dependabot-common 0.152.1 → 0.154.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket_with_retries.rb +1 -1
- data/lib/dependabot/dependency.rb +1 -1
- data/lib/dependabot/file_fetchers/base.rb +2 -2
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -1
- data/lib/dependabot/git_metadata_fetcher.rb +23 -2
- data/lib/dependabot/metadata_finders/base/release_finder.rb +2 -2
- data/lib/dependabot/pull_request_creator/github.rb +2 -2
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +3 -3
- data/lib/dependabot/shared_helpers.rb +6 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aeb284b757e0874d1371b390e0a9c9759571e4cd659ed4898450cfb2b048ffd9
|
4
|
+
data.tar.gz: 56aa048446b8a19b08fe5c805768c6723a87978830895ea29a409af2577902c6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7d9d3c09880a11e91f20344828502a102fe574639f785005c72234789d1115f4ae01dc3d7f75a03103f069214370db5c416bf031045843fa163b75d6c904ab10
|
7
|
+
data.tar.gz: 743aa5679f2e65289da0b9e6127ba22d0d9fb290b63d5727335eb659e4ed375f7843cce929fb47a70ad4f0f4fbc85b413803ac499a5540d890ddae8c2a552e9e
|
@@ -330,8 +330,8 @@ module Dependabot
|
|
330
330
|
|
331
331
|
response.files.map do |file|
|
332
332
|
OpenStruct.new(
|
333
|
-
name: file.
|
334
|
-
path: file.
|
333
|
+
name: File.basename(file.relative_path),
|
334
|
+
path: file.relative_path,
|
335
335
|
type: "file",
|
336
336
|
size: 0 # file size would require new api call per file..
|
337
337
|
)
|
@@ -25,7 +25,7 @@ module Dependabot
|
|
25
25
|
status = SharedHelpers.run_shell_command(
|
26
26
|
"git status --untracked-files all --porcelain v1 #{relative_dir}"
|
27
27
|
)
|
28
|
-
changed_paths = status.split("\n").map
|
28
|
+
changed_paths = status.split("\n").map(&:split)
|
29
29
|
changed_paths.map do |type, path|
|
30
30
|
# The following types are possible to be returned:
|
31
31
|
# M = Modified = Default for DependencyFile
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "excon"
|
4
|
+
require "open3"
|
4
5
|
require "dependabot/errors"
|
5
6
|
|
6
7
|
module Dependabot
|
@@ -52,6 +53,9 @@ module Dependabot
|
|
52
53
|
response = fetch_raw_upload_pack_for(uri)
|
53
54
|
return response.body if response.status == 200
|
54
55
|
|
56
|
+
response_with_git = fetch_raw_upload_pack_with_git_for(uri)
|
57
|
+
return response_with_git.body if response_with_git.status == 200
|
58
|
+
|
55
59
|
raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
|
56
60
|
|
57
61
|
raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
|
@@ -86,6 +90,23 @@ module Dependabot
|
|
86
90
|
)
|
87
91
|
end
|
88
92
|
|
93
|
+
def fetch_raw_upload_pack_with_git_for(uri)
|
94
|
+
service_pack_uri = uri
|
95
|
+
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git")
|
96
|
+
|
97
|
+
command = "git ls-remote #{service_pack_uri}"
|
98
|
+
env = { "PATH" => ENV["PATH"] }
|
99
|
+
|
100
|
+
stdout, stderr, process = Open3.capture3(env, command)
|
101
|
+
# package the command response like a HTTP response so error handling
|
102
|
+
# remains unchanged
|
103
|
+
if process.success?
|
104
|
+
OpenStruct.new(body: stdout, status: 200)
|
105
|
+
else
|
106
|
+
OpenStruct.new(body: stderr, status: 500)
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
89
110
|
def tags_for_upload_pack
|
90
111
|
refs_for_upload_pack.
|
91
112
|
select { |ref| ref.ref_type == :tag }.
|
@@ -106,7 +127,7 @@ module Dependabot
|
|
106
127
|
peeled_lines = []
|
107
128
|
|
108
129
|
result = upload_pack.lines.each_with_object({}) do |line, res|
|
109
|
-
full_ref_name = line.split
|
130
|
+
full_ref_name = line.split.last
|
110
131
|
next unless full_ref_name.start_with?("refs/tags", "refs/heads")
|
111
132
|
|
112
133
|
peeled_lines << line && next if line.strip.end_with?("^{}")
|
@@ -174,7 +195,7 @@ module Dependabot
|
|
174
195
|
end
|
175
196
|
|
176
197
|
def sha_for_update_pack_line(line)
|
177
|
-
line.split
|
198
|
+
line.split.first.chars.last(40).join
|
178
199
|
end
|
179
200
|
|
180
201
|
def excon_defaults
|
@@ -167,7 +167,7 @@ module Dependabot
|
|
167
167
|
|
168
168
|
def serialize_release(release)
|
169
169
|
rel = release
|
170
|
-
title = "## #{rel.name.to_s
|
170
|
+
title = "## #{rel.name.to_s == '' ? rel.tag_name : rel.name}\n"
|
171
171
|
body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
|
172
172
|
"No release notes provided."
