dependabot-common 0.169.2 → 0.169.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/file_parsers/base/dependency_set.rb +2 -1
  3. data/lib/dependabot/git_commit_checker.rb +4 -2
  4. data/lib/dependabot/git_metadata_fetcher.rb +2 -1
  5. data/lib/dependabot/pull_request_creator/github.rb +14 -0
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 820c80bbb8523f135149038faf4d10975db0f176c65c503928ed60c265e04a1e
4
- data.tar.gz: 8ea90759f8a49f8691b90e2735c43c355dc8e83a8f7487732aff8f8dff9db18b
3
+ metadata.gz: 979e13ba16f29d0dea5bf870d8a494959531cce7e54bdaf39b5227028d663721
4
+ data.tar.gz: 6c332d0e5399bde5a6b1f1cb68937a1835c9dcfcf8f57c48262ba4619f00f38d
5
5
  SHA512:
6
- metadata.gz: 790673cefe994c1e897a18c89fb60e2e61d6345b82cc3b7ca5d6e004e71ab4df76f5c7de4e976aaf29c88e7838f397255cca60da464ed6ed46f7dd9b80ff1804
7
- data.tar.gz: 4c1b9fca81be25ca51b7d9be524f991c23851cb38b40ec00a1b6b55c1e7ab6f5c43fef9ef1e929f929ae24145c15f1dfcadc757c54ed40642014c01d62d850c1
6
+ metadata.gz: '09cfd250f834bac0108afbb7eca1cfac6e00904ab7df232309fb32caecee1eef6041b4ec484ae0d705c5c4ed1dd0c88b9760ffb64200767e867a8a791aa8bdbc'
7
+ data.tar.gz: 6af2905a4e636466170f864bab3af6cc78df261b92fe5b800f33d325b538f1fc44a66d4084911e006ac42045185c8548f3e624ef6d3338115825639e94c37f6f
data/lib/dependabot/file_parsers/base/dependency_set.rb CHANGED
@@ -68,7 +68,8 @@ module Dependabot
68
68
  elsif !v_cls.correct?(old_dep.version) then new_dep.version
69
69
  elsif v_cls.new(new_dep.version) > v_cls.new(old_dep.version)
70
70
  old_dep.version
71
- else new_dep.version
71
+ else
72
+ new_dep.version
72
73
  end
73
74
 
74
75
  subdependency_metadata = (
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -244,7 +244,8 @@ module Dependabot
244
244
 
245
245
  if comparison.commits.none? then "behind"
246
246
  elsif comparison.compare_same_ref then "identical"
247
- else "ahead"
247
+ else
248
+ "ahead"
248
249
  end
249
250
  end
250
251
 
@@ -261,7 +262,8 @@ module Dependabot
261
262
  # Conservatively assume that ref2 is ahead in the equality case, of
262
263
  # if we get an unexpected format (e.g., due to a 404)
263
264
  if JSON.parse(response.body).fetch("values", ["x"]).none? then "behind"
264
- else "ahead"
265
+ else
266
+ "ahead"
265
267
  end
266
268
  end
267
269
 
data/lib/dependabot/git_metadata_fetcher.rb CHANGED
@@ -167,7 +167,8 @@ module Dependabot
167
167
  def uri_with_auth(uri)
168
168
  bare_uri =
169
169
  if uri.include?("git@") then uri.split("git@").last.sub(%r{:/?}, "/")
170
- else uri.sub(%r{.*?://}, "")
170
+ else
171
+ uri.sub(%r{.*?://}, "")
171
172
  end
172
173
  cred = credentials.select { |c| c["type"] == "git_source" }.
173
174
  find { |c| bare_uri.start_with?(c["host"]) }
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -9,6 +9,8 @@ module Dependabot
9
9
  class PullRequestCreator
10
10
  # rubocop:disable Metrics/ClassLength
11
11
  class Github
12
+ MAX_PR_DESCRIPTION_LENGTH = 65_536 # characters (see #create_pull_request)
13
+
12
14
  attr_reader :source, :branch_name, :base_commit, :credentials,
13
15
  :files, :pr_description, :pr_name, :commit_message,
14
16
  :author_details, :signature_key, :custom_headers,
@@ -347,6 +349,18 @@ module Dependabot
347
349
  end
348
350
 
349
351
  def create_pull_request
352
+ # Limit PR description to MAX_PR_DESCRIPTION_LENGTH (65,536) characters
353
+ # and truncate with message if over. The API limit is 262,144 bytes
354
+ # (https://github.community/t/maximum-length-for-the-comment-body-in-issues-and-pr/148867/2).
355
+ # As Ruby strings are UTF-8 encoded, this is a pessimistic limit: it
356
+ # presumes the case where all characters are 4 bytes.
357
+ pr_description = @pr_description.dup
358
+ if pr_description && pr_description.length > MAX_PR_DESCRIPTION_LENGTH
359
+ truncated_msg = "...\n\n_Description has been truncated_"
360
+ truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
361
+ pr_description = (pr_description[0, truncate_length] + truncated_msg)
362
+ end
363
+
350
364
  github_client_for_source.create_pull_request(
351
365
  source.repo,
352
366
  target_branch,
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.169.2"
4
+ VERSION = "0.169.6"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.2
4
+ version: 0.169.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-30 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -298,14 +298,14 @@ dependencies:
298
298
  requirements:
299
299
  - - "~>"
300
300
  - !ruby/object:Gem::Version
301
- version: 1.18.0
301
+ version: 1.23.0
302
302
  type: :development
303
303
  prerelease: false
304
304
  version_requirements: !ruby/object:Gem::Requirement
305
305
  requirements:
306
306
  - - "~>"
307
307
  - !ruby/object:Gem::Version
308
- version: 1.18.0
308
+ version: 1.23.0
309
309
  - !ruby/object:Gem::Dependency
310
310
  name: simplecov
311
311
  requirement: !ruby/object:Gem::Requirement
@@ -469,7 +469,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
469
469
  - !ruby/object:Gem::Version
470
470
  version: 2.7.3
471
471
  requirements: []
472
- rubygems_version: 3.2.22
472
+ rubygems_version: 3.2.32
473
473
  signing_key:
474
474
  specification_version: 4
475
475
  summary: Shared code used between Dependabot package managers