dependabot-common 0.118.2 → 0.118.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ab9d87af6e9cb01ca5e5bbfdd395d72520672ccd491db473cb3813029702d1c8
4
- data.tar.gz: 0a595869a5c00de445e98e0151e441e3a9b05d0c0e790cb6eec4e6c8c2682bff
3
+ metadata.gz: 1f3a35fc8c5e08bbcdeff436afeddb298a96969a50cfae0a7826d36f2ebedaf4
4
+ data.tar.gz: cb87d8a59b7cc79751d4c7dac1489a437d357be4190ec118a324df475f8d6f17
5
5
  SHA512:
6
- metadata.gz: 122b32a211a3dadfb2aa6325a57fd08cfa9923e37052ec840426915238ab46718cd8223195c0799e294dc9c4c4997dd5655d7386cf0c7b7845d36cbd07c6d42e
7
- data.tar.gz: 199eb9dbb22dd28f2bd4b80f255eb27bf7e69cdf5d4f34b13d937ed6f60d81baf63c7a153a355e84019c760495bad94bb8d67b4e4087f5f87cb148561baf4941
6
+ metadata.gz: 594acdcfcd41898cadf531242ddc1628406c4bb5b5cac1e4cbc5cb12ac0fb5e95c4efbb83ec29886e558454f9efb90e08897ade8f24df4aaa2b9d991205ff673
7
+ data.tar.gz: 55d7f0a5561a1a33dd5913fafaffa1e7a63d72d7ba9498accdc5f2dbace850f4b225477d042c7cea0b529c4d6e5be8889c3f4ebb8d5c48711a338e3619cf1f67
@@ -89,21 +89,9 @@ module Dependabot
89
89
  @automerge_candidate
90
90
  end
91
91
 
92
- # rubocop:disable Metrics/PerceivedComplexity
93
92
  def update_type
94
93
  return unless dependencies.any?(&:previous_version)
95
94
 
96
- precision = dependencies.map do |dep|
97
- new_version_parts = version(dep).split(".")
98
- old_version_parts = previous_version(dep)&.split(".") || []
99
- all_parts = new_version_parts.first(3) + old_version_parts.first(3)
100
- next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
101
- next 1 if new_version_parts[0] != old_version_parts[0]
102
- next 2 if new_version_parts[1] != old_version_parts[1]
103
-
104
- 3
105
- end.min
106
-
107
95
  case precision
108
96
  when 0 then "non-semver"
109
97
  when 1 then "major"
@@ -112,7 +100,18 @@ module Dependabot
112
100
  end
113
101
  end
114
102
 
115
- # rubocop:enable Metrics/PerceivedComplexity
103
+ def precision
104
+ dependencies.map do |dep|
105
+ new_version_parts = version(dep).split(/[.+]/)
106
+ old_version_parts = previous_version(dep)&.split(/[.+]/) || []
107
+ all_parts = new_version_parts.first(3) + old_version_parts.first(3)
108
+ next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
109
+ next 1 if new_version_parts[0] != old_version_parts[0]
110
+ next 2 if new_version_parts[1] != old_version_parts[1]
111
+
112
+ 3
113
+ end.min
114
+ end
116
115
 
117
116
  def version(dep)
118
117
  return dep.version if version_class.correct?(dep.version)
@@ -192,8 +191,10 @@ module Dependabot
192
191
  !security_label.nil?
193
192
  end
194
193
 
194
+ # Find the exact match first and then fallback to * security* label
195
195
  def security_label
196
- labels.find { |l| l.match?(/security/i) }
196
+ labels.find { |l| l == DEFAULT_SECURITY_LABEL } ||
197
+ labels.find { |l| l.match?(/security/i) }
197
198
  end
198
199
 
199
200
  def label_update_type?
@@ -323,7 +323,7 @@ module Dependabot
323
323
  msg += commits_cascade(dep)
324
324
  msg += maintainer_changes_cascade(dep)
325
325
  msg += break_tag unless msg == ""
326
- "\n" + sanitize_links_and_mentions(msg)
326
+ "\n" + sanitize_links_and_mentions(msg, unsafe: true)
327
327
  end
328
328
 
329
329
  def vulnerabilities_cascade(dep)
@@ -437,7 +437,7 @@ module Dependabot
437
437
 
438
438
  build_details_tag(
439
439
  summary: "Maintainer changes",
440
- body: maintainer_changes(dep) + "\n"
440
+ body: sanitize_links_and_mentions(maintainer_changes(dep)) + "\n"
441
441
  )
442
442
  end
443
443
 
@@ -680,12 +680,12 @@ module Dependabot
680
680
  end
681
681
  end
682
682
 
683
- def sanitize_links_and_mentions(text)
683
+ def sanitize_links_and_mentions(text, unsafe: false)
684
684
  return text unless source.provider == "github"
685
685
 
686
686
  LinkAndMentionSanitizer.
687
687
  new(github_redirection_service: github_redirection_service).
688
- sanitize_links_and_mentions(text: text)
688
+ sanitize_links_and_mentions(text: text, unsafe: unsafe)
689
689
  end
690
690
 
691
691
  def sanitize_template_tags(text)
@@ -17,9 +17,8 @@ module Dependabot
17
17
  MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
18
18
  # End of string
19
19
  EOS_REGEX = /\z/.freeze
20
- # We rely on GitHub to do the HTML sanitization
21
20
  COMMONMARKER_OPTIONS = %i(
22
- UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING
21
+ GITHUB_PRE_LANG FULL_INFO_STRING
23
22
  ).freeze
24
23
  COMMONMARKER_EXTENSIONS = %i(
25
24
  table tasklist strikethrough autolink tagfilter
@@ -31,14 +30,15 @@ module Dependabot
31
30
  @github_redirection_service = github_redirection_service
32
31
  end
33
32
 
34
- def sanitize_links_and_mentions(text:)
33
+ def sanitize_links_and_mentions(text:, unsafe: false)
35
34
  doc = CommonMarker.render_doc(
36
35
  text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
37
36
  )
38
37
 
39
38
  sanitize_mentions(doc)
40
39
  sanitize_links(doc)
41
- doc.to_html(COMMONMARKER_OPTIONS, COMMONMARKER_EXTENSIONS)
40
+ mode = unsafe ? :UNSAFE : :DEFAULT
41
+ doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
42
42
  end
43
43
 
44
44
  private
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.118.2"
4
+ VERSION = "0.118.7"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.2
4
+ version: 0.118.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-16 00:00:00.000000000 Z
11
+ date: 2020-07-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit