dependabot-common 0.169.1 → 0.169.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/file_parsers/base/dependency_set.rb +2 -1
  3. data/lib/dependabot/git_commit_checker.rb +4 -2
  4. data/lib/dependabot/git_metadata_fetcher.rb +2 -1
  5. data/lib/dependabot/pull_request_creator/github.rb +14 -0
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dc46ffcae76793952cdf3cef0b40dfbfe7f56653b2e4751e6de45f63f6afd520
4
- data.tar.gz: 6ef43fc6f4d044bfcb9d1ecea3f86d4d1f2814ecea267008b2c147952d6f0249
3
+ metadata.gz: d0ac22d737785e99d21235c4ac35446916ec461f6f72729688c8f1d0e6141fc6
4
+ data.tar.gz: '0358ba4c6bcf80f34f18eafc1e46cf08504ca0ed0b80571f18ef90fe389928da'
5
5
  SHA512:
6
- metadata.gz: f61399fd1dbc9703daffddddf2fe37a6d964347414f173ff277886335a4854fad4d33f142014893b934ea6f0272279d51768317ea6d3b34761aac4ec28ce24e1
7
- data.tar.gz: 5b00638a76355f30b79c8e477c614b4d4cdffd388c48848b177d7547fadeafcea56ae71a00b2e34c23f45ef43821338d571b3d51d9fa9b8f2ce4ecbd16e8c6b1
6
+ metadata.gz: 50ff254bd2c287c376cb16fb5681fd53c15d788be7cc657a408154eca8157722b3b0f14f554f3e03e13105d32bb31e213d547b459f763ed3984dd47ffa71f694
7
+ data.tar.gz: 41eab89f2d0f5a3f96da9888e35814fa80f63bf70b5d9fd44651c0fa3784d28014f7da25930d8b6051218ab50754511c0c78b8a0f922357d12f92347115461c9
data/lib/dependabot/file_parsers/base/dependency_set.rb CHANGED
@@ -68,7 +68,8 @@ module Dependabot
68
68
  elsif !v_cls.correct?(old_dep.version) then new_dep.version
69
69
  elsif v_cls.new(new_dep.version) > v_cls.new(old_dep.version)
70
70
  old_dep.version
71
- else new_dep.version
71
+ else
72
+ new_dep.version
72
73
  end
73
74
 
74
75
  subdependency_metadata = (
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -244,7 +244,8 @@ module Dependabot
244
244
 
245
245
  if comparison.commits.none? then "behind"
246
246
  elsif comparison.compare_same_ref then "identical"
247
- else "ahead"
247
+ else
248
+ "ahead"
248
249
  end
249
250
  end
250
251
 
@@ -261,7 +262,8 @@ module Dependabot
261
262
  # Conservatively assume that ref2 is ahead in the equality case, of
262
263
  # if we get an unexpected format (e.g., due to a 404)
263
264
  if JSON.parse(response.body).fetch("values", ["x"]).none? then "behind"
264
- else "ahead"
265
+ else
266
+ "ahead"
265
267
  end
266
268
  end
267
269
 
data/lib/dependabot/git_metadata_fetcher.rb CHANGED
@@ -167,7 +167,8 @@ module Dependabot
167
167
  def uri_with_auth(uri)
168
168
  bare_uri =
169
169
  if uri.include?("git@") then uri.split("git@").last.sub(%r{:/?}, "/")
170
- else uri.sub(%r{.*?://}, "")
170
+ else
171
+ uri.sub(%r{.*?://}, "")
171
172
  end
172
173
  cred = credentials.select { |c| c["type"] == "git_source" }.
173
174
  find { |c| bare_uri.start_with?(c["host"]) }
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -9,6 +9,8 @@ module Dependabot
9
9
  class PullRequestCreator
10
10
  # rubocop:disable Metrics/ClassLength
11
11
  class Github
12
+ MAX_PR_DESCRIPTION_LENGTH = 65_536 # characters (see #create_pull_request)
13
+
12
14
  attr_reader :source, :branch_name, :base_commit, :credentials,
13
15
  :files, :pr_description, :pr_name, :commit_message,
14
16
  :author_details, :signature_key, :custom_headers,
@@ -347,6 +349,18 @@ module Dependabot
347
349
  end
348
350
 
349
351
  def create_pull_request
352
+ # Limit PR description to MAX_PR_DESCRIPTION_LENGTH (65,536) characters
353
+ # and truncate with message if over. The API limit is 262,144 bytes
354
+ # (https://github.community/t/maximum-length-for-the-comment-body-in-issues-and-pr/148867/2).
355
+ # As Ruby strings are UTF-8 encoded, this is a pessimistic limit: it
356
+ # presumes the case where all characters are 4 bytes.
357
+ pr_description = @pr_description.dup
358
+ if pr_description && pr_description.length > MAX_PR_DESCRIPTION_LENGTH
359
+ truncated_msg = "...\n\n_Description has been truncated_"
360
+ truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
361
+ pr_description = (pr_description[0, truncate_length] + truncated_msg)
362
+ end
363
+
350
364
  github_client_for_source.create_pull_request(
351
365
  source.repo,
352
366
  target_branch,
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.169.1"
4
+ VERSION = "0.169.5"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.1
4
+ version: 0.169.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-29 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -298,14 +298,14 @@ dependencies:
298
298
  requirements:
299
299
  - - "~>"
300
300
  - !ruby/object:Gem::Version
301
- version: 1.18.0
301
+ version: 1.23.0
302
302
  type: :development
303
303
  prerelease: false
304
304
  version_requirements: !ruby/object:Gem::Requirement
305
305
  requirements:
306
306
  - - "~>"
307
307
  - !ruby/object:Gem::Version
308
- version: 1.18.0
308
+ version: 1.23.0
309
309
  - !ruby/object:Gem::Dependency
310
310
  name: simplecov
311
311
  requirement: !ruby/object:Gem::Requirement
@@ -469,7 +469,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
469
469
  - !ruby/object:Gem::Version
470
470
  version: 2.7.3
471
471
  requirements: []
472
- rubygems_version: 3.2.22
472
+ rubygems_version: 3.2.32
473
473
  signing_key:
474
474
  specification_version: 4
475
475
  summary: Shared code used between Dependabot package managers