dependabot-common 0.118.13 → 0.119.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency_file.rb +10 -0
- data/lib/dependabot/file_fetchers/base.rb +24 -0
- data/lib/dependabot/file_parsers/base.rb +4 -2
- data/lib/dependabot/file_updaters/base.rb +5 -2
- data/lib/dependabot/pull_request_creator/github.rb +15 -4
- data/lib/dependabot/pull_request_updater/github.rb +18 -9
- data/lib/dependabot/shared_helpers.rb +20 -1
- data/lib/dependabot/update_checkers/base.rb +6 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 11774a38db75940a3727571cdf972d5faa8cf2c165c5df9b62584dd9222d7a1d
|
4
|
+
data.tar.gz: f29fba0197829fac53e36527ba0555eac9ae227cf59beda92794bbdb0fe9afc1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eff4565d876fb1fe64908023ea1d44147733543e772a5fba9cca46f166c8bc497c537f2d4968b17f8268faa523167e7a9292f235ec1630bb069231ccc30ad72a
|
7
|
+
data.tar.gz: 129157964c2f049c0165e2ff9b6c868ccedea66812d1b267cb102b2151e5e42eb6e14a541c2612f0e89acf3b5169f842fd8684ad93d7c4d786573ba8f125eb4a
|
@@ -79,6 +79,16 @@ module Dependabot
|
|
79
79
|
@deleted
|
80
80
|
end
|
81
81
|
|
82
|
+
def binary?
|
83
|
+
content_encoding == ContentEncoding::BASE64
|
84
|
+
end
|
85
|
+
|
86
|
+
def decoded_content
|
87
|
+
return Base64.decode64(content) if binary?
|
88
|
+
|
89
|
+
content
|
90
|
+
end
|
91
|
+
|
82
92
|
private
|
83
93
|
|
84
94
|
def clean_directory(directory)
|
@@ -67,6 +67,12 @@ module Dependabot
|
|
67
67
|
raise unless e.message.include?("Repository is empty")
|
68
68
|
end
|
69
69
|
|
70
|
+
# Returns the path to the cloned repo
|
71
|
+
def clone_repo_contents(target_directory: nil)
|
72
|
+
@clone_repo_contents ||=
|
73
|
+
_clone_repo_contents(target_directory: target_directory)
|
74
|
+
end
|
75
|
+
|
70
76
|
private
|
71
77
|
|
72
78
|
def fetch_file_if_present(filename, fetch_submodules: false)
|
@@ -419,6 +425,24 @@ module Dependabot
|
|
419
425
|
max_by(&:length)
|
420
426
|
end
|
421
427
|
|
428
|
+
def _clone_repo_contents(target_directory:)
|
429
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
430
|
+
path = target_directory || File.join("tmp", source.repo)
|
431
|
+
# Assume we're retrying the same branch, or that a `target_directory`
|
432
|
+
# is specified when retrying a different branch.
|
433
|
+
return path if Dir.exist?(File.join(path, ".git"))
|
434
|
+
|
435
|
+
FileUtils.mkdir_p(path)
|
436
|
+
br_opt = " --branch=#{source.branch} --single-branch" if source.branch
|
437
|
+
SharedHelpers.run_shell_command(
|
438
|
+
<<~CMD
|
439
|
+
git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
|
440
|
+
CMD
|
441
|
+
)
|
442
|
+
path
|
443
|
+
end
|
444
|
+
end
|
445
|
+
|
422
446
|
def client_for_provider
|
423
447
|
case source.provider
|
424
448
|
when "github" then github_client
|
@@ -3,10 +3,12 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileParsers
|
5
5
|
class Base
|
6
|
-
attr_reader :dependency_files, :credentials, :source
|
6
|
+
attr_reader :dependency_files, :repo_contents_path, :credentials, :source
|
7
7
|
|
8
|
-
def initialize(dependency_files:, source:,
|
8
|
+
def initialize(dependency_files:, repo_contents_path: nil, source:,
|
9
|
+
credentials: [])
|
9
10
|
@dependency_files = dependency_files
|
11
|
+
@repo_contents_path = repo_contents_path
|
10
12
|
@credentials = credentials
|
11
13
|
@source = source
|
12
14
|
|
@@ -3,15 +3,18 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileUpdaters
|
5
5
|
class Base
|
6
|
-
attr_reader :dependencies, :dependency_files, :
|
6
|
+
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
7
|
+
:credentials
|
7
8
|
|
8
9
|
def self.updated_files_regex
|
9
10
|
raise NotImplementedError
|
10
11
|
end
|
11
12
|
|
12
|
-
def initialize(dependencies:, dependency_files:,
|
13
|
+
def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
|
14
|
+
credentials:)
|
13
15
|
@dependencies = dependencies
|
14
16
|
@dependency_files = dependency_files
|
17
|
+
@repo_contents_path = repo_contents_path
|
15
18
|
@credentials = credentials
|
16
19
|
|
17
20
|
check_required_files
|
@@ -170,12 +170,23 @@ module Dependabot
|
|
170
170
|
sha: file.content
|
171
171
|
}
|
172
172
|
else
|
173
|
+
content = if file.deleted?
|
174
|
+
{ sha: nil }
|
175
|
+
elsif file.binary?
|
176
|
+
sha = github_client_for_source.create_blob(
|
177
|
+
source.repo, file.content, "base64"
|
178
|
+
)
|
179
|
+
{ sha: sha }
|
180
|
+
else
|
181
|
+
{ content: file.content }
|
182
|
+
end
|
183
|
+
|
173
184
|
{
|
174
|
-
path: (file.symlink_target ||
|
185
|
+
path: (file.symlink_target ||
|
186
|
+
file.path).sub(%r{^/}, ""),
|
175
187
|
mode: "100644",
|
176
|
-
type: "blob"
|
177
|
-
|
178
|
-
}
|
188
|
+
type: "blob"
|
189
|
+
}.merge(content)
|
179
190
|
end
|
180
191
|
end
|
181
192
|
|
@@ -124,14 +124,7 @@ module Dependabot
|
|
124
124
|
|
125
125
|
def create_tree
|
126
126
|
file_trees = files.map do |file|
|
127
|
-
if
|
128
|
-
{
|
129
|
-
path: (file.symlink_target || file.path).sub(%r{^/}, ""),
|
130
|
-
mode: "100644",
|
131
|
-
type: "blob",
|
132
|
-
content: file.content
|
133
|
-
}
|
134
|
-
elsif file.type == "submodule"
|
127
|
+
if file.type == "submodule"
|
135
128
|
{
|
136
129
|
path: file.path.sub(%r{^/}, ""),
|
137
130
|
mode: "160000",
|
@@ -139,7 +132,23 @@ module Dependabot
|
|
139
132
|
sha: file.content
|
140
133
|
}
|
141
134
|
else
|
142
|
-
|
135
|
+
content = if file.deleted?
|
136
|
+
{ sha: nil }
|
137
|
+
elsif file.binary?
|
138
|
+
sha = github_client_for_source.create_blob(
|
139
|
+
source.repo, file.content, "base64"
|
140
|
+
)
|
141
|
+
{ sha: sha }
|
142
|
+
else
|
143
|
+
{ content: file.content }
|
144
|
+
end
|
145
|
+
|
146
|
+
{
|
147
|
+
path: (file.symlink_target ||
|
148
|
+
file.path).sub(%r{^/}, ""),
|
149
|
+
mode: "100644",
|
150
|
+
type: "blob"
|
151
|
+
}.merge(content)
|
143
152
|
end
|
144
153
|
end
|
145
154
|
|
@@ -29,6 +29,19 @@ module Dependabot
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
def self.in_a_temporary_repo_directory(directory = "/",
|
33
|
+
repo_contents_path = nil,
|
34
|
+
&block)
|
35
|
+
if repo_contents_path
|
36
|
+
path = Pathname.new(File.join(repo_contents_path, directory)).
|
37
|
+
expand_path
|
38
|
+
reset_git_repo(repo_contents_path)
|
39
|
+
Dir.chdir(path) { yield(path) }
|
40
|
+
else
|
41
|
+
in_a_temporary_directory(directory, &block)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
32
45
|
def self.in_a_temporary_directory(directory = "/")
|
33
46
|
Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
|
34
47
|
Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
|
@@ -209,6 +222,12 @@ module Dependabot
|
|
209
222
|
File.write("git.store", git_store_content)
|
210
223
|
end
|
211
224
|
|
225
|
+
def self.reset_git_repo(path)
|
226
|
+
Dir.chdir(path) do
|
227
|
+
run_shell_command("git reset HEAD --hard && git clean -fx")
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
212
231
|
def self.stash_global_git_config
|
213
232
|
return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
|
214
233
|
|
@@ -234,7 +253,7 @@ module Dependabot
|
|
234
253
|
|
235
254
|
# Raise an error with the output from the shell session if the
|
236
255
|
# command returns a non-zero status
|
237
|
-
return if process.success?
|
256
|
+
return stdout if process.success?
|
238
257
|
|
239
258
|
error_context = {
|
240
259
|
command: command,
|
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
|
|
7
7
|
module Dependabot
|
8
8
|
module UpdateCheckers
|
9
9
|
class Base
|
10
|
-
attr_reader :dependency, :dependency_files, :
|
11
|
-
:ignored_versions, :raise_on_ignored,
|
10
|
+
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
11
|
+
:credentials, :ignored_versions, :raise_on_ignored,
|
12
12
|
:security_advisories, :requirements_update_strategy
|
13
13
|
|
14
|
-
def initialize(dependency:, dependency_files:,
|
15
|
-
ignored_versions: [],
|
16
|
-
security_advisories: [],
|
14
|
+
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
15
|
+
credentials:, ignored_versions: [],
|
16
|
+
raise_on_ignored: false, security_advisories: [],
|
17
17
|
requirements_update_strategy: nil)
|
18
18
|
@dependency = dependency
|
19
19
|
@dependency_files = dependency_files
|
20
|
+
@repo_contents_path = repo_contents_path
|
20
21
|
@credentials = credentials
|
21
22
|
@requirements_update_strategy = requirements_update_strategy
|
22
23
|
@ignored_versions = ignored_versions
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-08-
|
11
|
+
date: 2020-08-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|