dependabot-common 0.143.0 → 0.143.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +32 -7
- data/lib/dependabot/config/ignore_condition.rb +100 -0
- data/lib/dependabot/config/update_config.rb +46 -28
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 519d829e63edf21602f5031e532dbccce99323676b624ff130e089b6f3ec44ef
|
|
4
|
+
data.tar.gz: 3fb4986daa15f8d92a5af167473d3b32ed3132699fa4f2c85ebf2060632f55e7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dd23c91a75da2f3a93719a031c42d259dee57c7b7f489a044c3480dee8cfb5f55a48a19a961a90064d6939710574d3ef0531755d685bbff7457475306969b16e
|
|
7
|
+
data.tar.gz: c1b8bbdadea4755383f7585752d1bcedd1f875475e31b452ffb8e74578fac2152b250bf071840361bd958eb9240b5adcb0671e04a915fc2baf86b0297f382585
|
|
@@ -20,9 +20,23 @@ module Dependabot
|
|
|
20
20
|
u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
|
|
21
21
|
(target_branch.nil? || u[:"target-branch"] == target_branch)
|
|
22
22
|
end
|
|
23
|
-
Dependabot::Config::UpdateConfig.new(
|
|
23
|
+
Dependabot::Config::UpdateConfig.new(
|
|
24
|
+
ignore_conditions: ignore_conditions(cfg),
|
|
25
|
+
commit_message_options: commit_message_options(cfg)
|
|
26
|
+
)
|
|
24
27
|
end
|
|
25
28
|
|
|
29
|
+
# Parse the YAML config file
|
|
30
|
+
def self.parse(config)
|
|
31
|
+
parsed = YAML.safe_load(config, symbolize_names: true)
|
|
32
|
+
version = parsed[:version]
|
|
33
|
+
raise InvalidConfigError, "invalid version #{version}" if version && version != 2
|
|
34
|
+
|
|
35
|
+
File.new(updates: parsed[:updates], registries: parsed[:registries])
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
26
40
|
PACKAGE_MANAGER_LOOKUP = {
|
|
27
41
|
"bundler" => "bundler",
|
|
28
42
|
"cargo" => "cargo",
|
|
@@ -41,13 +55,24 @@ module Dependabot
|
|
|
41
55
|
"terraform" => "terraform"
|
|
42
56
|
}.freeze
|
|
43
57
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
58
|
+
def ignore_conditions(cfg)
|
|
59
|
+
ignores = cfg&.dig(:ignore) || []
|
|
60
|
+
ignores.map do |ic|
|
|
61
|
+
Dependabot::Config::IgnoreCondition.new(
|
|
62
|
+
dependency_name: ic[:"dependency-name"],
|
|
63
|
+
versions: ic[:versions],
|
|
64
|
+
update_types: ic[:"update-types"]
|
|
65
|
+
)
|
|
66
|
+
end
|
|
67
|
+
end
|
|
49
68
|
|
|
50
|
-
|
|
69
|
+
def commit_message_options(cfg)
|
|
70
|
+
commit_message = cfg&.dig(:"commit-message") || {}
|
|
71
|
+
Dependabot::Config::UpdateConfig::CommitMessageOptions.new(
|
|
72
|
+
prefix: commit_message[:prefix],
|
|
73
|
+
prefix_development: commit_message[:"prefix-development"],
|
|
74
|
+
include: commit_message[:include]
|
|
75
|
+
)
|
|
51
76
|
end
|
|
52
77
|
end
|
|
53
78
|
end
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Dependabot
|
|
4
|
+
module Config
|
|
5
|
+
# Filters versions that should not be considered for dependency updates
|
|
6
|
+
class IgnoreCondition
|
|
7
|
+
PATCH_VERSION_TYPE = "version-update:semver-patch"
|
|
8
|
+
MINOR_VERSION_TYPE = "version-update:semver-minor"
|
|
9
|
+
MAJOR_VERSION_TYPE = "version-update:semver-major"
|
|
10
|
+
|
|
11
|
+
ALL_VERSIONS = ">= 0"
|
|
12
|
+
|
|
13
|
+
attr_reader :dependency_name, :versions, :update_types
|
|
14
|
+
|
|
15
|
+
def initialize(dependency_name:, versions: nil, update_types: nil)
|
|
16
|
+
@dependency_name = dependency_name
|
|
17
|
+
@versions = versions || []
|
|
18
|
+
@update_types = update_types || []
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def ignored_versions(dependency, security_updates_only)
|
|
22
|
+
return versions if security_updates_only
|
|
23
|
+
return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
|
|
24
|
+
|
|
25
|
+
versions_by_type(dependency) + versions
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def transformed_update_types
|
|
31
|
+
update_types.map(&:downcase).map(&:strip).compact
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def versions_by_type(dependency)
|
|
35
|
+
transformed_update_types.flat_map do |t|
|
|
36
|
+
case t
|
|
37
|
+
when PATCH_VERSION_TYPE
|
|
38
|
+
ignore_patch(dependency.version)
|
|
39
|
+
when MINOR_VERSION_TYPE
|
|
40
|
+
ignore_minor(dependency.version)
|
|
41
|
+
when MAJOR_VERSION_TYPE
|
|
42
|
+
ignore_major(dependency.version)
|
|
43
|
+
else
|
|
44
|
+
[]
|
|
45
|
+
end
|
|
46
|
+
end.compact
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def ignore_patch(version)
|
|
50
|
+
parts = version.split(".")
|
|
51
|
+
return [] unless parts.size > 2
|
|
52
|
+
|
|
53
|
+
lower_parts = parts.first(2) + ["a"]
|
|
54
|
+
upper_parts = parts.first(2)
|
|
55
|
+
upper_parts[1] = upper_parts[1].to_i + 1
|
|
56
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
57
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
58
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def ignore_minor(version)
|
|
62
|
+
parts = version.split(".")
|
|
63
|
+
return [] if parts.size < 2
|
|
64
|
+
|
|
65
|
+
if Gem::Version.correct?(version)
|
|
66
|
+
lower_parts = parts.first(2) + ["a"]
|
|
67
|
+
upper_parts = parts.first(1)
|
|
68
|
+
lower_parts[1] = lower_parts[1].to_i + 1
|
|
69
|
+
upper_parts[0] = upper_parts[0].to_i + 1
|
|
70
|
+
else
|
|
71
|
+
lower_parts = parts.first(1) + ["a"]
|
|
72
|
+
upper_parts = parts.first(1)
|
|
73
|
+
begin
|
|
74
|
+
upper_parts[0] = Integer(upper_parts[0]) + 1
|
|
75
|
+
rescue ArgumentError
|
|
76
|
+
upper_parts.push(999_999)
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
81
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
82
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def ignore_major(version)
|
|
86
|
+
parts = version.split(".")
|
|
87
|
+
return [] unless parts.size > 1
|
|
88
|
+
|
|
89
|
+
lower_parts = parts.first(1) + ["a"]
|
|
90
|
+
upper_parts = parts.first(1)
|
|
91
|
+
lower_parts[0] = lower_parts[0].to_i + 1
|
|
92
|
+
upper_parts[0] = upper_parts[0].to_i + 2
|
|
93
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
|
94
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
|
95
|
+
|
|
96
|
+
["#{lower_bound}, #{upper_bound}"]
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
end
|
|
@@ -1,47 +1,65 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "dependabot/config/ignore_condition"
|
|
4
|
+
|
|
3
5
|
module Dependabot
|
|
4
6
|
module Config
|
|
5
7
|
# Configuration for a single ecosystem
|
|
6
8
|
class UpdateConfig
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
attr_reader :commit_message_options, :ignore_conditions
|
|
10
|
+
def initialize(ignore_conditions: nil, commit_message_options: nil)
|
|
11
|
+
@ignore_conditions = ignore_conditions || []
|
|
12
|
+
@commit_message_options = commit_message_options
|
|
11
13
|
end
|
|
12
14
|
|
|
13
|
-
def
|
|
14
|
-
|
|
15
|
+
def ignored_versions_for(dependency, security_updates_only: false)
|
|
16
|
+
normalizer = name_normaliser_for(dependency)
|
|
17
|
+
dep_name = name_normaliser_for(dependency).call(dependency.name)
|
|
18
|
+
|
|
19
|
+
@ignore_conditions.
|
|
20
|
+
select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
|
|
21
|
+
map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
|
|
22
|
+
flatten.
|
|
23
|
+
compact.
|
|
24
|
+
uniq
|
|
15
25
|
end
|
|
16
26
|
|
|
17
|
-
def
|
|
18
|
-
return
|
|
27
|
+
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
28
|
+
return false unless wildcard_string && candidate_string
|
|
19
29
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
30
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*").
|
|
31
|
+
map { |p| Regexp.quote(p) }.
|
|
32
|
+
join(".*").gsub(/^a|a$/, "")
|
|
33
|
+
regex = /^#{regex_string}$/
|
|
34
|
+
regex.match?(candidate_string.downcase)
|
|
24
35
|
end
|
|
25
36
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
include_scope: commit_message[:include] == "scope"
|
|
32
|
-
}
|
|
37
|
+
private
|
|
38
|
+
|
|
39
|
+
def name_normaliser_for(dep)
|
|
40
|
+
name_normaliser ||= {}
|
|
41
|
+
name_normaliser[dep] ||= Dependency.name_normaliser_for_package_manager(dep.package_manager)
|
|
33
42
|
end
|
|
34
43
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
44
|
+
class CommitMessageOptions
|
|
45
|
+
attr_reader :prefix, :prefix_development, :include
|
|
46
|
+
|
|
47
|
+
def initialize(prefix:, prefix_development:, include:)
|
|
48
|
+
@prefix = prefix
|
|
49
|
+
@prefix_development = prefix_development
|
|
50
|
+
@include = include
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def include_scope?
|
|
54
|
+
@include == "scope"
|
|
55
|
+
end
|
|
38
56
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
57
|
+
def to_h
|
|
58
|
+
{
|
|
59
|
+
prefix: @prefix,
|
|
60
|
+
prefix_development: @prefix_development,
|
|
61
|
+
include_scope: include_scope?
|
|
62
|
+
}
|
|
45
63
|
end
|
|
46
64
|
end
|
|
47
65
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.143.
|
|
4
|
+
version: 0.143.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -394,6 +394,7 @@ files:
|
|
|
394
394
|
- lib/dependabot/config.rb
|
|
395
395
|
- lib/dependabot/config/file.rb
|
|
396
396
|
- lib/dependabot/config/file_fetcher.rb
|
|
397
|
+
- lib/dependabot/config/ignore_condition.rb
|
|
397
398
|
- lib/dependabot/config/update_config.rb
|
|
398
399
|
- lib/dependabot/dependency.rb
|
|
399
400
|
- lib/dependabot/dependency_file.rb
|