dependabot-common 0.118.16 → 0.119.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of dependabot-common might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +26 -7
  3. data/lib/dependabot/dependency_file.rb +6 -0
  4. data/lib/dependabot/file_fetchers/base.rb +21 -1
  5. data/lib/dependabot/shared_helpers.rb +20 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b4b213d9ba28b1b28d2b54f8839993546b4b6461f949df87dc803a2bbe979929
4
- data.tar.gz: c2f3e3dad541c07fe606333d50269271cb55ac5cf47d457ba50611200c2d94dc
3
+ metadata.gz: fc5d5cb1d37e94e4754376b52e4bee46d02f13cf5de8d3d1aaadd58ad2f769ec
4
+ data.tar.gz: a22af65c9a48056ecc63e9def80bdbee8759b6b1271f048cc44e6c009d165910
5
5
  SHA512:
6
- metadata.gz: 97cf295f272280ef1dfa3442f8029edf35f5b6f33e4dfcfd22ce25b44c1c9acdb2273a8ac037f54ad3b2c9410f6d8f8a15c703b390c0eb4f9d57c383da67ac85
7
- data.tar.gz: 4b3379d899b4ab131f46f7b40561e62bb95c3f3041656c4ae68d8aeedf694e72e57eb5ca5dbcf9b5b48b82e3b9bef5cd6781cb93300ffdf4b46331bc89f75b7b
6
+ metadata.gz: 22c4eb3b3ec19201955a5bbe241f1bd03056b92da606b5dd30bf6c88ce32576e63ed96c17fdf93eef9ee24cf6f8edcb1d69caf680bdcb7990d489aa1ff8945a3
7
+ data.tar.gz: 475f0be0471945e3e846f234c573b7c8c343ff868fa235f4e68a5a5194ac7ed09fcf3614d4df556bf45930c99925a4dd4b030cd15446d996c90d479527300f35
data/lib/dependabot/clients/azure.rb CHANGED
@@ -28,6 +28,7 @@ module Dependabot
28
28
  def initialize(source, credentials)
29
29
  @source = source
30
30
  @credentials = credentials
31
+ @auth_header = auth_header_for(credentials&.fetch("token", nil))
31
32
  end
32
33
 
33
34
  def fetch_commit(_repo, branch)
@@ -180,8 +181,9 @@ module Dependabot
180
181
  def get(url)
181
182
  response = Excon.get(
182
183
  url,
183
- user: credentials&.fetch("username"),
184
- password: credentials&.fetch("password"),
184
+ headers: auth_header,
185
+ user: credentials&.fetch("username", nil),
186
+ password: credentials&.fetch("password", nil),
185
187
  idempotent: true,
186
188
  **SharedHelpers.excon_defaults
187
189
  )
@@ -193,12 +195,14 @@ module Dependabot
193
195
  def post(url, json)
194
196
  response = Excon.post(
195
197
  url,
196
- headers: {
197
- "Content-Type" => "application/json"
198
- },
198
+ headers: auth_header.merge(
199
+ {
200
+ "Content-Type" => "application/json"
201
+ }
202
+ ),
199
203
  body: json,
200
- user: credentials&.fetch("username"),
201
- password: credentials&.fetch("password"),
204
+ user: credentials&.fetch("username", nil),
205
+ password: credentials&.fetch("password", nil),
202
206
  idempotent: true,
203
207
  **SharedHelpers.excon_defaults
204
208
  )
@@ -209,6 +213,21 @@ module Dependabot
209
213
 
210
214
  private
211
215
 
216
+ def auth_header_for(token)
217
+ return {} unless token
218
+
219
+ if token.include?(":")
220
+ encoded_token = Base64.encode64(token).delete("\n")
221
+ { "Authorization" => "Basic #{encoded_token}" }
222
+ elsif Base64.decode64(token).ascii_only? &&
223
+ Base64.decode64(token).include?(":")
224
+ { "Authorization" => "Basic #{token.delete("\n")}" }
225
+ else
226
+ { "Authorization" => "Bearer #{token}" }
227
+ end
228
+ end
229
+
230
+ attr_reader :auth_header
212
231
  attr_reader :credentials
213
232
  attr_reader :source
214
233
  end
data/lib/dependabot/dependency_file.rb CHANGED
@@ -83,6 +83,12 @@ module Dependabot
83
83
  content_encoding == ContentEncoding::BASE64
84
84
  end
85
85
 
86
+ def decoded_content
87
+ return Base64.decode64(content) if binary?
88
+
89
+ content
90
+ end
91
+
86
92
  private
87
93
 
88
94
  def clean_directory(directory)
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -67,8 +67,10 @@ module Dependabot
67
67
  raise unless e.message.include?("Repository is empty")
68
68
  end
69
69
 
70
+ # Returns the path to the cloned repo
70
71
  def clone_repo_contents(target_directory: nil)
71
- # TODO: add implementation
72
+ @clone_repo_contents ||=
73
+ _clone_repo_contents(target_directory: target_directory)
72
74
  end
73
75
 
74
76
  private
@@ -423,6 +425,24 @@ module Dependabot
423
425
  max_by(&:length)
424
426
  end
425
427
 
428
+ def _clone_repo_contents(target_directory:)
429
+ SharedHelpers.with_git_configured(credentials: credentials) do
430
+ path = target_directory || File.join("tmp", source.repo)
431
+ # Assume we're retrying the same branch, or that a `target_directory`
432
+ # is specified when retrying a different branch.
433
+ return path if Dir.exist?(File.join(path, ".git"))
434
+
435
+ FileUtils.mkdir_p(path)
436
+ br_opt = " --branch=#{source.branch} --single-branch" if source.branch
437
+ SharedHelpers.run_shell_command(
438
+ <<~CMD
439
+ git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
440
+ CMD
441
+ )
442
+ path
443
+ end
444
+ end
445
+
426
446
  def client_for_provider
427
447
  case source.provider
428
448
  when "github" then github_client
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -29,6 +29,19 @@ module Dependabot
29
29
  end
30
30
  end
31
31
 
32
+ def self.in_a_temporary_repo_directory(directory = "/",
33
+ repo_contents_path = nil,
34
+ &block)
35
+ if repo_contents_path
36
+ path = Pathname.new(File.join(repo_contents_path, directory)).
37
+ expand_path
38
+ reset_git_repo(repo_contents_path)
39
+ Dir.chdir(path) { yield(path) }
40
+ else
41
+ in_a_temporary_directory(directory, &block)
42
+ end
43
+ end
44
+
32
45
  def self.in_a_temporary_directory(directory = "/")
33
46
  Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
34
47
  Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
@@ -209,6 +222,12 @@ module Dependabot
209
222
  File.write("git.store", git_store_content)
210
223
  end
211
224
 
225
+ def self.reset_git_repo(path)
226
+ Dir.chdir(path) do
227
+ run_shell_command("git reset HEAD --hard && git clean -fx")
228
+ end
229
+ end
230
+
212
231
  def self.stash_global_git_config
213
232
  return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
214
233
 
@@ -234,7 +253,7 @@ module Dependabot
234
253
 
235
254
  # Raise an error with the output from the shell session if the
236
255
  # command returns a non-zero status
237
- return if process.success?
256
+ return stdout if process.success?
238
257
 
239
258
  error_context = {
240
259
  command: command,
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.16"
4
+ VERSION = "0.119.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.16
4
+ version: 0.119.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2020-09-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit