dependabot-common 0.138.5 → 0.139.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 70a8b637aa9cd5c38c93bcdca2f8e26283e0bbb5bebc70f54bc1ce0f80a93e75
|
|
4
|
+
data.tar.gz: 1aebc5329c67b401cc630c815bf6abf5bf6a63748e326255ebf37e58db52d256
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 75e1080fcf2a30249c962597e7fd09916584f8e4488702050dd8bbd775d2a1447c07ac09e1502f832f7e463b7c760a25e348397072f1b5273faf0dea40a8a79f
|
|
7
|
+
data.tar.gz: 4e14c9377f28242dc67767004e210e30f1f1c185a6e3e5180222a0a80f2227c7995abbcd8b3b6232edb4fea3345e5a55a995a626df6dd05fdee672ac18258f26
|
|
@@ -15,6 +15,8 @@ module Dependabot
|
|
|
15
15
|
(?:issue|pull)s?/(?<number>\d+)
|
|
16
16
|
}x.freeze
|
|
17
17
|
MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
|
|
18
|
+
# regex to match a team mention on github
|
|
19
|
+
TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
|
|
18
20
|
# End of string
|
|
19
21
|
EOS_REGEX = /\z/.freeze
|
|
20
22
|
COMMONMARKER_OPTIONS = %i(
|
|
@@ -35,8 +37,10 @@ module Dependabot
|
|
|
35
37
|
text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
|
|
36
38
|
)
|
|
37
39
|
|
|
40
|
+
sanitize_team_mentions(doc)
|
|
38
41
|
sanitize_mentions(doc)
|
|
39
42
|
sanitize_links(doc)
|
|
43
|
+
|
|
40
44
|
mode = unsafe ? :UNSAFE : :DEFAULT
|
|
41
45
|
doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
|
|
42
46
|
end
|
|
@@ -62,6 +66,26 @@ module Dependabot
|
|
|
62
66
|
end
|
|
63
67
|
end
|
|
64
68
|
|
|
69
|
+
# When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
|
|
70
|
+
# we replace it with a text node.
|
|
71
|
+
# This is because there are ecosystems that have packages that follow the same pattern
|
|
72
|
+
# (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
|
|
73
|
+
# team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
|
|
74
|
+
def sanitize_team_mentions(doc)
|
|
75
|
+
doc.walk do |node|
|
|
76
|
+
if node.type == :text &&
|
|
77
|
+
node.string_content.match?(TEAM_MENTION_REGEX)
|
|
78
|
+
|
|
79
|
+
nodes = build_team_mention_nodes(node.string_content)
|
|
80
|
+
|
|
81
|
+
nodes.each do |n|
|
|
82
|
+
node.insert_before(n)
|
|
83
|
+
end
|
|
84
|
+
node.delete
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
65
89
|
def sanitize_links(doc)
|
|
66
90
|
doc.walk do |node|
|
|
67
91
|
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
|
@@ -87,7 +111,7 @@ module Dependabot
|
|
|
87
111
|
|
|
88
112
|
def replace_github_host(text)
|
|
89
113
|
text.gsub(
|
|
90
|
-
|
|
114
|
+
/(www\.)?github.com/, github_redirection_service || "github.com"
|
|
91
115
|
)
|
|
92
116
|
end
|
|
93
117
|
|
|
@@ -117,6 +141,30 @@ module Dependabot
|
|
|
117
141
|
nodes
|
|
118
142
|
end
|
|
119
143
|
|
|
144
|
+
def build_team_mention_nodes(text)
|
|
145
|
+
nodes = []
|
|
146
|
+
|
|
147
|
+
scan = StringScanner.new(text)
|
|
148
|
+
until scan.eos?
|
|
149
|
+
line = scan.scan_until(TEAM_MENTION_REGEX) ||
|
|
150
|
+
scan.scan_until(EOS_REGEX)
|
|
151
|
+
line_match = line.match(TEAM_MENTION_REGEX)
|
|
152
|
+
mention = line_match&.to_s
|
|
153
|
+
text_node = CommonMarker::Node.new(:text)
|
|
154
|
+
|
|
155
|
+
if mention
|
|
156
|
+
text_node.string_content = line_match.pre_match
|
|
157
|
+
nodes << text_node
|
|
158
|
+
nodes += build_mention_link_text_nodes(mention.to_s)
|
|
159
|
+
else
|
|
160
|
+
text_node.string_content = line
|
|
161
|
+
nodes << text_node
|
|
162
|
+
end
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
nodes
|
|
166
|
+
end
|
|
167
|
+
|
|
120
168
|
def build_mention_link_text_nodes(text)
|
|
121
169
|
code_node = CommonMarker::Node.new(:code)
|
|
122
170
|
code_node.string_content = insert_zero_width_space_in_mention(text)
|
|
@@ -161,47 +161,21 @@ module Dependabot
|
|
|
161
161
|
reset_global_git_config(backup_git_config_path)
|
|
162
162
|
end
|
|
163
163
|
|
|
164
|
+
def self.credential_helper_path
|
|
165
|
+
File.join(__dir__, "../../bin/git-credential-store-immutable")
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# rubocop:disable Metrics/AbcSize
|
|
169
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
164
170
|
def self.configure_git_to_use_https_with_credentials(credentials)
|
|
165
171
|
File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
|
|
166
172
|
file << "# Generated by dependabot/dependabot-core"
|
|
167
173
|
end
|
|
168
|
-
configure_git_to_use_https
|
|
169
|
-
configure_git_credentials(credentials)
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
def self.configure_git_to_use_https
|
|
173
|
-
# NOTE: we use --global here (rather than --system) so that Dependabot
|
|
174
|
-
# can be run without privileged access
|
|
175
|
-
run_shell_command(
|
|
176
|
-
"git config --global --replace-all url.https://github.com/."\
|
|
177
|
-
"insteadOf ssh://git@github.com/"
|
|
178
|
-
)
|
|
179
|
-
run_shell_command(
|
|
180
|
-
"git config --global --add url.https://github.com/."\
|
|
181
|
-
"insteadOf ssh://git@github.com:"
|
|
182
|
-
)
|
|
183
|
-
run_shell_command(
|
|
184
|
-
"git config --global --add url.https://github.com/."\
|
|
185
|
-
"insteadOf git@github.com:"
|
|
186
|
-
)
|
|
187
|
-
run_shell_command(
|
|
188
|
-
"git config --global --add url.https://github.com/."\
|
|
189
|
-
"insteadOf git@github.com/"
|
|
190
|
-
)
|
|
191
|
-
run_shell_command(
|
|
192
|
-
"git config --global --add url.https://github.com/."\
|
|
193
|
-
"insteadOf git://github.com/"
|
|
194
|
-
)
|
|
195
|
-
end
|
|
196
174
|
|
|
197
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
198
|
-
def self.configure_git_credentials(credentials)
|
|
199
175
|
# Then add a file-based credential store that loads a file in this repo.
|
|
200
176
|
# Under the hood this uses git credential-store, but it's invoked through
|
|
201
177
|
# a wrapper binary that only allows non-mutating commands. Without this,
|
|
202
178
|
# whenever the credentials are deemed to be invalid, they're erased.
|
|
203
|
-
credential_helper_path =
|
|
204
|
-
File.join(__dir__, "../../bin/git-credential-store-immutable")
|
|
205
179
|
run_shell_command(
|
|
206
180
|
"git config --global credential.helper "\
|
|
207
181
|
"'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
|
|
@@ -219,6 +193,9 @@ module Dependabot
|
|
|
219
193
|
github_credentials.find { |c| !c["password"]&.start_with?("v1.") } ||
|
|
220
194
|
github_credentials.first
|
|
221
195
|
|
|
196
|
+
# Make sure we always have https alternatives for github.com.
|
|
197
|
+
configure_git_to_use_https("github.com") if github_credential.nil?
|
|
198
|
+
|
|
222
199
|
deduped_credentials = credentials -
|
|
223
200
|
github_credentials +
|
|
224
201
|
[github_credential].compact
|
|
@@ -234,13 +211,40 @@ module Dependabot
|
|
|
234
211
|
"@#{cred.fetch('host')}"
|
|
235
212
|
|
|
236
213
|
git_store_content += authenticated_url + "\n"
|
|
214
|
+
configure_git_to_use_https(cred.fetch("host"))
|
|
237
215
|
end
|
|
238
216
|
|
|
239
217
|
# Save the file
|
|
240
218
|
File.write("git.store", git_store_content)
|
|
241
219
|
end
|
|
220
|
+
# rubocop:enable Metrics/AbcSize
|
|
242
221
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
243
222
|
|
|
223
|
+
def self.configure_git_to_use_https(host)
|
|
224
|
+
# NOTE: we use --global here (rather than --system) so that Dependabot
|
|
225
|
+
# can be run without privileged access
|
|
226
|
+
run_shell_command(
|
|
227
|
+
"git config --global --replace-all url.https://#{host}/."\
|
|
228
|
+
"insteadOf ssh://git@#{host}/"
|
|
229
|
+
)
|
|
230
|
+
run_shell_command(
|
|
231
|
+
"git config --global --add url.https://#{host}/."\
|
|
232
|
+
"insteadOf ssh://git@#{host}:"
|
|
233
|
+
)
|
|
234
|
+
run_shell_command(
|
|
235
|
+
"git config --global --add url.https://#{host}/."\
|
|
236
|
+
"insteadOf git@#{host}:"
|
|
237
|
+
)
|
|
238
|
+
run_shell_command(
|
|
239
|
+
"git config --global --add url.https://#{host}/."\
|
|
240
|
+
"insteadOf git@#{host}/"
|
|
241
|
+
)
|
|
242
|
+
run_shell_command(
|
|
243
|
+
"git config --global --add url.https://#{host}/."\
|
|
244
|
+
"insteadOf git://#{host}/"
|
|
245
|
+
)
|
|
246
|
+
end
|
|
247
|
+
|
|
244
248
|
def self.reset_git_repo(path)
|
|
245
249
|
Dir.chdir(path) do
|
|
246
250
|
run_shell_command("git reset HEAD --hard")
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.139.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -298,14 +298,14 @@ dependencies:
|
|
|
298
298
|
requirements:
|
|
299
299
|
- - "~>"
|
|
300
300
|
- !ruby/object:Gem::Version
|
|
301
|
-
version: 1.
|
|
301
|
+
version: 1.12.0
|
|
302
302
|
type: :development
|
|
303
303
|
prerelease: false
|
|
304
304
|
version_requirements: !ruby/object:Gem::Requirement
|
|
305
305
|
requirements:
|
|
306
306
|
- - "~>"
|
|
307
307
|
- !ruby/object:Gem::Version
|
|
308
|
-
version: 1.
|
|
308
|
+
version: 1.12.0
|
|
309
309
|
- !ruby/object:Gem::Dependency
|
|
310
310
|
name: simplecov
|
|
311
311
|
requirement: !ruby/object:Gem::Requirement
|