dependabot-common 0.118.16 → 0.119.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +26 -7
- data/lib/dependabot/dependency_file.rb +6 -0
- data/lib/dependabot/file_fetchers/base.rb +21 -1
- data/lib/dependabot/shared_helpers.rb +20 -1
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fc5d5cb1d37e94e4754376b52e4bee46d02f13cf5de8d3d1aaadd58ad2f769ec
|
4
|
+
data.tar.gz: a22af65c9a48056ecc63e9def80bdbee8759b6b1271f048cc44e6c009d165910
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 22c4eb3b3ec19201955a5bbe241f1bd03056b92da606b5dd30bf6c88ce32576e63ed96c17fdf93eef9ee24cf6f8edcb1d69caf680bdcb7990d489aa1ff8945a3
|
7
|
+
data.tar.gz: 475f0be0471945e3e846f234c573b7c8c343ff868fa235f4e68a5a5194ac7ed09fcf3614d4df556bf45930c99925a4dd4b030cd15446d996c90d479527300f35
|
@@ -28,6 +28,7 @@ module Dependabot
|
|
28
28
|
def initialize(source, credentials)
|
29
29
|
@source = source
|
30
30
|
@credentials = credentials
|
31
|
+
@auth_header = auth_header_for(credentials&.fetch("token", nil))
|
31
32
|
end
|
32
33
|
|
33
34
|
def fetch_commit(_repo, branch)
|
@@ -180,8 +181,9 @@ module Dependabot
|
|
180
181
|
def get(url)
|
181
182
|
response = Excon.get(
|
182
183
|
url,
|
183
|
-
|
184
|
-
|
184
|
+
headers: auth_header,
|
185
|
+
user: credentials&.fetch("username", nil),
|
186
|
+
password: credentials&.fetch("password", nil),
|
185
187
|
idempotent: true,
|
186
188
|
**SharedHelpers.excon_defaults
|
187
189
|
)
|
@@ -193,12 +195,14 @@ module Dependabot
|
|
193
195
|
def post(url, json)
|
194
196
|
response = Excon.post(
|
195
197
|
url,
|
196
|
-
headers:
|
197
|
-
|
198
|
-
|
198
|
+
headers: auth_header.merge(
|
199
|
+
{
|
200
|
+
"Content-Type" => "application/json"
|
201
|
+
}
|
202
|
+
),
|
199
203
|
body: json,
|
200
|
-
user: credentials&.fetch("username"),
|
201
|
-
password: credentials&.fetch("password"),
|
204
|
+
user: credentials&.fetch("username", nil),
|
205
|
+
password: credentials&.fetch("password", nil),
|
202
206
|
idempotent: true,
|
203
207
|
**SharedHelpers.excon_defaults
|
204
208
|
)
|
@@ -209,6 +213,21 @@ module Dependabot
|
|
209
213
|
|
210
214
|
private
|
211
215
|
|
216
|
+
def auth_header_for(token)
|
217
|
+
return {} unless token
|
218
|
+
|
219
|
+
if token.include?(":")
|
220
|
+
encoded_token = Base64.encode64(token).delete("\n")
|
221
|
+
{ "Authorization" => "Basic #{encoded_token}" }
|
222
|
+
elsif Base64.decode64(token).ascii_only? &&
|
223
|
+
Base64.decode64(token).include?(":")
|
224
|
+
{ "Authorization" => "Basic #{token.delete("\n")}" }
|
225
|
+
else
|
226
|
+
{ "Authorization" => "Bearer #{token}" }
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
attr_reader :auth_header
|
212
231
|
attr_reader :credentials
|
213
232
|
attr_reader :source
|
214
233
|
end
|
@@ -67,8 +67,10 @@ module Dependabot
|
|
67
67
|
raise unless e.message.include?("Repository is empty")
|
68
68
|
end
|
69
69
|
|
70
|
+
# Returns the path to the cloned repo
|
70
71
|
def clone_repo_contents(target_directory: nil)
|
71
|
-
|
72
|
+
@clone_repo_contents ||=
|
73
|
+
_clone_repo_contents(target_directory: target_directory)
|
72
74
|
end
|
73
75
|
|
74
76
|
private
|
@@ -423,6 +425,24 @@ module Dependabot
|
|
423
425
|
max_by(&:length)
|
424
426
|
end
|
425
427
|
|
428
|
+
def _clone_repo_contents(target_directory:)
|
429
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
430
|
+
path = target_directory || File.join("tmp", source.repo)
|
431
|
+
# Assume we're retrying the same branch, or that a `target_directory`
|
432
|
+
# is specified when retrying a different branch.
|
433
|
+
return path if Dir.exist?(File.join(path, ".git"))
|
434
|
+
|
435
|
+
FileUtils.mkdir_p(path)
|
436
|
+
br_opt = " --branch=#{source.branch} --single-branch" if source.branch
|
437
|
+
SharedHelpers.run_shell_command(
|
438
|
+
<<~CMD
|
439
|
+
git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
|
440
|
+
CMD
|
441
|
+
)
|
442
|
+
path
|
443
|
+
end
|
444
|
+
end
|
445
|
+
|
426
446
|
def client_for_provider
|
427
447
|
case source.provider
|
428
448
|
when "github" then github_client
|
@@ -29,6 +29,19 @@ module Dependabot
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
def self.in_a_temporary_repo_directory(directory = "/",
|
33
|
+
repo_contents_path = nil,
|
34
|
+
&block)
|
35
|
+
if repo_contents_path
|
36
|
+
path = Pathname.new(File.join(repo_contents_path, directory)).
|
37
|
+
expand_path
|
38
|
+
reset_git_repo(repo_contents_path)
|
39
|
+
Dir.chdir(path) { yield(path) }
|
40
|
+
else
|
41
|
+
in_a_temporary_directory(directory, &block)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
32
45
|
def self.in_a_temporary_directory(directory = "/")
|
33
46
|
Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
|
34
47
|
Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
|
@@ -209,6 +222,12 @@ module Dependabot
|
|
209
222
|
File.write("git.store", git_store_content)
|
210
223
|
end
|
211
224
|
|
225
|
+
def self.reset_git_repo(path)
|
226
|
+
Dir.chdir(path) do
|
227
|
+
run_shell_command("git reset HEAD --hard && git clean -fx")
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
212
231
|
def self.stash_global_git_config
|
213
232
|
return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
|
214
233
|
|
@@ -234,7 +253,7 @@ module Dependabot
|
|
234
253
|
|
235
254
|
# Raise an error with the output from the shell session if the
|
236
255
|
# command returns a non-zero status
|
237
|
-
return if process.success?
|
256
|
+
return stdout if process.success?
|
238
257
|
|
239
258
|
error_context = {
|
240
259
|
command: command,
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|