dependabot-common 0.166.0 → 0.169.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +15 -1
  3. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +1 -23
  4. data/lib/dependabot/pull_request_creator/message_builder.rb +14 -0
  5. data/lib/dependabot/pull_request_creator.rb +1 -1
  6. data/lib/dependabot/shared_helpers.rb +2 -2
  7. data/lib/dependabot/source.rb +1 -1
  8. data/lib/dependabot/version.rb +1 -1
  9. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8a3aea640c5c095314a2a681e4aa83144cfa3438f15ee84a7c6e71c551536b20
4
- data.tar.gz: e7da1c50d04f2b84379b57e804702353e1d580718698e12a4ff9448a529dff8d
3
+ metadata.gz: b69cf25533f4218407e3e5581b6ecc414f8f6c44e14dfbb6b81609bc454e7ae1
4
+ data.tar.gz: 0cb7b69d15ad3d1e3a72a3e3db4b482c7412ea323376ab26fe37dda7855eefa3
5
5
  SHA512:
6
- metadata.gz: 00ab9cb772d94a8f7d8ae82f0d0fff14d6167cbd8ef844fc698e5f81180b00f39cb3cd1dcd7dc4d74e9fb6f749def9a48ce5fdc797d0e93ab7891587735ca6c4
7
- data.tar.gz: b847d1a4bbb1b8013caf86988a6e3e055df2294f773c3f2ef849b6a70b7f86ec90e62594e8d36195b01b13ff502206f20dbd730d7616e4b4d3f8eb20e903c642
6
+ metadata.gz: 445762adea434c028ad7de6eb5f0e4e20602a35ffca40ad31b755b4d17832b3ffb8b52dedbf9b20a0c5876e4876683360dface607a946205e53bf6f2f64d771c
7
+ data.tar.gz: 5af51494acbd8abe2ccd2654e611816352de52c0ffded03528ab753185a2c1a576da896f83c0bad1354aa6f6e20e660945bdbf0cf668a1880a19953b170edb92
data/lib/dependabot/clients/azure.rb CHANGED
@@ -18,6 +18,8 @@ module Dependabot
18
18
 
19
19
  class Forbidden < StandardError; end
20
20
 
21
+ class TagsCreationForbidden < StandardError; end
22
+
21
23
  RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
22
24
 
23
25
  MAX_PR_DESCRIPTION_LENGTH = 3999
@@ -264,7 +266,12 @@ module Dependabot
264
266
  end
265
267
 
266
268
  raise Unauthorized if response.status == 401
267
- raise Forbidden if response.status == 403
269
+
270
+ if response.status == 403
271
+ raise TagsCreationForbidden if tags_creation_forbidden?(response)
272
+
273
+ raise Forbidden
274
+ end
268
275
  raise NotFound if response.status == 404
269
276
 
270
277
  response
@@ -310,6 +317,13 @@ module Dependabot
310
317
  pr_description.force_encoding(Encoding::UTF_8)
311
318
  end
312
319
 
320
+ def tags_creation_forbidden?(response)
321
+ return if response.body.empty?
322
+
323
+ message = JSON.parse(response.body).fetch("message", nil)
324
+ message&.include?("TF401289")
325
+ end
326
+
313
327
  attr_reader :auth_header
314
328
  attr_reader :credentials
315
329
  attr_reader :source
data/lib/dependabot/metadata_finders/base/changelog_finder.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "excon"
4
- require "pandoc-ruby"
5
4
 
6
5
  require "dependabot/clients/github_with_retries"
7
6
  require "dependabot/clients/gitlab_with_retries"
@@ -37,31 +36,10 @@ module Dependabot
37
36
  def changelog_text
38
37
  return unless full_changelog_text
39
38
 
