dependabot-common 0.118.1 → 0.118.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e5508a2fb0bd77cff97062f9dc172973b650958b6f0b2f2ae9e35f2b11185eb6
4
- data.tar.gz: 873df8dae15041c881b82ae1b7ca6e25c4044563acd2b883a2a7b04093ffc392
3
+ metadata.gz: 70cb431e0b24eaf5333f1a868234fff74026c1d2100d602ace8930b3fcdab8d6
4
+ data.tar.gz: 571102655827a49ee3bb5aabab49ddd13d48568652134c871eb996db1291fcb7
5
5
  SHA512:
6
- metadata.gz: 922fda6863fefe18f76385e2f56b60609fad004ceff52fbc47056a6908b83a1fab69139741312980ed62e4fd5b4ea172766ba458f9e8216867990dcc10d81a33
7
- data.tar.gz: 70afe1040d4fa6f4787e2eb339f4b380b10142e184706342d05ad2b140c1f79673c5b00be353fb58eee640d48cabc4866df524fe4fbbf3810757366405707537
6
+ metadata.gz: efc89ed94109360cc5b3ecd85ff04a091a759385431d5201d9f8d8e5b07f4cd089b0c923e98786044a3e77d917628b7cd1557ca571e27b2849ebc04c3edce158
7
+ data.tar.gz: 88683da344b4ef6fe8e1c54bfeb715151e77ea607ca5e8d9e72b8a9909d76ef9db7b35890aa31e412f666c4a60a4ea932c00579e41b02ba3fd804487aa624114
@@ -314,24 +314,29 @@ module Dependabot
314
314
  end
315
315
 
316
316
  def new_version
317
- @new_version ||= git_source? ? new_ref : dependency.version
318
- @new_version&.gsub(/^v/, "")
317
+ return @new_version if defined?(@new_version)
318
+
319
+ new_version = git_source? && new_ref ? new_ref : dependency.version
320
+ @new_version = new_version&.gsub(/^v/, "")
319
321
  end
320
322
 
321
323
  def previous_ref
322
- dependency.previous_requirements.map do |r|
324
+ previous_refs = dependency.previous_requirements.map do |r|
323
325
  r.dig(:source, "ref") || r.dig(:source, :ref)
324
- end.compact.first
326
+ end.compact.uniq
327
+ return previous_refs.first if previous_refs.count == 1
325
328
  end
326
329
 
327
330
  def new_ref
328
- dependency.requirements.map do |r|
331
+ new_refs = dependency.requirements.map do |r|
329
332
  r.dig(:source, "ref") || r.dig(:source, :ref)
330
- end.compact.first
333
+ end.compact.uniq
334
+ return new_refs.first if new_refs.count == 1
331
335
  end
332
336
 
333
337
  def ref_changed?
334
- previous_ref && new_ref && previous_ref != new_ref
338
+ # We could go from multiple previous refs (nil) to a single new ref
339
+ previous_ref != new_ref
335
340
  end
336
341
 
337
342
  # TODO: Refactor me so that Composer doesn't need to be special cased
@@ -343,10 +348,8 @@ module Dependabot
343
348
  requirements = dependency.requirements
344
349
  sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
345
350
  return false if sources.empty?
346
- raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
347
351
 
348
- source_type = sources.first[:type] || sources.first.fetch("type")
349
- source_type == "git"
352
+ sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
350
353
  end
351
354
 
352
355
  def major_version_upgrade?
@@ -139,19 +139,17 @@ module Dependabot
139
139
  end
140
140
 
141
141
  def previous_ref
142
- dependency.previous_requirements.map do |r|
142
+ previous_refs = dependency.previous_requirements.map do |r|
143
143
  r.dig(:source, "ref") || r.dig(:source, :ref)
144
- end.compact.first
144
+ end.compact.uniq
145
+ return previous_refs.first if previous_refs.count == 1
145
146
  end
146
147
 
147
148
  def new_ref
148
- dependency.requirements.map do |r|
149
+ new_refs = dependency.requirements.map do |r|
149
150
  r.dig(:source, "ref") || r.dig(:source, :ref)
150
- end.compact.first
151
- end
152
-
153
- def ref_changed?
154
- previous_ref && new_ref && previous_ref != new_ref
151
+ end.compact.uniq
152
+ return new_refs.first if new_refs.count == 1
155
153
  end
156
154
 
157
155
  # TODO: Refactor me so that Composer doesn't need to be special cased
@@ -163,10 +161,8 @@ module Dependabot
163
161
  requirements = dependency.requirements
164
162
  sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
165
163
  return false if sources.empty?
166
- raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
167
164
 
168
- source_type = sources.first[:type] || sources.first.fetch("type")
169
- source_type == "git"
165
+ sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
170
166
  end
171
167
 
172
168
  def version_class
@@ -55,7 +55,7 @@ module Dependabot
55
55
  return new_version
56
56
  end
57
57
 
58
- return new_ref if git_source?(dependency.requirements) && ref_changed?
58
+ return new_ref if new_ref && ref_changed?
59
59
 
60
60
  tags = dependency_tags.
61
61
  select { |tag| tag_matches_version?(tag, new_version) }.
@@ -73,7 +73,7 @@ module Dependabot
73
73
  if git_source?(dependency.previous_requirements) &&
74
74
  git_sha?(previous_version)
75
75
  previous_version
76
- elsif git_source?(dependency.previous_requirements) && ref_changed?
76
+ elsif previous_ref && ref_changed?
77
77
  previous_ref
78
78
  elsif previous_version
79
79
  tags = dependency_tags.
@@ -126,32 +126,31 @@ module Dependabot
126
126
 
127
127
  sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
128
128
  return false if sources.empty?
129
- raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
130
129
 
131
- source_type = sources.first[:type] || sources.first.fetch("type")
132
- source_type == "git"
130
+ sources.all? { |s| s[:type] == "git" || s["type"] == "git" }
133
131
  end
134
132
 
135
133
  def ref_changed?
136
- return false unless previous_ref && new_ref
137
-
134
+ # We could go from multiple previous refs (nil) to a single new ref
138
135
  previous_ref != new_ref
139
136
  end
140
137
 
141
138
  def previous_ref
142
139
  return unless git_source?(dependency.previous_requirements)
143
140
 
144
- dependency.previous_requirements.map do |r|
141
+ previous_refs = dependency.previous_requirements.map do |r|
145
142
  r.dig(:source, "ref") || r.dig(:source, :ref)
146
- end.compact.first
143
+ end.compact.uniq
144
+ return previous_refs.first if previous_refs.count == 1
147
145
  end
148
146
 
149
147
  def new_ref
150
148
  return unless git_source?(dependency.previous_requirements)
151
149
 
152
- dependency.requirements.map do |r|
150
+ new_refs = dependency.requirements.map do |r|
153
151
  r.dig(:source, "ref") || r.dig(:source, :ref)
154
- end.compact.first
152
+ end.compact.uniq
153
+ return new_refs.first if new_refs.count == 1
155
154
  end
156
155
 
157
156
  def tag_matches_version?(tag, version)
@@ -251,8 +251,11 @@ module Dependabot
251
251
  return ref_changed? ? previous_ref : nil
252
252
  end
253
253
 
254
+ # Previous version looks like a git SHA and there's a previous ref, we
255
+ # could be changing to a nil previous ref in which case we want to
256
+ # fall back to tge sha version
254
257
  if dependency.previous_version.match?(/^[0-9a-f]{40}$/) &&
255
- ref_changed?
258
+ ref_changed? && previous_ref
256
259
  previous_ref
257
260
  else
258
261
  dependency.previous_version
@@ -260,7 +263,11 @@ module Dependabot
260
263
  end
261
264
 
262
265
  def new_version
263
- if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed?
266
+ # New version looks like a git SHA and there's a new ref, guarding
267
+ # against changes to a nil new_ref (not certain this can actually
268
+ # happen atm)
269
+ if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed? &&
270
+ new_ref
264
271
  return new_ref
265
272
  end
266
273
 
@@ -268,20 +275,21 @@ module Dependabot
268
275
  end
269
276
 
270
277
  def previous_ref
271
- dependency.previous_requirements.map do |r|
278
+ previous_refs = dependency.previous_requirements.map do |r|
272
279
  r.dig(:source, "ref") || r.dig(:source, :ref)
273
- end.compact.first
280
+ end.compact.uniq
281
+ return previous_refs.first if previous_refs.count == 1
274
282
  end
275
283
 
276
284
  def new_ref
277
- dependency.requirements.map do |r|
285
+ new_refs = dependency.requirements.map do |r|
278
286
  r.dig(:source, "ref") || r.dig(:source, :ref)
279
- end.compact.first
287
+ end.compact.uniq
288
+ return new_refs.first if new_refs.count == 1
280
289
  end
281
290
 
282
291
  def ref_changed?
283
- return false unless previous_ref
284
-
292
+ # We could go from multiple previous refs (nil) to a single new ref
285
293
  previous_ref != new_ref
286
294
  end
287
295
 
@@ -36,7 +36,7 @@ module Dependabot
36
36
 
37
37
  dep = dependencies.first
38
38
 
39
- if library? && ref_changed?(dependencies.first)
39
+ if library? && ref_changed?(dep) && new_ref(dep)
40
40
  "#{dependency_name_part}-#{new_ref(dep)}"
41
41
  elsif library?
42
42
  "#{dependency_name_part}-#{sanitized_requirement(dep)}"
@@ -116,9 +116,14 @@ module Dependabot
116
116
  gsub(",", "-and-")
117
117
  end
118
118
 
119
+ # rubocop:disable Metrics/PerceivedComplexity
119
120
  def new_version(dependency)
121
+ # Version looks like a git SHA and we could be updating to a specific
122
+ # ref in which case we return that otherwise we return a shorthand sha
120
123
  if dependency.version.match?(/^[0-9a-f]{40}$/)
121
- return new_ref(dependency) if ref_changed?(dependency)
124
+ if ref_changed?(dependency) && new_ref(dependency)
125
+ return new_ref(dependency)
126
+ end
122
127
 
123
128
  dependency.version[0..6]
124
129
  elsif dependency.version == dependency.previous_version &&
@@ -130,22 +135,25 @@ module Dependabot
130
135
  dependency.version
131
136
  end
132
137
  end
138
+ # rubocop:enable Metrics/PerceivedComplexity
133
139
 
134
140
  def previous_ref(dependency)
135
- dependency.previous_requirements.map do |r|
141
+ previous_refs = dependency.previous_requirements.map do |r|
136
142
  r.dig(:source, "ref") || r.dig(:source, :ref)
137
- end.compact.first
143
+ end.compact.uniq
144
+ return previous_refs.first if previous_refs.count == 1
138
145
  end
139
146
 
140
147
  def new_ref(dependency)
141
- dependency.requirements.map do |r|
148
+ new_refs = dependency.requirements.map do |r|
142
149
  r.dig(:source, "ref") || r.dig(:source, :ref)
143
- end.compact.first
150
+ end.compact.uniq
151
+ return new_refs.first if new_refs.count == 1
144
152
  end
145
153
 
146
154
  def ref_changed?(dependency)
147
- previous_ref(dependency) && new_ref(dependency) &&
148
- previous_ref(dependency) != new_ref(dependency)
155
+ # We could go from multiple previous refs (nil) to a single new ref
156
+ previous_ref(dependency) != new_ref(dependency)
149
157
  end
150
158
 
151
159
  def new_library_requirement(dependency)
@@ -159,6 +167,9 @@ module Dependabot
159
167
  updated_reqs.first[:requirement]
160
168
  end
161
169
 
170
+ # TODO: Look into bringing this in line with existing library checks that
171
+ # we do in the update checkers, which are also overriden by passing an
172
+ # explicit `requirements_update_strategy`.
162
173
  def library?
163
174
  return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
164
175
 
@@ -89,21 +89,9 @@ module Dependabot
89
89
  @automerge_candidate
90
90
  end
91
91
 
92
- # rubocop:disable Metrics/PerceivedComplexity
93
92
  def update_type
94
93
  return unless dependencies.any?(&:previous_version)
95
94
 
96
- precision = dependencies.map do |dep|
97
- new_version_parts = version(dep).split(".")
98
- old_version_parts = previous_version(dep)&.split(".") || []
99
- all_parts = new_version_parts.first(3) + old_version_parts.first(3)
100
- next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
101
- next 1 if new_version_parts[0] != old_version_parts[0]
102
- next 2 if new_version_parts[1] != old_version_parts[1]
103
-
104
- 3
105
- end.min
106
-
107
95
  case precision
108
96
  when 0 then "non-semver"
109
97
  when 1 then "major"
@@ -112,7 +100,18 @@ module Dependabot
112
100
  end
113
101
  end
114
102
 
115
- # rubocop:enable Metrics/PerceivedComplexity
103
+ def precision
104
+ dependencies.map do |dep|
105
+ new_version_parts = version(dep).split(/[.+]/)
106
+ old_version_parts = previous_version(dep)&.split(/[.+]/) || []
107
+ all_parts = new_version_parts.first(3) + old_version_parts.first(3)
108
+ next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
109
+ next 1 if new_version_parts[0] != old_version_parts[0]
110
+ next 2 if new_version_parts[1] != old_version_parts[1]
111
+
112
+ 3
113
+ end.min
114
+ end
116
115
 
117
116
  def version(dep)
118
117
  return dep.version if version_class.correct?(dep.version)
@@ -192,8 +191,10 @@ module Dependabot
192
191
  !security_label.nil?
193
192
  end
194
193
 
194
+ # Find the exact match first and then fallback to * security* label
195
195
  def security_label
196
- labels.find { |l| l.match?(/security/i) }
196
+ labels.find { |l| l == DEFAULT_SECURITY_LABEL } ||
197
+ labels.find { |l| l.match?(/security/i) }
197
198
  end
198
199
 
199
200
  def label_update_type?
@@ -64,7 +64,7 @@ module Dependabot
64
64
  pr_name +
65
65
  if dependencies.count == 1
66
66
  "#{dependencies.first.display_name} requirement "\
67
- "from #{old_library_requirement(dependencies.first)} "\
67
+ "#{from_version_msg(old_library_requirement(dependencies.first))}"\
68
68
  "to #{new_library_requirement(dependencies.first)}"
69
69
  else
70
70
  names = dependencies.map(&:name)
@@ -79,16 +79,18 @@ module Dependabot
79
79
  pr_name +
80
80
  if dependencies.count == 1
81
81
  dependency = dependencies.first
82
- "#{dependency.display_name} from #{previous_version(dependency)} "\
82
+ "#{dependency.display_name} "\
83
+ "#{from_version_msg(previous_version(dependency))}"\
83
84
  "to #{new_version(dependency)}"
84
85
  elsif updating_a_property?
85
86
  dependency = dependencies.first
86
- "#{property_name} from #{previous_version(dependency)} "\
87
+ "#{property_name} "\
88
+ "#{from_version_msg(previous_version(dependency))}"\
87
89
  "to #{new_version(dependency)}"
88
90
  elsif updating_a_dependency_set?
89
91
  dependency = dependencies.first
90
92
  "#{dependency_set.fetch(:group)} dependency set "\
91
- "from #{previous_version(dependency)} "\
93
+ "#{from_version_msg(previous_version(dependency))}"\
92
94
  "to #{new_version(dependency)}"
93
95
  else
94
96
  names = dependencies.map(&:name)
@@ -178,7 +180,7 @@ module Dependabot
178
180
 
179
181
  dependency = dependencies.first
180
182
  msg = "Bumps #{dependency_links.first} "\
181
- "from #{previous_version(dependency)} "\
183
+ "#{from_version_msg(previous_version(dependency))}"\
182
184
  "to #{new_version(dependency)}."
183
185
 
184
186
  if switching_from_ref_to_release?(dependency)
@@ -200,7 +202,7 @@ module Dependabot
200
202
  dependency = dependencies.first
201
203
 
202
204
  "Bumps `#{property_name}` "\
203
- "from #{previous_version(dependency)} "\
205
+ "#{from_version_msg(previous_version(dependency))}"\
204
206
  "to #{new_version(dependency)}."
205
207
  end
206
208
 
@@ -208,7 +210,7 @@ module Dependabot
208
210
  dependency = dependencies.first
209
211
 
210
212
  "Bumps `#{dependency_set.fetch(:group)}` "\
211
- "dependency set from #{previous_version(dependency)} "\
213
+ "dependency set #{from_version_msg(previous_version(dependency))}"\
212
214
  "to #{new_version(dependency)}."
213
215
  end
214
216
 
@@ -218,6 +220,12 @@ module Dependabot
218
220
  "dependencies needed to be updated together."
219
221
  end
220
222
 
223
+ def from_version_msg(previous_version)
224
+ return "" unless previous_version
225
+
226
+ "from #{previous_version} "
227
+ end
228
+
221
229
  def updating_a_property?
222
230
  dependencies.first.
223
231
  requirements.
@@ -268,7 +276,8 @@ module Dependabot
268
276
  end
269
277
 
270
278
  dependencies.map do |dep|
271
- "\n\nUpdates `#{dep.display_name}` from #{previous_version(dep)} to "\
279
+ "\n\nUpdates `#{dep.display_name}` "\
280
+ "#{from_version_msg(previous_version(dep))}to "\
272
281
  "#{new_version(dep)}"\
273
282
  "#{metadata_links_for_dep(dep)}"
274
283
  end.join
@@ -289,8 +298,9 @@ module Dependabot
289
298
  end
290
299
 
291
300
  dependencies.map do |dep|
292
- msg = "\nUpdates `#{dep.display_name}` from "\
293
- "#{previous_version(dep)} to #{new_version(dep)}"
301
+ msg = "\nUpdates `#{dep.display_name}` "\
302
+ "#{from_version_msg(previous_version(dep))}"\
303
+ "to #{new_version(dep)}"
294
304
 
295
305
  if vulnerabilities_fixed[dep.name]&.one?
296
306
  msg += " **This update includes a security fix.**"
@@ -313,7 +323,7 @@ module Dependabot
313
323
  msg += commits_cascade(dep)
314
324
  msg += maintainer_changes_cascade(dep)
315
325
  msg += break_tag unless msg == ""
316
- "\n" + sanitize_links_and_mentions(msg)
326
+ "\n" + sanitize_links_and_mentions(msg, unsafe: true)
317
327
  end
318
328
 
319
329
  def vulnerabilities_cascade(dep)
@@ -427,7 +437,7 @@ module Dependabot
427
437
 
428
438
  build_details_tag(
429
439
  summary: "Maintainer changes",
430
- body: maintainer_changes(dep) + "\n"
440
+ body: sanitize_links_and_mentions(maintainer_changes(dep)) + "\n"
431
441
  )
432
442
  end
433
443
 
@@ -567,7 +577,9 @@ module Dependabot
567
577
  end
568
578
 
569
579
  if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
570
- return previous_ref(dependency) if ref_changed?(dependency)
580
+ if ref_changed?(dependency) && previous_ref(dependency)
581
+ return previous_ref(dependency)
582
+ end
571
583
 
572
584
  "`#{dependency.previous_version[0..6]}`"
573
585
  elsif dependency.version == dependency.previous_version &&
@@ -582,7 +594,9 @@ module Dependabot
582
594
 
583
595
  def new_version(dependency)
584
596
  if dependency.version.match?(/^[0-9a-f]{40}$/)
585
- return new_ref(dependency) if ref_changed?(dependency)
597
+ if ref_changed?(dependency) && new_ref(dependency)
598
+ return new_ref(dependency)
599
+ end
586
600
 
587
601
  "`#{dependency.version[0..6]}`"
588
602
  elsif dependency.version == dependency.previous_version &&
@@ -601,15 +615,17 @@ module Dependabot
601
615
  end
602
616
 
603
617
  def previous_ref(dependency)
604
- dependency.previous_requirements.map do |r|
618
+ previous_refs = dependency.previous_requirements.map do |r|
605
619
  r.dig(:source, "ref") || r.dig(:source, :ref)
606
- end.compact.first
620
+ end.compact.uniq
621
+ return previous_refs.first if previous_refs.count == 1
607
622
  end
608
623
 
609
624
  def new_ref(dependency)
610
- dependency.requirements.map do |r|
625
+ new_refs = dependency.requirements.map do |r|
611
626
  r.dig(:source, "ref") || r.dig(:source, :ref)
612
- end.compact.first
627
+ end.compact.uniq
628
+ return new_refs.first if new_refs.count == 1
613
629
  end
614
630
 
615
631
  def old_library_requirement(dependency)
@@ -623,8 +639,6 @@ module Dependabot
623
639
  req = old_reqs.first.fetch(:requirement)
624
640
  return req if req
625
641
  return previous_ref(dependency) if ref_changed?(dependency)
626
-
627
- raise "No previous requirement!"
628
642
  end
629
643
 
630
644
  def new_library_requirement(dependency)
@@ -637,7 +651,9 @@ module Dependabot
637
651
 
638
652
  req = updated_reqs.first.fetch(:requirement)
639
653
  return req if req
640
- return new_ref(dependency) if ref_changed?(dependency)
654
+ if ref_changed?(dependency) && new_ref(dependency)
655
+ return new_ref(dependency)
656
+ end
641
657
 
642
658
  raise "No new requirement!"
643
659
  end
@@ -664,12 +680,12 @@ module Dependabot
664
680
  end
665
681
  end
666
682
 
667
- def sanitize_links_and_mentions(text)
683
+ def sanitize_links_and_mentions(text, unsafe: false)
668
684
  return text unless source.provider == "github"
669
685
 
