dependabot-common 0.154.2 → 0.155.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 11d71b6ef97735d3dfdcd6fd67314262bf53d6c7ec565c78a975803c8665c15a
4
- data.tar.gz: 51d69fc1c885d25c3016634573acd3290595be8aa48119ba8206ec6989981654
3
+ metadata.gz: 9e87672cce71dc3ce34fee4e3b62e137345631139157c6bdd4586718af432f4d
4
+ data.tar.gz: 54691c078c9a37674a4a1fa4fe84027c4571963911eefe394eb7ba27c6f5ab87
5
5
  SHA512:
6
- metadata.gz: 6d070601406562596178c17385dd8ff387444eab6e5d78f894e45d5c9aed76295a362f188e95efd6224bf049db43973279d22b56b373263332de9919899c9a44
7
- data.tar.gz: 39220483eaf1adb2f820c0bf6aceb03e8c42d5ee4d2dedc55a2af4a07bf3fe874e2ea7f6073e6d9e442cb6039d8e317027d915dfa5eed35f9df58252af9cde94
6
+ metadata.gz: 2c91a3a0842721537868b41dbac05b3478bddbcd76f8dae2ed1bcbdd96e3307abb92fa790ed9ab2ab422713a9e803b57e0bebd03060175deeb5e2d4b9f00d840
7
+ data.tar.gz: 2f424cb2939cbdd6c018dae3ad361a0eb5ba22c21e983ff033e49ecda4216e03f68b03f6d22151b718bb84129fc2c3685977b81d1f36842f3769837ed45afd78
@@ -154,7 +154,7 @@ module Dependabot
154
154
  end
155
155
 
156
156
  def symbolize_keys(hash)
157
- Hash[hash.keys.map { |k| [k.to_sym, hash[k]] }]
157
+ hash.keys.map { |k| [k.to_sym, hash[k]] }.to_h
158
158
  end
159
159
  end
160
160
  end
@@ -330,8 +330,8 @@ module Dependabot
330
330
 
331
331
  response.files.map do |file|
332
332
  OpenStruct.new(
333
- name: file.absolute_path,
334
- path: file.absolute_path,
333
+ name: File.basename(file.relative_path),
334
+ path: file.relative_path,
335
335
  type: "file",
336
336
  size: 0 # file size would require new api call per file..
337
337
  )
@@ -25,7 +25,7 @@ module Dependabot
25
25
  status = SharedHelpers.run_shell_command(
26
26
  "git status --untracked-files all --porcelain v1 #{relative_dir}"
27
27
  )
28
- changed_paths = status.split("\n").map { |l| l.split(" ") }
28
+ changed_paths = status.split("\n").map(&:split)
29
29
  changed_paths.map do |type, path|
30
30
  # The following types are possible to be returned:
31
31
  # M = Modified = Default for DependencyFile
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "excon"
4
+ require "open3"
4
5
  require "dependabot/errors"
5
6
 
6
7
  module Dependabot
@@ -52,6 +53,9 @@ module Dependabot
52
53
  response = fetch_raw_upload_pack_for(uri)
53
54
  return response.body if response.status == 200
54
55
 
56
+ response_with_git = fetch_raw_upload_pack_with_git_for(uri)
57
+ return response_with_git.body if response_with_git.status == 200
58
+
55
59
  raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
56
60
 
57
61
  raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
@@ -86,6 +90,23 @@ module Dependabot
86
90
  )
87
91
  end
88
92
 
93
+ def fetch_raw_upload_pack_with_git_for(uri)
94
+ service_pack_uri = uri
95
+ service_pack_uri += ".git" unless service_pack_uri.end_with?(".git")
96
+
97
+ command = "git ls-remote #{service_pack_uri}"
98
+ env = { "PATH" => ENV["PATH"] }
99
+
100
+ stdout, stderr, process = Open3.capture3(env, command)
101
+ # package the command response like a HTTP response so error handling
102
+ # remains unchanged
103
+ if process.success?
104
+ OpenStruct.new(body: stdout, status: 200)
105
+ else
106
+ OpenStruct.new(body: stderr, status: 500)
107
+ end
108
+ end
109
+
89
110
  def tags_for_upload_pack
90
111
  refs_for_upload_pack.
91
112
  select { |ref| ref.ref_type == :tag }.
@@ -106,7 +127,7 @@ module Dependabot
106
127
  peeled_lines = []
107
128
 
108
129
  result = upload_pack.lines.each_with_object({}) do |line, res|
109
- full_ref_name = line.split(" ").last
130
+ full_ref_name = line.split.last
110
131
  next unless full_ref_name.start_with?("refs/tags", "refs/heads")
111
132
 
112
133
  peeled_lines << line && next if line.strip.end_with?("^{}")
@@ -174,7 +195,7 @@ module Dependabot
174
195
  end
175
196
 
176
197
  def sha_for_update_pack_line(line)
177
- line.split(" ").first.chars.last(40).join
198
+ line.split.first.chars.last(40).join
178
199
  end
179
200
 
180
201
  def excon_defaults
@@ -167,7 +167,7 @@ module Dependabot
167
167
 
168
168
  def serialize_release(release)
169
169
  rel = release
170
- title = "## #{rel.name.to_s != '' ? rel.name : rel.tag_name}\n"
170
+ title = "## #{rel.name.to_s == '' ? rel.tag_name : rel.name}\n"
171
171
  body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
172
172
  "No release notes provided."
173
173
  else
@@ -178,7 +178,7 @@ module Dependabot
178
178
  end
179
179
 
180
180
  def release_body_includes_title?(release)
181
- title = release.name.to_s != "" ? release.name : release.tag_name
181
+ title = release.name.to_s == "" ? release.tag_name : release.name
182
182
  release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
183
183
  end
184
184
 
@@ -267,7 +267,7 @@ module Dependabot
267
267
 
268
268
  def add_reviewers_to_pull_request(pull_request)
269
269
  reviewers_hash =
270
- Hash[reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }]
270
+ reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
271
271
 
272
272
  github_client_for_source.request_pull_request_review(
273
273
  source.repo,
@@ -297,7 +297,7 @@ module Dependabot
297
297
 
298
298
  def comment_with_invalid_reviewer(pull_request, message)
299
299
  reviewers_hash =
300
- Hash[reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }]
300
+ reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
301
301
  reviewers = []
302
302
  reviewers += reviewers_hash[:reviewers] || []
303
303
  reviewers += (reviewers_hash[:team_reviewers] || []).
@@ -153,7 +153,7 @@ module Dependabot
153
153
 
154
154
  def add_approvers_to_merge_request(merge_request)
155
155
  approvers_hash =
156
- Hash[approvers.keys.map { |k| [k.to_sym, approvers[k]] }]
156
+ approvers.keys.map { |k| [k.to_sym, approvers[k]] }.to_h
157
157
 
158
158
  gitlab_client_for_source.edit_merge_request_approvers(
159
159
  source.repo,
@@ -51,10 +51,10 @@ module Dependabot
51
51
  doc.walk do |node|
52
52
  if node.type == :text &&
53
53
  node.string_content.match?(MENTION_REGEX)
54
- nodes = if !parent_node_link?(node)
55
- build_mention_nodes(node.string_content)
56
- else
54
+ nodes = if parent_node_link?(node)
57
55
  build_mention_link_text_nodes(node.string_content)
56
+ else
57
+ build_mention_nodes(node.string_content)
58
58
  end
59
59
 
60
60
  nodes.each do |n|
@@ -65,7 +65,7 @@ module Dependabot
65
65
 
66
66
  # Escapes all special characters, e.g. = & | <>
67
67
  def self.escape_command(command)
68
- command_parts = command.split(" ").map(&:strip).reject(&:empty?)
68
+ command_parts = command.split.map(&:strip).reject(&:empty?)
69
69
  Shellwords.join(command_parts)
70
70
  end
71
71
 
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Dependabot
4
+ module UpdateCheckers
5
+ module VersionFilters
6
+ def self.filter_vulnerable_versions(versions_array, security_advisories)
7
+ versions_array.reject do |v|
8
+ security_advisories.any? do |a|
9
+ if v.is_a?(Gem::Version)
10
+ a.vulnerable?(v)
11
+ else
12
+ a.vulnerable?(v.fetch(:version))
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.154.2"
4
+ VERSION = "0.155.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.154.2
4
+ version: 0.155.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-17 00:00:00.000000000 Z
11
+ date: 2021-06-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -81,7 +81,7 @@ dependencies:
81
81
  version: 0.20.1
82
82
  - - "<"
83
83
  - !ruby/object:Gem::Version
84
- version: 0.22.0
84
+ version: 0.23.0
85
85
  type: :runtime
86
86
  prerelease: false
87
87
  version_requirements: !ruby/object:Gem::Requirement
@@ -91,7 +91,7 @@ dependencies:
91
91
  version: 0.20.1
92
92
  - - "<"
93
93
  - !ruby/object:Gem::Version
94
- version: 0.22.0
94
+ version: 0.23.0
95
95
  - !ruby/object:Gem::Dependency
96
96
  name: docker_registry2
97
97
  requirement: !ruby/object:Gem::Requirement
@@ -446,6 +446,7 @@ files:
446
446
  - lib/dependabot/update_checkers.rb
447
447
  - lib/dependabot/update_checkers/README.md
448
448
  - lib/dependabot/update_checkers/base.rb
449
+ - lib/dependabot/update_checkers/version_filters.rb
449
450
  - lib/dependabot/utils.rb
450
451
  - lib/dependabot/version.rb
451
452
  - lib/rubygems_version_patch.rb