40
- pruned_text = ChangelogPruner.new(
39
+ ChangelogPruner.new(
41
40
  dependency: dependency,
42
41
  changelog_text: full_changelog_text
43
42
  ).pruned_text
44
-
45
- return pruned_text unless changelog.name.end_with?(".rst")
46
-
47
- begin
48
- PandocRuby.convert(
49
- pruned_text,
50
- from: :rst,
51
- to: :markdown,
52
- wrap: :none,
53
- timeout: 10
54
- )
55
- rescue Errno::ENOENT => e
56
- raise unless e.message == "No such file or directory - pandoc"
57
-
58
- # If pandoc isn't installed just return the rst
59
- pruned_text
60
- rescue RuntimeError => e
61
- raise unless e.message.include?("Pandoc timed out")
62
-
63
- pruned_text
64
- end
65
43
  end
66
44
 
67
45
  def upgrade_guide_url
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -142,6 +142,20 @@ module Dependabot
142
142
  end
143
143
 
144
144
  def message_trailers
145
+ return unless signoff_trailers || custom_trailers
146
+
147
+ [signoff_trailers, custom_trailers].compact.join("\n")
148
+ end
149
+
150
+ def custom_trailers
151
+ trailers = commit_message_options[:trailers]
152
+ return if trailers.nil?
153
+ raise("Commit trailers must be a Hash object") unless trailers.is_a?(Hash)
154
+
155
+ trailers.compact.map { |k, v| "#{k}: #{v}" }.join("\n")
156
+ end
157
+
158
+ def signoff_trailers
145
159
  return unless on_behalf_of_message || signoff_message
146
160
 
147
161
  [on_behalf_of_message, signoff_message].compact.join("\n")
data/lib/dependabot/pull_request_creator.rb CHANGED
@@ -23,7 +23,7 @@ module Dependabot
23
23
  #
24
24
  # If you wish to disable this behaviour when using Dependabot Core directly,
25
25
  # pass a nil value when initialising this class.
26
- DEFAULT_GITHUB_REDIRECTION_SERVICE = "github-redirect.dependabot.com"
26
+ DEFAULT_GITHUB_REDIRECTION_SERVICE = "redirect.github.com"
27
27
 
28
28
  class RepoNotFound < StandardError; end
29
29
 
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -280,10 +280,10 @@ module Dependabot
280
280
  FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
281
281
  end
282
282
 
283
- def self.run_shell_command(command, allow_unsafe_shell_command: false)
283
+ def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
284
284
  start = Time.now
285
285
  cmd = allow_unsafe_shell_command ? command : escape_command(command)
286
- stdout, process = Open3.capture2e(cmd)
286
+ stdout, process = Open3.capture2e(env || {}, cmd)
287
287
  time_taken = Time.now - start
288
288
 
289
289
  # Raise an error with the output from the shell session if the
data/lib/dependabot/source.rb CHANGED
@@ -45,7 +45,7 @@ module Dependabot
45
45
  (?:#{AZURE_SOURCE})
46
46
  /x.freeze
47
47
 
48
- IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org).freeze
48
+ IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze
49
49
 
50
50
  attr_accessor :provider, :repo, :directory, :branch, :commit,
51
51
  :hostname, :api_endpoint
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.166.0"
4
+ VERSION = "0.169.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.166.0
4
+ version: 0.169.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-11 00:00:00.000000000 Z
11
+ date: 2021-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -182,20 +182,6 @@ dependencies:
182
182
  - - "~>"
183
183
  - !ruby/object:Gem::Version
184
184
  version: '4.6'
185
- - !ruby/object:Gem::Dependency
186
- name: pandoc-ruby
187
- requirement: !ruby/object:Gem::Requirement
188
- requirements:
189
- - - "~>"
190
- - !ruby/object:Gem::Version
191
- version: '2.0'
192
- type: :runtime
193
- prerelease: false
194
- version_requirements: !ruby/object:Gem::Requirement
195
- requirements:
196
- - - "~>"
197
- - !ruby/object:Gem::Version
198
- version: '2.0'
199
185
  - !ruby/object:Gem::Dependency
200
186
  name: parser
201
187
  requirement: !ruby/object:Gem::Requirement