670
686
  LinkAndMentionSanitizer.
671
687
  new(github_redirection_service: github_redirection_service).
672
- sanitize_links_and_mentions(text: text)
688
+ sanitize_links_and_mentions(text: text, unsafe: unsafe)
673
689
  end
674
690
 
675
691
  def sanitize_template_tags(text)
@@ -685,8 +701,6 @@ module Dependabot
685
701
  end
686
702
 
687
703
  def ref_changed?(dependency)
688
- return false unless previous_ref(dependency)
689
-
690
704
  previous_ref(dependency) != new_ref(dependency)
691
705
  end
692
706
 
@@ -17,9 +17,8 @@ module Dependabot
17
17
  MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
18
18
  # End of string
19
19
  EOS_REGEX = /\z/.freeze
20
- # We rely on GitHub to do the HTML sanitization
21
20
  COMMONMARKER_OPTIONS = %i(
22
- UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING
21
+ GITHUB_PRE_LANG FULL_INFO_STRING
23
22
  ).freeze
24
23
  COMMONMARKER_EXTENSIONS = %i(
25
24
  table tasklist strikethrough autolink tagfilter
@@ -31,14 +30,15 @@ module Dependabot
31
30
  @github_redirection_service = github_redirection_service
32
31
  end
33
32
 
34
- def sanitize_links_and_mentions(text:)
33
+ def sanitize_links_and_mentions(text:, unsafe: false)
35
34
  doc = CommonMarker.render_doc(
36
35
  text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
37
36
  )
38
37
 
39
38
  sanitize_mentions(doc)
40
39
  sanitize_links(doc)
41
- doc.to_html(COMMONMARKER_OPTIONS, COMMONMARKER_EXTENSIONS)
40
+ mode = unsafe ? :UNSAFE : :DEFAULT
41
+ doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
42
42
  end
43
43
 
44
44
  private
@@ -355,7 +355,7 @@ module Dependabot
355
355
  def recent_github_commits
356
356
  @recent_github_commits ||=
357
357
  github_client_for_source.commits(source.repo, per_page: 100)
358
- rescue Octokit::Conflict
358
+ rescue Octokit::Conflict, Octokit::NotFound
359
359
  @recent_github_commits ||= []
360
360
  end
361
361
 
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "dependabot/pull_request_updater/github"
4
+ require "dependabot/pull_request_updater/gitlab"
4
5
 
5
6
  module Dependabot
6
7
  class PullRequestUpdater
@@ -25,6 +26,7 @@ module Dependabot
25
26
  def update
26
27
  case source.provider
27
28
  when "github" then github_updater.update
29
+ when "gitlab" then gitlab_updater.update
28
30
  else raise "Unsupported provider #{source.provider}"
29
31
  end
30
32
  end
@@ -43,5 +45,16 @@ module Dependabot
43
45
  signature_key: signature_key
44
46
  )
45
47
  end
48
+
49
+ def gitlab_updater
50
+ Gitlab.new(
51
+ source: source,
52
+ base_commit: base_commit,
53
+ old_commit: old_commit,
54
+ files: files,
55
+ credentials: credentials,
56
+ pull_request_number: pull_request_number
57
+ )
58
+ end
46
59
  end
47
60
  end
@@ -162,7 +162,7 @@ module Dependabot
162
162
  return nil if e.message.match?(/Reference does not exist/i)
163
163
  return nil if e.message.match?(/Reference cannot be updated/i)
164
164
 
165
- if e.message.match?(/force\-push to a protected/i) ||
165
+ if e.message.match?(/protected branch/i) ||
166
166
  e.message.match?(/not authorized to push/i) ||
167
167
  e.message.match?(/must not contain merge commits/)
168
168
  raise BranchProtected
@@ -0,0 +1,85 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/clients/gitlab_with_retries"
4
+ require "dependabot/pull_request_creator"
5
+ require "gitlab"
6
+
7
+ module Dependabot
8
+ class PullRequestUpdater
9
+ class Gitlab
10
+ attr_reader :source, :files, :base_commit, :old_commit, :credentials,
11
+ :pull_request_number
12
+
13
+ def initialize(source:, base_commit:, old_commit:, files:,
14
+ credentials:, pull_request_number:)
15
+ @source = source
16
+ @base_commit = base_commit
17
+ @old_commit = old_commit
18
+ @files = files
19
+ @credentials = credentials
20
+ @pull_request_number = pull_request_number
21
+ end
22
+
23
+ def update
24
+ return unless merge_request_exists?
25
+ return unless branch_exists?(merge_request.source_branch)
26
+
27
+ create_commit
28
+ merge_request.source_branch
29
+ end
30
+
31
+ private
32
+
33
+ def merge_request_exists?
34
+ merge_request
35
+ true
36
+ rescue ::Gitlab::Error::NotFound
37
+ false
38
+ end
39
+
40
+ def merge_request
41
+ @merge_request ||= gitlab_client_for_source.merge_request(
42
+ source.repo,
43
+ pull_request_number
44
+ )
45
+ end
46
+
47
+ def gitlab_client_for_source
48
+ @gitlab_client_for_source ||=
49
+ Dependabot::Clients::GitlabWithRetries.for_source(
50
+ source: source,
51
+ credentials: credentials
52
+ )
53
+ end
54
+
55
+ def branch_exists?(name)
56
+ gitlab_client_for_source.branch(source.repo, name)
57
+ rescue ::Gitlab::Error::NotFound
58
+ false
59
+ end
60
+
61
+ def commit_being_updated
62
+ gitlab_client_for_source.commit(source.repo, old_commit)
63
+ end
64
+
65
+ def create_commit
66
+ actions = files.map do |file|
67
+ {
68
+ action: "update",
69
+ file_path: file.type == "symlink" ? file.symlink_target : file.path,
70
+ content: file.content
71
+ }
72
+ end
73
+
74
+ gitlab_client_for_source.create_commit(
75
+ source.repo,
76
+ merge_request.source_branch,
77
+ commit_being_updated.title,
78
+ actions,
79
+ force: true,
80
+ start_branch: merge_request.target_branch
81
+ )
82
+ end
83
+ end
84
+ end
85
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.1"
4
+ VERSION = "0.118.6"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.1
4
+ version: 0.118.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-04 00:00:00.000000000 Z
11
+ date: 2020-06-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -118,14 +118,14 @@ dependencies:
118
118
  requirements:
119
119
  - - '='
120
120
  - !ruby/object:Gem::Version
121
- version: 4.14.1
121
+ version: 4.15.0
122
122
  type: :runtime
123
123
  prerelease: false
124
124
  version_requirements: !ruby/object:Gem::Requirement
125
125
  requirements:
126
126
  - - '='
127
127
  - !ruby/object:Gem::Version
128
- version: 4.14.1
128
+ version: 4.15.0
129
129
  - !ruby/object:Gem::Dependency
130
130
  name: nokogiri
131
131
  requirement: !ruby/object:Gem::Requirement
@@ -306,28 +306,28 @@ dependencies:
306
306
  requirements:
307
307
  - - "~>"
308
308
  - !ruby/object:Gem::Version
309
- version: 0.83.0
309
+ version: 0.85.0
310
310
  type: :development
311
311
  prerelease: false
312
312
  version_requirements: !ruby/object:Gem::Requirement
313
313
  requirements:
314
314
  - - "~>"
315
315
  - !ruby/object:Gem::Version
316
- version: 0.83.0
316
+ version: 0.85.0
317
317
  - !ruby/object:Gem::Dependency
318
318
  name: vcr
319
319
  requirement: !ruby/object:Gem::Requirement
320
320
  requirements:
321
321
  - - '='
322
322
  - !ruby/object:Gem::Version
323
- version: '5.0'
323
+ version: 6.0.0
324
324
  type: :development
325
325
  prerelease: false
326
326
  version_requirements: !ruby/object:Gem::Requirement
327
327
  requirements:
328
328
  - - '='
329
329
  - !ruby/object:Gem::Version
330
- version: '5.0'
330
+ version: 6.0.0
331
331
  - !ruby/object:Gem::Dependency
332
332
  name: webmock
333
333
  requirement: !ruby/object:Gem::Requirement
@@ -393,6 +393,7 @@ files:
393
393
  - lib/dependabot/pull_request_creator/pr_name_prefixer.rb
394
394
  - lib/dependabot/pull_request_updater.rb
395
395
  - lib/dependabot/pull_request_updater/github.rb
396
+ - lib/dependabot/pull_request_updater/gitlab.rb
396
397
  - lib/dependabot/security_advisory.rb
397
398
  - lib/dependabot/shared_helpers.rb
398
399
  - lib/dependabot/source.rb