dependabot-common 0.118.3 → 0.118.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/git_metadata_fetcher.rb +0 -2
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +0 -2
- data/lib/dependabot/pull_request_creator/labeler.rb +15 -14
- data/lib/dependabot/pull_request_creator/message_builder.rb +4 -4
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +4 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3aa2fa4ee99aae2148aba335da32c724f150b7b444ce0da890b348951a92833c
|
|
4
|
+
data.tar.gz: 0f51c1cf161b807edab14e3b0d025aa554122e103a206c39e6e1ecaf6f99b6d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e6da87803c67049bdca51fd5594a92eee652942c3fd51f868ca583856a78770b908285bc04008d6c23ff944b8565213727ff73e53c09a0931c98d28f93bdb021
|
|
7
|
+
data.tar.gz: 9e155ad29f7c812a38e4fdb5925bf449e3bc4014d320344cab90466e2bd3e31936e02db7adb79838427d0116362d7e14f4b82e456783da92b4491372d877988f
|
|
@@ -47,7 +47,6 @@ module Dependabot
|
|
|
47
47
|
|
|
48
48
|
attr_reader :url, :credentials
|
|
49
49
|
|
|
50
|
-
# rubocop:disable Metrics/CyclomaticComplexity
|
|
51
50
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
52
51
|
def fetch_upload_pack_for(uri)
|
|
53
52
|
response = fetch_raw_upload_pack_for(uri)
|
|
@@ -79,7 +78,6 @@ module Dependabot
|
|
|
79
78
|
|
|
80
79
|
raise Dependabot::GitDependenciesNotReachable, [uri]
|
|
81
80
|
end
|
|
82
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
|
83
81
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
84
82
|
|
|
85
83
|
def fetch_raw_upload_pack_for(uri)
|
|
@@ -76,7 +76,6 @@ module Dependabot
|
|
|
76
76
|
|
|
77
77
|
private
|
|
78
78
|
|
|
79
|
-
# rubocop:disable Metrics/CyclomaticComplexity
|
|
80
79
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
81
80
|
def changelog
|
|
82
81
|
return unless changelog_from_suggested_url || source
|
|
@@ -98,7 +97,6 @@ module Dependabot
|
|
|
98
97
|
# Fall back to the changelog (or nil) from the default branch
|
|
99
98
|
default_branch_changelog
|
|
100
99
|
end
|
|
101
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
|
102
100
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
103
101
|
|
|
104
102
|
def changelog_from_suggested_url
|
|
@@ -89,21 +89,9 @@ module Dependabot
|
|
|
89
89
|
@automerge_candidate
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
93
92
|
def update_type
|
|
94
93
|
return unless dependencies.any?(&:previous_version)
|
|
95
94
|
|
|
96
|
-
precision = dependencies.map do |dep|
|
|
97
|
-
new_version_parts = version(dep).split(".")
|
|
98
|
-
old_version_parts = previous_version(dep)&.split(".") || []
|
|
99
|
-
all_parts = new_version_parts.first(3) + old_version_parts.first(3)
|
|
100
|
-
next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
|
|
101
|
-
next 1 if new_version_parts[0] != old_version_parts[0]
|
|
102
|
-
next 2 if new_version_parts[1] != old_version_parts[1]
|
|
103
|
-
|
|
104
|
-
3
|
|
105
|
-
end.min
|
|
106
|
-
|
|
107
95
|
case precision
|
|
108
96
|
when 0 then "non-semver"
|
|
109
97
|
when 1 then "major"
|
|
@@ -112,7 +100,18 @@ module Dependabot
|
|
|
112
100
|
end
|
|
113
101
|
end
|
|
114
102
|
|
|
115
|
-
|
|
103
|
+
def precision
|
|
104
|
+
dependencies.map do |dep|
|
|
105
|
+
new_version_parts = version(dep).split(/[.+]/)
|
|
106
|
+
old_version_parts = previous_version(dep)&.split(/[.+]/) || []
|
|
107
|
+
all_parts = new_version_parts.first(3) + old_version_parts.first(3)
|
|
108
|
+
next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
|
|
109
|
+
next 1 if new_version_parts[0] != old_version_parts[0]
|
|
110
|
+
next 2 if new_version_parts[1] != old_version_parts[1]
|
|
111
|
+
|
|
112
|
+
3
|
|
113
|
+
end.min
|
|
114
|
+
end
|
|
116
115
|
|
|
117
116
|
def version(dep)
|
|
118
117
|
return dep.version if version_class.correct?(dep.version)
|
|
@@ -192,8 +191,10 @@ module Dependabot
|
|
|
192
191
|
!security_label.nil?
|
|
193
192
|
end
|
|
194
193
|
|
|
194
|
+
# Find the exact match first and then fallback to * security* label
|
|
195
195
|
def security_label
|
|
196
|
-
labels.find { |l| l
|
|
196
|
+
labels.find { |l| l == DEFAULT_SECURITY_LABEL } ||
|
|
197
|
+
labels.find { |l| l.match?(/security/i) }
|
|
197
198
|
end
|
|
198
199
|
|
|
199
200
|
def label_update_type?
|
|
@@ -323,7 +323,7 @@ module Dependabot
|
|
|
323
323
|
msg += commits_cascade(dep)
|
|
324
324
|
msg += maintainer_changes_cascade(dep)
|
|
325
325
|
msg += break_tag unless msg == ""
|
|
326
|
-
"\n" + sanitize_links_and_mentions(msg)
|
|
326
|
+
"\n" + sanitize_links_and_mentions(msg, unsafe: true)
|
|
327
327
|
end
|
|
328
328
|
|
|
329
329
|
def vulnerabilities_cascade(dep)
|
|
@@ -437,7 +437,7 @@ module Dependabot
|
|
|
437
437
|
|
|
438
438
|
build_details_tag(
|
|
439
439
|
summary: "Maintainer changes",
|
|
440
|
-
body: maintainer_changes(dep) + "\n"
|
|
440
|
+
body: sanitize_links_and_mentions(maintainer_changes(dep)) + "\n"
|
|
441
441
|
)
|
|
442
442
|
end
|
|
443
443
|
|
|
@@ -680,12 +680,12 @@ module Dependabot
|
|
|
680
680
|
end
|
|
681
681
|
end
|
|
682
682
|
|
|
683
|
-
def sanitize_links_and_mentions(text)
|
|
683
|
+
def sanitize_links_and_mentions(text, unsafe: false)
|
|
684
684
|
return text unless source.provider == "github"
|
|
685
685
|
|
|
686
686
|
LinkAndMentionSanitizer.
|
|
687
687
|
new(github_redirection_service: github_redirection_service).
|
|
688
|
-
sanitize_links_and_mentions(text: text)
|
|
688
|
+
sanitize_links_and_mentions(text: text, unsafe: unsafe)
|
|
689
689
|
end
|
|
690
690
|
|
|
691
691
|
def sanitize_template_tags(text)
|
|
@@ -17,9 +17,8 @@ module Dependabot
|
|
|
17
17
|
MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
|
|
18
18
|
# End of string
|
|
19
19
|
EOS_REGEX = /\z/.freeze
|
|
20
|
-
# We rely on GitHub to do the HTML sanitization
|
|
21
20
|
COMMONMARKER_OPTIONS = %i(
|
|
22
|
-
|
|
21
|
+
GITHUB_PRE_LANG FULL_INFO_STRING
|
|
23
22
|
).freeze
|
|
24
23
|
COMMONMARKER_EXTENSIONS = %i(
|
|
25
24
|
table tasklist strikethrough autolink tagfilter
|
|
@@ -31,14 +30,15 @@ module Dependabot
|
|
|
31
30
|
@github_redirection_service = github_redirection_service
|
|
32
31
|
end
|
|
33
32
|
|
|
34
|
-
def sanitize_links_and_mentions(text:)
|
|
33
|
+
def sanitize_links_and_mentions(text:, unsafe: false)
|
|
35
34
|
doc = CommonMarker.render_doc(
|
|
36
35
|
text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
|
|
37
36
|
)
|
|
38
37
|
|
|
39
38
|
sanitize_mentions(doc)
|
|
40
39
|
sanitize_links(doc)
|
|
41
|
-
|
|
40
|
+
mode = unsafe ? :UNSAFE : :DEFAULT
|
|
41
|
+
doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
private
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.118.
|
|
4
|
+
version: 0.118.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-07-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -104,28 +104,28 @@ dependencies:
|
|
|
104
104
|
requirements:
|
|
105
105
|
- - "~>"
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
|
-
version: '0.
|
|
107
|
+
version: '0.75'
|
|
108
108
|
type: :runtime
|
|
109
109
|
prerelease: false
|
|
110
110
|
version_requirements: !ruby/object:Gem::Requirement
|
|
111
111
|
requirements:
|
|
112
112
|
- - "~>"
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
|
-
version: '0.
|
|
114
|
+
version: '0.75'
|
|
115
115
|
- !ruby/object:Gem::Dependency
|
|
116
116
|
name: gitlab
|
|
117
117
|
requirement: !ruby/object:Gem::Requirement
|
|
118
118
|
requirements:
|
|
119
119
|
- - '='
|
|
120
120
|
- !ruby/object:Gem::Version
|
|
121
|
-
version: 4.
|
|
121
|
+
version: 4.16.1
|
|
122
122
|
type: :runtime
|
|
123
123
|
prerelease: false
|
|
124
124
|
version_requirements: !ruby/object:Gem::Requirement
|
|
125
125
|
requirements:
|
|
126
126
|
- - '='
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
|
-
version: 4.
|
|
128
|
+
version: 4.16.1
|
|
129
129
|
- !ruby/object:Gem::Dependency
|
|
130
130
|
name: nokogiri
|
|
131
131
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -306,14 +306,14 @@ dependencies:
|
|
|
306
306
|
requirements:
|
|
307
307
|
- - "~>"
|
|
308
308
|
- !ruby/object:Gem::Version
|
|
309
|
-
version: 0.
|
|
309
|
+
version: 0.88.0
|
|
310
310
|
type: :development
|
|
311
311
|
prerelease: false
|
|
312
312
|
version_requirements: !ruby/object:Gem::Requirement
|
|
313
313
|
requirements:
|
|
314
314
|
- - "~>"
|
|
315
315
|
- !ruby/object:Gem::Version
|
|
316
|
-
version: 0.
|
|
316
|
+
version: 0.88.0
|
|
317
317
|
- !ruby/object:Gem::Dependency
|
|
318
318
|
name: vcr
|
|
319
319
|
requirement: !ruby/object:Gem::Requirement
|