dependabot-common 0.118.14 → 0.119.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency_file.rb +6 -0
- data/lib/dependabot/file_fetchers/base.rb +24 -0
- data/lib/dependabot/file_parsers/base.rb +4 -2
- data/lib/dependabot/file_updaters/base.rb +5 -2
- data/lib/dependabot/pull_request_creator/github.rb +3 -3
- data/lib/dependabot/pull_request_updater/github.rb +3 -3
- data/lib/dependabot/shared_helpers.rb +20 -1
- data/lib/dependabot/update_checkers/base.rb +6 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55d06a3a88c37d000b5380d1b1dcc12179e035967017f61ec7f310279836656a
|
4
|
+
data.tar.gz: 3bdff5a073acdb9d4440319bf3120d20687417ec3b6f4287ec7358f349baaa0a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 127a52768582e1e2e179ce49b95229d05b6b6d0c50a4991c131297cfc2ba126e2f82afb786dbd6da3222f567020f51da7273de336e489a88e703571c825f481d
|
7
|
+
data.tar.gz: cef7b76143722481b5c9a034104e211493489fe5815d73ea83dd2f2db0415211d36b8b87ec865f0dd3e01549057eba986e52888621ca31d791ca32e25de38d5e
|
@@ -67,6 +67,12 @@ module Dependabot
|
|
67
67
|
raise unless e.message.include?("Repository is empty")
|
68
68
|
end
|
69
69
|
|
70
|
+
# Returns the path to the cloned repo
|
71
|
+
def clone_repo_contents(target_directory: nil)
|
72
|
+
@clone_repo_contents ||=
|
73
|
+
_clone_repo_contents(target_directory: target_directory)
|
74
|
+
end
|
75
|
+
|
70
76
|
private
|
71
77
|
|
72
78
|
def fetch_file_if_present(filename, fetch_submodules: false)
|
@@ -419,6 +425,24 @@ module Dependabot
|
|
419
425
|
max_by(&:length)
|
420
426
|
end
|
421
427
|
|
428
|
+
def _clone_repo_contents(target_directory:)
|
429
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
430
|
+
path = target_directory || File.join("tmp", source.repo)
|
431
|
+
# Assume we're retrying the same branch, or that a `target_directory`
|
432
|
+
# is specified when retrying a different branch.
|
433
|
+
return path if Dir.exist?(File.join(path, ".git"))
|
434
|
+
|
435
|
+
FileUtils.mkdir_p(path)
|
436
|
+
br_opt = " --branch=#{source.branch} --single-branch" if source.branch
|
437
|
+
SharedHelpers.run_shell_command(
|
438
|
+
<<~CMD
|
439
|
+
git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
|
440
|
+
CMD
|
441
|
+
)
|
442
|
+
path
|
443
|
+
end
|
444
|
+
end
|
445
|
+
|
422
446
|
def client_for_provider
|
423
447
|
case source.provider
|
424
448
|
when "github" then github_client
|
@@ -3,10 +3,12 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileParsers
|
5
5
|
class Base
|
6
|
-
attr_reader :dependency_files, :credentials, :source
|
6
|
+
attr_reader :dependency_files, :repo_contents_path, :credentials, :source
|
7
7
|
|
8
|
-
def initialize(dependency_files:, source:,
|
8
|
+
def initialize(dependency_files:, repo_contents_path: nil, source:,
|
9
|
+
credentials: [])
|
9
10
|
@dependency_files = dependency_files
|
11
|
+
@repo_contents_path = repo_contents_path
|
10
12
|
@credentials = credentials
|
11
13
|
@source = source
|
12
14
|
|
@@ -3,15 +3,18 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileUpdaters
|
5
5
|
class Base
|
6
|
-
attr_reader :dependencies, :dependency_files, :
|
6
|
+
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
7
|
+
:credentials
|
7
8
|
|
8
9
|
def self.updated_files_regex
|
9
10
|
raise NotImplementedError
|
10
11
|
end
|
11
12
|
|
12
|
-
def initialize(dependencies:, dependency_files:,
|
13
|
+
def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
|
14
|
+
credentials:)
|
13
15
|
@dependencies = dependencies
|
14
16
|
@dependency_files = dependency_files
|
17
|
+
@repo_contents_path = repo_contents_path
|
15
18
|
@credentials = credentials
|
16
19
|
|
17
20
|
check_required_files
|
@@ -170,13 +170,13 @@ module Dependabot
|
|
170
170
|
sha: file.content
|
171
171
|
}
|
172
172
|
else
|
173
|
-
content = if file.
