dependabot-common 0.180.1 → 0.180.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78a0ef5629fded48927793df03c46c21d8267c7ae0c11d7d82b205e4631bab57
-  data.tar.gz: 0ab2b1947a8359b54a383cb585e3dee16c5d9df3782d41f8e3869706eb8908d4
+  metadata.gz: 69c13790844f3adc89fca6098d10347c8cbc3b107cba4fd5c79d97ae6f95da72
+  data.tar.gz: c1cf5f0b739777e8e32aea9fcf8ff94091855ef476d764d9c9e7e58b2f1630b9
 SHA512:
-  metadata.gz: e39c4b42f4457511f735454feeca2692f8509daab3d8a4d649c09673a210d8de59c05dec5c3b0cb841fb54c51281c5416800757069345e9f277180e32694c117
-  data.tar.gz: fee93691d7efdfcea45131c9ad1a191d567e68bcf47b5e213a875ca73a296eb4174d44bd9c02fe8f6edb1f498b89c35763b33cfee2f34abdf2a3cb32f5555dac
+  metadata.gz: 97ef272ff9eb8e81378a1b194bd6248fc24f4c583f76a2e18bd4c665d5509a9f373e7f68587b429cd38f384065d4ea27573bcbe077921d34a52f6d27bc87cc9d
+  data.tar.gz: 1419172a90084a996e486ad4a5269507ffa0bffa8b6bd38eed62f19f0916ba7e4a6ce834de00ae2e296f2ddca3fbaa4db67f6eef5846b6404a9a9eb03cd49704

data/lib/dependabot/git_commit_checker.rb

@@ -86,25 +86,27 @@ module Dependabot
       raise Dependabot::GitDependencyReferenceNotFound, dependency.name
     end
 
-    # rubocop:disable Metrics/PerceivedComplexity
-    # rubocop:disable Metrics/AbcSize
-    def local_tag_for_latest_version
-      tags =
-        local_tags.
-        select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
-      filtered = tags.
-                 reject { |t| tag_included_in_ignore_requirements?(t) }
-      if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
-        raise Dependabot::AllVersionsIgnored
-      end
+    def local_tags_for_latest_version_commit_sha
+      tags = allowed_version_tags
+      max_tag = max_version_tag(tags)
+
+      return [] unless max_tag
+
+      tags.
+        select { |t| t.commit_sha == max_tag.commit_sha }.
+        map do |t|
+          version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
+          {
+            tag: t.name,
+            version: version_class.new(version),
+            commit_sha: t.commit_sha,
+            tag_sha: t.tag_sha
+          }
+        end
+    end
 
-      tag = filtered.
-            reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
-            max_by do |t|
-              version = t.name.match(VERSION_REGEX).named_captures.
-                        fetch("version")
-              version_class.new(version)
-            end
+    def local_tag_for_latest_version
+      tag = max_version_tag(allowed_version_tags)
 
       return unless tag
 
@@ -116,8 +118,29 @@ module Dependabot
         tag_sha: tag.tag_sha
       }
     end
-    # rubocop:enable Metrics/AbcSize
-    # rubocop:enable Metrics/PerceivedComplexity
+
+    def max_version_tag(tags)
+      tags.
+        max_by do |t|
+        version = t.name.match(VERSION_REGEX).named_captures.
+                  fetch("version")
+        version_class.new(version)
+      end
+    end
+
+    def allowed_version_tags
+      tags =
+        local_tags.
+        select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
+      filtered = tags.
+                 reject { |t| tag_included_in_ignore_requirements?(t) }
+      if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
+        raise Dependabot::AllVersionsIgnored
+      end
+
+      filtered.
+        reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
+    end
 
     def current_version
       return unless dependency.version && version_tag?(dependency.version)

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -271,6 +271,7 @@ module Dependabot
         end
 
         def fetch_gitlab_file_list
+          branch = default_gitlab_branch
           gitlab_client.repo_tree(source.repo).map do |file|
             type = case file.type
                    when "blob" then "file"
@@ -281,8 +282,8 @@ module Dependabot
               name: file.name,
               type: type,
               size: 100, # GitLab doesn't return file size
-              html_url: "#{source.url}/blob/master/#{file.path}",
-              download_url: "#{source.url}/raw/master/#{file.path}"
+              html_url: "#{source.url}/blob/#{branch}/#{file.path}",
+              download_url: "#{source.url}/raw/#{branch}/#{file.path}"
             )
           end
         rescue Gitlab::Error::NotFound
@@ -355,6 +356,11 @@ module Dependabot
           @default_bitbucket_branch ||=
             bitbucket_client.fetch_default_branch(source.repo)
         end
+
+        def default_gitlab_branch
+          @default_gitlab_branch ||=
+            gitlab_client.fetch_default_branch(source.repo)
+        end
       end
     end
   end

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -210,7 +210,7 @@ module Dependabot
           elsif new_tag
             "commits/#{new_tag}"
           else
-            "commits/master"
+            "commits/#{default_gitlab_branch}"
           end
         end
 
@@ -321,6 +321,11 @@ module Dependabot
           MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
             include?(dependency.package_manager)
         end
+
+        def default_gitlab_branch
+          @default_gitlab_branch ||=
+            gitlab_client.fetch_default_branch(source.repo)
+        end
       end
     end
   end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.180.1"
+  VERSION = "0.180.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.180.1
+  version: 0.180.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-23 00:00:00.000000000 Z
+date: 2022-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport