dependabot-common 0.118.8 → 0.119.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency_file.rb +21 -3
- data/lib/dependabot/file_fetchers/base.rb +20 -0
- data/lib/dependabot/file_parsers/base.rb +4 -2
- data/lib/dependabot/file_updaters/base.rb +5 -2
- data/lib/dependabot/pull_request_creator/github.rb +15 -4
- data/lib/dependabot/shared_helpers.rb +21 -2
- data/lib/dependabot/update_checkers/base.rb +6 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +6 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 80651d092678ba4841245e6a4fc002dfba1ab3b2e1a46ed84882885ece8e4989
|
4
|
+
data.tar.gz: f8a26ab2da34de5159d7a94d53a0d81d6f490c7ef8e045dca662bfec0d024dd8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efe477821294e613b73ff714056185aa7c8bfaa1133e833d0c9b10ec45316de0937245faa87b81566b5fd4fa671463908e2079a65803eee032cd3028f8070304
|
7
|
+
data.tar.gz: 5b3e6f20b0df041c73eb3f5313474d62910d283748a46c4b5808123c41b6d8ec4a0d213ab33667f9770ff1a9502f6a2906e0ddaec09892e8b37ed167843e032d
|
@@ -5,15 +5,23 @@ require "pathname"
|
|
5
5
|
module Dependabot
|
6
6
|
class DependencyFile
|
7
7
|
attr_accessor :name, :content, :directory, :type, :support_file,
|
8
|
-
:symlink_target
|
8
|
+
:symlink_target, :content_encoding, :deleted
|
9
|
+
|
10
|
+
class ContentEncoding
|
11
|
+
UTF_8 = "utf-8"
|
12
|
+
BASE64 = "base64"
|
13
|
+
end
|
9
14
|
|
10
15
|
def initialize(name:, content:, directory: "/", type: "file",
|
11
|
-
support_file: false, symlink_target: nil
|
16
|
+
support_file: false, symlink_target: nil,
|
17
|
+
content_encoding: ContentEncoding::UTF_8, deleted: false)
|
12
18
|
@name = name
|
13
19
|
@content = content
|
14
20
|
@directory = clean_directory(directory)
|
15
21
|
@symlink_target = symlink_target
|
16
22
|
@support_file = support_file
|
23
|
+
@content_encoding = content_encoding
|
24
|
+
@deleted = deleted
|
17
25
|
|
18
26
|
# Type is used *very* sparingly. It lets the git_modules updater know that
|
19
27
|
# a "file" is actually a submodule, and lets our Go updaters know which
|
@@ -34,7 +42,9 @@ module Dependabot
|
|
34
42
|
"content" => content,
|
35
43
|
"directory" => directory,
|
36
44
|
"type" => type,
|
37
|
-
"support_file" => support_file
|
45
|
+
"support_file" => support_file,
|
46
|
+
"content_encoding" => content_encoding,
|
47
|
+
"deleted" => deleted
|
38
48
|
}
|
39
49
|
|
40
50
|
details["symlink_target"] = symlink_target if symlink_target
|
@@ -65,6 +75,14 @@ module Dependabot
|
|
65
75
|
@support_file
|
66
76
|
end
|
67
77
|
|
78
|
+
def deleted?
|
79
|
+
@deleted
|
80
|
+
end
|
81
|
+
|
82
|
+
def binary?
