dependabot-common 0.129.0 → 0.129.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/errors.rb +42 -22
- data/lib/dependabot/shared_helpers.rb +5 -20
- data/lib/dependabot/utils.rb +3 -0
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7eea4634c39d341b056956d51d57a9fea64190c1a172a96fb3317c356ca2532b
|
|
4
|
+
data.tar.gz: 3f0ba3352b108078c8acc41231198906d6c57f6365988fd487c05fe0a0d83540
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 75e7fc049f1bea358690dbd12cc820e25b63d6c96ed8ee1e41fabbed50da001de4149f9a91aa1b952e8b87b23ceb2952b98ef36b7413be2ae09380705257996a
|
|
7
|
+
data.tar.gz: 707447c34d57d896a73029b2b3b7d8a96914863eb4f6e611fd92b2f196ed602e42bd9784a1217487b9b1e89a23d6a832bdf4ea8e67a5d9d6621d89af0b627569
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,24 +1,45 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "dependabot/
|
|
3
|
+
require "dependabot/utils"
|
|
4
4
|
|
|
5
5
|
module Dependabot
|
|
6
6
|
class DependabotError < StandardError
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
7
|
+
BASIC_AUTH_REGEX = %r{://(?<auth>[^:]*:[^@%\s]+(@|%40))}.freeze
|
|
8
|
+
# Remove any path segment from fury.io sources
|
|
9
|
+
FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}.freeze
|
|
10
|
+
|
|
11
|
+
def initialize(message = nil)
|
|
12
|
+
super(sanitize_message(message))
|
|
10
13
|
end
|
|
11
14
|
|
|
12
15
|
private
|
|
13
16
|
|
|
14
17
|
def sanitize_message(message)
|
|
15
|
-
return unless message
|
|
18
|
+
return message unless message.is_a?(String)
|
|
16
19
|
|
|
17
20
|
path_regex =
|
|
18
|
-
Regexp.escape(
|
|
19
|
-
Regexp.escape(
|
|
21
|
+
Regexp.escape(Utils::BUMP_TMP_DIR_PATH) + "\/" +
|
|
22
|
+
Regexp.escape(Utils::BUMP_TMP_FILE_PREFIX) + "[a-zA-Z0-9-]*"
|
|
23
|
+
|
|
24
|
+
message = message.gsub(/#{path_regex}/, "dependabot_tmp_dir").strip
|
|
25
|
+
filter_sensitive_data(message)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def filter_sensitive_data(message)
|
|
29
|
+
replace_capture_groups(message, BASIC_AUTH_REGEX, "")
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def sanitize_source(source)
|
|
33
|
+
source = filter_sensitive_data(source)
|
|
34
|
+
replace_capture_groups(source, FURY_IO_PATH_REGEX, "<redacted>")
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def replace_capture_groups(string, regex, replacement)
|
|
38
|
+
return string unless string.is_a?(String)
|
|
20
39
|
|
|
21
|
-
|
|
40
|
+
string.scan(regex).flatten.compact.reduce(string) do |original_msg, match|
|
|
41
|
+
original_msg.gsub(match, replacement)
|
|
42
|
+
end
|
|
22
43
|
end
|
|
23
44
|
end
|
|
24
45
|
|
|
@@ -35,7 +56,6 @@ module Dependabot
|
|
|
35
56
|
|
|
36
57
|
def initialize(branch_name, msg = nil)
|
|
37
58
|
@branch_name = branch_name
|
|
38
|
-
msg = sanitize_message(msg)
|
|
39
59
|
super(msg)
|
|
40
60
|
end
|
|
41
61
|
end
|
|
@@ -101,10 +121,10 @@ module Dependabot
|
|
|
101
121
|
attr_reader :source
|
|
102
122
|
|
|
103
123
|
def initialize(source)
|
|
104
|
-
@source = source
|
|
124
|
+
@source = sanitize_source(source)
|
|
105
125
|
msg = "The following source could not be reached as it requires "\
|
|
106
126
|
"authentication (and any provided details were invalid or lacked "\
|
|
107
|
-
"the required permissions): #{source}"
|
|
127
|
+
"the required permissions): #{@source}"
|
|
108
128
|
super(msg)
|
|
109
129
|
end
|
|
110
130
|
end
|
|
@@ -113,8 +133,8 @@ module Dependabot
|
|
|
113
133
|
attr_reader :source
|
|
114
134
|
|
|
115
135
|
def initialize(source)
|
|
116
|
-
@source = source
|
|
117
|
-
super("The following source timed out: #{source}")
|
|
136
|
+
@source = sanitize_source(source)
|
|
137
|
+
super("The following source timed out: #{@source}")
|
|
118
138
|
end
|
|
119
139
|
end
|
|
120
140
|
|
|
@@ -122,8 +142,8 @@ module Dependabot
|
|
|
122
142
|
attr_reader :source
|
|
123
143
|
|
|
124
144
|
def initialize(source)
|
|
125
|
-
@source = source
|
|
126
|
-
super("Could not verify the SSL certificate for #{source}")
|
|
145
|
+
@source = sanitize_source(source)
|
|
146
|
+
super("Could not verify the SSL certificate for #{@source}")
|
|
127
147
|
end
|
|
128
148
|
end
|
|
129
149
|
|
|
@@ -132,7 +152,7 @@ module Dependabot
|
|
|
132
152
|
|
|
133
153
|
def initialize(environment_variable)
|
|
134
154
|
@environment_variable = environment_variable
|
|
135
|
-
super("Missing environment variable #{environment_variable}")
|
|
155
|
+
super("Missing environment variable #{@environment_variable}")
|
|
136
156
|
end
|
|
137
157
|
end
|
|
138
158
|
|
|
@@ -149,10 +169,10 @@ module Dependabot
|
|
|
149
169
|
|
|
150
170
|
def initialize(*dependency_urls)
|
|
151
171
|
@dependency_urls =
|
|
152
|
-
dependency_urls.flatten.map { |uri| uri
|
|
172
|
+
dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
|
|
153
173
|
|
|
154
174
|
msg = "The following git URLs could not be retrieved: "\
|
|
155
|
-
"#{dependency_urls.join(', ')}"
|
|
175
|
+
"#{@dependency_urls.join(', ')}"
|
|
156
176
|
super(msg)
|
|
157
177
|
end
|
|
158
178
|
end
|
|
@@ -163,7 +183,7 @@ module Dependabot
|
|
|
163
183
|
def initialize(dependency)
|
|
164
184
|
@dependency = dependency
|
|
165
185
|
|
|
166
|
-
msg = "The branch or reference specified for #{dependency} could not "\
|
|
186
|
+
msg = "The branch or reference specified for #{@dependency} could not "\
|
|
167
187
|
"be retrieved"
|
|
168
188
|
super(msg)
|
|
169
189
|
end
|
|
@@ -175,7 +195,7 @@ module Dependabot
|
|
|
175
195
|
def initialize(*dependencies)
|
|
176
196
|
@dependencies = dependencies.flatten
|
|
177
197
|
msg = "The following path based dependencies could not be retrieved: "\
|
|
178
|
-
"#{dependencies.join(', ')}"
|
|
198
|
+
"#{@dependencies.join(', ')}"
|
|
179
199
|
super(msg)
|
|
180
200
|
end
|
|
181
201
|
end
|
|
@@ -188,8 +208,8 @@ module Dependabot
|
|
|
188
208
|
@declared_path = declared_path
|
|
189
209
|
@discovered_path = discovered_path
|
|
190
210
|
|
|
191
|
-
msg = "The module path '#{declared_path}' found in #{go_mod} doesn't "\
|
|
192
|
-
"match the actual path '#{discovered_path}' in the dependency's "\
|
|
211
|
+
msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't "\
|
|
212
|
+
"match the actual path '#{@discovered_path}' in the dependency's "\
|
|
193
213
|
"go.mod"
|
|
194
214
|
super(msg)
|
|
195
215
|
end
|
|
@@ -8,12 +8,12 @@ require "digest"
|
|
|
8
8
|
require "open3"
|
|
9
9
|
require "shellwords"
|
|
10
10
|
|
|
11
|
+
require "dependabot/utils"
|
|
12
|
+
require "dependabot/errors"
|
|
11
13
|
require "dependabot/version"
|
|
12
14
|
|
|
13
15
|
module Dependabot
|
|
14
16
|
module SharedHelpers
|
|
15
|
-
BUMP_TMP_FILE_PREFIX = "dependabot_"
|
|
16
|
-
BUMP_TMP_DIR_PATH = "tmp"
|
|
17
17
|
GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
|
|
18
18
|
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
|
|
19
19
|
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
|
|
@@ -21,21 +21,6 @@ module Dependabot
|
|
|
21
21
|
"(+https://github.com/dependabot/dependabot-core)"
|
|
22
22
|
SIGKILL = 9
|
|
23
23
|
|
|
24
|
-
class ChildProcessFailed < StandardError
|
|
25
|
-
attr_reader :error_class, :error_message, :error_backtrace
|
|
26
|
-
|
|
27
|
-
def initialize(error_class:, error_message:, error_backtrace:)
|
|
28
|
-
@error_class = error_class
|
|
29
|
-
@error_message = error_message
|
|
30
|
-
@error_backtrace = error_backtrace
|
|
31
|
-
|
|
32
|
-
msg = "Child process raised #{error_class} with message: "\
|
|
33
|
-
"#{error_message}"
|
|
34
|
-
super(msg)
|
|
35
|
-
set_backtrace(error_backtrace)
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
24
|
def self.in_a_temporary_repo_directory(directory = "/",
|
|
40
25
|
repo_contents_path = nil,
|
|
41
26
|
&block)
|
|
@@ -53,15 +38,15 @@ module Dependabot
|
|
|
53
38
|
end
|
|
54
39
|
|
|
55
40
|
def self.in_a_temporary_directory(directory = "/")
|
|
56
|
-
Dir.mkdir(BUMP_TMP_DIR_PATH) unless Dir.exist?(BUMP_TMP_DIR_PATH)
|
|
57
|
-
Dir.mktmpdir(BUMP_TMP_FILE_PREFIX, BUMP_TMP_DIR_PATH) do |dir|
|
|
41
|
+
Dir.mkdir(Utils::BUMP_TMP_DIR_PATH) unless Dir.exist?(Utils::BUMP_TMP_DIR_PATH)
|
|
42
|
+
Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH) do |dir|
|
|
58
43
|
path = Pathname.new(File.join(dir, directory)).expand_path
|
|
59
44
|
FileUtils.mkpath(path)
|
|
60
45
|
Dir.chdir(path) { yield(path) }
|
|
61
46
|
end
|
|
62
47
|
end
|
|
63
48
|
|
|
64
|
-
class HelperSubprocessFailed <
|
|
49
|
+
class HelperSubprocessFailed < Dependabot::DependabotError
|
|
65
50
|
attr_reader :error_class, :error_context, :trace
|
|
66
51
|
|
|
67
52
|
def initialize(message:, error_context:, error_class: nil, trace: nil)
|
data/lib/dependabot/utils.rb
CHANGED
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.129.
|
|
4
|
+
version: 0.129.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-12-
|
|
11
|
+
date: 2020-12-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|