security vulnerability"
331
344
  )
332
- @labels = [*@labels, "security"].uniq
345
+ @labels = [*@labels, DEFAULT_SECURITY_LABEL].uniq
333
346
  end
334
347
 
335
348
  def create_github_language_label
@@ -314,7 +314,7 @@ module Dependabot
314
314
  azure_client_for_source.commits
315
315
 
316
316
  @recent_azure_commit_messages.
317
- reject { |c| c.fetch("author").fetch("email") == dependabot_email }.
317
+ reject { |c| azure_commit_author_email(c) == dependabot_email }.
318
318
  reject { |c| c.fetch("comment")&.start_with?("Merge") }.
319
319
  map { |c| c.fetch("comment") }.
320
320
  compact.
@@ -374,7 +374,7 @@ module Dependabot
374
374
  azure_client_for_source.commits
375
375
 
376
376
  @recent_azure_commit_messages.
377
- find { |c| c.fetch("author").fetch("email") == dependabot_email }&.
377
+ find { |c| azure_commit_author_email(c) == dependabot_email }&.
378
378
  message&.
379
379
  strip
380
380
  end
@@ -389,6 +389,10 @@ module Dependabot
389
389
  strip
390
390
  end
391
391
 
392
+ def azure_commit_author_email(commit)
393
+ commit.fetch("author").fetch("email", "")
394
+ end
395
+
392
396
  def github_client_for_source
393
397
  @github_client_for_source ||=
394
398
  Dependabot::Clients::GithubWithRetries.for_source(
@@ -163,7 +163,8 @@ module Dependabot
163
163
  return nil if e.message.match?(/Reference cannot be updated/i)
164
164
 
165
165
  if e.message.match?(/force\-push to a protected/i) ||
166
- e.message.match?(/not authorized to push/i)
166
+ e.message.match?(/not authorized to push/i) ||
167
+ e.message.match?(/must not contain merge commits/)
167
168
  raise BranchProtected
168
169
  end
169
170
 
@@ -8,17 +8,19 @@ module Dependabot
8
8
  module UpdateCheckers
9
9
  class Base
10
10
  attr_reader :dependency, :dependency_files, :credentials,
11
- :ignored_versions, :security_advisories,
12
- :requirements_update_strategy
11
+ :ignored_versions, :raise_on_ignored,
12
+ :security_advisories, :requirements_update_strategy
13
13
 
14
14
  def initialize(dependency:, dependency_files:, credentials:,
15
- ignored_versions: [], security_advisories: [],
15
+ ignored_versions: [], raise_on_ignored: false,
16
+ security_advisories: [],
16
17
  requirements_update_strategy: nil)
17
18
  @dependency = dependency
18
19
  @dependency_files = dependency_files
19
20
  @credentials = credentials
20
21
  @requirements_update_strategy = requirements_update_strategy
21
22
  @ignored_versions = ignored_versions
23
+ @raise_on_ignored = raise_on_ignored
22
24
  @security_advisories = security_advisories
23
25
  end
24
26
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.117.8"
4
+ VERSION = "0.118.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.8
4
+ version: 0.118.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-12 00:00:00.000000000 Z
11
+ date: 2020-06-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -306,14 +306,14 @@ dependencies:
306
306
  requirements:
307
307
  - - "~>"
308
308
  - !ruby/object:Gem::Version
309
- version: 0.82.0
309
+ version: 0.83.0
310
310
  type: :development
311
311
  prerelease: false
312
312
  version_requirements: !ruby/object:Gem::Requirement
313
313
  requirements:
314
314
  - - "~>"
315
315
  - !ruby/object:Gem::Version
316
- version: 0.82.0
316
+ version: 0.83.0
317
317
  - !ruby/object:Gem::Dependency
318
318
  name: vcr
319
319
  requirement: !ruby/object:Gem::Requirement