dependabot-common 0.118.13 → 0.119.0.beta1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of dependabot-common might be problematic. Click here for more details.

Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_file.rb +4 -0
  3. data/lib/dependabot/file_fetchers/base.rb +20 -0
  4. data/lib/dependabot/file_parsers/base.rb +4 -2
  5. data/lib/dependabot/file_updaters/base.rb +5 -2
  6. data/lib/dependabot/pull_request_creator/github.rb +15 -4
  7. data/lib/dependabot/shared_helpers.rb +20 -1
  8. data/lib/dependabot/update_checkers/base.rb +6 -5
  9. data/lib/dependabot/version.rb +1 -1
  10. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bd6bbc00b1d0c8db23fdad8a48e7c3b50dcde91cd9709066f3dca198bfc0fc12
4
- data.tar.gz: ee033ae13291b1ae755a4879a311c92ef1c3f765a7dfc8a1fbaab56b147523f9
3
+ metadata.gz: 80651d092678ba4841245e6a4fc002dfba1ab3b2e1a46ed84882885ece8e4989
4
+ data.tar.gz: f8a26ab2da34de5159d7a94d53a0d81d6f490c7ef8e045dca662bfec0d024dd8
5
5
  SHA512:
6
- metadata.gz: e785764a18c08b4223903fa24c5193e517a1bf1e0510ae84794edfeeb57c1d150dc848e23cfe2bed1df2912d4dfb043cb97f92d04a08b442d0e7cd3e03f4f031
7
- data.tar.gz: 6f3a98da4aa78275dc11ae4935925bc7e429200053ef94d7657e4c98c3e63166d1f0a4752be71d038d8a94df577eea2df4498ce09cdc2dc796d1d017e4b56fe1
6
+ metadata.gz: efe477821294e613b73ff714056185aa7c8bfaa1133e833d0c9b10ec45316de0937245faa87b81566b5fd4fa671463908e2079a65803eee032cd3028f8070304
7
+ data.tar.gz: 5b3e6f20b0df041c73eb3f5313474d62910d283748a46c4b5808123c41b6d8ec4a0d213ab33667f9770ff1a9502f6a2906e0ddaec09892e8b37ed167843e032d
data/lib/dependabot/dependency_file.rb CHANGED
@@ -79,6 +79,10 @@ module Dependabot
79
79
  @deleted
80
80
  end
81
81
 
82
+ def binary?
83
+ content_encoding == ContentEncoding::BASE64
84
+ end
85
+
82
86
  private
83
87
 
84
88
  def clean_directory(directory)
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -67,6 +67,12 @@ module Dependabot
67
67
  raise unless e.message.include?("Repository is empty")
68
68
  end
69
69
 
70
+ # Returns the path to the cloned repo
71
+ def clone_repo_contents(target_directory: nil)
72
+ @clone_repo_contents ||=
73
+ _clone_repo_contents(target_directory: target_directory)
74
+ end
75
+
70
76
  private
71
77
 
72
78
  def fetch_file_if_present(filename, fetch_submodules: false)
@@ -419,6 +425,20 @@ module Dependabot
419
425
  max_by(&:length)
420
426
  end
421
427
 
428
+ def _clone_repo_contents(target_directory:)
429
+ SharedHelpers.with_git_configured(credentials: credentials) do
430
+ path = target_directory || File.join("tmp", source.repo)
431
+ return path if Dir.exist?(File.join(path, ".git"))
432
+
433
+ FileUtils.mkdir_p(path)
434
+ br_opt = " --branch=#{source.branch} --single-branch" if source.branch
435
+ SharedHelpers.run_shell_command(
436
+ "git clone --depth=1#{br_opt} #{source.url} #{path}"
437
+ )
438
+ path
439
+ end
440
+ end
441
+
422
442
  def client_for_provider
423
443
  case source.provider
424
444
  when "github" then github_client
data/lib/dependabot/file_parsers/base.rb CHANGED
@@ -3,10 +3,12 @@
3
3
  module Dependabot
4
4
  module FileParsers
5
5
  class Base
6
- attr_reader :dependency_files, :credentials, :source
6
+ attr_reader :dependency_files, :repo_contents_path, :credentials, :source
7
7
 
8
- def initialize(dependency_files:, source:, credentials: [])
8
+ def initialize(dependency_files:, repo_contents_path: nil, source:,
9
+ credentials: [])
9
10
  @dependency_files = dependency_files
11
+ @repo_contents_path = repo_contents_path
10
12
  @credentials = credentials
11
13
  @source = source
12
14
 
data/lib/dependabot/file_updaters/base.rb CHANGED
@@ -3,15 +3,18 @@
3
3
  module Dependabot
4
4
  module FileUpdaters
5
5
  class Base
6
- attr_reader :dependencies, :dependency_files, :credentials
6
+ attr_reader :dependencies, :dependency_files, :repo_contents_path,
7
+ :credentials
7
8
 
8
9
  def self.updated_files_regex
9
10
  raise NotImplementedError
10
11
  end
11
12
 
12
- def initialize(dependencies:, dependency_files:, credentials:)
13
+ def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
14
+ credentials:)
13
15
  @dependencies = dependencies
14
16
  @dependency_files = dependency_files
17
+ @repo_contents_path = repo_contents_path
15
18
  @credentials = credentials
16
19
 
17
20
  check_required_files
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -170,12 +170,23 @@ module Dependabot
170
170
  sha: file.content
171
171
  }
172
172
  else
173
+ content = if file.binary?
174
+ sha = github_client_for_source.create_blob(
175
+ source.repo, file.content, "base64"
176
+ )
177
+ { sha: sha }
178
+ elsif file.deleted?
179
+ { sha: nil }
180
+ else
181
+ { content: file.content }
182
+ end
183
+
173
184
  {
174
- path: (file.symlink_target || file.path).sub(%r{^/}, ""),
185
+ path: (file.symlink_target ||
186
+ file.path).sub(%r{^/}, ""),
175
187
  mode: "100644",
176
- type: "blob",
177
- content: file.content
178
- }
188
+ type: "blob"
189
+ }.merge(content)
179
190
  end
180
191
  end
181
192
 
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -29,6 +29,19 @@ module Dependabot
29
29
  end
30
30
  end
31
31
 
32
+ def self.in_a_temporary_repo_directory(directory = "/",
33
+ repo_contents_path = nil,
34
+ &block)
35
+ if repo_contents_path
36
+ path = Pathname.new(File.join(repo_contents_path, directory)).
37
+ expand_path
38
+ reset_git_repo(repo_contents_path)
39
+ Dir.chdir(path) { yield(path) }
40
+ else
41
+ in_a_temporary_directory(directory, &block)
42
+ end
43
+ end
44
+
32
45
  def self.in_a_temporary_directory(directory = "/")
33
46
  Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
34
47
  Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
209
222
  File.write("git.store", git_store_content)
210
223
  end
211
224
 
225
+ def self.reset_git_repo(path)
226
+ Dir.chdir(path) do
227
+ run_shell_command("git reset HEAD --hard && git clean -fx")
228
+ end
229
+ end
230
+
212
231
  def self.stash_global_git_config
213
232
  return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
214
233
 
@@ -234,7 +253,7 @@ module Dependabot
234
253
 
235
254
  # Raise an error with the output from the shell session if the
236
255
  # command returns a non-zero status
237
- return if process.success?
256
+ return stdout if process.success?
238
257
 
239
258
  error_context = {
240
259
  command: command,
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
7
7
  module Dependabot
8
8
  module UpdateCheckers
9
9
  class Base
10
- attr_reader :dependency, :dependency_files, :credentials,
11
- :ignored_versions, :raise_on_ignored,
10
+ attr_reader :dependency, :dependency_files, :repo_contents_path,
11
+ :credentials, :ignored_versions, :raise_on_ignored,
12
12
  :security_advisories, :requirements_update_strategy
13
13
 
14
- def initialize(dependency:, dependency_files:, credentials:,
15
- ignored_versions: [], raise_on_ignored: false,
16
- security_advisories: [],
14
+ def initialize(dependency:, dependency_files:, repo_contents_path: nil,
15
+ credentials:, ignored_versions: [],
16
+ raise_on_ignored: false, security_advisories: [],
17
17
  requirements_update_strategy: nil)
18
18
  @dependency = dependency
19
19
  @dependency_files = dependency_files
20
+ @repo_contents_path = repo_contents_path
20
21
  @credentials = credentials
21
22
  @requirements_update_strategy = requirements_update_strategy
22
23
  @ignored_versions = ignored_versions
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.13"
4
+ VERSION = "0.119.0.beta1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.13
4
+ version: 0.119.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-19 00:00:00.000000000 Z
11
+ date: 2020-08-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -393,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
393
393
  licenses:
394
394
  - Nonstandard
395
395
  metadata: {}
396
- post_install_message:
396
+ post_install_message:
397
397
  rdoc_options: []
398
398
  require_paths:
399
399
  - lib
@@ -408,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
408
408
  - !ruby/object:Gem::Version
409
409
  version: 2.7.3
410
410
  requirements: []
411
- rubygems_version: 3.1.2
412
- signing_key:
411
+ rubygems_version: 3.1.4
412
+ signing_key:
413
413
  specification_version: 4
414
414
  summary: Shared code used between Dependabot package managers
415
415
  test_files: []