dependabot-common 0.119.5 → 0.120.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +15 -10
- data/lib/dependabot/git_metadata_fetcher.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +16 -3
- data/lib/dependabot/pull_request_creator/azure.rb +6 -6
- data/lib/dependabot/pull_request_creator/github.rb +38 -8
- data/lib/dependabot/pull_request_creator/message_builder.rb +20 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +11 -24
- data/lib/dependabot/shared_helpers.rb +19 -3
- data/lib/dependabot/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e86bdfc4f410dbf077edfcea229a0125e0e6f56f3f78c02e8a0dcd082cf50445
|
4
|
+
data.tar.gz: e2ec62b6b2d8e487286014b21e87a021d169a518639010d33ab80b3030f8d3af
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 379aadb5ac467e6d8b31fc771f112a2d9590889ab2438326617e6f19f93c2fddc5b20a9fdff7454ef4c870ea849054b15672fb27fbbe99304f33a895bdd91357
|
7
|
+
data.tar.gz: 966790a0b7977b710db805c819b8952c85bad3d6fb87429a3aa8d300bdce13b2381ee3b9cfc184250f1735ee19281d01841fe7eefaad0fc7c40b2a8d33b1d4f5
|
@@ -153,8 +153,9 @@ module Dependabot
|
|
153
153
|
"/pushes?api-version=5.0", content.to_json)
|
154
154
|
end
|
155
155
|
|
156
|
+
# rubocop:disable Metrics/ParameterLists
|
156
157
|
def create_pull_request(pr_name, source_branch, target_branch,
|
157
|
-
pr_description, labels)
|
158
|
+
pr_description, labels, work_item = nil)
|
158
159
|
# Azure DevOps only support descriptions up to 4000 characters
|
159
160
|
# https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
|
160
161
|
azure_max_length = 3999
|
@@ -163,13 +164,15 @@ module Dependabot
|
|
163
164
|
truncate_length = azure_max_length - truncated_msg.length
|
164
165
|
pr_description = pr_description[0..truncate_length] + truncated_msg
|
165
166
|
end
|
167
|
+
# rubocop:enable Metrics/ParameterLists
|
166
168
|
|
167
169
|
content = {
|
168
170
|
sourceRefName: "refs/heads/" + source_branch,
|
169
171
|
targetRefName: "refs/heads/" + target_branch,
|
170
172
|
title: pr_name,
|
171
173
|
description: pr_description,
|
172
|
-
labels: labels.map { |label| { name: label } }
|
174
|
+
labels: labels.map { |label| { name: label } },
|
175
|
+
workItemRefs: [{ id: work_item }]
|
173
176
|
}
|
174
177
|
|
175
178
|
post(source.api_endpoint +
|
@@ -181,11 +184,12 @@ module Dependabot
|
|
181
184
|
def get(url)
|
182
185
|
response = Excon.get(
|
183
186
|
url,
|
184
|
-
headers: auth_header,
|
185
187
|
user: credentials&.fetch("username", nil),
|
186
188
|
password: credentials&.fetch("password", nil),
|
187
189
|
idempotent: true,
|
188
|
-
**SharedHelpers.excon_defaults
|
190
|
+
**SharedHelpers.excon_defaults(
|
191
|
+
headers: auth_header
|
192
|
+
)
|
189
193
|
)
|
190
194
|
raise NotFound if response.status == 404
|
191
195
|
|
@@ -195,16 +199,17 @@ module Dependabot
|
|
195
199
|
def post(url, json)
|
196
200
|
response = Excon.post(
|
197
201
|
url,
|
198
|
-
headers: auth_header.merge(
|
199
|
-
{
|
200
|
-
"Content-Type" => "application/json"
|
201
|
-
}
|
202
|
-
),
|
203
202
|
body: json,
|
204
203
|
user: credentials&.fetch("username", nil),
|
205
204
|
password: credentials&.fetch("password", nil),
|
206
205
|
idempotent: true,
|
207
|
-
**SharedHelpers.excon_defaults
|
206
|
+
**SharedHelpers.excon_defaults(
|
207
|
+
headers: auth_header.merge(
|
208
|
+
{
|
209
|
+
"Content-Type" => "application/json"
|
210
|
+
}
|
211
|
+
)
|
212
|
+
)
|
208
213
|
)
|
209
214
|
raise NotFound if response.status == 404
|
210
215
|
|
@@ -17,13 +17,23 @@ module Dependabot
|
|
17
17
|
class RepoDisabled < StandardError; end
|
18
18
|
class NoHistoryInCommon < StandardError; end
|
19
19
|
|
20
|
+
# AnnotationError is raised if a PR was created, but failed annotation
|
21
|
+
class AnnotationError < StandardError
|
22
|
+
attr_reader :cause, :pull_request
|
23
|
+
def initialize(cause, pull_request)
|
24
|
+
super(cause.message)
|
25
|
+
@cause = cause
|
26
|
+
@pull_request = pull_request
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
20
30
|
attr_reader :source, :dependencies, :files, :base_commit,
|
21
31
|
:credentials, :pr_message_header, :pr_message_footer,
|
22
32
|
:custom_labels, :author_details, :signature_key,
|
23
33
|
:commit_message_options, :vulnerabilities_fixed,
|
24
34
|
:reviewers, :assignees, :milestone, :branch_name_separator,
|
25
35
|
:branch_name_prefix, :github_redirection_service,
|
26
|
-
:custom_headers
|
36
|
+
:custom_headers, :provider_metadata
|
27
37
|
|
28
38
|
def initialize(source:, base_commit:, dependencies:, files:, credentials:,
|
29
39
|
pr_message_header: nil, pr_message_footer: nil,
|
@@ -33,7 +43,8 @@ module Dependabot
|
|
33
43
|
branch_name_separator: "/", branch_name_prefix: "dependabot",
|
34
44
|
label_language: false, automerge_candidate: false,
|
35
45
|
github_redirection_service: "github-redirect.dependabot.com",
|
36
|
-
custom_headers: nil, require_up_to_date_base: false
|
46
|
+
custom_headers: nil, require_up_to_date_base: false,
|
47
|
+
provider_metadata: {})
|
37
48
|
@dependencies = dependencies
|
38
49
|
@source = source
|
39
50
|
@base_commit = base_commit
|
@@ -56,6 +67,7 @@ module Dependabot
|
|
56
67
|
@github_redirection_service = github_redirection_service
|
57
68
|
@custom_headers = custom_headers
|
58
69
|
@require_up_to_date_base = require_up_to_date_base
|
70
|
+
@provider_metadata = provider_metadata
|
59
71
|
|
60
72
|
check_dependencies_have_previous_version
|
61
73
|
end
|
@@ -142,7 +154,8 @@ module Dependabot
|
|
142
154
|
pr_description: message_builder.pr_message,
|
143
155
|
pr_name: message_builder.pr_name,
|
144
156
|
author_details: author_details,
|
145
|
-
labeler: labeler
|
157
|
+
labeler: labeler,
|
158
|
+
work_item: provider_metadata&.fetch(:work_item, nil)
|
146
159
|
)
|
147
160
|
end
|
148
161
|
|
@@ -8,11 +8,11 @@ module Dependabot
|
|
8
8
|
class Azure
|
9
9
|
attr_reader :source, :branch_name, :base_commit, :credentials,
|
10
10
|
:files, :commit_message, :pr_description, :pr_name,
|
11
|
-
:author_details, :labeler
|
11
|
+
:author_details, :labeler, :work_item
|
12
12
|
|
13
13
|
def initialize(source:, branch_name:, base_commit:, credentials:,
|
14
14
|
files:, commit_message:, pr_description:, pr_name:,
|
15
|
-
author_details:, labeler:)
|
15
|
+
author_details:, labeler:, work_item: nil)
|
16
16
|
@source = source
|
17
17
|
@branch_name = branch_name
|
18
18
|
@base_commit = base_commit
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
23
23
|
@pr_name = pr_name
|
24
24
|
@author_details = author_details
|
25
25
|
@labeler = labeler
|
26
|
+
@work_item = work_item
|
26
27
|
end
|
27
28
|
|
28
29
|
def create
|
@@ -46,9 +47,7 @@ module Dependabot
|
|
46
47
|
end
|
47
48
|
|
48
49
|
def branch_exists?
|
49
|
-
|
50
|
-
|
51
|
-
@branch_ref
|
50
|
+
azure_client_for_source.branch(branch_name)
|
52
51
|
rescue ::Azure::Error::NotFound
|
53
52
|
false
|
54
53
|
end
|
@@ -79,7 +78,8 @@ module Dependabot
|
|
79
78
|
branch_name,
|
80
79
|
source.branch || default_branch,
|
81
80
|
pr_description,
|
82
|
-
labeler.labels_for_pr
|
81
|
+
labeler.labels_for_pr,
|
82
|
+
work_item
|
83
83
|
)
|
84
84
|
end
|
85
85
|
|
@@ -7,6 +7,7 @@ require "dependabot/pull_request_creator"
|
|
7
7
|
require "dependabot/pull_request_creator/commit_signer"
|
8
8
|
module Dependabot
|
9
9
|
class PullRequestCreator
|
10
|
+
# rubocop:disable Metrics/ClassLength
|
10
11
|
class Github
|
11
12
|
attr_reader :source, :branch_name, :base_commit, :credentials,
|
12
13
|
:files, :pr_description, :pr_name, :commit_message,
|
@@ -41,7 +42,7 @@ module Dependabot
|
|
41
42
|
return if require_up_to_date_base? && !base_commit_is_up_to_date?
|
42
43
|
|
43
44
|
create_annotated_pull_request
|
44
|
-
rescue Octokit::Error => e
|
45
|
+
rescue AnnotationError, Octokit::Error => e
|
45
46
|
handle_error(e)
|
46
47
|
end
|
47
48
|
|
@@ -111,7 +112,11 @@ module Dependabot
|
|
111
112
|
pull_request = create_pull_request
|
112
113
|
return unless pull_request
|
113
114
|
|
114
|
-
|
115
|
+
begin
|
116
|
+
annotate_pull_request(pull_request)
|
117
|
+
rescue StandardError => e
|
118
|
+
raise AnnotationError.new(e, pull_request)
|
119
|
+
end
|
115
120
|
|
116
121
|
pull_request
|
117
122
|
end
|
@@ -417,24 +422,49 @@ module Dependabot
|
|
417
422
|
end
|
418
423
|
|
419
424
|
def handle_error(err)
|
420
|
-
case err
|
425
|
+
cause = case err
|
426
|
+
when AnnotationError
|
427
|
+
err.cause
|
428
|
+
else
|
429
|
+
err
|
430
|
+
end
|
431
|
+
|
432
|
+
case cause
|
421
433
|
when Octokit::Forbidden
|
422
|
-
|
423
|
-
|
434
|
+
if err.message.include?("disabled")
|
435
|
+
raise_custom_error err, RepoDisabled, err.message
|
436
|
+
elsif err.message.include?("archived")
|
437
|
+
raise_custom_error err, RepoArchived, err.message
|
438
|
+
end
|
424
439
|
|
425
440
|
raise err
|
426
441
|
when Octokit::NotFound
|
427
442
|
raise err if repo_exists?
|
428
443
|
|
429
|
-
|
444
|
+
raise_custom_error err, RepoNotFound, err.message
|
430
445
|
when Octokit::UnprocessableEntity
|
431
|
-
|
446
|
+
if err.message.include?("no history in common")
|
447
|
+
raise_custom_error err, NoHistoryInCommon, err.message
|
448
|
+
end
|
432
449
|
|
433
|
-
raise
|
450
|
+
raise err
|
434
451
|
else
|
435
452
|
raise err
|
436
453
|
end
|
437
454
|
end
|
455
|
+
|
456
|
+
def raise_custom_error(base_err, type, message)
|
457
|
+
case base_err
|
458
|
+
when AnnotationError
|
459
|
+
raise AnnotationError.new(
|
460
|
+
type.new(message),
|
461
|
+
base_err.pull_request
|
462
|
+
)
|
463
|
+
else
|
464
|
+
raise type, message
|
465
|
+
end
|
466
|
+
end
|
438
467
|
end
|
468
|
+
# rubocop:enable Metrics/ClassLength
|
439
469
|
end
|
440
470
|
end
|
@@ -323,10 +323,30 @@ module Dependabot
|
|
323
323
|
).to_s
|
324
324
|
end
|
325
325
|
|
326
|
+
def changelog_url(dependency)
|
327
|
+
metadata_finder(dependency).changelog_url
|
328
|
+
end
|
329
|
+
|
330
|
+
def commits_url(dependency)
|
331
|
+
metadata_finder(dependency).commits_url
|
332
|
+
end
|
333
|
+
|
334
|
+
def homepage_url(dependency)
|
335
|
+
metadata_finder(dependency).homepage_url
|
336
|
+
end
|
337
|
+
|
338
|
+
def releases_url(dependency)
|
339
|
+
metadata_finder(dependency).releases_url
|
340
|
+
end
|
341
|
+
|
326
342
|
def source_url(dependency)
|
327
343
|
metadata_finder(dependency).source_url
|
328
344
|
end
|
329
345
|
|
346
|
+
def upgrade_url(dependency)
|
347
|
+
metadata_finder(dependency).upgrade_guide_url
|
348
|
+
end
|
349
|
+
|
330
350
|
def metadata_finder(dependency)
|
331
351
|
@metadata_finder ||= {}
|
332
352
|
@metadata_finder[dependency.name] ||=
|
@@ -65,16 +65,7 @@ module Dependabot
|
|
65
65
|
|
66
66
|
msg = "*Sourced from [#{dependency.display_name}'s releases]"\
|
67
67
|
"(#{releases_url}).*\n\n"
|
68
|
-
msg +=
|
69
|
-
begin
|
70
|
-
release_note_lines = releases_text.split("\n").first(50)
|
71
|
-
release_note_lines =
|
72
|
-
release_note_lines.map { |line| "> #{line}\n" }
|
73
|
-
if release_note_lines.count == 50
|
74
|
-
release_note_lines << truncated_line
|
75
|
-
end
|
76
|
-
release_note_lines.join
|
77
|
-
end
|
68
|
+
msg += quote_and_truncate(releases_text)
|
78
69
|
msg = link_issues(text: msg)
|
79
70
|
msg = fix_relative_links(
|
80
71
|
text: msg,
|
@@ -92,13 +83,7 @@ module Dependabot
|
|
92
83
|
msg = "*Sourced from "\
|
93
84
|
"[#{dependency.display_name}'s changelog]"\
|
94
85
|
"(#{changelog_url}).*\n\n"
|
95
|
-
msg +=
|
96
|
-
begin
|
97
|
-
changelog_lines = changelog_text.split("\n").first(50)
|
98
|
-
changelog_lines = changelog_lines.map { |line| "> #{line}\n" }
|
99
|
-
changelog_lines << truncated_line if changelog_lines.count == 50
|
100
|
-
changelog_lines.join
|
101
|
-
end
|
86
|
+
msg += quote_and_truncate(changelog_text)
|
102
87
|
msg = link_issues(text: msg)
|
103
88
|
msg = fix_relative_links(text: msg, base_url: changelog_url)
|
104
89
|
msg = sanitize_template_tags(msg)
|
@@ -113,13 +98,7 @@ module Dependabot
|
|
113
98
|
msg = "*Sourced from "\
|
114
99
|
"[#{dependency.display_name}'s upgrade guide]"\
|
115
100
|
"(#{upgrade_guide_url}).*\n\n"
|
116
|
-
msg +=
|
117
|
-
begin
|
118
|
-
upgrade_lines = upgrade_guide_text.split("\n").first(50)
|
119
|
-
upgrade_lines = upgrade_lines.map { |line| "> #{line}\n" }
|
120
|
-
upgrade_lines << truncated_line if upgrade_lines.count == 50
|
121
|
-
upgrade_lines.join
|
122
|
-
end
|
101
|
+
msg += quote_and_truncate(upgrade_guide_text)
|
123
102
|
msg = link_issues(text: msg)
|
124
103
|
msg = fix_relative_links(text: msg, base_url: upgrade_guide_url)
|
125
104
|
msg = sanitize_template_tags(msg)
|
@@ -245,6 +224,14 @@ module Dependabot
|
|
245
224
|
end
|
246
225
|
end
|
247
226
|
|
227
|
+
def quote_and_truncate(text, limit: 50)
|
228
|
+
lines = text.split("\n")
|
229
|
+
lines.first(limit).tap do |limited_lines|
|
230
|
+
limited_lines.map! { |line| "> #{line}\n" }
|
231
|
+
limited_lines << truncated_line if lines.count > limit
|
232
|
+
end.join
|
233
|
+
end
|
234
|
+
|
248
235
|
def truncated_line
|
249
236
|
# Tables can spill out of truncated details, so we close them
|
250
237
|
"></tr></table> \n ... (truncated)\n"
|
@@ -8,11 +8,17 @@ require "digest"
|
|
8
8
|
require "open3"
|
9
9
|
require "shellwords"
|
10
10
|
|
11
|
+
require "dependabot/version"
|
12
|
+
|
11
13
|
module Dependabot
|
12
14
|
module SharedHelpers
|
13
15
|
BUMP_TMP_FILE_PREFIX = "dependabot_"
|
14
16
|
BUMP_TMP_DIR_PATH = "tmp"
|
15
17
|
GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
|
18
|
+
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
|
19
|
+
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
|
20
|
+
"(#{RUBY_PLATFORM}) "\
|
21
|
+
"(+https://github.com/dependabot/dependabot-core)"
|
16
22
|
|
17
23
|
class ChildProcessFailed < StandardError
|
18
24
|
attr_reader :error_class, :error_message, :error_backtrace
|
@@ -138,14 +144,24 @@ module Dependabot
|
|
138
144
|
[Excon::Middleware::RedirectFollower]
|
139
145
|
end
|
140
146
|
|
141
|
-
def self.
|
147
|
+
def self.excon_headers(headers = nil)
|
148
|
+
headers ||= {}
|
149
|
+
{
|
150
|
+
"User-Agent" => USER_AGENT
|
151
|
+
}.merge(headers)
|
152
|
+
end
|
153
|
+
|
154
|
+
def self.excon_defaults(options = nil)
|
155
|
+
options ||= {}
|
156
|
+
headers = options.delete(:headers)
|
142
157
|
{
|
143
158
|
connect_timeout: 5,
|
144
159
|
write_timeout: 5,
|
145
160
|
read_timeout: 20,
|
146
161
|
omit_default_port: true,
|
147
|
-
middlewares: excon_middleware
|
148
|
-
|
162
|
+
middlewares: excon_middleware,
|
163
|
+
headers: excon_headers(headers)
|
164
|
+
}.merge(options)
|
149
165
|
end
|
150
166
|
|
151
167
|
def self.with_git_configured(credentials:)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.120.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -292,14 +292,14 @@ dependencies:
|
|
292
292
|
requirements:
|
293
293
|
- - "~>"
|
294
294
|
- !ruby/object:Gem::Version
|
295
|
-
version: 0.
|
295
|
+
version: 0.91.0
|
296
296
|
type: :development
|
297
297
|
prerelease: false
|
298
298
|
version_requirements: !ruby/object:Gem::Requirement
|
299
299
|
requirements:
|
300
300
|
- - "~>"
|
301
301
|
- !ruby/object:Gem::Version
|
302
|
-
version: 0.
|
302
|
+
version: 0.91.0
|
303
303
|
- !ruby/object:Gem::Dependency
|
304
304
|
name: vcr
|
305
305
|
requirement: !ruby/object:Gem::Requirement
|