RubyGems - dependabot-common - Versions diffs - 0.139.0 → 0.139.1 - Mend

dependabot-common 0.139.0 → 0.139.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +49 -1
data/lib/dependabot/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de2abf02275016c9c8d0ecd543e0646e08aa6551edec39a6567d8d5ac53af14f
-  data.tar.gz: 5c9e219a03dbdeee3c9d3c8adab6ea0db8bf0c7331749149c43ae846290cc481
+  metadata.gz: 14fda97b138d41cabecc3d42788bb0b4a327de69d04dc23f897daf83b9881df7
+  data.tar.gz: 9f3ee6368d26b56394b10c3dc2c104c316ef56cb4cda642915f8a45da61af116
 SHA512:
-  metadata.gz: 381cf5957178c14ca1654367bac15f3e9626320afead493c142790eb374a593efaa039c512a384c6b749fc8a8fe9956957532d61c7a8c006e65dfb00a6f51b48
-  data.tar.gz: 1e76b8f2721fbc1ceb99a96d06a38d6b4ada860a9daed49e96857c39d1d44351fa4b796d4ce434a3aac9001519147de6add25c06261463d8e5a31bf29fa97bc7
+  metadata.gz: 5a09177d3c27a3c321980a9acf566543ce1ee657300854dc2e7a942de2e1124bea8189bcb54eb459d7e2820dc8745424c3479422ccf772b173db79027ac37567
+  data.tar.gz: c17abdd1331d9ee815a44e77e5de2ea51050c153a00859e411dddc78915c641bb385f2d45e7dd034fd9ea1efd4d82b29cdde4192dfc2efb9c641911472161471

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED Viewed

@@ -15,6 +15,8 @@ module Dependabot
           (?:issue|pull)s?/(?<number>\d+)
         }x.freeze
         MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
+        # regex to match a team mention on github
+        TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
         # End of string
         EOS_REGEX = /\z/.freeze
         COMMONMARKER_OPTIONS = %i(
@@ -35,8 +37,10 @@ module Dependabot
             text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
           )
+          sanitize_team_mentions(doc)
           sanitize_mentions(doc)
           sanitize_links(doc)
           mode = unsafe ? :UNSAFE : :DEFAULT
           doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
         end
@@ -62,6 +66,26 @@ module Dependabot
           end
         end
+        # When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
+        # we replace it with a text node.
+        # This is because there are ecosystems that have packages that follow the same pattern
+        # (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
+        # team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
+        def sanitize_team_mentions(doc)
+          doc.walk do |node|
+            if node.type == :text &&
+               node.string_content.match?(TEAM_MENTION_REGEX)
+              nodes = build_team_mention_nodes(node.string_content)
+              nodes.each do |n|
+                node.insert_before(n)
+              end
+              node.delete
+            end
+          end
+        end
         def sanitize_links(doc)
           doc.walk do |node|
             if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
@@ -87,7 +111,7 @@ module Dependabot
         def replace_github_host(text)
           text.gsub(
-            "github.com", github_redirection_service || "github.com"
+            /(www\.)?github.com/, github_redirection_service || "github.com"
           )
         end
@@ -117,6 +141,30 @@ module Dependabot
           nodes
         end
+        def build_team_mention_nodes(text)
+          nodes = []
+          scan = StringScanner.new(text)
+          until scan.eos?
+            line = scan.scan_until(TEAM_MENTION_REGEX) ||
+                   scan.scan_until(EOS_REGEX)
+            line_match = line.match(TEAM_MENTION_REGEX)
+            mention = line_match&.to_s
+            text_node = CommonMarker::Node.new(:text)
+            if mention
+              text_node.string_content = line_match.pre_match
+              nodes << text_node
+              nodes += build_mention_link_text_nodes(mention.to_s)
+            else
+              text_node.string_content = line
+              nodes << text_node
+            end
+          end
+          nodes
+        end
         def build_mention_link_text_nodes(text)
           code_node = CommonMarker::Node.new(:code)
           code_node.string_content = insert_zero_width_space_in_mention(text)

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.139.0"
+  VERSION = "0.139.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.139.0
+  version: 0.139.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-30 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport