dependabot-common 0.165.0 → 0.168.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +15 -1
  3. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +1 -23
  4. data/lib/dependabot/pull_request_creator/message_builder.rb +14 -0
  5. data/lib/dependabot/pull_request_creator.rb +1 -1
  6. data/lib/dependabot/source.rb +5 -0
  7. data/lib/dependabot/version.rb +1 -1
  8. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fded763414c9d5eec2fcdcbde94cc2f6feb6cc28218b4505ebd3a05250a02140
4
- data.tar.gz: 405ae147644579eb70e84cb0dbf9a3bb9b27cfc5ed144597a08ad5286eb1925f
3
+ metadata.gz: 427cfd662176d25750a84eff74448ac6a4bb83bdbad91499ce097789208b0fc8
4
+ data.tar.gz: f0c8f21a2d13f6ade2159d38e3d3c2a663d89c5195941e1d98c7fc843975cd14
5
5
  SHA512:
6
- metadata.gz: 01aea5b71061b178a252555fa59f828d9f86a89d41d7d58e2a7d58c15cfae40a752eaf6f0858bb3b6e8dc5c224fc8b83c935e1dc3e7d264fab069d24244f6b64
7
- data.tar.gz: 918375276fbc3ef7e735df189f1dfd9821f0473651959a0aad38a7932214f0fc02e0348139ae321c4944ea2ba6f0b7d013cb9ef7a054eb8373c0ab6a8f84cb9b
6
+ metadata.gz: ad8438cd7fd6ca00b0618369b9d2ecee382f2945e4516f2e6a22e478dfbc6c64c7da0067c899e5efa058c5304bc948d3de31cb61cd09a0487ed9c0d41cbca64a
7
+ data.tar.gz: 36b35131e863bb8308dd215161320e2af7bcce80b7d488a254c37169eb03c298bcf9473f9273ed580ee45aa6d744a85a9c2bd378a4f62b3d9cf22d5fad17eaba
data/lib/dependabot/clients/azure.rb CHANGED
@@ -18,6 +18,8 @@ module Dependabot
18
18
 
19
19
  class Forbidden < StandardError; end
20
20
 
21
+ class TagsCreationForbidden < StandardError; end
22
+
21
23
  RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
22
24
 
23
25
  MAX_PR_DESCRIPTION_LENGTH = 3999
@@ -264,7 +266,12 @@ module Dependabot
264
266
  end
265
267
 
266
268
  raise Unauthorized if response.status == 401
267
- raise Forbidden if response.status == 403
269
+
270
+ if response.status == 403
271
+ raise TagsCreationForbidden if tags_creation_forbidden?(response)
272
+
273
+ raise Forbidden
274
+ end
268
275
  raise NotFound if response.status == 404
269
276
 
270
277
  response
@@ -310,6 +317,13 @@ module Dependabot
310
317
  pr_description.force_encoding(Encoding::UTF_8)
311
318
  end
312
319
 
320
+ def tags_creation_forbidden?(response)
321
+ return if response.body.empty?
322
+
323
+ message = JSON.parse(response.body).fetch("message", nil)
324
+ message&.include?("TF401289")
325
+ end
326
+
313
327
  attr_reader :auth_header
314
328
  attr_reader :credentials
315
329
  attr_reader :source
data/lib/dependabot/metadata_finders/base/changelog_finder.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "excon"
4
- require "pandoc-ruby"
5
4
 
6
5
  require "dependabot/clients/github_with_retries"
7
6
  require "dependabot/clients/gitlab_with_retries"
@@ -37,31 +36,10 @@ module Dependabot
37
36
  def changelog_text
38
37
  return unless full_changelog_text
39
38
 
40
- pruned_text = ChangelogPruner.new(
39
+ ChangelogPruner.new(
41
40
  dependency: dependency,
42
41
  changelog_text: full_changelog_text
43
42
  ).pruned_text
44
-
45
- return pruned_text unless changelog.name.end_with?(".rst")
46
-
47
- begin
48
- PandocRuby.convert(
49
- pruned_text,
50
- from: :rst,
51
- to: :markdown,
52
- wrap: :none,
53
- timeout: 10
54
- )
55
- rescue Errno::ENOENT => e
56
- raise unless e.message == "No such file or directory - pandoc"
57
-
58
- # If pandoc isn't installed just return the rst
59
- pruned_text
60
- rescue RuntimeError => e
61
- raise unless e.message.include?("Pandoc timed out")
62
-
63
- pruned_text
64
- end
65
43
  end
66
44
 
67
45
  def upgrade_guide_url
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -142,6 +142,20 @@ module Dependabot
142
142
  end
143
143
 
144
144
  def message_trailers
145
+ return unless signoff_trailers || custom_trailers
146
+
147
+ [signoff_trailers, custom_trailers].compact.join("\n")
148
+ end
149
+
150
+ def custom_trailers
151
+ trailers = commit_message_options[:trailers]
152
+ return if trailers.nil?
153
+ raise("Commit trailers must be a Hash object") unless trailers.is_a?(Hash)
154
+
155
+ trailers.compact.map { |k, v| "#{k}: #{v}" }.join("\n")
156
+ end
157
+
158
+ def signoff_trailers
145
159
  return unless on_behalf_of_message || signoff_message
146
160
 
147
161
  [on_behalf_of_message, signoff_message].compact.join("\n")
data/lib/dependabot/pull_request_creator.rb CHANGED
@@ -23,7 +23,7 @@ module Dependabot
23
23
  #
24
24
  # If you wish to disable this behaviour when using Dependabot Core directly,
25
25
  # pass a nil value when initialising this class.
26
- DEFAULT_GITHUB_REDIRECTION_SERVICE = "github-redirect.dependabot.com"
26
+ DEFAULT_GITHUB_REDIRECTION_SERVICE = "redirect.github.com"
27
27
 
28
28
  class RepoNotFound < StandardError; end
29
29
 
data/lib/dependabot/source.rb CHANGED
@@ -45,6 +45,8 @@ module Dependabot
45
45
  (?:#{AZURE_SOURCE})
46
46
  /x.freeze
47
47
 
48
+ IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze
49
+
48
50
  attr_accessor :provider, :repo, :directory, :branch, :commit,
49
51
  :hostname, :api_endpoint
50
52
 
@@ -64,6 +66,7 @@ module Dependabot
64
66
  def self.github_enterprise_from_url(url_string)
65
67
  captures = url_string&.match(GITHUB_ENTERPRISE_SOURCE)&.named_captures
66
68
  return unless captures
69
+ return if IGNORED_PROVIDER_HOSTS.include?(captures.fetch("host"))
67
70
 
68
71
  base_url = "https://#{captures.fetch('host')}"
69
72
 
@@ -86,6 +89,8 @@ module Dependabot
86
89
  # currently doesn't work with development environments
87
90
  resp.headers["X-GitHub-Request-Id"] &&
88
91
  !resp.headers["X-GitHub-Request-Id"].empty?
92
+ rescue Excon::Error
93
+ false
89
94
  end
90
95
 
91
96
  def initialize(provider:, repo:, directory: nil, branch: nil, commit: nil,
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.165.0"
4
+ VERSION = "0.168.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.165.0
4
+ version: 0.168.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-08 00:00:00.000000000 Z
11
+ date: 2021-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -182,20 +182,6 @@ dependencies:
182
182
  - - "~>"
183
183
  - !ruby/object:Gem::Version
184
184
  version: '4.6'
185
- - !ruby/object:Gem::Dependency
186
- name: pandoc-ruby
187
- requirement: !ruby/object:Gem::Requirement
188
- requirements:
189
- - - "~>"
190
- - !ruby/object:Gem::Version
191
- version: '2.0'
192
- type: :runtime
193
- prerelease: false
194
- version_requirements: !ruby/object:Gem::Requirement
195
- requirements:
196
- - - "~>"
197
- - !ruby/object:Gem::Version
198
- version: '2.0'
199
185
  - !ruby/object:Gem::Dependency
200
186
  name: parser
201
187
  requirement: !ruby/object:Gem::Requirement