|
83
|
+
content_encoding == ContentEncoding::BASE64
|
84
|
+
end
|
85
|
+
|
68
86
|
private
|
69
87
|
|
70
88
|
def clean_directory(directory)
|
@@ -67,6 +67,12 @@ module Dependabot
|
|
67
67
|
raise unless e.message.include?("Repository is empty")
|
68
68
|
end
|
69
69
|
|
70
|
+
# Returns the path to the cloned repo
|
71
|
+
def clone_repo_contents(target_directory: nil)
|
72
|
+
@clone_repo_contents ||=
|
73
|
+
_clone_repo_contents(target_directory: target_directory)
|
74
|
+
end
|
75
|
+
|
70
76
|
private
|
71
77
|
|
72
78
|
def fetch_file_if_present(filename, fetch_submodules: false)
|
@@ -419,6 +425,20 @@ module Dependabot
|
|
419
425
|
max_by(&:length)
|
420
426
|
end
|
421
427
|
|
428
|
+
def _clone_repo_contents(target_directory:)
|
429
|
+
SharedHelpers.with_git_configured(credentials: credentials) do
|
430
|
+
path = target_directory || File.join("tmp", source.repo)
|
431
|
+
return path if Dir.exist?(File.join(path, ".git"))
|
432
|
+
|
433
|
+
FileUtils.mkdir_p(path)
|
434
|
+
br_opt = " --branch=#{source.branch} --single-branch" if source.branch
|
435
|
+
SharedHelpers.run_shell_command(
|
436
|
+
"git clone --depth=1#{br_opt} #{source.url} #{path}"
|
437
|
+
)
|
438
|
+
path
|
439
|
+
end
|
440
|
+
end
|
441
|
+
|
422
442
|
def client_for_provider
|
423
443
|
case source.provider
|
424
444
|
when "github" then github_client
|
@@ -3,10 +3,12 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileParsers
|
5
5
|
class Base
|
6
|
-
attr_reader :dependency_files, :credentials, :source
|
6
|
+
attr_reader :dependency_files, :repo_contents_path, :credentials, :source
|
7
7
|
|
8
|
-
def initialize(dependency_files:, source:,
|
8
|
+
def initialize(dependency_files:, repo_contents_path: nil, source:,
|
9
|
+
credentials: [])
|
9
10
|
@dependency_files = dependency_files
|
11
|
+
@repo_contents_path = repo_contents_path
|
10
12
|
@credentials = credentials
|
11
13
|
@source = source
|
12
14
|
|
@@ -3,15 +3,18 @@
|
|
3
3
|
module Dependabot
|
4
4
|
module FileUpdaters
|
5
5
|
class Base
|
6
|
-
attr_reader :dependencies, :dependency_files, :
|
6
|
+
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
7
|
+
:credentials
|
7
8
|
|
8
9
|
def self.updated_files_regex
|
9
10
|
raise NotImplementedError
|
10
11
|
end
|
11
12
|
|
12
|
-
def initialize(dependencies:, dependency_files:,
|
13
|
+
def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
|
14
|
+
credentials:)
|
13
15
|
@dependencies = dependencies
|
14
16
|
@dependency_files = dependency_files
|
17
|
+
@repo_contents_path = repo_contents_path
|
15
18
|
@credentials = credentials
|
16
19
|
|
17
20
|
check_required_files
|
@@ -170,12 +170,23 @@ module Dependabot
|
|
170
170
|
sha: file.content
|
171
171
|
}
|
172
172
|
else
|
173
|
+
content = if file.binary?
|
174
|
+
sha = github_client_for_source.create_blob(
|
175
|
+
source.repo, file.content, "base64"
|
176
|
+
)
|
177
|
+
{ sha: sha }
|
178
|
+
elsif file.deleted?
|
179
|
+
{ sha: nil }
|
180
|
+
else
|
181
|
+
{ content: file.content }
|
182
|
+
end
|
183
|
+
|
173
184
|
{
|
174
|
-
path: (file.symlink_target ||
|
185
|
+
path: (file.symlink_target ||
|
186
|
+
file.path).sub(%r{^/}, ""),
|
175
187
|
mode: "100644",
|
176
|
-
type: "blob"
|
177
|
-
|
178
|
-
}
|
188
|
+
type: "blob"
|
189
|
+
}.merge(content)
|
179
190
|
end
|
180
191
|
end
|
181
192
|
|
@@ -29,6 +29,19 @@ module Dependabot
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
def self.in_a_temporary_repo_directory(directory = "/",
|
33
|
+
repo_contents_path = nil,
|
34
|
+
&block)
|
35
|
+
if repo_contents_path
|
36
|
+
path = Pathname.new(File.join(repo_contents_path, directory)).
|
37
|
+
expand_path
|
38
|
+
reset_git_repo(repo_contents_path)
|
39
|
+
Dir.chdir(path) { yield(path) }
|
40
|
+
else
|
41
|
+
in_a_temporary_directory(directory, &block)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
32
45
|
def self.in_a_temporary_directory(directory = "/")
|
33
46
|
Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
|
34
47
|
Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
|
@@ -129,7 +142,7 @@ module Dependabot
|
|
129
142
|
{
|
130
143
|
connect_timeout: 5,
|
131
144
|
write_timeout: 5,
|
132
|
-
read_timeout:
|
145
|
+
read_timeout: 20,
|
133
146
|
omit_default_port: true,
|
134
147
|
middlewares: excon_middleware
|
135
148
|
}
|
@@ -209,6 +222,12 @@ module Dependabot
|
|
209
222
|
File.write("git.store", git_store_content)
|
210
223
|
end
|
211
224
|
|
225
|
+
def self.reset_git_repo(path)
|
226
|
+
Dir.chdir(path) do
|
227
|
+
run_shell_command("git reset HEAD --hard && git clean -fx")
|
228
|
+
end
|
229
|
+
end
|
230
|
+
|
212
231
|
def self.stash_global_git_config
|
213
232
|
return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
|
214
233
|
|
@@ -234,7 +253,7 @@ module Dependabot
|
|
234
253
|
|
235
254
|
# Raise an error with the output from the shell session if the
|
236
255
|
# command returns a non-zero status
|
237
|
-
return if process.success?
|
256
|
+
return stdout if process.success?
|
238
257
|
|
239
258
|
error_context = {
|
240
259
|
command: command,
|
@@ -7,16 +7,17 @@ require "dependabot/security_advisory"
|
|
7
7
|
module Dependabot
|
8
8
|
module UpdateCheckers
|
9
9
|
class Base
|
10
|
-
attr_reader :dependency, :dependency_files, :
|
11
|
-
:ignored_versions, :raise_on_ignored,
|
10
|
+
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
11
|
+
:credentials, :ignored_versions, :raise_on_ignored,
|
12
12
|
:security_advisories, :requirements_update_strategy
|
13
13
|
|
14
|
-
def initialize(dependency:, dependency_files:,
|
15
|
-
ignored_versions: [],
|
16
|
-
security_advisories: [],
|
14
|
+
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
15
|
+
credentials:, ignored_versions: [],
|
16
|
+
raise_on_ignored: false, security_advisories: [],
|
17
17
|
requirements_update_strategy: nil)
|
18
18
|
@dependency = dependency
|
19
19
|
@dependency_files = dependency_files
|
20
|
+
@repo_contents_path = repo_contents_path
|
20
21
|
@credentials = credentials
|
21
22
|
@requirements_update_strategy = requirements_update_strategy
|
22
23
|
@ignored_versions = ignored_versions
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.0.beta1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -286,20 +286,6 @@ dependencies:
|
|
286
286
|
- - "~>"
|
287
287
|
- !ruby/object:Gem::Version
|
288
288
|
version: '1.2'
|
289
|
-
- !ruby/object:Gem::Dependency
|
290
|
-
name: rspec_junit_formatter
|
291
|
-
requirement: !ruby/object:Gem::Requirement
|
292
|
-
requirements:
|
293
|
-
- - "~>"
|
294
|
-
- !ruby/object:Gem::Version
|
295
|
-
version: '0.4'
|
296
|
-
type: :development
|
297
|
-
prerelease: false
|
298
|
-
version_requirements: !ruby/object:Gem::Requirement
|
299
|
-
requirements:
|
300
|
-
- - "~>"
|
301
|
-
- !ruby/object:Gem::Version
|
302
|
-
version: '0.4'
|
303
289
|
- !ruby/object:Gem::Dependency
|
304
290
|
name: rubocop
|
305
291
|
requirement: !ruby/object:Gem::Requirement
|
@@ -407,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
407
393
|
licenses:
|
408
394
|
- Nonstandard
|
409
395
|
metadata: {}
|
410
|
-
post_install_message:
|
396
|
+
post_install_message:
|
411
397
|
rdoc_options: []
|
412
398
|
require_paths:
|
413
399
|
- lib
|
@@ -422,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
422
408
|
- !ruby/object:Gem::Version
|
423
409
|
version: 2.7.3
|
424
410
|
requirements: []
|
425
|
-
rubygems_version: 3.
|
426
|
-
signing_key:
|
411
|
+
rubygems_version: 3.1.4
|
412
|
+
signing_key:
|
427
413
|
specification_version: 4
|
428
414
|
summary: Shared code used between Dependabot package managers
|
429
415
|
test_files: []
|