RubyGems - dependabot-common - Versions diffs - 0.166.0 → 0.169.0 - Mend

dependabot-common 0.166.0 → 0.169.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/dependabot/clients/azure.rb +15 -1
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +1 -23
data/lib/dependabot/pull_request_creator/message_builder.rb +14 -0
data/lib/dependabot/pull_request_creator.rb +1 -1
data/lib/dependabot/shared_helpers.rb +2 -2
data/lib/dependabot/source.rb +1 -1
data/lib/dependabot/version.rb +1 -1
metadata +2 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8a3aea640c5c095314a2a681e4aa83144cfa3438f15ee84a7c6e71c551536b20
-  data.tar.gz: e7da1c50d04f2b84379b57e804702353e1d580718698e12a4ff9448a529dff8d
+  metadata.gz: b69cf25533f4218407e3e5581b6ecc414f8f6c44e14dfbb6b81609bc454e7ae1
+  data.tar.gz: 0cb7b69d15ad3d1e3a72a3e3db4b482c7412ea323376ab26fe37dda7855eefa3
 SHA512:
-  metadata.gz: 00ab9cb772d94a8f7d8ae82f0d0fff14d6167cbd8ef844fc698e5f81180b00f39cb3cd1dcd7dc4d74e9fb6f749def9a48ce5fdc797d0e93ab7891587735ca6c4
-  data.tar.gz: b847d1a4bbb1b8013caf86988a6e3e055df2294f773c3f2ef849b6a70b7f86ec90e62594e8d36195b01b13ff502206f20dbd730d7616e4b4d3f8eb20e903c642
+  metadata.gz: 445762adea434c028ad7de6eb5f0e4e20602a35ffca40ad31b755b4d17832b3ffb8b52dedbf9b20a0c5876e4876683360dface607a946205e53bf6f2f64d771c
+  data.tar.gz: 5af51494acbd8abe2ccd2654e611816352de52c0ffded03528ab753185a2c1a576da896f83c0bad1354aa6f6e20e660945bdbf0cf668a1880a19953b170edb92

data/lib/dependabot/clients/azure.rb CHANGED Viewed

@@ -18,6 +18,8 @@ module Dependabot
       class Forbidden < StandardError; end
+      class TagsCreationForbidden < StandardError; end
       RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
       MAX_PR_DESCRIPTION_LENGTH = 3999
@@ -264,7 +266,12 @@ module Dependabot
         end
         raise Unauthorized if response.status == 401
-        raise Forbidden if response.status == 403
+        if response.status == 403
+          raise TagsCreationForbidden if tags_creation_forbidden?(response)
+          raise Forbidden
+        end
         raise NotFound if response.status == 404
         response
@@ -310,6 +317,13 @@ module Dependabot
         pr_description.force_encoding(Encoding::UTF_8)
       end
+      def tags_creation_forbidden?(response)
+        return if response.body.empty?
+        message = JSON.parse(response.body).fetch("message", nil)
+        message&.include?("TF401289")
+      end
       attr_reader :auth_header
       attr_reader :credentials
       attr_reader :source

data/lib/dependabot/metadata_finders/base/changelog_finder.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require "excon"
-require "pandoc-ruby"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
@@ -37,31 +36,10 @@ module Dependabot
         def changelog_text
           return unless full_changelog_text
-          pruned_text = ChangelogPruner.new(
+          ChangelogPruner.new(
             dependency: dependency,
             changelog_text: full_changelog_text
           ).pruned_text
-          return pruned_text unless changelog.name.end_with?(".rst")
-          begin
-            PandocRuby.convert(
-              pruned_text,
-              from: :rst,
-              to: :markdown,
-              wrap: :none,
-              timeout: 10
-            )
-          rescue Errno::ENOENT => e
-            raise unless e.message == "No such file or directory - pandoc"
-            # If pandoc isn't installed just return the rst
-            pruned_text
-          rescue RuntimeError => e
-            raise unless e.message.include?("Pandoc timed out")
-            pruned_text
-          end
         end
         def upgrade_guide_url

data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED Viewed

@@ -142,6 +142,20 @@ module Dependabot
       end
       def message_trailers
+        return unless signoff_trailers || custom_trailers
+        [signoff_trailers, custom_trailers].compact.join("\n")
+      end
+      def custom_trailers
+        trailers = commit_message_options[:trailers]
+        return if trailers.nil?
+        raise("Commit trailers must be a Hash object") unless trailers.is_a?(Hash)
+        trailers.compact.map { |k, v| "#{k}: #{v}" }.join("\n")
+      end
+      def signoff_trailers
         return unless on_behalf_of_message || signoff_message
         [on_behalf_of_message, signoff_message].compact.join("\n")

data/lib/dependabot/pull_request_creator.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Dependabot
     #
     # If you wish to disable this behaviour when using Dependabot Core directly,
     # pass a nil value when initialising this class.
-    DEFAULT_GITHUB_REDIRECTION_SERVICE = "github-redirect.dependabot.com"
+    DEFAULT_GITHUB_REDIRECTION_SERVICE = "redirect.github.com"
     class RepoNotFound < StandardError; end

data/lib/dependabot/shared_helpers.rb CHANGED Viewed

@@ -280,10 +280,10 @@ module Dependabot
       FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
     end
-    def self.run_shell_command(command, allow_unsafe_shell_command: false)
+    def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
       start = Time.now
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
-      stdout, process = Open3.capture2e(cmd)
+      stdout, process = Open3.capture2e(env || {}, cmd)
       time_taken = Time.now - start
       # Raise an error with the output from the shell session if the

data/lib/dependabot/source.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module Dependabot
       (?:#{AZURE_SOURCE})
     /x.freeze
-    IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org).freeze
+    IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze
     attr_accessor :provider, :repo, :directory, :branch, :commit,
                   :hostname, :api_endpoint

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.166.0"
+  VERSION = "0.169.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.166.0
+  version: 0.169.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-11 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -182,20 +182,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.6'
-- !ruby/object:Gem::Dependency
-  name: pandoc-ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: parser
   requirement: !ruby/object:Gem::Requirement