|
173
|
+
content = if file.deleted?
|
174
|
+
{ sha: nil }
|
175
|
+
elsif file.binary?
|
174
176
|
sha = github_client_for_source.create_blob(
|
175
177
|
source.repo, file.content, "base64"
|
176
178
|
)
|
177
179
|
{ sha: sha }
|
178
|
-
elsif file.deleted?
|
179
|
-
{ sha: nil }
|
180
180
|
else
|
181
181
|
{ content: file.content }
|
182
182
|
end
|
@@ -132,13 +132,13 @@ module Dependabot
|
|
132
132
|
sha: file.content
|
133
133
|
}
|
134
134
|
else
|
135
|
-
content = if file.
|
135
|
+
content = if file.deleted?
|
136
|
+
{ sha: nil }
|
137
|
+
elsif file.binary?
|
136
138
|
sha = github_client_for_source.create_blob(
|
137
139
|
source.repo, file.content, "base64"
|
138
140
|
)
|
139
141
|
{ sha: sha }
|
140
|
-
elsif file.deleted?
|
141
|
-
{ sha: nil }
|
142
142
|
else
|
143
143
|
{ content: file.content }
|
144
144
|
end
|
@@ -29,6 +29,19 @@ module Dependabot
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
def self.in_a_temporary_repo_directory(directory = "/",
|
33
|
+
repo_contents_path = nil,
|
34
|
+
&block)
|
35
|
+
if repo_contents_path
|
36
|
+
path = Pathname.new(File.join(repo_contents_path, directory)).
|
37
|
+
expand_path
|
38
|
+
reset_git_repo(repo_contents_path)
|
39
|
+
Dir.chdir(path) { yield(path) }
|
40
|
+
else
|
41
|
+
in_a_temporary_directory(directory, &block)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
32
45
|
def self.in_a_temporary_directory(directory = "/")
|
33
46
|
Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
|
34
47
|
Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
|
@@ -209,6 +222,12 @@ module Dependabot
|
|
209
222
|
File.write("git.store", git_store_content)
|
210
223
|
end
|
211
224
|
|
225
|
+
def self.reset_git_repo(path)
|
226
|
+
Dir.chdir(path) do
|
227
|
+
run_shell_command("git reset HEAD --hard && git clean -fx")
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
212
231
|
def self.stash_global_git_config
|
213
232
|
return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
|
214
233
|
|
@@ -234,7 +253,7 @@ module Dependabot
|
|
234
253
|
|
235
254
|
# Raise an error with the output from the shell session if the
|
236
255
|
# command returns a non-zero status
|
237
|
-
return if process.success?
|
256
|
+
return stdout if process.success?
|
238
257
|
|
239
258
|
error_context = {
|
240
259
|
command: command,
|
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
|
|
7
7
|
module Dependabot
|
8
8
|
module UpdateCheckers
|
9
9
|
class Base
|
10
|
-
attr_reader :dependency, :dependency_files, :
|
11
|
-
:ignored_versions, :raise_on_ignored,
|
10
|
+
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
11
|
+
:credentials, :ignored_versions, :raise_on_ignored,
|
12
12
|
:security_advisories, :requirements_update_strategy
|
13
13
|
|
14
|
-
def initialize(dependency:, dependency_files:,
|
15
|
-
ignored_versions: [],
|
16
|
-
security_advisories: [],
|
14
|
+
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
15
|
+
credentials:, ignored_versions: [],
|
16
|
+
raise_on_ignored: false, security_advisories: [],
|
17
17
|
requirements_update_strategy: nil)
|
18
18
|
@dependency = dependency
|
19
19
|
@dependency_files = dependency_files
|
20
|
+
@repo_contents_path = repo_contents_path
|
20
21
|
@credentials = credentials
|
21
22
|
@requirements_update_strategy = requirements_update_strategy
|
22
23
|
@ignored_versions = ignored_versions
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-08-
|
11
|
+
date: 2020-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|