dependabot-common 0.119.5 → 0.120.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +15 -10
- data/lib/dependabot/git_metadata_fetcher.rb +1 -1
- data/lib/dependabot/pull_request_creator.rb +16 -3
- data/lib/dependabot/pull_request_creator/azure.rb +6 -6
- data/lib/dependabot/pull_request_creator/github.rb +38 -8
- data/lib/dependabot/pull_request_creator/message_builder.rb +20 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +11 -24
- data/lib/dependabot/shared_helpers.rb +19 -3
- data/lib/dependabot/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e86bdfc4f410dbf077edfcea229a0125e0e6f56f3f78c02e8a0dcd082cf50445
|
|
4
|
+
data.tar.gz: e2ec62b6b2d8e487286014b21e87a021d169a518639010d33ab80b3030f8d3af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 379aadb5ac467e6d8b31fc771f112a2d9590889ab2438326617e6f19f93c2fddc5b20a9fdff7454ef4c870ea849054b15672fb27fbbe99304f33a895bdd91357
|
|
7
|
+
data.tar.gz: 966790a0b7977b710db805c819b8952c85bad3d6fb87429a3aa8d300bdce13b2381ee3b9cfc184250f1735ee19281d01841fe7eefaad0fc7c40b2a8d33b1d4f5
|
|
@@ -153,8 +153,9 @@ module Dependabot
|
|
|
153
153
|
"/pushes?api-version=5.0", content.to_json)
|
|
154
154
|
end
|
|
155
155
|
|
|
156
|
+
# rubocop:disable Metrics/ParameterLists
|
|
156
157
|
def create_pull_request(pr_name, source_branch, target_branch,
|
|
157
|
-
pr_description, labels)
|
|
158
|
+
pr_description, labels, work_item = nil)
|
|
158
159
|
# Azure DevOps only support descriptions up to 4000 characters
|
|
159
160
|
# https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
|
|
160
161
|
azure_max_length = 3999
|
|
@@ -163,13 +164,15 @@ module Dependabot
|
|
|
163
164
|
truncate_length = azure_max_length - truncated_msg.length
|
|
164
165
|
pr_description = pr_description[0..truncate_length] + truncated_msg
|
|
165
166
|
end
|
|
167
|
+
# rubocop:enable Metrics/ParameterLists
|
|
166
168
|
|
|
167
169
|
content = {
|
|
168
170
|
sourceRefName: "refs/heads/" + source_branch,
|
|
169
171
|
targetRefName: "refs/heads/" + target_branch,
|
|
170
172
|
title: pr_name,
|
|
171
173
|
description: pr_description,
|
|
172
|
-
labels: labels.map { |label| { name: label } }
|
|
174
|
+
labels: labels.map { |label| { name: label } },
|
|
175
|
+
workItemRefs: [{ id: work_item }]
|
|
173
176
|
}
|
|
174
177
|
|
|
175
178
|
post(source.api_endpoint +
|
|
@@ -181,11 +184,12 @@ module Dependabot
|
|
|
181
184
|
def get(url)
|
|
182
185
|
response = Excon.get(
|
|
183
186
|
url,
|
|
184
|
-
headers: auth_header,
|
|
185
187
|
user: credentials&.fetch("username", nil),
|
|
186
188
|
password: credentials&.fetch("password", nil),
|
|
187
189
|
idempotent: true,
|
|
188
|
-
**SharedHelpers.excon_defaults
|
|
190
|
+
**SharedHelpers.excon_defaults(
|
|
191
|
+
headers: auth_header
|
|
192
|
+
)
|
|
189
193
|
)
|
|
190
194
|
raise NotFound if response.status == 404
|
|
191
195
|
|
|
@@ -195,16 +199,17 @@ module Dependabot
|
|
|
195
199
|
def post(url, json)
|
|
196
200
|
response = Excon.post(
|
|
197
201
|
url,
|
|
198
|
-
headers: auth_header.merge(
|
|
199
|
-
{
|
|
200
|
-
"Content-Type" => "application/json"
|
|
201
|
-
}
|
|
202
|
-
),
|
|
203
202
|
body: json,
|
|
204
203
|
user: credentials&.fetch("username", nil),
|
|
205
204
|
password: credentials&.fetch("password", nil),
|
|
206
205
|
idempotent: true,
|
|
207
|
-
**SharedHelpers.excon_defaults
|
|
206
|
+
**SharedHelpers.excon_defaults(
|
|
207
|
+
headers: auth_header.merge(
|
|
208
|
+
{
|
|
209
|
+
"Content-Type" => "application/json"
|
|
210
|
+
}
|
|
211
|
+
)
|
|
212
|
+
)
|
|
208
213
|
)
|
|
209
214
|
raise NotFound if response.status == 404
|
|
210
215
|
|
|
@@ -17,13 +17,23 @@ module Dependabot
|
|
|
17
17
|
class RepoDisabled < StandardError; end
|
|
18
18
|
class NoHistoryInCommon < StandardError; end
|
|
19
19
|
|
|
20
|
+
# AnnotationError is raised if a PR was created, but failed annotation
|
|
21
|
+
class AnnotationError < StandardError
|
|
22
|
+
attr_reader :cause, :pull_request
|
|
23
|
+
def initialize(cause, pull_request)
|
|
24
|
+
super(cause.message)
|
|
25
|
+
@cause = cause
|
|
26
|
+
@pull_request = pull_request
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
20
30
|
attr_reader :source, :dependencies, :files, :base_commit,
|
|
21
31
|
:credentials, :pr_message_header, :pr_message_footer,
|
|
22
32
|
:custom_labels, :author_details, :signature_key,
|
|
23
33
|
:commit_message_options, :vulnerabilities_fixed,
|
|
24
34
|
:reviewers, :assignees, :milestone, :branch_name_separator,
|
|
25
35
|
:branch_name_prefix, :github_redirection_service,
|
|
26
|
-
:custom_headers
|
|
36
|
+
:custom_headers, :provider_metadata
|
|
27
37
|
|
|
28
38
|
def initialize(source:, base_commit:, dependencies:, files:, credentials:,
|
|
29
39
|
pr_message_header: nil, pr_message_footer: nil,
|
|
@@ -33,7 +43,8 @@ module Dependabot
|
|
|
33
43
|
branch_name_separator: "/", branch_name_prefix: "dependabot",
|
|
34
44
|
label_language: false, automerge_candidate: false,
|
|
35
45
|
github_redirection_service: "github-redirect.dependabot.com",
|
|
36
|
-
custom_headers: nil, require_up_to_date_base: false
|
|
46
|
+
custom_headers: nil, require_up_to_date_base: false,
|
|
47
|
+
provider_metadata: {})
|
|
37
48
|
@dependencies = dependencies
|
|
38
49
|
@source = source
|
|
39
50
|
@base_commit = base_commit
|
|
@@ -56,6 +67,7 @@ module Dependabot
|
|
|
56
67
|
@github_redirection_service = github_redirection_service
|
|
57
68
|
@custom_headers = custom_headers
|
|
58
69
|
@require_up_to_date_base = require_up_to_date_base
|
|
70
|
+
@provider_metadata = provider_metadata
|
|
59
71
|
|
|
60
72
|
check_dependencies_have_previous_version
|
|
61
73
|
end
|
|
@@ -142,7 +154,8 @@ module Dependabot
|
|
|
142
154
|
pr_description: message_builder.pr_message,
|
|
143
155
|
pr_name: message_builder.pr_name,
|
|
144
156
|
author_details: author_details,
|
|
145
|
-
labeler: labeler
|
|
157
|
+
labeler: labeler,
|
|
158
|
+
work_item: provider_metadata&.fetch(:work_item, nil)
|
|
146
159
|
)
|
|
147
160
|
end
|
|
148
161
|
|
|
@@ -8,11 +8,11 @@ module Dependabot
|
|
|
8
8
|
class Azure
|
|
9
9
|
attr_reader :source, :branch_name, :base_commit, :credentials,
|
|
10
10
|
:files, :commit_message, :pr_description, :pr_name,
|
|
11
|
-
:author_details, :labeler
|
|
11
|
+
:author_details, :labeler, :work_item
|
|
12
12
|
|
|
13
13
|
def initialize(source:, branch_name:, base_commit:, credentials:,
|
|
14
14
|
files:, commit_message:, pr_description:, pr_name:,
|
|
15
|
-
author_details:, labeler:)
|
|
15
|
+
author_details:, labeler:, work_item: nil)
|
|
16
16
|
@source = source
|
|
17
17
|
@branch_name = branch_name
|
|
18
18
|
@base_commit = base_commit
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
@pr_name = pr_name
|
|
24
24
|
@author_details = author_details
|
|
25
25
|
@labeler = labeler
|
|
26
|
+
@work_item = work_item
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def create
|
|
@@ -46,9 +47,7 @@ module Dependabot
|
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def branch_exists?
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
@branch_ref
|
|
50
|
+
azure_client_for_source.branch(branch_name)
|
|
52
51
|
rescue ::Azure::Error::NotFound
|
|
53
52
|
false
|
|
54
53
|
end
|
|
@@ -79,7 +78,8 @@ module Dependabot
|
|
|
79
78
|
branch_name,
|
|
80
79
|
source.branch || default_branch,
|
|
81
80
|
pr_description,
|
|
82
|
-
labeler.labels_for_pr
|
|
81
|
+
labeler.labels_for_pr,
|
|
82
|
+
work_item
|
|
83
83
|
)
|
|
84
84
|
end
|
|
85
85
|
|
|
@@ -7,6 +7,7 @@ require "dependabot/pull_request_creator"
|
|
|
7
7
|
require "dependabot/pull_request_creator/commit_signer"
|
|
8
8
|
module Dependabot
|
|
9
9
|
class PullRequestCreator
|
|
10
|
+
# rubocop:disable Metrics/ClassLength
|
|
10
11
|
class Github
|
|
11
12
|
attr_reader :source, :branch_name, :base_commit, :credentials,
|
|
12
13
|
:files, :pr_description, :pr_name, :commit_message,
|
|
@@ -41,7 +42,7 @@ module Dependabot
|
|
|
41
42
|
return if require_up_to_date_base? && !base_commit_is_up_to_date?
|
|
42
43
|
|
|
43
44
|
create_annotated_pull_request
|
|
44
|
-
rescue Octokit::Error => e
|
|
45
|
+
rescue AnnotationError, Octokit::Error => e
|
|
45
46
|
handle_error(e)
|
|
46
47
|
end
|
|
47
48
|
|
|
@@ -111,7 +112,11 @@ module Dependabot
|
|
|
111
112
|
pull_request = create_pull_request
|
|
112
113
|
return unless pull_request
|
|
113
114
|
|
|
114
|
-
|
|
115
|
+
begin
|
|
116
|
+
annotate_pull_request(pull_request)
|
|
117
|
+
rescue StandardError => e
|
|
118
|
+
raise AnnotationError.new(e, pull_request)
|
|
119
|
+
end
|
|
115
120
|
|
|
116
121
|
pull_request
|
|
117
122
|
end
|
|
@@ -417,24 +422,49 @@ module Dependabot
|
|
|
417
422
|
end
|
|
418
423
|
|
|
419
424
|
def handle_error(err)
|
|
420
|
-
case err
|
|
425
|
+
cause = case err
|
|
426
|
+
when AnnotationError
|
|
427
|
+
err.cause
|
|
428
|
+
else
|
|
429
|
+
err
|
|
430
|
+
end
|
|
431
|
+
|
|
432
|
+
case cause
|
|
421
433
|
when Octokit::Forbidden
|
|
422
|
-
|
|
423
|
-
|
|
434
|
+
if err.message.include?("disabled")
|
|
435
|
+
raise_custom_error err, RepoDisabled, err.message
|
|
436
|
+
elsif err.message.include?("archived")
|
|
437
|
+
raise_custom_error err, RepoArchived, err.message
|
|
438
|
+
end
|
|
424
439
|
|
|
425
440
|
raise err
|
|
426
441
|
when Octokit::NotFound
|
|
427
442
|
raise err if repo_exists?
|
|
428
443
|
|
|
429
|
-
|
|
444
|
+
raise_custom_error err, RepoNotFound, err.message
|
|
430
445
|
when Octokit::UnprocessableEntity
|
|
431
|
-
|
|
446
|
+
if err.message.include?("no history in common")
|
|
447
|
+
raise_custom_error err, NoHistoryInCommon, err.message
|
|
448
|
+
end
|
|
432
449
|
|
|
433
|
-
raise
|
|
450
|
+
raise err
|
|
434
451
|
else
|
|
435
452
|
raise err
|
|
436
453
|
end
|
|
437
454
|
end
|
|
455
|
+
|
|
456
|
+
def raise_custom_error(base_err, type, message)
|
|
457
|
+
case base_err
|
|
458
|
+
when AnnotationError
|
|
459
|
+
raise AnnotationError.new(
|
|
460
|
+
type.new(message),
|
|
461
|
+
base_err.pull_request
|
|
462
|
+
)
|
|
463
|
+
else
|
|
464
|
+
raise type, message
|
|
465
|
+
end
|
|
466
|
+
end
|
|
438
467
|
end
|
|
468
|
+
# rubocop:enable Metrics/ClassLength
|
|
439
469
|
end
|
|
440
470
|
end
|
|
@@ -323,10 +323,30 @@ module Dependabot
|
|
|
323
323
|
).to_s
|
|
324
324
|
end
|
|
325
325
|
|
|
326
|
+
def changelog_url(dependency)
|
|
327
|
+
metadata_finder(dependency).changelog_url
|
|
328
|
+
end
|
|
329
|
+
|
|
330
|
+
def commits_url(dependency)
|
|
331
|
+
metadata_finder(dependency).commits_url
|
|
332
|
+
end
|
|
333
|
+
|
|
334
|
+
def homepage_url(dependency)
|
|
335
|
+
metadata_finder(dependency).homepage_url
|
|
336
|
+
end
|
|
337
|
+
|
|
338
|
+
def releases_url(dependency)
|
|
339
|
+
metadata_finder(dependency).releases_url
|
|
340
|
+
end
|
|
341
|
+
|
|
326
342
|
def source_url(dependency)
|
|
327
343
|
metadata_finder(dependency).source_url
|
|
328
344
|
end
|
|
329
345
|
|
|
346
|
+
def upgrade_url(dependency)
|
|
347
|
+
metadata_finder(dependency).upgrade_guide_url
|
|
348
|
+
end
|
|
349
|
+
|
|
330
350
|
def metadata_finder(dependency)
|
|
331
351
|
@metadata_finder ||= {}
|
|
332
352
|
@metadata_finder[dependency.name] ||=
|
|
@@ -65,16 +65,7 @@ module Dependabot
|
|
|
65
65
|
|
|
66
66
|
msg = "*Sourced from [#{dependency.display_name}'s releases]"\
|
|
67
67
|
"(#{releases_url}).*\n\n"
|
|
68
|
-
msg +=
|
|
69
|
-
begin
|
|
70
|
-
release_note_lines = releases_text.split("\n").first(50)
|
|
71
|
-
release_note_lines =
|
|
72
|
-
release_note_lines.map { |line| "> #{line}\n" }
|
|
73
|
-
if release_note_lines.count == 50
|
|
74
|
-
release_note_lines << truncated_line
|
|
75
|
-
end
|
|
76
|
-
release_note_lines.join
|
|
77
|
-
end
|
|
68
|
+
msg += quote_and_truncate(releases_text)
|
|
78
69
|
msg = link_issues(text: msg)
|
|
79
70
|
msg = fix_relative_links(
|
|
80
71
|
text: msg,
|
|
@@ -92,13 +83,7 @@ module Dependabot
|
|
|
92
83
|
msg = "*Sourced from "\
|
|
93
84
|
"[#{dependency.display_name}'s changelog]"\
|
|
94
85
|
"(#{changelog_url}).*\n\n"
|
|
95
|
-
msg +=
|
|
96
|
-
begin
|
|
97
|
-
changelog_lines = changelog_text.split("\n").first(50)
|
|
98
|
-
changelog_lines = changelog_lines.map { |line| "> #{line}\n" }
|
|
99
|
-
changelog_lines << truncated_line if changelog_lines.count == 50
|
|
100
|
-
changelog_lines.join
|
|
101
|
-
end
|
|
86
|
+
msg += quote_and_truncate(changelog_text)
|
|
102
87
|
msg = link_issues(text: msg)
|
|
103
88
|
msg = fix_relative_links(text: msg, base_url: changelog_url)
|
|
104
89
|
msg = sanitize_template_tags(msg)
|
|
@@ -113,13 +98,7 @@ module Dependabot
|
|
|
113
98
|
msg = "*Sourced from "\
|
|
114
99
|
"[#{dependency.display_name}'s upgrade guide]"\
|
|
115
100
|
"(#{upgrade_guide_url}).*\n\n"
|
|
116
|
-
msg +=
|
|
117
|
-
begin
|
|
118
|
-
upgrade_lines = upgrade_guide_text.split("\n").first(50)
|
|
119
|
-
upgrade_lines = upgrade_lines.map { |line| "> #{line}\n" }
|
|
120
|
-
upgrade_lines << truncated_line if upgrade_lines.count == 50
|
|
121
|
-
upgrade_lines.join
|
|
122
|
-
end
|
|
101
|
+
msg += quote_and_truncate(upgrade_guide_text)
|
|
123
102
|
msg = link_issues(text: msg)
|
|
124
103
|
msg = fix_relative_links(text: msg, base_url: upgrade_guide_url)
|
|
125
104
|
msg = sanitize_template_tags(msg)
|
|
@@ -245,6 +224,14 @@ module Dependabot
|
|
|
245
224
|
end
|
|
246
225
|
end
|
|
247
226
|
|
|
227
|
+
def quote_and_truncate(text, limit: 50)
|
|
228
|
+
lines = text.split("\n")
|
|
229
|
+
lines.first(limit).tap do |limited_lines|
|
|
230
|
+
limited_lines.map! { |line| "> #{line}\n" }
|
|
231
|
+
limited_lines << truncated_line if lines.count > limit
|
|
232
|
+
end.join
|
|
233
|
+
end
|
|
234
|
+
|
|
248
235
|
def truncated_line
|
|
249
236
|
# Tables can spill out of truncated details, so we close them
|
|
250
237
|
"></tr></table> \n ... (truncated)\n"
|
|
@@ -8,11 +8,17 @@ require "digest"
|
|
|
8
8
|
require "open3"
|
|
9
9
|
require "shellwords"
|
|
10
10
|
|
|
11
|
+
require "dependabot/version"
|
|
12
|
+
|
|
11
13
|
module Dependabot
|
|
12
14
|
module SharedHelpers
|
|
13
15
|
BUMP_TMP_FILE_PREFIX = "dependabot_"
|
|
14
16
|
BUMP_TMP_DIR_PATH = "tmp"
|
|
15
17
|
GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
|
|
18
|
+
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
|
|
19
|
+
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
|
|
20
|
+
"(#{RUBY_PLATFORM}) "\
|
|
21
|
+
"(+https://github.com/dependabot/dependabot-core)"
|
|
16
22
|
|
|
17
23
|
class ChildProcessFailed < StandardError
|
|
18
24
|
attr_reader :error_class, :error_message, :error_backtrace
|
|
@@ -138,14 +144,24 @@ module Dependabot
|
|
|
138
144
|
[Excon::Middleware::RedirectFollower]
|
|
139
145
|
end
|
|
140
146
|
|
|
141
|
-
def self.
|
|
147
|
+
def self.excon_headers(headers = nil)
|
|
148
|
+
headers ||= {}
|
|
149
|
+
{
|
|
150
|
+
"User-Agent" => USER_AGENT
|
|
151
|
+
}.merge(headers)
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
def self.excon_defaults(options = nil)
|
|
155
|
+
options ||= {}
|
|
156
|
+
headers = options.delete(:headers)
|
|
142
157
|
{
|
|
143
158
|
connect_timeout: 5,
|
|
144
159
|
write_timeout: 5,
|
|
145
160
|
read_timeout: 20,
|
|
146
161
|
omit_default_port: true,
|
|
147
|
-
middlewares: excon_middleware
|
|
148
|
-
|
|
162
|
+
middlewares: excon_middleware,
|
|
163
|
+
headers: excon_headers(headers)
|
|
164
|
+
}.merge(options)
|
|
149
165
|
end
|
|
150
166
|
|
|
151
167
|
def self.with_git_configured(credentials:)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.120.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-09-
|
|
11
|
+
date: 2020-09-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -292,14 +292,14 @@ dependencies:
|
|
|
292
292
|
requirements:
|
|
293
293
|
- - "~>"
|
|
294
294
|
- !ruby/object:Gem::Version
|
|
295
|
-
version: 0.
|
|
295
|
+
version: 0.91.0
|
|
296
296
|
type: :development
|
|
297
297
|
prerelease: false
|
|
298
298
|
version_requirements: !ruby/object:Gem::Requirement
|
|
299
299
|
requirements:
|
|
300
300
|
- - "~>"
|
|
301
301
|
- !ruby/object:Gem::Version
|
|
302
|
-
version: 0.
|
|
302
|
+
version: 0.91.0
|
|
303
303
|
- !ruby/object:Gem::Dependency
|
|
304
304
|
name: vcr
|
|
305
305
|
requirement: !ruby/object:Gem::Requirement
|