dependabot-common 0.118.13 → 0.119.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of dependabot-common might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bd6bbc00b1d0c8db23fdad8a48e7c3b50dcde91cd9709066f3dca198bfc0fc12
4
- data.tar.gz: ee033ae13291b1ae755a4879a311c92ef1c3f765a7dfc8a1fbaab56b147523f9
3
+ metadata.gz: 11774a38db75940a3727571cdf972d5faa8cf2c165c5df9b62584dd9222d7a1d
4
+ data.tar.gz: f29fba0197829fac53e36527ba0555eac9ae227cf59beda92794bbdb0fe9afc1
5
5
  SHA512:
6
- metadata.gz: e785764a18c08b4223903fa24c5193e517a1bf1e0510ae84794edfeeb57c1d150dc848e23cfe2bed1df2912d4dfb043cb97f92d04a08b442d0e7cd3e03f4f031
7
- data.tar.gz: 6f3a98da4aa78275dc11ae4935925bc7e429200053ef94d7657e4c98c3e63166d1f0a4752be71d038d8a94df577eea2df4498ce09cdc2dc796d1d017e4b56fe1
6
+ metadata.gz: eff4565d876fb1fe64908023ea1d44147733543e772a5fba9cca46f166c8bc497c537f2d4968b17f8268faa523167e7a9292f235ec1630bb069231ccc30ad72a
7
+ data.tar.gz: 129157964c2f049c0165e2ff9b6c868ccedea66812d1b267cb102b2151e5e42eb6e14a541c2612f0e89acf3b5169f842fd8684ad93d7c4d786573ba8f125eb4a
@@ -79,6 +79,16 @@ module Dependabot
79
79
  @deleted
80
80
  end
81
81
 
82
+ def binary?
83
+ content_encoding == ContentEncoding::BASE64
84
+ end
85
+
86
+ def decoded_content
87
+ return Base64.decode64(content) if binary?
88
+
89
+ content
90
+ end
91
+
82
92
  private
83
93
 
84
94
  def clean_directory(directory)
@@ -67,6 +67,12 @@ module Dependabot
67
67
  raise unless e.message.include?("Repository is empty")
68
68
  end
69
69
 
70
+ # Returns the path to the cloned repo
71
+ def clone_repo_contents(target_directory: nil)
72
+ @clone_repo_contents ||=
73
+ _clone_repo_contents(target_directory: target_directory)
74
+ end
75
+
70
76
  private
71
77
 
72
78
  def fetch_file_if_present(filename, fetch_submodules: false)
@@ -419,6 +425,24 @@ module Dependabot
419
425
  max_by(&:length)
420
426
  end
421
427
 
428
+ def _clone_repo_contents(target_directory:)
429
+ SharedHelpers.with_git_configured(credentials: credentials) do
430
+ path = target_directory || File.join("tmp", source.repo)
431
+ # Assume we're retrying the same branch, or that a `target_directory`
432
+ # is specified when retrying a different branch.
433
+ return path if Dir.exist?(File.join(path, ".git"))
434
+
435
+ FileUtils.mkdir_p(path)
436
+ br_opt = " --branch=#{source.branch} --single-branch" if source.branch
437
+ SharedHelpers.run_shell_command(
438
+ <<~CMD
439
+ git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
440
+ CMD
441
+ )
442
+ path
443
+ end
444
+ end
445
+
422
446
  def client_for_provider
423
447
  case source.provider
424
448
  when "github" then github_client
@@ -3,10 +3,12 @@
3
3
  module Dependabot
4
4
  module FileParsers
5
5
  class Base
6
- attr_reader :dependency_files, :credentials, :source
6
+ attr_reader :dependency_files, :repo_contents_path, :credentials, :source
7
7
 
8
- def initialize(dependency_files:, source:, credentials: [])
8
+ def initialize(dependency_files:, repo_contents_path: nil, source:,
9
+ credentials: [])
9
10
  @dependency_files = dependency_files
11
+ @repo_contents_path = repo_contents_path
10
12
  @credentials = credentials
11
13
  @source = source
12
14
 
@@ -3,15 +3,18 @@
3
3
  module Dependabot
4
4
  module FileUpdaters
5
5
  class Base
6
- attr_reader :dependencies, :dependency_files, :credentials
6
+ attr_reader :dependencies, :dependency_files, :repo_contents_path,
7
+ :credentials
7
8
 
8
9
  def self.updated_files_regex
9
10
  raise NotImplementedError
10
11
  end
11
12
 
12
- def initialize(dependencies:, dependency_files:, credentials:)
13
+ def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
14
+ credentials:)
13
15
  @dependencies = dependencies
14
16
  @dependency_files = dependency_files
17
+ @repo_contents_path = repo_contents_path
15
18
  @credentials = credentials
16
19
 