|
173
173
|
else
|
@@ -178,7 +178,7 @@ module Dependabot
|
|
178
178
|
end
|
179
179
|
|
180
180
|
def release_body_includes_title?(release)
|
181
|
-
title = release.name.to_s
|
181
|
+
title = release.name.to_s == "" ? release.tag_name : release.name
|
182
182
|
release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
|
183
183
|
end
|
184
184
|
|
@@ -267,7 +267,7 @@ module Dependabot
|
|
267
267
|
|
268
268
|
def add_reviewers_to_pull_request(pull_request)
|
269
269
|
reviewers_hash =
|
270
|
-
|
270
|
+
reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
|
271
271
|
|
272
272
|
github_client_for_source.request_pull_request_review(
|
273
273
|
source.repo,
|
@@ -297,7 +297,7 @@ module Dependabot
|
|
297
297
|
|
298
298
|
def comment_with_invalid_reviewer(pull_request, message)
|
299
299
|
reviewers_hash =
|
300
|
-
|
300
|
+
reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
|
301
301
|
reviewers = []
|
302
302
|
reviewers += reviewers_hash[:reviewers] || []
|
303
303
|
reviewers += (reviewers_hash[:team_reviewers] || []).
|
@@ -153,7 +153,7 @@ module Dependabot
|
|
153
153
|
|
154
154
|
def add_approvers_to_merge_request(merge_request)
|
155
155
|
approvers_hash =
|
156
|
-
|
156
|
+
approvers.keys.map { |k| [k.to_sym, approvers[k]] }.to_h
|
157
157
|
|
158
158
|
gitlab_client_for_source.edit_merge_request_approvers(
|
159
159
|
source.repo,
|
@@ -51,10 +51,10 @@ module Dependabot
|
|
51
51
|
doc.walk do |node|
|
52
52
|
if node.type == :text &&
|
53
53
|
node.string_content.match?(MENTION_REGEX)
|
54
|
-
nodes = if
|
55
|
-
build_mention_nodes(node.string_content)
|
56
|
-
else
|
54
|
+
nodes = if parent_node_link?(node)
|
57
55
|
build_mention_link_text_nodes(node.string_content)
|
56
|
+
else
|
57
|
+
build_mention_nodes(node.string_content)
|
58
58
|
end
|
59
59
|
|
60
60
|
nodes.each do |n|
|
@@ -1,12 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "json"
|
4
|
-
require "tmpdir"
|
5
|
-
require "excon"
|
6
|
-
require "English"
|
7
3
|
require "digest"
|
4
|
+
require "English"
|
5
|
+
require "excon"
|
6
|
+
require "fileutils"
|
7
|
+
require "json"
|
8
8
|
require "open3"
|
9
9
|
require "shellwords"
|
10
|
+
require "tmpdir"
|
10
11
|
|
11
12
|
require "dependabot/utils"
|
12
13
|
require "dependabot/errors"
|
@@ -64,7 +65,7 @@ module Dependabot
|
|
64
65
|
|
65
66
|
# Escapes all special characters, e.g. = & | <>
|
66
67
|
def self.escape_command(command)
|
67
|
-
command_parts = command.split
|
68
|
+
command_parts = command.split.map(&:strip).reject(&:empty?)
|
68
69
|
Shellwords.join(command_parts)
|
69
70
|
end
|
70
71
|
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.154.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -81,7 +81,7 @@ dependencies:
|
|
81
81
|
version: 0.20.1
|
82
82
|
- - "<"
|
83
83
|
- !ruby/object:Gem::Version
|
84
|
-
version: 0.
|
84
|
+
version: 0.23.0
|
85
85
|
type: :runtime
|
86
86
|
prerelease: false
|
87
87
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -91,7 +91,7 @@ dependencies:
|
|
91
91
|
version: 0.20.1
|
92
92
|
- - "<"
|
93
93
|
- !ruby/object:Gem::Version
|
94
|
-
version: 0.
|
94
|
+
version: 0.23.0
|
95
95
|
- !ruby/object:Gem::Dependency
|
96
96
|
name: docker_registry2
|
97
97
|
requirement: !ruby/object:Gem::Requirement
|