dependabot-common 0.139.0 → 0.139.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: de2abf02275016c9c8d0ecd543e0646e08aa6551edec39a6567d8d5ac53af14f
4
- data.tar.gz: 5c9e219a03dbdeee3c9d3c8adab6ea0db8bf0c7331749149c43ae846290cc481
3
+ metadata.gz: 14fda97b138d41cabecc3d42788bb0b4a327de69d04dc23f897daf83b9881df7
4
+ data.tar.gz: 9f3ee6368d26b56394b10c3dc2c104c316ef56cb4cda642915f8a45da61af116
5
5
  SHA512:
6
- metadata.gz: 381cf5957178c14ca1654367bac15f3e9626320afead493c142790eb374a593efaa039c512a384c6b749fc8a8fe9956957532d61c7a8c006e65dfb00a6f51b48
7
- data.tar.gz: 1e76b8f2721fbc1ceb99a96d06a38d6b4ada860a9daed49e96857c39d1d44351fa4b796d4ce434a3aac9001519147de6add25c06261463d8e5a31bf29fa97bc7
6
+ metadata.gz: 5a09177d3c27a3c321980a9acf566543ce1ee657300854dc2e7a942de2e1124bea8189bcb54eb459d7e2820dc8745424c3479422ccf772b173db79027ac37567
7
+ data.tar.gz: c17abdd1331d9ee815a44e77e5de2ea51050c153a00859e411dddc78915c641bb385f2d45e7dd034fd9ea1efd4d82b29cdde4192dfc2efb9c641911472161471
@@ -15,6 +15,8 @@ module Dependabot
15
15
  (?:issue|pull)s?/(?<number>\d+)
16
16
  }x.freeze
17
17
  MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
18
+ # regex to match a team mention on github
19
+ TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
18
20
  # End of string
19
21
  EOS_REGEX = /\z/.freeze
20
22
  COMMONMARKER_OPTIONS = %i(
@@ -35,8 +37,10 @@ module Dependabot
35
37
  text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
36
38
  )
37
39
 
40
+ sanitize_team_mentions(doc)
38
41
  sanitize_mentions(doc)
39
42
  sanitize_links(doc)
43
+
40
44
  mode = unsafe ? :UNSAFE : :DEFAULT
41
45
  doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
42
46
  end
@@ -62,6 +66,26 @@ module Dependabot
62
66
  end
63
67
  end
64
68
 
69
+ # When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
70
+ # we replace it with a text node.
71
+ # This is because there are ecosystems that have packages that follow the same pattern
72
+ # (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
73
+ # team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
74
+ def sanitize_team_mentions(doc)
75
+ doc.walk do |node|
76
+ if node.type == :text &&
77
+ node.string_content.match?(TEAM_MENTION_REGEX)
78
+
79
+ nodes = build_team_mention_nodes(node.string_content)
80
+
81
+ nodes.each do |n|
82
+ node.insert_before(n)
83
+ end
84
+ node.delete
85
+ end
86
+ end
87
+ end
88
+
65
89
  def sanitize_links(doc)
66
90
  doc.walk do |node|
67
91
  if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
@@ -87,7 +111,7 @@ module Dependabot
87
111
 
88
112
  def replace_github_host(text)
89
113
  text.gsub(
90
- "github.com", github_redirection_service || "github.com"
114
+ /(www\.)?github.com/, github_redirection_service || "github.com"
91
115
  )
92
116
  end
93
117
 
@@ -117,6 +141,30 @@ module Dependabot
117
141
  nodes
118
142
  end
119
143
 
144
+ def build_team_mention_nodes(text)
145
+ nodes = []
146
+
147
+ scan = StringScanner.new(text)
148
+ until scan.eos?
149
+ line = scan.scan_until(TEAM_MENTION_REGEX) ||
150
+ scan.scan_until(EOS_REGEX)
151
+ line_match = line.match(TEAM_MENTION_REGEX)
152
+ mention = line_match&.to_s
153
+ text_node = CommonMarker::Node.new(:text)
154
+
155
+ if mention
156
+ text_node.string_content = line_match.pre_match
157
+ nodes << text_node
158
+ nodes += build_mention_link_text_nodes(mention.to_s)
159
+ else
160
+ text_node.string_content = line
161
+ nodes << text_node
162
+ end
163
+ end
164
+
165
+ nodes
166
+ end
167
+
120
168
  def build_mention_link_text_nodes(text)
121
169
  code_node = CommonMarker::Node.new(:code)
122
170
  code_node.string_content = insert_zero_width_space_in_mention(text)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.139.0"
4
+ VERSION = "0.139.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.139.0
4
+ version: 0.139.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-30 00:00:00.000000000 Z
11
+ date: 2021-03-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport