dependabot-common 0.118.14 → 0.119.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of dependabot-common might be problematic. Click here for more details.

Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_file.rb +6 -0
  3. data/lib/dependabot/file_fetchers/base.rb +24 -0
  4. data/lib/dependabot/file_parsers/base.rb +4 -2
  5. data/lib/dependabot/file_updaters/base.rb +5 -2
  6. data/lib/dependabot/pull_request_creator/github.rb +3 -3
  7. data/lib/dependabot/pull_request_updater/github.rb +3 -3
  8. data/lib/dependabot/shared_helpers.rb +20 -1
  9. data/lib/dependabot/update_checkers/base.rb +6 -5
  10. data/lib/dependabot/version.rb +1 -1
  11. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 84fc6de52cc27e73d87e47a52eb9f0762d0d25b45c0e8cce770751df9cfbbc8c
4
- data.tar.gz: 33d975df35aa3cd3813ee2ac0190b91359cec73a38826fb35e0bb8cf083b9d98
3
+ metadata.gz: 55d06a3a88c37d000b5380d1b1dcc12179e035967017f61ec7f310279836656a
4
+ data.tar.gz: 3bdff5a073acdb9d4440319bf3120d20687417ec3b6f4287ec7358f349baaa0a
5
5
  SHA512:
6
- metadata.gz: d230bcb964358475dfdfe08ba0be8166575c3c53579f6679e3049da2acd5e1c1dabac82fc828be64650f1a0740af6c72cefd8320a5b27e5be2b7a7e5ed754f40
7
- data.tar.gz: a1dd576f083646595e238ef04924ccc2e0c208d8e15b356e4f7306655ea9bb59ba699929df0e2fb9038b83b2788d6c0a8dc7eb30de2caeea5c9394a5eff1f2dc
6
+ metadata.gz: 127a52768582e1e2e179ce49b95229d05b6b6d0c50a4991c131297cfc2ba126e2f82afb786dbd6da3222f567020f51da7273de336e489a88e703571c825f481d
7
+ data.tar.gz: cef7b76143722481b5c9a034104e211493489fe5815d73ea83dd2f2db0415211d36b8b87ec865f0dd3e01549057eba986e52888621ca31d791ca32e25de38d5e
data/lib/dependabot/dependency_file.rb CHANGED
@@ -83,6 +83,12 @@ module Dependabot
83
83
  content_encoding == ContentEncoding::BASE64
84
84
  end
85
85
 
86
+ def decoded_content
87
+ return Base64.decode64(content) if binary?
88
+
89
+ content
90
+ end
91
+
86
92
  private
87
93
 
88
94
  def clean_directory(directory)
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -67,6 +67,12 @@ module Dependabot
67
67
  raise unless e.message.include?("Repository is empty")
68
68
  end
69
69
 
70
+ # Returns the path to the cloned repo
71
+ def clone_repo_contents(target_directory: nil)
72
+ @clone_repo_contents ||=
73
+ _clone_repo_contents(target_directory: target_directory)
74
+ end
75
+
70
76
  private
71
77
 
72
78
  def fetch_file_if_present(filename, fetch_submodules: false)
@@ -419,6 +425,24 @@ module Dependabot
419
425
  max_by(&:length)
420
426
  end
421
427
 
428
+ def _clone_repo_contents(target_directory:)
429
+ SharedHelpers.with_git_configured(credentials: credentials) do
430
+ path = target_directory || File.join("tmp", source.repo)
431
+ # Assume we're retrying the same branch, or that a `target_directory`
432
+ # is specified when retrying a different branch.
433
+ return path if Dir.exist?(File.join(path, ".git"))
434
+
435
+ FileUtils.mkdir_p(path)
436
+ br_opt = " --branch=#{source.branch} --single-branch" if source.branch
437
+ SharedHelpers.run_shell_command(
438
+ <<~CMD
439
+ git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
440
+ CMD
441
+ )
442
+ path
443
+ end
444
+ end
445
+
422
446
  def client_for_provider
423
447
  case source.provider
424
448
  when "github" then github_client
data/lib/dependabot/file_parsers/base.rb CHANGED
@@ -3,10 +3,12 @@
3
3
  module Dependabot
4
4
  module FileParsers
5
5
  class Base
6
- attr_reader :dependency_files, :credentials, :source
6
+ attr_reader :dependency_files, :repo_contents_path, :credentials, :source
7
7
 
8
- def initialize(dependency_files:, source:, credentials: [])
8
+ def initialize(dependency_files:, repo_contents_path: nil, source:,
9
+ credentials: [])
9
10
  @dependency_files = dependency_files
11
+ @repo_contents_path = repo_contents_path
10
12
  @credentials = credentials
11
13
  @source = source
12
14
 
data/lib/dependabot/file_updaters/base.rb CHANGED
@@ -3,15 +3,18 @@
3
3
  module Dependabot
4
4
  module FileUpdaters
5
5
  class Base
6
- attr_reader :dependencies, :dependency_files, :credentials
6
+ attr_reader :dependencies, :dependency_files, :repo_contents_path,
7
+ :credentials
7
8
 
8
9
  def self.updated_files_regex
9
10
  raise NotImplementedError
10
11
  end
11
12
 
12
- def initialize(dependencies:, dependency_files:, credentials:)
13
+ def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
14
+ credentials:)
13
15
  @dependencies = dependencies
14
16
  @dependency_files = dependency_files
17
+ @repo_contents_path = repo_contents_path
15
18
  @credentials = credentials
16
19
 
17
20
  check_required_files
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -170,13 +170,13 @@ module Dependabot
170
170
  sha: file.content
171
171
  }
172
172
  else
173
- content = if file.binary?
173
+ content = if file.deleted?
174
+ { sha: nil }
175
+ elsif file.binary?
174
176
  sha = github_client_for_source.create_blob(
175
177
  source.repo, file.content, "base64"
176
178
  )
177
179
  { sha: sha }
178
- elsif file.deleted?
179
- { sha: nil }
180
180
  else
181
181
  { content: file.content }
182
182
  end
data/lib/dependabot/pull_request_updater/github.rb CHANGED
@@ -132,13 +132,13 @@ module Dependabot
132
132
  sha: file.content
133
133
  }
134
134
  else
135
- content = if file.binary?
135
+ content = if file.deleted?
136
+ { sha: nil }
137
+ elsif file.binary?
136
138
  sha = github_client_for_source.create_blob(
137
139
  source.repo, file.content, "base64"
138
140
  )
139
141
  { sha: sha }
140
- elsif file.deleted?
141
- { sha: nil }
142
142
  else
143
143
  { content: file.content }
144
144
  end
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -29,6 +29,19 @@ module Dependabot
29
29
  end
30
30
  end
31
31
 
32
+ def self.in_a_temporary_repo_directory(directory = "/",
33
+ repo_contents_path = nil,
34
+ &block)
35
+ if repo_contents_path
36
+ path = Pathname.new(File.join(repo_contents_path, directory)).
37
+ expand_path
38
+ reset_git_repo(repo_contents_path)
39
+ Dir.chdir(path) { yield(path) }
40
+ else
41
+ in_a_temporary_directory(directory, &block)
42
+ end
43
+ end
44
+
32
45
  def self.in_a_temporary_directory(directory = "/")
33
46
  Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
34
47
  Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
209
222
  File.write("git.store", git_store_content)
210
223
  end
211
224
 
225
+ def self.reset_git_repo(path)
226
+ Dir.chdir(path) do
227
+ run_shell_command("git reset HEAD --hard && git clean -fx")
228
+ end
229
+ end
230
+
212
231
  def self.stash_global_git_config
213
232
  return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
214
233
 
@@ -234,7 +253,7 @@ module Dependabot
234
253
 
235
254
  # Raise an error with the output from the shell session if the
236
255
  # command returns a non-zero status
237
- return if process.success?
256
+ return stdout if process.success?
238
257
 
239
258
  error_context = {
240
259
  command: command,
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
7
7
  module Dependabot
8
8
  module UpdateCheckers
9
9
  class Base
10
- attr_reader :dependency, :dependency_files, :credentials,
11
- :ignored_versions, :raise_on_ignored,
10
+ attr_reader :dependency, :dependency_files, :repo_contents_path,
11
+ :credentials, :ignored_versions, :raise_on_ignored,
12
12
  :security_advisories, :requirements_update_strategy
13
13
 
14
- def initialize(dependency:, dependency_files:, credentials:,
15
- ignored_versions: [], raise_on_ignored: false,
16
- security_advisories: [],
14
+ def initialize(dependency:, dependency_files:, repo_contents_path: nil,
15
+ credentials:, ignored_versions: [],
16
+ raise_on_ignored: false, security_advisories: [],
17
17
  requirements_update_strategy: nil)
18
18
  @dependency = dependency
19
19
  @dependency_files = dependency_files
20
+ @repo_contents_path = repo_contents_path
20
21
  @credentials = credentials
21
22
  @requirements_update_strategy = requirements_update_strategy
22
23
  @ignored_versions = ignored_versions
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.14"
4
+ VERSION = "0.119.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.14
4
+ version: 0.119.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2020-08-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit