dependabot-common 0.140.3 → 0.143.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 189215ae85298ad27a01437d5702c01c8ba2e68dd149f1b334118680888bbc51
4
- data.tar.gz: df61584f2d45aaad32480af08209e911271feab1c1c378167a84cf272b46aa3c
3
+ metadata.gz: 57330557c4c6b5c67064d741415cf5ec79dcb8f43bf9f3919048a3464260ab3c
4
+ data.tar.gz: c2c2540484356b1beeb3b72dfff70a4d0da24ee20cfbeb4b9c2e465bdd4dc2e1
5
5
  SHA512:
6
- metadata.gz: 907e246bd29e3393be326e7fcfe285c4211d1851fbb58d55b67f5e3530d1b11b107816f142e3c86081f6457d745e91b25bfa8f5abfa9b020deb631dc96196e85
7
- data.tar.gz: b52deaf257874776bcf38e7a4346ce07ade51e490ad8ef864c4048bf6451bc5c69231f20a273fc45184107de50b08afcac041e122f45e6477765961b0d956a18
6
+ metadata.gz: ab1843750e40351dd4a63830cb45e466bda21006140c4b39540010b0cd00e30a09dec6bf08aa744a42e870d2693e09d861aed43b0ec59b0854910f4dfcdbde8f
7
+ data.tar.gz: be02824d97291c474f1074e3070abf82fa1576bc9f5898fea338734bd4f11d811526bccb3888a3a279b893dec717fffe77fd7218b47d0b16025e3e680372109e
@@ -201,9 +201,11 @@ module Dependabot
201
201
  }
202
202
  ]
203
203
 
204
- post(source.api_endpoint + source.organization + "/" + source.project +
205
- "/_apis/git/repositories/" + source.unscoped_repo +
206
- "/refs?api-version=5.0", content.to_json)
204
+ response = post(source.api_endpoint + source.organization + "/" + source.project +
205
+ "/_apis/git/repositories/" + source.unscoped_repo +
206
+ "/refs?api-version=5.0", content.to_json)
207
+
208
+ JSON.parse(response.body).fetch("value").first
207
209
  end
208
210
  # rubocop:enable Metrics/ParameterLists
209
211
 
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module Config
5
+ class InvalidConfigError < StandardError; end
6
+ end
7
+ end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/config/update_config"
4
+
5
+ module Dependabot
6
+ module Config
7
+ # Configuration for the repository, a parsed dependabot.yaml.
8
+ class File
9
+ attr_reader :updates, :registries
10
+
11
+ def initialize(updates:, registries: nil)
12
+ @updates = updates || []
13
+ @registries = registries || []
14
+ end
15
+
16
+ def update_config(package_manager, directory: nil, target_branch: nil)
17
+ dir = directory || "/"
18
+ package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
19
+ cfg = updates.find do |u|
20
+ u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
21
+ (target_branch.nil? || u[:"target-branch"] == target_branch)
22
+ end
23
+ Dependabot::Config::UpdateConfig.new(cfg)
24
+ end
25
+
26
+ PACKAGE_MANAGER_LOOKUP = {
27
+ "bundler" => "bundler",
28
+ "cargo" => "cargo",
29
+ "composer" => "composer",
30
+ "docker" => "docker",
31
+ "elm" => "elm",
32
+ "github-actions" => "github_actions",
33
+ "gitsubmodule" => "submodules",
34
+ "gomod" => "go_modules",
35
+ "gradle" => "gradle",
36
+ "maven" => "maven",
37
+ "mix" => "hex",
38
+ "nuget" => "nuget",
39
+ "npm" => "npm_and_yarn",
40
+ "pip" => "pip",
41
+ "terraform" => "terraform"
42
+ }.freeze
43
+
44
+ # Parse the YAML config file
45
+ def self.parse(config)
46
+ parsed = YAML.safe_load(config, symbolize_names: true)
47
+ version = parsed[:version]
48
+ raise InvalidConfigError, "invalid version #{version}" if version && version != 2
49
+
50
+ File.new(updates: parsed[:updates], registries: parsed[:registries])
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/file_fetchers/base"
4
+ require "dependabot/config/file"
5
+
6
+ module Dependabot
7
+ module Config
8
+ class FileFetcher < Dependabot::FileFetchers::Base
9
+ CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
10
+
11
+ def self.required_files_in?(filenames)
12
+ CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
13
+ end
14
+
15
+ def self.required_files_message
16
+ "Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
17
+ end
18
+
19
+ def config_file
20
+ @config_file ||= files.first
21
+ end
22
+
23
+ private
24
+
25
+ def fetch_files
26
+ fetched_files = []
27
+
28
+ CONFIG_FILE_PATHS.each do |file|
29
+ fn = Pathname.new("/#{file}").relative_path_from(directory)
30
+
31
+ begin
32
+ config_file = fetch_file_from_host(fn)
33
+ if config_file
34
+ fetched_files << config_file
35
+ break
36
+ end
37
+ rescue Dependabot::DependencyFileNotFound
38
+ next
39
+ end
40
+ end
41
+
42
+ unless self.class.required_files_in?(fetched_files.map(&:name))
43
+ raise Dependabot::DependencyFileNotFound, self.class.required_files_message
44
+ end
45
+
46
+ fetched_files
47
+ end
48
+ end
49
+ end
50
+ end
@@ -0,0 +1,49 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module Config
5
+ # Configuration for a single ecosystem
6
+ class UpdateConfig
7
+ module Interval
8
+ DAILY = "daily"
9
+ WEEKLY = "weekly"
10
+ MONTHLY = "monthly"
11
+ end
12
+
13
+ def initialize(config)
14
+ @config = config || {}
15
+ end
16
+
17
+ def ignored_versions_for(dep)
18
+ return [] unless @config[:ignore]
19
+
20
+ @config[:ignore].
21
+ select { |ic| ic[:"dependency-name"] == dep.name }. # FIXME: wildcard support
22
+ map { |ic| ic[:versions] }.
23
+ flatten
24
+ end
25
+
26
+ def commit_message_options
27
+ commit_message = @config[:"commit-message"] || {}
28
+ {
29
+ prefix: commit_message[:prefix],
30
+ prefix_development: commit_message[:"prefix-development"],
31
+ include_scope: commit_message[:include] == "scope"
32
+ }
33
+ end
34
+
35
+ def interval
36
+ return unless @config[:schedule]
37
+ return unless @config[:schedule][:interval]
38
+
39
+ interval = @config[:schedule][:interval]
40
+ case interval.downcase
41
+ when Interval::DAILY, Interval::WEEKLY, Interval::MONTHLY
42
+ interval.downcase
43
+ else
44
+ raise InvalidConfigError, "unknown interval: #{interval}"
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/config"
3
4
  require "dependabot/dependency_file"
4
5
  require "dependabot/source"
5
6
  require "dependabot/errors"
@@ -92,7 +92,7 @@ module Dependabot
92
92
  local_tags.
93
93
  select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
94
94
  filtered = tags.
95
- reject { |t| tag_included_in_ignore_reqs?(t) }
95
+ reject { |t| tag_included_in_ignore_requirements?(t) }
96
96
  raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
97
97
 
98
98
  tag = filtered.
@@ -317,8 +317,8 @@ module Dependabot
317
317
  listing_repo_git_metadata_fetcher.upload_pack
318
318
  end
319
319
 
320
- def ignore_reqs
321
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
320
+ def ignore_requirements
321
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
322
322
  end
323
323
 
324
324
  def wants_prerelease?
@@ -330,9 +330,9 @@ module Dependabot
330
330
  version_class.new(version).prerelease?
331
331
  end
332
332
 
333
- def tag_included_in_ignore_reqs?(tag)
333
+ def tag_included_in_ignore_requirements?(tag)
334
334
  version = tag.name.match(VERSION_REGEX).named_captures.fetch("version")
335
- ignore_reqs.any? { |r| r.satisfied_by?(version_class.new(version)) }
335
+ ignore_requirements.any? { |r| r.satisfied_by?(version_class.new(version)) }
336
336
  end
337
337
 
338
338
  def tag_is_prerelease?(tag)
@@ -17,7 +17,6 @@ module Dependabot
17
17
  @prefix = prefix
18
18
  end
19
19
 
20
- # rubocop:disable Metrics/PerceivedComplexity
21
20
  def new_branch_name
22
21
  @name ||=
23
22
  begin
@@ -34,23 +33,13 @@ module Dependabot
34
33
  tr("@", "")
35
34
  end
36
35
 
37
- dep = dependencies.first
38
-
39
- if library? && ref_changed?(dep) && new_ref(dep)
40
- "#{dependency_name_part}-#{new_ref(dep)}"
41
- elsif library?
42
- "#{dependency_name_part}-#{sanitized_requirement(dep)}"
43
- else
44
- "#{dependency_name_part}-#{new_version(dep)}"
45
- end
36
+ "#{dependency_name_part}-#{branch_version_suffix}"
46
37
  end
47
38
 
48
39
  # Some users need branch names without slashes
49
40
  sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
50
41
  end
51
42
 
52
- # rubocop:enable Metrics/PerceivedComplexity
53
-
54
43
  private
55
44
 
56
45
  def prefixes
@@ -98,6 +87,18 @@ module Dependabot
98
87
  @dependency_set
99
88
  end
100
89
 
90
+ def branch_version_suffix
91
+ dep = dependencies.first
92
+
93
+ if library? && ref_changed?(dep) && new_ref(dep)
94
+ new_ref(dep)
95
+ elsif library?
96
+ sanitized_requirement(dep)
97
+ else
98
+ new_version(dep)
99
+ end
100
+ end
101
+
101
102
  def sanitized_requirement(dependency)
102
103
  new_library_requirement(dependency).
103
104
  delete(" ").
@@ -6,6 +6,8 @@ require "securerandom"
6
6
  module Dependabot
7
7
  class PullRequestUpdater
8
8
  class Azure
9
+ class PullRequestUpdateFailed < Dependabot::DependabotError; end
10
+
9
11
  OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
10
12
 
11
13
  attr_reader :source, :files, :base_commit, :old_commit, :credentials,
@@ -55,9 +57,11 @@ module Dependabot
55
57
  # 1) Push the file changes to a newly created temporary branch (from base commit)
56
58
  new_commit = create_temp_branch
57
59
  # 2) Update PR source branch to point to the temp branch head commit.
58
- update_branch(source_branch_name, old_source_branch_commit, new_commit)
60
+ response = update_branch(source_branch_name, old_source_branch_commit, new_commit)
59
61
  # 3) Delete temp branch
60
62
  update_branch(temp_branch_name, new_commit, OBJECT_ID_FOR_BRANCH_DELETE)
63
+
64
+ raise PullRequestUpdateFailed, response.fetch("customMessage", nil) unless response.fetch("success", false)
61
65
  end
62
66
 
63
67
  def pull_request
@@ -157,6 +157,8 @@ module Dependabot
157
157
  backup_git_config_path = stash_global_git_config
158
158
  configure_git_to_use_https_with_credentials(credentials)
159
159
  yield
160
+ rescue Errno::ENOSPC => e
161
+ raise Dependabot::OutOfDisk, e.message
160
162
  ensure
161
163
  reset_global_git_config(backup_git_config_path)
162
164
  end
@@ -38,7 +38,7 @@ module Dependabot
38
38
 
39
39
  def can_update?(requirements_to_unlock:)
40
40
  # Can't update if all versions are being ignored
41
- return false if ignore_reqs.include?(requirement_class.new(">= 0"))
41
+ return false if ignore_requirements.include?(requirement_class.new(">= 0"))
42
42
 
43
43
  if dependency.version
44
44
  version_can_update?(requirements_to_unlock: requirements_to_unlock)
@@ -141,6 +141,10 @@ module Dependabot
141
141
  security_advisories.any? { |a| a.vulnerable?(version) }
142
142
  end
143
143
 
144
+ def ignore_requirements
145
+ ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
146
+ end
147
+
144
148
  private
145
149
 
146
150
  def latest_version_resolvable_with_full_unlock?
@@ -296,10 +300,6 @@ module Dependabot
296
300
 
297
301
  changed_requirements.none? { |r| r[:requirement] == :unfixable }
298
302
  end
299
-
300
- def ignore_reqs
301
- ignored_versions.map { |req| requirement_class.new(req.split(",")) }
302
- end
303
303
  end
304
304
  end
305
305
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.140.3"
4
+ VERSION = "0.143.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.140.3
4
+ version: 0.143.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-12 00:00:00.000000000 Z
11
+ date: 2021-04-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -298,14 +298,14 @@ dependencies:
298
298
  requirements:
299
299
  - - "~>"
300
300
  - !ruby/object:Gem::Version
301
- version: 1.12.0
301
+ version: 1.13.0
302
302
  type: :development
303
303
  prerelease: false
304
304
  version_requirements: !ruby/object:Gem::Requirement
305
305
  requirements:
306
306
  - - "~>"
307
307
  - !ruby/object:Gem::Version
308
- version: 1.12.0
308
+ version: 1.13.0
309
309
  - !ruby/object:Gem::Dependency
310
310
  name: simplecov
311
311
  requirement: !ruby/object:Gem::Requirement
@@ -391,6 +391,10 @@ files:
391
391
  - lib/dependabot/clients/codecommit.rb
392
392
  - lib/dependabot/clients/github_with_retries.rb
393
393
  - lib/dependabot/clients/gitlab_with_retries.rb
394
+ - lib/dependabot/config.rb
395
+ - lib/dependabot/config/file.rb
396
+ - lib/dependabot/config/file_fetcher.rb
397
+ - lib/dependabot/config/update_config.rb
394
398
  - lib/dependabot/dependency.rb
395
399
  - lib/dependabot/dependency_file.rb
396
400
  - lib/dependabot/errors.rb
@@ -463,7 +467,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
463
467
  - !ruby/object:Gem::Version
464
468
  version: 2.7.3
465
469
  requirements: []
466
- rubygems_version: 3.2.3
470
+ rubygems_version: 3.2.15
467
471
  signing_key:
468
472
  specification_version: 4
469
473
  summary: Shared code used between Dependabot package managers