dependabot-common 0.119.0.beta1 → 0.119.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of dependabot-common might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 80651d092678ba4841245e6a4fc002dfba1ab3b2e1a46ed84882885ece8e4989
4
- data.tar.gz: f8a26ab2da34de5159d7a94d53a0d81d6f490c7ef8e045dca662bfec0d024dd8
3
+ metadata.gz: c084a2dd6045074bdde8be081749cf0bb32dc4fcaa99b07bf6eea049cd798dd6
4
+ data.tar.gz: 3201d221483932d06cadd03304dcb8b65561bc1778d3aefca45416fc260e94cf
5
5
  SHA512:
6
- metadata.gz: efe477821294e613b73ff714056185aa7c8bfaa1133e833d0c9b10ec45316de0937245faa87b81566b5fd4fa671463908e2079a65803eee032cd3028f8070304
7
- data.tar.gz: 5b3e6f20b0df041c73eb3f5313474d62910d283748a46c4b5808123c41b6d8ec4a0d213ab33667f9770ff1a9502f6a2906e0ddaec09892e8b37ed167843e032d
6
+ metadata.gz: 68a073b8397b7128e2f63076267e1f3efb4b7c3501674e7e657ac4ee3a6cd8e5d8f55e7cb368758045dddbb179289ec7a6a45f1eeca2d8376c9b9758d8ca8577
7
+ data.tar.gz: bc1cddb30b8d543019e3434963b224f3feb58cf50abe19b9a360606db3ba4340fcb8d007716302b29a9e25a79e305590b060285e19aa139a6c186203b81ca534
@@ -28,6 +28,7 @@ module Dependabot
28
28
  def initialize(source, credentials)
29
29
  @source = source
30
30
  @credentials = credentials
31
+ @auth_header = auth_header_for(credentials&.fetch("token", nil))
31
32
  end
32
33
 
33
34
  def fetch_commit(_repo, branch)
@@ -180,8 +181,9 @@ module Dependabot
180
181
  def get(url)
181
182
  response = Excon.get(
182
183
  url,
183
- user: credentials&.fetch("username"),
184
- password: credentials&.fetch("password"),
184
+ headers: auth_header,
185
+ user: credentials&.fetch("username", nil),
186
+ password: credentials&.fetch("password", nil),
185
187
  idempotent: true,
186
188
  **SharedHelpers.excon_defaults
187
189
  )
@@ -193,12 +195,14 @@ module Dependabot
193
195
  def post(url, json)
194
196
  response = Excon.post(
195
197
  url,
196
- headers: {
197
- "Content-Type" => "application/json"
198
- },
198
+ headers: auth_header.merge(
199
+ {
200
+ "Content-Type" => "application/json"
201
+ }
202
+ ),
199
203
  body: json,
200
- user: credentials&.fetch("username"),
201
- password: credentials&.fetch("password"),
204
+ user: credentials&.fetch("username", nil),
205
+ password: credentials&.fetch("password", nil),
202
206
  idempotent: true,
203
207
  **SharedHelpers.excon_defaults
204
208
  )
@@ -209,6 +213,21 @@ module Dependabot
209
213
 
210
214
  private
211
215
 
216
+ def auth_header_for(token)
217
+ return {} unless token
218
+
219
+ if token.include?(":")
220
+ encoded_token = Base64.encode64(token).delete("\n")
221
+ { "Authorization" => "Basic #{encoded_token}" }
222
+ elsif Base64.decode64(token).ascii_only? &&
223
+ Base64.decode64(token).include?(":")
224
+ { "Authorization" => "Basic #{token.delete("\n")}" }
225
+ else
226
+ { "Authorization" => "Bearer #{token}" }
227
+ end
228
+ end
229
+
230
+ attr_reader :auth_header
212
231
  attr_reader :credentials
213
232
  attr_reader :source
214
233
  end
@@ -83,6 +83,12 @@ module Dependabot
83
83
  content_encoding == ContentEncoding::BASE64
84
84
  end
85
85
 
86
+ def decoded_content
87
+ return Base64.decode64(content) if binary?
88
+
89
+ content
90
+ end
91
+
86
92
  private
87
93
 
88
94
  def clean_directory(directory)
@@ -428,12 +428,16 @@ module Dependabot
428
428
  def _clone_repo_contents(target_directory:)
429
429
  SharedHelpers.with_git_configured(credentials: credentials) do
430
430
  path = target_directory || File.join("tmp", source.repo)
431
+ # Assume we're retrying the same branch, or that a `target_directory`
432
+ # is specified when retrying a different branch.
431
433
  return path if Dir.exist?(File.join(path, ".git"))
432
434
 
433
435
  FileUtils.mkdir_p(path)
434
436
  br_opt = " --branch=#{source.branch} --single-branch" if source.branch
435
437
  SharedHelpers.run_shell_command(
436
- "git clone --depth=1#{br_opt} #{source.url} #{path}"
438
+ <<~CMD
439
+ git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
440
+ CMD
437
441
  )
438
442
  path
439
443
  end
@@ -60,7 +60,6 @@ module Dependabot
60
60
  dependencies.find { |d| d.name&.downcase == name&.downcase }
61
61
  end
62
62
 
63
- # rubocop:disable Metrics/PerceivedComplexity
64
63
  def combined_dependency(old_dep, new_dep)
65
64
  package_manager = old_dep.package_manager
66
65
  v_cls = Utils.version_class_for_package_manager(package_manager)
@@ -89,8 +88,6 @@ module Dependabot
89
88
  subdependency_metadata: subdependency_metadata
90
89
  )
91
90
  end
92
-
93
- # rubocop:enable Metrics/PerceivedComplexity
94
91
  end
95
92
  end
96
93
  end
@@ -86,6 +86,7 @@ module Dependabot
86
86
  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
87
87
  end
88
88
 
89
+ # rubocop:disable Metrics/PerceivedComplexity
89
90
  def local_tag_for_latest_version
90
91
  tags =
91
92
  local_tags.
@@ -114,6 +115,7 @@ module Dependabot
114
115
  tag_sha: tag.tag_sha
115
116
  }
116
117
  end
118
+ # rubocop:enable Metrics/PerceivedComplexity
117
119
 
118
120
  def git_repo_reachable?
119
121
  local_upload_pack
@@ -143,6 +143,7 @@ module Dependabot
143
143
  select_best_changelog(files)
144
144
  end
145
145
 
146
+ # rubocop:disable Metrics/PerceivedComplexity
146
147
  def select_best_changelog(files)
147
148
  CHANGELOG_NAMES.each do |name|
148
149
  candidates = files.select { |f| f.name =~ /#{name}/i }
@@ -163,6 +164,7 @@ module Dependabot
163
164
 
164
165
  nil
165
166
  end
167
+ # rubocop:enable Metrics/PerceivedComplexity
166
168
 
167
169
  def tag_for_new_version
168
170
  @tag_for_new_version ||=
@@ -21,7 +21,6 @@ module Dependabot
21
21
  !old_version_changelog_line.nil?
22
22
  end
23
23
 
24
- # rubocop:disable Metrics/PerceivedComplexity
25
24
  def pruned_text
26
25
  changelog_lines = changelog_text.split("\n")
27
26
 
@@ -51,7 +50,6 @@ module Dependabot
51
50
 
52
51
  changelog_lines.slice(slice_range).join("\n").sub(/\n*\z/, "")
53
52
  end
54
- # rubocop:enable Metrics/PerceivedComplexity
55
53
 
56
54
  private
57
55
 
@@ -116,7 +116,6 @@ module Dependabot
116
116
  gsub(",", "-and-")
117
117
  end
118
118
 
119
- # rubocop:disable Metrics/PerceivedComplexity
120
119
  def new_version(dependency)
121
120
  # Version looks like a git SHA and we could be updating to a specific
122
121
  # ref in which case we return that otherwise we return a shorthand sha
@@ -135,7 +134,6 @@ module Dependabot
135
134
  dependency.version
136
135
  end
137
136
  end
138
- # rubocop:enable Metrics/PerceivedComplexity
139
137
 
140
138
  def previous_ref(dependency)
141
139
  previous_refs = dependency.previous_requirements.map do |r|
@@ -51,6 +51,7 @@ module Dependabot
51
51
  @require_up_to_date_base
52
52
  end
53
53
 
54
+ # rubocop:disable Metrics/PerceivedComplexity
54
55
  def branch_exists?(name)
55
56
  git_metadata_fetcher.ref_names.include?(name)
56
57
  rescue Dependabot::GitDependenciesNotReachable => e
@@ -66,6 +67,7 @@ module Dependabot
66
67
  retrying = true
67
68
  retry
68
69
  end
70
+ # rubocop:enable Metrics/PerceivedComplexity
69
71
 
70
72
  def unmerged_pull_request_exists?
71
73
  pull_requests_for_branch.reject(&:merged).any?
@@ -170,13 +172,13 @@ module Dependabot
170
172
  sha: file.content
171
173
  }
172
174
  else
173
- content = if file.binary?
175
+ content = if file.deleted?
176
+ { sha: nil }
177
+ elsif file.binary?
174
178
  sha = github_client_for_source.create_blob(
175
179
  source.repo, file.content, "base64"
176
180
  )
177
181
  { sha: sha }
178
- elsif file.deleted?
179
- { sha: nil }
180
182
  else
181
183
  { content: file.content }
182
184
  end
@@ -113,6 +113,7 @@ module Dependabot
113
113
  end.min
114
114
  end
115
115
 
116
+ # rubocop:disable Metrics/PerceivedComplexity
116
117
  def version(dep)
117
118
  return dep.version if version_class.correct?(dep.version)
118
119
 
@@ -127,7 +128,9 @@ module Dependabot
127
128
 
128
129
  version_from_ref
129
130
  end
131
+ # rubocop:enable Metrics/PerceivedComplexity
130
132
 
133
+ # rubocop:disable Metrics/PerceivedComplexity
131
134
  def previous_version(dep)
132
135
  version_str = dep.previous_version
133
136
  return version_str if version_class.correct?(version_str)
@@ -144,6 +147,7 @@ module Dependabot
144
147
 
145
148
  version_from_ref
146
149
  end
150
+ # rubocop:enable Metrics/PerceivedComplexity
147
151
 
148
152
  def create_default_dependencies_label_if_required
149
153
  return if custom_labels
@@ -567,7 +567,6 @@ module Dependabot
567
567
  )
568
568
  end
569
569
 
570
- # rubocop:disable Metrics/PerceivedComplexity
571
570
  def previous_version(dependency)
572
571
  # If we don't have a previous version, we *may* still be able to figure
573
572
  # one out if a ref was provided and has been changed (in which case the
@@ -590,7 +589,6 @@ module Dependabot
590
589
  dependency.previous_version
591
590
  end
592
591
  end
593
- # rubocop:enable Metrics/PerceivedComplexity
594
592
 
595
593
  def new_version(dependency)
596
594
  if dependency.version.match?(/^[0-9a-f]{40}$/)
@@ -58,7 +58,6 @@ module Dependabot
58
58
  end
59
59
  end
60
60
 
61
- # rubocop:disable Metrics/PerceivedComplexity
62
61
  def sanitize_links(doc)
63
62
  doc.walk do |node|
64
63
  if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
@@ -81,7 +80,6 @@ module Dependabot
81
80
  end
82
81
  end
83
82
  end
84
- # rubocop:enable Metrics/PerceivedComplexity
85
83
 
86
84
  def replace_github_host(text)
87
85
  text.gsub(
@@ -172,6 +172,7 @@ module Dependabot
172
172
  last_dependabot_commit_message&.split(/[:(]/)&.first
173
173
  end
174
174
 
175
+ # rubocop:disable Metrics/PerceivedComplexity
175
176
  def using_angular_commit_messages?
176
177
  return false if recent_commit_messages.none?
177
178
 
@@ -202,6 +203,7 @@ module Dependabot
202
203
 
203
204
  true
204
205
  end
206
+ # rubocop:enable Metrics/PerceivedComplexity
205
207
 
206
208
  def using_eslint_commit_messages?
207
209
  return false if recent_commit_messages.none?
@@ -124,14 +124,7 @@ module Dependabot
124
124
 
125
125
  def create_tree
126
126
  file_trees = files.map do |file|
127
- if %w(file symlink).include?(file.type)
128
- {
129
- path: (file.symlink_target || file.path).sub(%r{^/}, ""),
130
- mode: "100644",
131
- type: "blob",
132
- content: file.content
133
- }
134
- elsif file.type == "submodule"
127
+ if file.type == "submodule"
135
128
  {
136
129
  path: file.path.sub(%r{^/}, ""),
137
130
  mode: "160000",
@@ -139,7 +132,23 @@ module Dependabot
139
132
  sha: file.content
140
133
  }
141
134
  else
142
- raise "Unknown file type #{file.type}"
135
+ content = if file.deleted?
136
+ { sha: nil }
137
+ elsif file.binary?
138
+ sha = github_client_for_source.create_blob(
139
+ source.repo, file.content, "base64"
140
+ )
141
+ { sha: sha }
142
+ else
143
+ { content: file.content }
144
+ end
145
+
146
+ {
147
+ path: (file.symlink_target ||
148
+ file.path).sub(%r{^/}, ""),
149
+ mode: "100644",
150
+ type: "blob"
151
+ }.merge(content)
143
152
  end
144
153
  end
145
154
 
@@ -178,6 +178,7 @@ module Dependabot
178
178
  )
179
179
  end
180
180
 
181
+ # rubocop:disable Metrics/PerceivedComplexity
181
182
  def self.configure_git_credentials(credentials)
182
183
  # Then add a file-based credential store that loads a file in this repo.
183
184
  # Under the hood this uses git credential-store, but it's invoked through
@@ -221,6 +222,7 @@ module Dependabot
221
222
  # Save the file
222
223
  File.write("git.store", git_store_content)
223
224
  end
225
+ # rubocop:enable Metrics/PerceivedComplexity
224
226
 
225
227
  def self.reset_git_repo(path)
226
228
  Dir.chdir(path) do
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.119.0.beta1"
4
+ VERSION = "0.119.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.119.0.beta1
4
+ version: 0.119.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2020-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -292,14 +292,14 @@ dependencies:
292
292
  requirements:
293
293
  - - "~>"
294
294
  - !ruby/object:Gem::Version
295
- version: 0.88.0
295
+ version: 0.90.0
296
296
  type: :development
297
297
  prerelease: false
298
298
  version_requirements: !ruby/object:Gem::Requirement
299
299
  requirements:
300
300
  - - "~>"
301
301
  - !ruby/object:Gem::Version
302
- version: 0.88.0
302
+ version: 0.90.0
303
303
  - !ruby/object:Gem::Dependency
304
304
  name: vcr
305
305
  requirement: !ruby/object:Gem::Requirement
@@ -393,7 +393,7 @@ homepage: https://github.com/dependabot/dependabot-core
393
393
  licenses:
394
394
  - Nonstandard
395
395
  metadata: {}
396
- post_install_message:
396
+ post_install_message:
397
397
  rdoc_options: []
398
398
  require_paths:
399
399
  - lib
@@ -408,8 +408,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
408
408
  - !ruby/object:Gem::Version
409
409
  version: 2.7.3
410
410
  requirements: []
411
- rubygems_version: 3.1.4
412
- signing_key:
411
+ rubygems_version: 3.1.2
412
+ signing_key:
413
413
  specification_version: 4
414
414
  summary: Shared code used between Dependabot package managers
415
415
  test_files: []