dependabot-common 0.138.6 → 0.140.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9891079fbe9ee6f09274dd3f72dd0c5c12b40a8685e3c0747bd92b4cc0ed259b
|
4
|
+
data.tar.gz: 7e52789d37118447e73082cce5263693194cc70b56637495f6985f3266d166f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8fc90ba04b2b77974f90d7a1d1917e4458038ea263f4c14270fa719e11979947a33e97cff980d19ed05b3d5dbff321e856bfb9717b175b2021e15cdc2c3d0445
|
7
|
+
data.tar.gz: d9aa3ee0b1b0d292de592309981c5e9309579a3ce4caf1e8a509a0f9dfc9fc10934b12944977e8bc655f38f81334203c6e280a27e4392915503c0bb4bd756144
|
@@ -15,6 +15,8 @@ module Dependabot
|
|
15
15
|
(?:issue|pull)s?/(?<number>\d+)
|
16
16
|
}x.freeze
|
17
17
|
MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
|
18
|
+
# regex to match a team mention on github
|
19
|
+
TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
|
18
20
|
# End of string
|
19
21
|
EOS_REGEX = /\z/.freeze
|
20
22
|
COMMONMARKER_OPTIONS = %i(
|
@@ -35,8 +37,10 @@ module Dependabot
|
|
35
37
|
text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
|
36
38
|
)
|
37
39
|
|
40
|
+
sanitize_team_mentions(doc)
|
38
41
|
sanitize_mentions(doc)
|
39
42
|
sanitize_links(doc)
|
43
|
+
|
40
44
|
mode = unsafe ? :UNSAFE : :DEFAULT
|
41
45
|
doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
|
42
46
|
end
|
@@ -62,6 +66,26 @@ module Dependabot
|
|
62
66
|
end
|
63
67
|
end
|
64
68
|
|
69
|
+
# When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
|
70
|
+
# we replace it with a text node.
|
71
|
+
# This is because there are ecosystems that have packages that follow the same pattern
|
72
|
+
# (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
|
73
|
+
# team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
|
74
|
+
def sanitize_team_mentions(doc)
|
75
|
+
doc.walk do |node|
|
76
|
+
if node.type == :text &&
|
77
|
+
node.string_content.match?(TEAM_MENTION_REGEX)
|
78
|
+
|
79
|
+
nodes = build_team_mention_nodes(node.string_content)
|
80
|
+
|
81
|
+
nodes.each do |n|
|
82
|
+
node.insert_before(n)
|
83
|
+
end
|
84
|
+
node.delete
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
65
89
|
def sanitize_links(doc)
|
66
90
|
doc.walk do |node|
|
67
91
|
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
@@ -87,7 +111,7 @@ module Dependabot
|
|
87
111
|
|
88
112
|
def replace_github_host(text)
|
89
113
|
text.gsub(
|
90
|
-
|
114
|
+
/(www\.)?github.com/, github_redirection_service || "github.com"
|
91
115
|
)
|
92
116
|
end
|
93
117
|
|
@@ -117,6 +141,30 @@ module Dependabot
|
|
117
141
|
nodes
|
118
142
|
end
|
119
143
|
|
144
|
+
def build_team_mention_nodes(text)
|
145
|
+
nodes = []
|
146
|
+
|
147
|
+
scan = StringScanner.new(text)
|
148
|
+
until scan.eos?
|
149
|
+
line = scan.scan_until(TEAM_MENTION_REGEX) ||
|
150
|
+
scan.scan_until(EOS_REGEX)
|
151
|
+
line_match = line.match(TEAM_MENTION_REGEX)
|
152
|
+
mention = line_match&.to_s
|
153
|
+
text_node = CommonMarker::Node.new(:text)
|
154
|
+
|
155
|
+
if mention
|
156
|
+
text_node.string_content = line_match.pre_match
|
157
|
+
nodes << text_node
|
158
|
+
nodes += build_mention_link_text_nodes(mention.to_s)
|
159
|
+
else
|
160
|
+
text_node.string_content = line
|
161
|
+
nodes << text_node
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
nodes
|
166
|
+
end
|
167
|
+
|
120
168
|
def build_mention_link_text_nodes(text)
|
121
169
|
code_node = CommonMarker::Node.new(:code)
|
122
170
|
code_node.string_content = insert_zero_width_space_in_mention(text)
|
@@ -161,47 +161,21 @@ module Dependabot
|
|
161
161
|
reset_global_git_config(backup_git_config_path)
|
162
162
|
end
|
163
163
|
|
164
|
+
def self.credential_helper_path
|
165
|
+
File.join(__dir__, "../../bin/git-credential-store-immutable")
|
166
|
+
end
|
167
|
+
|
168
|
+
# rubocop:disable Metrics/AbcSize
|
169
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
164
170
|
def self.configure_git_to_use_https_with_credentials(credentials)
|
165
171
|
File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
|
166
172
|
file << "# Generated by dependabot/dependabot-core"
|
167
173
|
end
|
168
|
-
configure_git_to_use_https
|
169
|
-
configure_git_credentials(credentials)
|
170
|
-
end
|
171
|
-
|
172
|
-
def self.configure_git_to_use_https
|
173
|
-
# NOTE: we use --global here (rather than --system) so that Dependabot
|
174
|
-
# can be run without privileged access
|
175
|
-
run_shell_command(
|
176
|
-
"git config --global --replace-all url.https://github.com/."\
|
177
|
-
"insteadOf ssh://git@github.com/"
|
178
|
-
)
|
179
|
-
run_shell_command(
|
180
|
-
"git config --global --add url.https://github.com/."\
|
181
|
-
"insteadOf ssh://git@github.com:"
|
182
|
-
)
|
183
|
-
run_shell_command(
|
184
|
-
"git config --global --add url.https://github.com/."\
|
185
|
-
"insteadOf git@github.com:"
|
186
|
-
)
|
187
|
-
run_shell_command(
|
188
|
-
"git config --global --add url.https://github.com/."\
|
189
|
-
"insteadOf git@github.com/"
|
190
|
-
)
|
191
|
-
run_shell_command(
|
192
|
-
"git config --global --add url.https://github.com/."\
|
193
|
-
"insteadOf git://github.com/"
|
194
|
-
)
|
195
|
-
end
|
196
174
|
|
197
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
198
|
-
def self.configure_git_credentials(credentials)
|
199
175
|
# Then add a file-based credential store that loads a file in this repo.
|
200
176
|
# Under the hood this uses git credential-store, but it's invoked through
|
201
177
|
# a wrapper binary that only allows non-mutating commands. Without this,
|
202
178
|
# whenever the credentials are deemed to be invalid, they're erased.
|
203
|
-
credential_helper_path =
|
204
|
-
File.join(__dir__, "../../bin/git-credential-store-immutable")
|
205
179
|
run_shell_command(
|
206
180
|
"git config --global credential.helper "\
|
207
181
|
"'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
|
@@ -219,6 +193,9 @@ module Dependabot
|
|
219
193
|
github_credentials.find { |c| !c["password"]&.start_with?("v1.") } ||
|
220
194
|
github_credentials.first
|
221
195
|
|
196
|
+
# Make sure we always have https alternatives for github.com.
|
197
|
+
configure_git_to_use_https("github.com") if github_credential.nil?
|
198
|
+
|
222
199
|
deduped_credentials = credentials -
|
223
200
|
github_credentials +
|
224
201
|
[github_credential].compact
|
@@ -234,13 +211,40 @@ module Dependabot
|
|
234
211
|
"@#{cred.fetch('host')}"
|
235
212
|
|
236
213
|
git_store_content += authenticated_url + "\n"
|
214
|
+
configure_git_to_use_https(cred.fetch("host"))
|
237
215
|
end
|
238
216
|
|
239
217
|
# Save the file
|
240
218
|
File.write("git.store", git_store_content)
|
241
219
|
end
|
220
|
+
# rubocop:enable Metrics/AbcSize
|
242
221
|
# rubocop:enable Metrics/PerceivedComplexity
|
243
222
|
|
223
|
+
def self.configure_git_to_use_https(host)
|
224
|
+
# NOTE: we use --global here (rather than --system) so that Dependabot
|
225
|
+
# can be run without privileged access
|
226
|
+
run_shell_command(
|
227
|
+
"git config --global --replace-all url.https://#{host}/."\
|
228
|
+
"insteadOf ssh://git@#{host}/"
|
229
|
+
)
|
230
|
+
run_shell_command(
|
231
|
+
"git config --global --add url.https://#{host}/."\
|
232
|
+
"insteadOf ssh://git@#{host}:"
|
233
|
+
)
|
234
|
+
run_shell_command(
|
235
|
+
"git config --global --add url.https://#{host}/."\
|
236
|
+
"insteadOf git@#{host}:"
|
237
|
+
)
|
238
|
+
run_shell_command(
|
239
|
+
"git config --global --add url.https://#{host}/."\
|
240
|
+
"insteadOf git@#{host}/"
|
241
|
+
)
|
242
|
+
run_shell_command(
|
243
|
+
"git config --global --add url.https://#{host}/."\
|
244
|
+
"insteadOf git://#{host}/"
|
245
|
+
)
|
246
|
+
end
|
247
|
+
|
244
248
|
def self.reset_git_repo(path)
|
245
249
|
Dir.chdir(path) do
|
246
250
|
run_shell_command("git reset HEAD --hard")
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.140.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -298,14 +298,14 @@ dependencies:
|
|
298
298
|
requirements:
|
299
299
|
- - "~>"
|
300
300
|
- !ruby/object:Gem::Version
|
301
|
-
version: 1.
|
301
|
+
version: 1.12.0
|
302
302
|
type: :development
|
303
303
|
prerelease: false
|
304
304
|
version_requirements: !ruby/object:Gem::Requirement
|
305
305
|
requirements:
|
306
306
|
- - "~>"
|
307
307
|
- !ruby/object:Gem::Version
|
308
|
-
version: 1.
|
308
|
+
version: 1.12.0
|
309
309
|
- !ruby/object:Gem::Dependency
|
310
310
|
name: simplecov
|
311
311
|
requirement: !ruby/object:Gem::Requirement
|