RubyGems - dependabot-common - Versions diffs - 0.169.1 → 0.169.5 - Mend

dependabot-common 0.169.1 → 0.169.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/dependabot/file_parsers/base/dependency_set.rb +2 -1
data/lib/dependabot/git_commit_checker.rb +4 -2
data/lib/dependabot/git_metadata_fetcher.rb +2 -1
data/lib/dependabot/pull_request_creator/github.rb +14 -0
data/lib/dependabot/version.rb +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc46ffcae76793952cdf3cef0b40dfbfe7f56653b2e4751e6de45f63f6afd520
-  data.tar.gz: 6ef43fc6f4d044bfcb9d1ecea3f86d4d1f2814ecea267008b2c147952d6f0249
+  metadata.gz: d0ac22d737785e99d21235c4ac35446916ec461f6f72729688c8f1d0e6141fc6
+  data.tar.gz: '0358ba4c6bcf80f34f18eafc1e46cf08504ca0ed0b80571f18ef90fe389928da'
 SHA512:
-  metadata.gz: f61399fd1dbc9703daffddddf2fe37a6d964347414f173ff277886335a4854fad4d33f142014893b934ea6f0272279d51768317ea6d3b34761aac4ec28ce24e1
-  data.tar.gz: 5b00638a76355f30b79c8e477c614b4d4cdffd388c48848b177d7547fadeafcea56ae71a00b2e34c23f45ef43821338d571b3d51d9fa9b8f2ce4ecbd16e8c6b1
+  metadata.gz: 50ff254bd2c287c376cb16fb5681fd53c15d788be7cc657a408154eca8157722b3b0f14f554f3e03e13105d32bb31e213d547b459f763ed3984dd47ffa71f694
+  data.tar.gz: 41eab89f2d0f5a3f96da9888e35814fa80f63bf70b5d9fd44651c0fa3784d28014f7da25930d8b6051218ab50754511c0c78b8a0f922357d12f92347115461c9

data/lib/dependabot/file_parsers/base/dependency_set.rb CHANGED Viewed

@@ -68,7 +68,8 @@ module Dependabot
             elsif !v_cls.correct?(old_dep.version) then new_dep.version
             elsif v_cls.new(new_dep.version) > v_cls.new(old_dep.version)
               old_dep.version
-            else new_dep.version
+            else
+              new_dep.version
             end
           subdependency_metadata = (

data/lib/dependabot/git_commit_checker.rb CHANGED Viewed

@@ -244,7 +244,8 @@ module Dependabot
       if comparison.commits.none? then "behind"
       elsif comparison.compare_same_ref then "identical"
-      else "ahead"
+      else
+        "ahead"
       end
     end
@@ -261,7 +262,8 @@ module Dependabot
       # Conservatively assume that ref2 is ahead in the equality case, of
       # if we get an unexpected format (e.g., due to a 404)
       if JSON.parse(response.body).fetch("values", ["x"]).none? then "behind"
-      else "ahead"
+      else
+        "ahead"
       end
     end

data/lib/dependabot/git_metadata_fetcher.rb CHANGED Viewed

@@ -167,7 +167,8 @@ module Dependabot
     def uri_with_auth(uri)
       bare_uri =
         if uri.include?("git@") then uri.split("git@").last.sub(%r{:/?}, "/")
-        else uri.sub(%r{.*?://}, "")
+        else
+          uri.sub(%r{.*?://}, "")
         end
       cred = credentials.select { |c| c["type"] == "git_source" }.
              find { |c| bare_uri.start_with?(c["host"]) }

data/lib/dependabot/pull_request_creator/github.rb CHANGED Viewed

@@ -9,6 +9,8 @@ module Dependabot
   class PullRequestCreator
     # rubocop:disable Metrics/ClassLength
     class Github
+      MAX_PR_DESCRIPTION_LENGTH = 65_536 # characters (see #create_pull_request)
       attr_reader :source, :branch_name, :base_commit, :credentials,
                   :files, :pr_description, :pr_name, :commit_message,
                   :author_details, :signature_key, :custom_headers,
@@ -347,6 +349,18 @@ module Dependabot
       end
       def create_pull_request
+        # Limit PR description to MAX_PR_DESCRIPTION_LENGTH (65,536) characters
+        # and truncate with message if over. The API limit is 262,144 bytes
+        # (https://github.community/t/maximum-length-for-the-comment-body-in-issues-and-pr/148867/2).
+        # As Ruby strings are UTF-8 encoded, this is a pessimistic limit: it
+        # presumes the case where all characters are 4 bytes.
+        pr_description = @pr_description.dup
+        if pr_description && pr_description.length > MAX_PR_DESCRIPTION_LENGTH
+          truncated_msg = "...\n\n_Description has been truncated_"
+          truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
+          pr_description = (pr_description[0, truncate_length] + truncated_msg)
+        end
         github_client_for_source.create_pull_request(
           source.repo,
           target_branch,

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.169.1"
+  VERSION = "0.169.5"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.169.1
+  version: 0.169.5
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-29 00:00:00.000000000 Z
+date: 2021-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -298,14 +298,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.23.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.23.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -469,7 +469,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.7.3
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Shared code used between Dependabot package managers