dependabot-common 0.167.0 → 0.169.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 84544008a2a1d9bf20219eadc873bf5afe920f59c70dce70433238580a935194
-  data.tar.gz: b11c970d8fb84093186d5a71183ad16fce888c45bf7bdb1cd611b7ab941ca98e
+  metadata.gz: 820c80bbb8523f135149038faf4d10975db0f176c65c503928ed60c265e04a1e
+  data.tar.gz: 8ea90759f8a49f8691b90e2735c43c355dc8e83a8f7487732aff8f8dff9db18b
 SHA512:
-  metadata.gz: 1980802cc40d2812329f6367b83cb82e7f7721aa2a849ba4a2e31b0774494e62439652f62c619ff3d04b1b828984a48e19fca7f04f887f0e7d9576ddc41e8ebe
-  data.tar.gz: 8db3ec73e21238eee90054598ffe143235fd37c3185349491e59f556e50dca47e743ec7d4dda43edd965dcc4b0b90632fac4b37d9d3640d38e48cd617879f69c
+  metadata.gz: 790673cefe994c1e897a18c89fb60e2e61d6345b82cc3b7ca5d6e004e71ab4df76f5c7de4e976aaf29c88e7838f397255cca60da464ed6ed46f7dd9b80ff1804
+  data.tar.gz: 4c1b9fca81be25ca51b7d9be524f991c23851cb38b40ec00a1b6b55c1e7ab6f5c43fef9ef1e929f929ae24145c15f1dfcadc757c54ed40642014c01d62d850c1

data/lib/dependabot/clients/azure.rb

@@ -18,6 +18,8 @@ module Dependabot
 
       class Forbidden < StandardError; end
 
+      class TagsCreationForbidden < StandardError; end
+
       RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
 
       MAX_PR_DESCRIPTION_LENGTH = 3999
@@ -264,7 +266,12 @@ module Dependabot
         end
 
         raise Unauthorized if response.status == 401
-        raise Forbidden if response.status == 403
+
+        if response.status == 403
+          raise TagsCreationForbidden if tags_creation_forbidden?(response)
+
+          raise Forbidden
+        end
         raise NotFound if response.status == 404
 
         response
@@ -310,6 +317,13 @@ module Dependabot
         pr_description.force_encoding(Encoding::UTF_8)
       end
 
+      def tags_creation_forbidden?(response)
+        return if response.body.empty?
+
+        message = JSON.parse(response.body).fetch("message", nil)
+        message&.include?("TF401289")
+      end
+
       attr_reader :auth_header
       attr_reader :credentials
       attr_reader :source

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "excon"
-require "pandoc-ruby"
 
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
@@ -37,29 +36,10 @@ module Dependabot
         def changelog_text
           return unless full_changelog_text
 
-          pruned_text = ChangelogPruner.new(
+          ChangelogPruner.new(
             dependency: dependency,
             changelog_text: full_changelog_text
           ).pruned_text
-
-          return pruned_text unless changelog.name.end_with?(".rst")
-
-          begin
-            PandocRuby.convert(
-              pruned_text,
-              from: :rst,
-              to: :markdown,
-              wrap: :none,
-              timeout: 10
-            )
-          rescue Errno::ENOENT => e
-            raise unless e.message == "No such file or directory - pandoc"
-
-            # If pandoc isn't installed just return the rst
-            pruned_text
-          rescue RuntimeError
-            pruned_text
-          end
         end
 
         def upgrade_guide_url

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -142,6 +142,20 @@ module Dependabot
       end
 
       def message_trailers
+        return unless signoff_trailers || custom_trailers
+
+        [signoff_trailers, custom_trailers].compact.join("\n")
+      end
+
+      def custom_trailers
+        trailers = commit_message_options[:trailers]
+        return if trailers.nil?
+        raise("Commit trailers must be a Hash object") unless trailers.is_a?(Hash)
+
+        trailers.compact.map { |k, v| "#{k}: #{v}" }.join("\n")
+      end
+
+      def signoff_trailers
         return unless on_behalf_of_message || signoff_message
 
         [on_behalf_of_message, signoff_message].compact.join("\n")

data/lib/dependabot/pull_request_creator.rb

@@ -23,7 +23,7 @@ module Dependabot
     #
     # If you wish to disable this behaviour when using Dependabot Core directly,
     # pass a nil value when initialising this class.
-    DEFAULT_GITHUB_REDIRECTION_SERVICE = "github-redirect.dependabot.com"
+    DEFAULT_GITHUB_REDIRECTION_SERVICE = "redirect.github.com"
 
     class RepoNotFound < StandardError; end
 

data/lib/dependabot/shared_helpers.rb

@@ -280,10 +280,10 @@ module Dependabot
       FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
     end
 
-    def self.run_shell_command(command, allow_unsafe_shell_command: false)
+    def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
       start = Time.now
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
-      stdout, process = Open3.capture2e(cmd)
+      stdout, process = Open3.capture2e(env || {}, cmd)
       time_taken = Time.now - start
 
       # Raise an error with the output from the shell session if the

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.167.0"
+  VERSION = "0.169.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.167.0
+  version: 0.169.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-16 00:00:00.000000000 Z
+date: 2021-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -182,20 +182,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.6'
-- !ruby/object:Gem::Dependency
-  name: pandoc-ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: parser
   requirement: !ruby/object:Gem::Requirement