dependabot-common 0.140.3 → 0.143.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 189215ae85298ad27a01437d5702c01c8ba2e68dd149f1b334118680888bbc51
-  data.tar.gz: df61584f2d45aaad32480af08209e911271feab1c1c378167a84cf272b46aa3c
+  metadata.gz: 57330557c4c6b5c67064d741415cf5ec79dcb8f43bf9f3919048a3464260ab3c
+  data.tar.gz: c2c2540484356b1beeb3b72dfff70a4d0da24ee20cfbeb4b9c2e465bdd4dc2e1
 SHA512:
-  metadata.gz: 907e246bd29e3393be326e7fcfe285c4211d1851fbb58d55b67f5e3530d1b11b107816f142e3c86081f6457d745e91b25bfa8f5abfa9b020deb631dc96196e85
-  data.tar.gz: b52deaf257874776bcf38e7a4346ce07ade51e490ad8ef864c4048bf6451bc5c69231f20a273fc45184107de50b08afcac041e122f45e6477765961b0d956a18
+  metadata.gz: ab1843750e40351dd4a63830cb45e466bda21006140c4b39540010b0cd00e30a09dec6bf08aa744a42e870d2693e09d861aed43b0ec59b0854910f4dfcdbde8f
+  data.tar.gz: be02824d97291c474f1074e3070abf82fa1576bc9f5898fea338734bd4f11d811526bccb3888a3a279b893dec717fffe77fd7218b47d0b16025e3e680372109e

data/lib/dependabot/clients/azure.rb

@@ -201,9 +201,11 @@ module Dependabot
           }
         ]
 
-        post(source.api_endpoint + source.organization + "/" + source.project +
-          "/_apis/git/repositories/" + source.unscoped_repo +
-          "/refs?api-version=5.0", content.to_json)
+        response = post(source.api_endpoint + source.organization + "/" + source.project +
+                        "/_apis/git/repositories/" + source.unscoped_repo +
+                        "/refs?api-version=5.0", content.to_json)
+
+        JSON.parse(response.body).fetch("value").first
       end
       # rubocop:enable Metrics/ParameterLists
 

data/lib/dependabot/config.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Config
+    class InvalidConfigError < StandardError; end
+  end
+end

data/lib/dependabot/config/file.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "dependabot/config/update_config"
+
+module Dependabot
+  module Config
+    # Configuration for the repository, a parsed dependabot.yaml.
+    class File
+      attr_reader :updates, :registries
+
+      def initialize(updates:, registries: nil)
+        @updates = updates || []
+        @registries = registries || []
+      end
+
+      def update_config(package_manager, directory: nil, target_branch: nil)
+        dir = directory || "/"
+        package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
+        cfg = updates.find do |u|
+          u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
+            (target_branch.nil? || u[:"target-branch"] == target_branch)
+        end
+        Dependabot::Config::UpdateConfig.new(cfg)
+      end
+
+      PACKAGE_MANAGER_LOOKUP = {
+        "bundler" => "bundler",
+        "cargo" => "cargo",
+        "composer" => "composer",
+        "docker" => "docker",
+        "elm" => "elm",
+        "github-actions" => "github_actions",
+        "gitsubmodule" => "submodules",
+        "gomod" => "go_modules",
+        "gradle" => "gradle",
+        "maven" => "maven",
+        "mix" => "hex",
+        "nuget" => "nuget",
+        "npm" => "npm_and_yarn",
+        "pip" => "pip",
+        "terraform" => "terraform"
+      }.freeze
+
+      # Parse the YAML config file
+      def self.parse(config)
+        parsed = YAML.safe_load(config, symbolize_names: true)
+        version = parsed[:version]
+        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
+
+        File.new(updates: parsed[:updates], registries: parsed[:registries])
+      end
+    end
+  end
+end

data/lib/dependabot/config/file_fetcher.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers/base"
+require "dependabot/config/file"
+
+module Dependabot
+  module Config
+    class FileFetcher < Dependabot::FileFetchers::Base
+      CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
+
+      def self.required_files_in?(filenames)
+        CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
+      end
+
+      def self.required_files_message
+        "Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
+      end
+
+      def config_file
+        @config_file ||= files.first
+      end
+
+      private
+
+      def fetch_files
+        fetched_files = []
+
+        CONFIG_FILE_PATHS.each do |file|
+          fn = Pathname.new("/#{file}").relative_path_from(directory)
+
+          begin
+            config_file = fetch_file_from_host(fn)
+            if config_file
+              fetched_files << config_file
+              break
+            end
+          rescue Dependabot::DependencyFileNotFound
+            next
+          end
+        end
+
+        unless self.class.required_files_in?(fetched_files.map(&:name))
+          raise Dependabot::DependencyFileNotFound, self.class.required_files_message
+        end
+
+        fetched_files
+      end
+    end
+  end
+end

data/lib/dependabot/config/update_config.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Config
+    # Configuration for a single ecosystem
+    class UpdateConfig
+      module Interval
+        DAILY = "daily"
+        WEEKLY = "weekly"
+        MONTHLY = "monthly"
+      end
+
+      def initialize(config)
+        @config = config || {}
+      end
+
+      def ignored_versions_for(dep)
+        return [] unless @config[:ignore]
+
+        @config[:ignore].
+          select { |ic| ic[:"dependency-name"] == dep.name }. # FIXME: wildcard support
+          map { |ic| ic[:versions] }.
+          flatten
+      end
+
+      def commit_message_options
+        commit_message = @config[:"commit-message"] || {}
+        {
+          prefix: commit_message[:prefix],
+          prefix_development: commit_message[:"prefix-development"],
+          include_scope: commit_message[:include] == "scope"
+        }
+      end
+
+      def interval
+        return unless @config[:schedule]
+        return unless @config[:schedule][:interval]
+
+        interval = @config[:schedule][:interval]
+        case interval.downcase
+        when Interval::DAILY, Interval::WEEKLY, Interval::MONTHLY
+          interval.downcase
+        else
+          raise InvalidConfigError, "unknown interval: #{interval}"
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_fetchers/base.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "dependabot/config"
 require "dependabot/dependency_file"
 require "dependabot/source"
 require "dependabot/errors"

data/lib/dependabot/git_commit_checker.rb

@@ -92,7 +92,7 @@ module Dependabot
         local_tags.
         select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
       filtered = tags.
-                 reject { |t| tag_included_in_ignore_reqs?(t) }
+                 reject { |t| tag_included_in_ignore_requirements?(t) }
       raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
 
       tag = filtered.
@@ -317,8 +317,8 @@ module Dependabot
       listing_repo_git_metadata_fetcher.upload_pack
     end
 
-    def ignore_reqs
-      ignored_versions.map { |req| requirement_class.new(req.split(",")) }
+    def ignore_requirements
+      ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
     end
 
     def wants_prerelease?
@@ -330,9 +330,9 @@ module Dependabot
       version_class.new(version).prerelease?
     end
 
-    def tag_included_in_ignore_reqs?(tag)
+    def tag_included_in_ignore_requirements?(tag)
       version = tag.name.match(VERSION_REGEX).named_captures.fetch("version")
-      ignore_reqs.any? { |r| r.satisfied_by?(version_class.new(version)) }
+      ignore_requirements.any? { |r| r.satisfied_by?(version_class.new(version)) }
     end
 
     def tag_is_prerelease?(tag)

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -17,7 +17,6 @@ module Dependabot
         @prefix        = prefix
       end
 
-      # rubocop:disable Metrics/PerceivedComplexity
       def new_branch_name
         @name ||=
           begin
@@ -34,23 +33,13 @@ module Dependabot
                   tr("@", "")
               end
 
-            dep = dependencies.first
-
-            if library? && ref_changed?(dep) && new_ref(dep)
-              "#{dependency_name_part}-#{new_ref(dep)}"
-            elsif library?
-              "#{dependency_name_part}-#{sanitized_requirement(dep)}"
-            else
-              "#{dependency_name_part}-#{new_version(dep)}"
-            end
+            "#{dependency_name_part}-#{branch_version_suffix}"
           end
 
         # Some users need branch names without slashes
         sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
       end
 
-      # rubocop:enable Metrics/PerceivedComplexity
-
       private
 
       def prefixes
@@ -98,6 +87,18 @@ module Dependabot
         @dependency_set
       end
 
+      def branch_version_suffix
+        dep = dependencies.first
+
+        if library? && ref_changed?(dep) && new_ref(dep)
+          new_ref(dep)
+        elsif library?
+          sanitized_requirement(dep)
+        else
+          new_version(dep)
+        end
+      end
+
       def sanitized_requirement(dependency)
         new_library_requirement(dependency).
           delete(" ").

data/lib/dependabot/pull_request_updater/azure.rb

@@ -6,6 +6,8 @@ require "securerandom"
 module Dependabot
   class PullRequestUpdater
     class Azure
+      class PullRequestUpdateFailed < Dependabot::DependabotError; end
+
       OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
 
       attr_reader :source, :files, :base_commit, :old_commit, :credentials,
@@ -55,9 +57,11 @@ module Dependabot
         # 1) Push the file changes to a newly created temporary branch (from base commit)
         new_commit = create_temp_branch
         # 2) Update PR source branch to point to the temp branch head commit.
-        update_branch(source_branch_name, old_source_branch_commit, new_commit)
+        response = update_branch(source_branch_name, old_source_branch_commit, new_commit)
         # 3) Delete temp branch
         update_branch(temp_branch_name, new_commit, OBJECT_ID_FOR_BRANCH_DELETE)
+
+        raise PullRequestUpdateFailed, response.fetch("customMessage", nil) unless response.fetch("success", false)
       end
 
       def pull_request

data/lib/dependabot/shared_helpers.rb

@@ -157,6 +157,8 @@ module Dependabot
       backup_git_config_path = stash_global_git_config
       configure_git_to_use_https_with_credentials(credentials)
       yield
+    rescue Errno::ENOSPC => e
+      raise Dependabot::OutOfDisk, e.message
     ensure
       reset_global_git_config(backup_git_config_path)
     end

data/lib/dependabot/update_checkers/base.rb

@@ -38,7 +38,7 @@ module Dependabot
 
       def can_update?(requirements_to_unlock:)
         # Can't update if all versions are being ignored
-        return false if ignore_reqs.include?(requirement_class.new(">= 0"))
+        return false if ignore_requirements.include?(requirement_class.new(">= 0"))
 
         if dependency.version
           version_can_update?(requirements_to_unlock: requirements_to_unlock)
@@ -141,6 +141,10 @@ module Dependabot
         security_advisories.any? { |a| a.vulnerable?(version) }
       end
 
+      def ignore_requirements
+        ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
+      end
+
       private
 
       def latest_version_resolvable_with_full_unlock?
@@ -296,10 +300,6 @@ module Dependabot
 
         changed_requirements.none? { |r| r[:requirement] == :unfixable }
       end
-
-      def ignore_reqs
-        ignored_versions.map { |req| requirement_class.new(req.split(",")) }
-      end
     end
   end
 end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.140.3"
+  VERSION = "0.143.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.140.3
+  version: 0.143.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-12 00:00:00.000000000 Z
+date: 2021-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -298,14 +298,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -391,6 +391,10 @@ files:
 - lib/dependabot/clients/codecommit.rb
 - lib/dependabot/clients/github_with_retries.rb
 - lib/dependabot/clients/gitlab_with_retries.rb
+- lib/dependabot/config.rb
+- lib/dependabot/config/file.rb
+- lib/dependabot/config/file_fetcher.rb
+- lib/dependabot/config/update_config.rb
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb
 - lib/dependabot/errors.rb
@@ -463,7 +467,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Shared code used between Dependabot package managers