dependabot-common 0.141.0 → 0.143.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ce8c540f85d77f29a05217fa942c30ceccc1105dec78812b1955f6d047d6a4a
-  data.tar.gz: 79ddaca31b26a954a5174f36c796083545f9c96f7fad03d4cfe7cab7651755f3
+  metadata.gz: 04061b64d2ec9c8ff56b799d8ea0c7426dadcca2701581f1917faa494ba3f76d
+  data.tar.gz: 1129318553b00a3e77274d84cff91987b9c2d20f69a57deb3f171eee4729555a
 SHA512:
-  metadata.gz: a187fd0a04b6ff8a59434e1a6864f23795696c6b37ce132572cc15346fa23abf3600eb8d69242a691909573e3315dc3d5229e780cb0adf93c980b8af146d3e51
-  data.tar.gz: 919ba7bb0228d961e109583c3f769def71feb1dc8bfcb9fd5a767c5eab91f969873ba88441932cced9f9d8ebf0ac0cf5f7f861b1ac12b32780b542a117aad6e9
+  metadata.gz: 81049fffec22a52e685fd08d7f8afc8947f6cd66532491d4e16eb6420cd46ba0d65e863f5f11659968572c8bc6b8d3339601fffa57631ffeb0503823ba53e03d
+  data.tar.gz: '0955f36ca302e038b4dae7d97fd4f83d4ffa3a1cb1668eb353e16f7501851ba567c6b7eebf2bed72776343cf39a54116d326c45e2261320514a0c53d3e360aba'

data/lib/dependabot/clients/azure.rb

@@ -201,9 +201,11 @@ module Dependabot
           }
         ]
 
-        post(source.api_endpoint + source.organization + "/" + source.project +
-          "/_apis/git/repositories/" + source.unscoped_repo +
-          "/refs?api-version=5.0", content.to_json)
+        response = post(source.api_endpoint + source.organization + "/" + source.project +
+                        "/_apis/git/repositories/" + source.unscoped_repo +
+                        "/refs?api-version=5.0", content.to_json)
+
+        JSON.parse(response.body).fetch("value").first
       end
       # rubocop:enable Metrics/ParameterLists
 

data/lib/dependabot/config.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Config
+    class InvalidConfigError < StandardError; end
+  end
+end

data/lib/dependabot/config/file.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require "dependabot/config/update_config"
+
+module Dependabot
+  module Config
+    # Configuration for the repository, a parsed dependabot.yaml.
+    class File
+      attr_reader :updates, :registries
+
+      def initialize(updates:, registries: nil)
+        @updates = updates || []
+        @registries = registries || []
+      end
+
+      def update_config(package_manager, directory: nil, target_branch: nil)
+        dir = directory || "/"
+        package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
+        cfg = updates.find do |u|
+          u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
+            (target_branch.nil? || u[:"target-branch"] == target_branch)
+        end
+        Dependabot::Config::UpdateConfig.new(
+          ignore_conditions: ignore_conditions(cfg),
+          commit_message_options: commit_message_options(cfg)
+        )
+      end
+
+      PACKAGE_MANAGER_LOOKUP = {
+        "bundler" => "bundler",
+        "cargo" => "cargo",
+        "composer" => "composer",
+        "docker" => "docker",
+        "elm" => "elm",
+        "github-actions" => "github_actions",
+        "gitsubmodule" => "submodules",
+        "gomod" => "go_modules",
+        "gradle" => "gradle",
+        "maven" => "maven",
+        "mix" => "hex",
+        "nuget" => "nuget",
+        "npm" => "npm_and_yarn",
+        "pip" => "pip",
+        "terraform" => "terraform"
+      }.freeze
+
+      # Parse the YAML config file
+      def self.parse(config)
+        parsed = YAML.safe_load(config, symbolize_names: true)
+        version = parsed[:version]
+        raise InvalidConfigError, "invalid version #{version}" if version && version != 2
+
+        File.new(updates: parsed[:updates], registries: parsed[:registries])
+      end
+
+      private
+
+      def ignore_conditions(cfg)
+        ignores = cfg&.dig(:ignore) || []
+        ignores.map do |ic|
+          Dependabot::Config::UpdateConfig::IgnoreCondition.new(
+            dependency_name: ic[:"dependency-name"],
+            versions: ic[:versions]
+          )
+        end
+      end
+
+      def commit_message_options(cfg)
+        commit_message = cfg&.dig(:"commit-message") || {}
+        Dependabot::Config::UpdateConfig::CommitMessageOptions.new(
+          prefix: commit_message[:prefix],
+          prefix_development: commit_message[:"prefix-development"],
+          include: commit_message[:include]
+        )
+      end
+    end
+  end
+end

data/lib/dependabot/config/file_fetcher.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "dependabot/file_fetchers/base"
+require "dependabot/config/file"
+
+module Dependabot
+  module Config
+    class FileFetcher < Dependabot::FileFetchers::Base
+      CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
+
+      def self.required_files_in?(filenames)
+        CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
+      end
+
+      def self.required_files_message
+        "Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
+      end
+
+      def config_file
+        @config_file ||= files.first
+      end
+
+      private
+
+      def fetch_files
+        fetched_files = []
+
+        CONFIG_FILE_PATHS.each do |file|
+          fn = Pathname.new("/#{file}").relative_path_from(directory)
+
+          begin
+            config_file = fetch_file_from_host(fn)
+            if config_file
+              fetched_files << config_file
+              break
+            end
+          rescue Dependabot::DependencyFileNotFound
+            next
+          end
+        end
+
+        unless self.class.required_files_in?(fetched_files.map(&:name))
+          raise Dependabot::DependencyFileNotFound, self.class.required_files_message
+        end
+
+        fetched_files
+      end
+    end
+  end
+end

data/lib/dependabot/config/update_config.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Config
+    # Configuration for a single ecosystem
+    class UpdateConfig
+      attr_reader :commit_message_options
+
+      def initialize(ignore_conditions: nil, commit_message_options: nil)
+        @ignore_conditions = ignore_conditions || []
+        @commit_message_options = commit_message_options
+      end
+
+      def ignored_versions_for(dep)
+        @ignore_conditions.
+          select { |ic| ic.dependency_name == dep.name }. # FIXME: wildcard support
+          map(&:versions).
+          flatten.
+          compact
+      end
+
+      class IgnoreCondition
+        attr_reader :dependency_name, :versions
+        def initialize(dependency_name:, versions:)
+          @dependency_name = dependency_name
+          @versions = versions
+        end
+      end
+
+      class CommitMessageOptions
+        attr_reader :prefix, :prefix_development, :include
+
+        def initialize(prefix:, prefix_development:, include:)
+          @prefix = prefix
+          @prefix_development = prefix_development
+          @include = include
+        end
+
+        def include_scope?
+          @include == "scope"
+        end
+
+        def to_h
+          {
+            prefix: @prefix,
+            prefix_development: @prefix_development,
+            include_scope: include_scope?
+          }
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_fetchers/base.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "dependabot/config"
 require "dependabot/dependency_file"
 require "dependabot/source"
 require "dependabot/errors"

data/lib/dependabot/git_commit_checker.rb

@@ -92,7 +92,7 @@ module Dependabot
         local_tags.
         select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
       filtered = tags.
-                 reject { |t| tag_included_in_ignore_reqs?(t) }
+                 reject { |t| tag_included_in_ignore_requirements?(t) }
       raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
 
       tag = filtered.
@@ -317,8 +317,8 @@ module Dependabot
       listing_repo_git_metadata_fetcher.upload_pack
     end
 
-    def ignore_reqs
-      ignored_versions.map { |req| requirement_class.new(req.split(",")) }
+    def ignore_requirements
+      ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
     end
 
     def wants_prerelease?
@@ -330,9 +330,9 @@ module Dependabot
       version_class.new(version).prerelease?
     end
 
-    def tag_included_in_ignore_reqs?(tag)
+    def tag_included_in_ignore_requirements?(tag)
       version = tag.name.match(VERSION_REGEX).named_captures.fetch("version")
-      ignore_reqs.any? { |r| r.satisfied_by?(version_class.new(version)) }
+      ignore_requirements.any? { |r| r.satisfied_by?(version_class.new(version)) }
     end
 
     def tag_is_prerelease?(tag)

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -17,7 +17,6 @@ module Dependabot
         @prefix        = prefix
       end
 
-      # rubocop:disable Metrics/PerceivedComplexity
       def new_branch_name
         @name ||=
           begin
@@ -34,23 +33,13 @@ module Dependabot
                   tr("@", "")
               end
 
-            dep = dependencies.first
-
-            if library? && ref_changed?(dep) && new_ref(dep)
-              "#{dependency_name_part}-#{new_ref(dep)}"
-            elsif library?
-              "#{dependency_name_part}-#{sanitized_requirement(dep)}"
-            else
-              "#{dependency_name_part}-#{new_version(dep)}"
-            end
+            "#{dependency_name_part}-#{branch_version_suffix}"
           end
 
         # Some users need branch names without slashes
         sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
       end
 
-      # rubocop:enable Metrics/PerceivedComplexity
-
       private
 
       def prefixes
@@ -98,6 +87,18 @@ module Dependabot
         @dependency_set
       end
 
+      def branch_version_suffix
+        dep = dependencies.first
+
+        if library? && ref_changed?(dep) && new_ref(dep)
+          new_ref(dep)
+        elsif library?
+          sanitized_requirement(dep)
+        else
+          new_version(dep)
+        end
+      end
+
       def sanitized_requirement(dependency)
         new_library_requirement(dependency).
           delete(" ").

data/lib/dependabot/pull_request_updater/azure.rb

@@ -6,6 +6,8 @@ require "securerandom"
 module Dependabot
   class PullRequestUpdater
     class Azure
+      class PullRequestUpdateFailed < Dependabot::DependabotError; end
+
       OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
 
       attr_reader :source, :files, :base_commit, :old_commit, :credentials,
@@ -55,9 +57,11 @@ module Dependabot
         # 1) Push the file changes to a newly created temporary branch (from base commit)
         new_commit = create_temp_branch
         # 2) Update PR source branch to point to the temp branch head commit.
-        update_branch(source_branch_name, old_source_branch_commit, new_commit)
+        response = update_branch(source_branch_name, old_source_branch_commit, new_commit)
         # 3) Delete temp branch
         update_branch(temp_branch_name, new_commit, OBJECT_ID_FOR_BRANCH_DELETE)
+
+        raise PullRequestUpdateFailed, response.fetch("customMessage", nil) unless response.fetch("success", false)
       end
 
       def pull_request

data/lib/dependabot/update_checkers/base.rb

@@ -38,7 +38,7 @@ module Dependabot
 
       def can_update?(requirements_to_unlock:)
         # Can't update if all versions are being ignored
-        return false if ignore_reqs.include?(requirement_class.new(">= 0"))
+        return false if ignore_requirements.include?(requirement_class.new(">= 0"))
 
         if dependency.version
           version_can_update?(requirements_to_unlock: requirements_to_unlock)
@@ -141,6 +141,10 @@ module Dependabot
         security_advisories.any? { |a| a.vulnerable?(version) }
       end
 
+      def ignore_requirements
+        ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
+      end
+
       private
 
       def latest_version_resolvable_with_full_unlock?
@@ -296,10 +300,6 @@ module Dependabot
 
         changed_requirements.none? { |r| r[:requirement] == :unfixable }
       end
-
-      def ignore_reqs
-        ignored_versions.map { |req| requirement_class.new(req.split(",")) }
-      end
     end
   end
 end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.141.0"
+  VERSION = "0.143.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.141.0
+  version: 0.143.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-12 00:00:00.000000000 Z
+date: 2021-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -298,14 +298,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -391,6 +391,10 @@ files:
 - lib/dependabot/clients/codecommit.rb
 - lib/dependabot/clients/github_with_retries.rb
 - lib/dependabot/clients/gitlab_with_retries.rb
+- lib/dependabot/config.rb
+- lib/dependabot/config/file.rb
+- lib/dependabot/config/file_fetcher.rb
+- lib/dependabot/config/update_config.rb
 - lib/dependabot/dependency.rb
 - lib/dependabot/dependency_file.rb
 - lib/dependabot/errors.rb
@@ -463,7 +467,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Shared code used between Dependabot package managers