dependabot-common 0.119.0.beta1 → 0.119.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +26 -7
- data/lib/dependabot/dependency_file.rb +6 -0
- data/lib/dependabot/file_fetchers/base.rb +5 -1
- data/lib/dependabot/file_parsers/base/dependency_set.rb +0 -3
- data/lib/dependabot/git_commit_checker.rb +2 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +2 -0
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +0 -2
- data/lib/dependabot/pull_request_creator/branch_namer.rb +0 -2
- data/lib/dependabot/pull_request_creator/github.rb +5 -3
- data/lib/dependabot/pull_request_creator/labeler.rb +4 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +0 -2
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +0 -2
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +2 -0
- data/lib/dependabot/pull_request_updater/github.rb +18 -9
- data/lib/dependabot/shared_helpers.rb +2 -0
- data/lib/dependabot/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c084a2dd6045074bdde8be081749cf0bb32dc4fcaa99b07bf6eea049cd798dd6
|
4
|
+
data.tar.gz: 3201d221483932d06cadd03304dcb8b65561bc1778d3aefca45416fc260e94cf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 68a073b8397b7128e2f63076267e1f3efb4b7c3501674e7e657ac4ee3a6cd8e5d8f55e7cb368758045dddbb179289ec7a6a45f1eeca2d8376c9b9758d8ca8577
|
7
|
+
data.tar.gz: bc1cddb30b8d543019e3434963b224f3feb58cf50abe19b9a360606db3ba4340fcb8d007716302b29a9e25a79e305590b060285e19aa139a6c186203b81ca534
|
@@ -28,6 +28,7 @@ module Dependabot
|
|
28
28
|
def initialize(source, credentials)
|
29
29
|
@source = source
|
30
30
|
@credentials = credentials
|
31
|
+
@auth_header = auth_header_for(credentials&.fetch("token", nil))
|
31
32
|
end
|
32
33
|
|
33
34
|
def fetch_commit(_repo, branch)
|
@@ -180,8 +181,9 @@ module Dependabot
|
|
180
181
|
def get(url)
|
181
182
|
response = Excon.get(
|
182
183
|
url,
|
183
|
-
|
184
|
-
|
184
|
+
headers: auth_header,
|
185
|
+
user: credentials&.fetch("username", nil),
|
186
|
+
password: credentials&.fetch("password", nil),
|
185
187
|
idempotent: true,
|
186
188
|
**SharedHelpers.excon_defaults
|
187
189
|
)
|
@@ -193,12 +195,14 @@ module Dependabot
|
|
193
195
|
def post(url, json)
|
194
196
|
response = Excon.post(
|
195
197
|
url,
|
196
|
-
headers:
|
197
|
-
|
198
|
-
|
198
|
+
headers: auth_header.merge(
|
199
|
+
{
|
200
|
+
"Content-Type" => "application/json"
|
201
|
+
}
|
202
|
+
),
|
199
203
|
body: json,
|
200
|
-
user: credentials&.fetch("username"),
|
201
|
-
password: credentials&.fetch("password"),
|
204
|
+
user: credentials&.fetch("username", nil),
|
205
|
+
password: credentials&.fetch("password", nil),
|
202
206
|
idempotent: true,
|
203
207
|
**SharedHelpers.excon_defaults
|
204
208
|
)
|
@@ -209,6 +213,21 @@ module Dependabot
|
|
209
213
|
|
210
214
|
private
|
211
215
|
|
216
|
+
def auth_header_for(token)
|
217
|
+
return {} unless token
|
218
|
+
|
219
|
+
if token.include?(":")
|
220
|
+
encoded_token = Base64.encode64(token).delete("\n")
|
221
|
+
{ "Authorization" => "Basic #{encoded_token}" }
|
222
|
+
elsif Base64.decode64(token).ascii_only? &&
|
223
|
+
Base64.decode64(token).include?(":")
|
224
|
+
{ "Authorization" => "Basic #{token.delete("\n")}" }
|
225
|
+
else
|
226
|
+
{ "Authorization" => "Bearer #{token}" }
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
attr_reader :auth_header
|
212
231
|
attr_reader :credentials
|
213
232
|
attr_reader :source
|
214
233
|
end
|
@@ -428,12 +428,16 @@ module Dependabot
|
|
428
428
|
def _clone_repo_contents(target_directory:)
|
429
429
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
430
430
|
path = target_directory || File.join("tmp", source.repo)
|
431
|
+
# Assume we're retrying the same branch, or that a `target_directory`
|
432
|
+
# is specified when retrying a different branch.
|
431
433
|
return path if Dir.exist?(File.join(path, ".git"))
|
432
434
|
|
433
435
|
FileUtils.mkdir_p(path)
|
434
436
|
br_opt = " --branch=#{source.branch} --single-branch" if source.branch
|
435
437
|
SharedHelpers.run_shell_command(
|
436
|
-
|
438
|
+
<<~CMD
|
439
|
+
git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
|
440
|
+
CMD
|
437
441
|
)
|
438
442
|
path
|
439
443
|
end
|
@@ -60,7 +60,6 @@ module Dependabot
|
|
60
60
|
dependencies.find { |d| d.name&.downcase == name&.downcase }
|
61
61
|
end
|
62
62
|
|
63
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
64
63
|
def combined_dependency(old_dep, new_dep)
|
65
64
|
package_manager = old_dep.package_manager
|
66
65
|
v_cls = Utils.version_class_for_package_manager(package_manager)
|
@@ -89,8 +88,6 @@ module Dependabot
|
|
89
88
|
subdependency_metadata: subdependency_metadata
|
90
89
|
)
|
91
90
|
end
|
92
|
-
|
93
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
94
91
|
end
|
95
92
|
end
|
96
93
|
end
|
@@ -86,6 +86,7 @@ module Dependabot
|
|
86
86
|
raise Dependabot::GitDependencyReferenceNotFound, dependency.name
|
87
87
|
end
|
88
88
|
|
89
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
89
90
|
def local_tag_for_latest_version
|
90
91
|
tags =
|
91
92
|
local_tags.
|
@@ -114,6 +115,7 @@ module Dependabot
|
|
114
115
|
tag_sha: tag.tag_sha
|
115
116
|
}
|
116
117
|
end
|
118
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
117
119
|
|
118
120
|
def git_repo_reachable?
|
119
121
|
local_upload_pack
|
@@ -143,6 +143,7 @@ module Dependabot
|
|
143
143
|
select_best_changelog(files)
|
144
144
|
end
|
145
145
|
|
146
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
146
147
|
def select_best_changelog(files)
|
147
148
|
CHANGELOG_NAMES.each do |name|
|
148
149
|
candidates = files.select { |f| f.name =~ /#{name}/i }
|
@@ -163,6 +164,7 @@ module Dependabot
|
|
163
164
|
|
164
165
|
nil
|
165
166
|
end
|
167
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
166
168
|
|
167
169
|
def tag_for_new_version
|
168
170
|
@tag_for_new_version ||=
|
@@ -21,7 +21,6 @@ module Dependabot
|
|
21
21
|
!old_version_changelog_line.nil?
|
22
22
|
end
|
23
23
|
|
24
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
25
24
|
def pruned_text
|
26
25
|
changelog_lines = changelog_text.split("\n")
|
27
26
|
|
@@ -51,7 +50,6 @@ module Dependabot
|
|
51
50
|
|
52
51
|
changelog_lines.slice(slice_range).join("\n").sub(/\n*\z/, "")
|
53
52
|
end
|
54
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
55
53
|
|
56
54
|
private
|
57
55
|
|
@@ -116,7 +116,6 @@ module Dependabot
|
|
116
116
|
gsub(",", "-and-")
|
117
117
|
end
|
118
118
|
|
119
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
120
119
|
def new_version(dependency)
|
121
120
|
# Version looks like a git SHA and we could be updating to a specific
|
122
121
|
# ref in which case we return that otherwise we return a shorthand sha
|
@@ -135,7 +134,6 @@ module Dependabot
|
|
135
134
|
dependency.version
|
136
135
|
end
|
137
136
|
end
|
138
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
139
137
|
|
140
138
|
def previous_ref(dependency)
|
141
139
|
previous_refs = dependency.previous_requirements.map do |r|
|
@@ -51,6 +51,7 @@ module Dependabot
|
|
51
51
|
@require_up_to_date_base
|
52
52
|
end
|
53
53
|
|
54
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
54
55
|
def branch_exists?(name)
|
55
56
|
git_metadata_fetcher.ref_names.include?(name)
|
56
57
|
rescue Dependabot::GitDependenciesNotReachable => e
|
@@ -66,6 +67,7 @@ module Dependabot
|
|
66
67
|
retrying = true
|
67
68
|
retry
|
68
69
|
end
|
70
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
69
71
|
|
70
72
|
def unmerged_pull_request_exists?
|
71
73
|
pull_requests_for_branch.reject(&:merged).any?
|
@@ -170,13 +172,13 @@ module Dependabot
|
|
170
172
|
sha: file.content
|
171
173
|
}
|
172
174
|
else
|
173
|
-
content = if file.
|
175
|
+
content = if file.deleted?
|
176
|
+
{ sha: nil }
|
177
|
+
elsif file.binary?
|
174
178
|
sha = github_client_for_source.create_blob(
|
175
179
|
source.repo, file.content, "base64"
|
176
180
|
)
|
177
181
|
{ sha: sha }
|
178
|
-
elsif file.deleted?
|
179
|
-
{ sha: nil }
|
180
182
|
else
|
181
183
|
{ content: file.content }
|
182
184
|
end
|
@@ -113,6 +113,7 @@ module Dependabot
|
|
113
113
|
end.min
|
114
114
|
end
|
115
115
|
|
116
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
116
117
|
def version(dep)
|
117
118
|
return dep.version if version_class.correct?(dep.version)
|
118
119
|
|
@@ -127,7 +128,9 @@ module Dependabot
|
|
127
128
|
|
128
129
|
version_from_ref
|
129
130
|
end
|
131
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
130
132
|
|
133
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
131
134
|
def previous_version(dep)
|
132
135
|
version_str = dep.previous_version
|
133
136
|
return version_str if version_class.correct?(version_str)
|
@@ -144,6 +147,7 @@ module Dependabot
|
|
144
147
|
|
145
148
|
version_from_ref
|
146
149
|
end
|
150
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
147
151
|
|
148
152
|
def create_default_dependencies_label_if_required
|
149
153
|
return if custom_labels
|
@@ -567,7 +567,6 @@ module Dependabot
|
|
567
567
|
)
|
568
568
|
end
|
569
569
|
|
570
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
571
570
|
def previous_version(dependency)
|
572
571
|
# If we don't have a previous version, we *may* still be able to figure
|
573
572
|
# one out if a ref was provided and has been changed (in which case the
|
@@ -590,7 +589,6 @@ module Dependabot
|
|
590
589
|
dependency.previous_version
|
591
590
|
end
|
592
591
|
end
|
593
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
594
592
|
|
595
593
|
def new_version(dependency)
|
596
594
|
if dependency.version.match?(/^[0-9a-f]{40}$/)
|
@@ -58,7 +58,6 @@ module Dependabot
|
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
61
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
62
61
|
def sanitize_links(doc)
|
63
62
|
doc.walk do |node|
|
64
63
|
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
@@ -81,7 +80,6 @@ module Dependabot
|
|
81
80
|
end
|
82
81
|
end
|
83
82
|
end
|
84
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
85
83
|
|
86
84
|
def replace_github_host(text)
|
87
85
|
text.gsub(
|
@@ -172,6 +172,7 @@ module Dependabot
|
|
172
172
|
last_dependabot_commit_message&.split(/[:(]/)&.first
|
173
173
|
end
|
174
174
|
|
175
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
175
176
|
def using_angular_commit_messages?
|
176
177
|
return false if recent_commit_messages.none?
|
177
178
|
|
@@ -202,6 +203,7 @@ module Dependabot
|
|
202
203
|
|
203
204
|
true
|
204
205
|
end
|
206
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
205
207
|
|
206
208
|
def using_eslint_commit_messages?
|
207
209
|
return false if recent_commit_messages.none?
|
@@ -124,14 +124,7 @@ module Dependabot
|
|
124
124
|
|
125
125
|
def create_tree
|
126
126
|
file_trees = files.map do |file|
|
127
|
-
if
|
128
|
-
{
|
129
|
-
path: (file.symlink_target || file.path).sub(%r{^/}, ""),
|
130
|
-
mode: "100644",
|
131
|
-
type: "blob",
|
132
|
-
content: file.content
|
133
|
-
}
|
134
|
-
elsif file.type == "submodule"
|
127
|
+
if file.type == "submodule"
|
135
128
|
{
|
136
129
|
path: file.path.sub(%r{^/}, ""),
|
137
130
|
mode: "160000",
|
@@ -139,7 +132,23 @@ module Dependabot
|
|
139
132
|
sha: file.content
|
140
133
|
}
|
141
134
|
else
|
142
|
-
|
135
|
+
content = if file.deleted?
|
136
|
+
{ sha: nil }
|
137
|
+
elsif file.binary?
|
138
|
+
sha = github_client_for_source.create_blob(
|
139
|
+
source.repo, file.content, "base64"
|
140
|
+
)
|
141
|
+
{ sha: sha }
|
142
|
+
else
|
143
|
+
{ content: file.content }
|
144
|
+
end
|
145
|
+
|
146
|
+
{
|
147
|
+
path: (file.symlink_target ||
|
148
|
+
file.path).sub(%r{^/}, ""),
|
149
|
+
mode: "100644",
|
150
|
+
type: "blob"
|
151
|
+
}.merge(content)
|
143
152
|
end
|
144
153
|
end
|
145
154
|
|
@@ -178,6 +178,7 @@ module Dependabot
|
|
178
178
|
)
|
179
179
|
end
|
180
180
|
|
181
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
181
182
|
def self.configure_git_credentials(credentials)
|
182
183
|
# Then add a file-based credential store that loads a file in this repo.
|
183
184
|
# Under the hood this uses git credential-store, but it's invoked through
|
@@ -221,6 +222,7 @@ module Dependabot
|
|
221
222
|
# Save the file
|
222
223
|
File.write("git.store", git_store_content)
|
223
224
|
end
|
225
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
224
226
|
|
225
227
|
def self.reset_git_repo(path)
|
226
228
|
Dir.chdir(path) do
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.119.
|
4
|
+
version: 0.119.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -292,14 +292,14 @@ dependencies:
|
|
292
292
|
requirements:
|
293
293
|
- - "~>"
|
294
294
|
- !ruby/object:Gem::Version
|
295
|
-
version: 0.
|
295
|
+
version: 0.90.0
|
296
296
|
type: :development
|
297
297
|
prerelease: false
|
298
298
|
version_requirements: !ruby/object:Gem::Requirement
|
299
299
|
requirements:
|
300
300
|
- - "~>"
|
301
301
|
- !ruby/object:Gem::Version
|
302
|
-
version: 0.
|
302
|
+
version: 0.90.0
|
303
303
|
- !ruby/object:Gem::Dependency
|
304
304
|
name: vcr
|
305
305
|
requirement: !ruby/object:Gem::Requirement
|
@@ -393,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
393
393
|
licenses:
|
394
394
|
- Nonstandard
|
395
395
|
metadata: {}
|
396
|
-
post_install_message:
|
396
|
+
post_install_message:
|
397
397
|
rdoc_options: []
|
398
398
|
require_paths:
|
399
399
|
- lib
|
@@ -408,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
408
408
|
- !ruby/object:Gem::Version
|
409
409
|
version: 2.7.3
|
410
410
|
requirements: []
|
411
|
-
rubygems_version: 3.1.
|
412
|
-
signing_key:
|
411
|
+
rubygems_version: 3.1.2
|
412
|
+
signing_key:
|
413
413
|
specification_version: 4
|
414
414
|
summary: Shared code used between Dependabot package managers
|
415
415
|
test_files: []
|