17
20
  check_required_files
@@ -170,12 +170,23 @@ module Dependabot
170
170
  sha: file.content
171
171
  }
172
172
  else
173
+ content = if file.deleted?
174
+ { sha: nil }
175
+ elsif file.binary?
176
+ sha = github_client_for_source.create_blob(
177
+ source.repo, file.content, "base64"
178
+ )
179
+ { sha: sha }
180
+ else
181
+ { content: file.content }
182
+ end
183
+
173
184
  {
174
- path: (file.symlink_target || file.path).sub(%r{^/}, ""),
185
+ path: (file.symlink_target ||
186
+ file.path).sub(%r{^/}, ""),
175
187
  mode: "100644",
176
- type: "blob",
177
- content: file.content
178
- }
188
+ type: "blob"
189
+ }.merge(content)
179
190
  end
180
191
  end
181
192
 
@@ -124,14 +124,7 @@ module Dependabot
124
124
 
125
125
  def create_tree
126
126
  file_trees = files.map do |file|
127
- if %w(file symlink).include?(file.type)
128
- {
129
- path: (file.symlink_target || file.path).sub(%r{^/}, ""),
130
- mode: "100644",
131
- type: "blob",
132
- content: file.content
133
- }
134
- elsif file.type == "submodule"
127
+ if file.type == "submodule"
135
128
  {
136
129
  path: file.path.sub(%r{^/}, ""),
137
130
  mode: "160000",
@@ -139,7 +132,23 @@ module Dependabot
139
132
  sha: file.content
140
133
  }
141
134
  else
142
- raise "Unknown file type #{file.type}"
135
+ content = if file.deleted?
136
+ { sha: nil }
137
+ elsif file.binary?
138
+ sha = github_client_for_source.create_blob(
139
+ source.repo, file.content, "base64"
140
+ )
141
+ { sha: sha }
142
+ else
143
+ { content: file.content }
144
+ end
145
+
146
+ {
147
+ path: (file.symlink_target ||
148
+ file.path).sub(%r{^/}, ""),
149
+ mode: "100644",
150
+ type: "blob"
151
+ }.merge(content)
143
152
  end
144
153
  end
145
154
 
@@ -29,6 +29,19 @@ module Dependabot
29
29
  end
30
30
  end
31
31
 
32
+ def self.in_a_temporary_repo_directory(directory = "/",
33
+ repo_contents_path = nil,
34
+ &block)
35
+ if repo_contents_path
36
+ path = Pathname.new(File.join(repo_contents_path, directory)).
37
+ expand_path
38
+ reset_git_repo(repo_contents_path)
39
+ Dir.chdir(path) { yield(path) }
40
+ else
41
+ in_a_temporary_directory(directory, &block)
42
+ end
43
+ end
44
+
32
45
  def self.in_a_temporary_directory(directory = "/")
33
46
  Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
34
47
  Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
209
222
  File.write("git.store", git_store_content)
210
223
  end
211
224
 
225
+ def self.reset_git_repo(path)
226
+ Dir.chdir(path) do
227
+ run_shell_command("git reset HEAD --hard && git clean -fx")
228
+ end
229
+ end
230
+
212
231
  def self.stash_global_git_config
213
232
  return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
214
233
 
@@ -234,7 +253,7 @@ module Dependabot
234
253
 
235
254
  # Raise an error with the output from the shell session if the
236
255
  # command returns a non-zero status
237
- return if process.success?
256
+ return stdout if process.success?
238
257
 
239
258
  error_context = {
240
259
  command: command,
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
7
7
  module Dependabot
8
8
  module UpdateCheckers
9
9
  class Base
10
- attr_reader :dependency, :dependency_files, :credentials,
11
- :ignored_versions, :raise_on_ignored,
10
+ attr_reader :dependency, :dependency_files, :repo_contents_path,
11
+ :credentials, :ignored_versions, :raise_on_ignored,
12
12
  :security_advisories, :requirements_update_strategy
13
13
 
14
- def initialize(dependency:, dependency_files:, credentials:,
15
- ignored_versions: [], raise_on_ignored: false,
16
- security_advisories: [],
14
+ def initialize(dependency:, dependency_files:, repo_contents_path: nil,
15
+ credentials:, ignored_versions: [],
16
+ raise_on_ignored: false, security_advisories: [],
17
17
  requirements_update_strategy: nil)
18
18
  @dependency = dependency
19
19
  @dependency_files = dependency_files
20
+ @repo_contents_path = repo_contents_path
20
21
  @credentials = credentials
21
22
  @requirements_update_strategy = requirements_update_strategy
22
23
  @ignored_versions = ignored_versions
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.13"
4
+ VERSION = "0.119.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.13
4
+ version: 0.119.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-19 00:00:00.000000000 Z
11
+ date: 2020-08-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit